Skip to content

Commit

Permalink
Support Traceflow of live traffic
Browse files Browse the repository at this point in the history 
Add support of tracing live traffic. Rather than injecting a Traceflow
packet, a live traffic Traceflow will trace the real traffic between
Pods - the first packet of the first connection that matches the
Traceflow spec will be traced.
antctl traceflow command is extended to support live traffic Traceflow.
This commit also makes a few others changes to Traceflow: add a
Timeout parameter to Traceflow Spec and antctl traceflow command to
specify the timeout time of a Traceflow; delete OVS flows added for the
Traceflow after agent receives the first captured packet of the
Traceflow; support all IP protocol.
  • Loading branch information
@jianjuns
jianjuns committed Mar 30, 2021
1 parent aaaea4f commit b1371d5
Show file tree
Hide file tree
Showing 25 changed files with 1,016 additions and 572 deletions.
15 changes: 14 additions & 1 deletion build/yamls/antrea-aks.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -628,6 +628,16 @@ spec:
name: Destination-IP
priority: 10
type: string
- description: Trace live traffic.
jsonPath: .spec.liveTraffic
name: Live-Traffic
priority: 10
type: boolean
- description: Timeout in seconds.
jsonPath: .spec.timeout
name: Timeout
priority: 10
type: integer
- jsonPath: .metadata.creationTimestamp
name: Age
type: date
Expand Down Expand Up @@ -658,6 +668,8 @@ spec:
service:
type: string
type: object
liveTraffic:
type: boolean
packet:
properties:
ipHeader:
Expand Down Expand Up @@ -719,9 +731,10 @@ spec:
- pod
- namespace
type: object
timeout:
type: integer
required:
- source
- destination
type: object
status:
properties:
Expand Down
15 changes: 14 additions & 1 deletion build/yamls/antrea-eks.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -628,6 +628,16 @@ spec:
name: Destination-IP
priority: 10
type: string
- description: Trace live traffic.
jsonPath: .spec.liveTraffic
name: Live-Traffic
priority: 10
type: boolean
- description: Timeout in seconds.
jsonPath: .spec.timeout
name: Timeout
priority: 10
type: integer
- jsonPath: .metadata.creationTimestamp
name: Age
type: date
Expand Down Expand Up @@ -658,6 +668,8 @@ spec:
service:
type: string
type: object
liveTraffic:
type: boolean
packet:
properties:
ipHeader:
Expand Down Expand Up @@ -719,9 +731,10 @@ spec:
- pod
- namespace
type: object
timeout:
type: integer
required:
- source
- destination
type: object
status:
properties:
Expand Down
15 changes: 14 additions & 1 deletion build/yamls/antrea-gke.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -628,6 +628,16 @@ spec:
name: Destination-IP
priority: 10
type: string
- description: Trace live traffic.
jsonPath: .spec.liveTraffic
name: Live-Traffic
priority: 10
type: boolean
- description: Timeout in seconds.
jsonPath: .spec.timeout
name: Timeout
priority: 10
type: integer
- jsonPath: .metadata.creationTimestamp
name: Age
type: date
Expand Down Expand Up @@ -658,6 +668,8 @@ spec:
service:
type: string
type: object
liveTraffic:
type: boolean
packet:
properties:
ipHeader:
Expand Down Expand Up @@ -719,9 +731,10 @@ spec:
- pod
- namespace
type: object
timeout:
type: integer
required:
- source
- destination
type: object
status:
properties:
Expand Down
15 changes: 14 additions & 1 deletion build/yamls/antrea-ipsec.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -628,6 +628,16 @@ spec:
name: Destination-IP
priority: 10
type: string
- description: Trace live traffic.
jsonPath: .spec.liveTraffic
name: Live-Traffic
priority: 10
type: boolean
- description: Timeout in seconds.
jsonPath: .spec.timeout
name: Timeout
priority: 10
type: integer
- jsonPath: .metadata.creationTimestamp
name: Age
type: date
Expand Down Expand Up @@ -658,6 +668,8 @@ spec:
service:
type: string
type: object
liveTraffic:
type: boolean
packet:
properties:
ipHeader:
Expand Down Expand Up @@ -719,9 +731,10 @@ spec:
- pod
- namespace
type: object
timeout:
type: integer
required:
- source
- destination
type: object
status:
properties:
Expand Down
15 changes: 14 additions & 1 deletion build/yamls/antrea.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -628,6 +628,16 @@ spec:
name: Destination-IP
priority: 10
type: string
- description: Trace live traffic.
jsonPath: .spec.liveTraffic
name: Live-Traffic
priority: 10
type: boolean
- description: Timeout in seconds.
jsonPath: .spec.timeout
name: Timeout
priority: 10
type: integer
- jsonPath: .metadata.creationTimestamp
name: Age
type: date
Expand Down Expand Up @@ -658,6 +668,8 @@ spec:
service:
type: string
type: object
liveTraffic:
type: boolean
packet:
properties:
ipHeader:
Expand Down Expand Up @@ -719,9 +731,10 @@ spec:
- pod
- namespace
type: object
timeout:
type: integer
required:
- source
- destination
type: object
status:
properties:
Expand Down
15 changes: 14 additions & 1 deletion build/yamls/base/crds.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -73,6 +73,16 @@ spec:
name: Destination-IP
type: string
priority: 10
- jsonPath: .spec.liveTraffic
description: Trace live traffic.
name: Live-Traffic
type: boolean
priority: 10
- jsonPath: .spec.timeout
description: Timeout in seconds.
name: Timeout
type: integer
priority: 10
- jsonPath: .metadata.creationTimestamp
name: Age
type: date
Expand All @@ -86,7 +96,6 @@ spec:
type: object
required:
- source
- destination
properties:
source:
type: object
Expand Down Expand Up @@ -165,6 +174,10 @@ spec:
type: integer
flags:
type: integer
liveTraffic:
type: boolean
timeout:
type: integer
status:
type: object
properties:
Expand Down
29 changes: 22 additions & 7 deletions pkg/agent/controller/traceflow/packetin.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -43,6 +43,7 @@ func (c *Controller) HandlePacketIn(pktIn *ofctrl.PacketIn) error {
klog.Errorf("parsePacketIn error: %+v", err)
return err
}

// Retry when update CRD conflict which caused by multiple agents updating one CRD at same time.
err = retry.RetryOnConflict(retry.DefaultRetry, func() error {
tf, err := c.traceflowInformer.Lister().Get(oldTf.Name)
Expand Down Expand Up @@ -89,17 +90,31 @@ func (c *Controller) parsePacketIn(pktIn *ofctrl.PacketIn) (*opsv1alpha1.Tracefl
return nil, nil, fmt.Errorf("unsupported traceflow packet Ethertype: %d", pktIn.Data.Ethertype)
}

// Get traceflow CRD from cache by data plane tag.
tf, err := c.GetRunningTraceflowCRD(uint8(tag))
firstPacket := false
c.runningTraceflowsMutex.RLock()
tfState, exists := c.runningTraceflows[tag]
if exists {
firstPacket = !tfState.receivedPacket
tfState.receivedPacket = true
}
c.runningTraceflowsMutex.RUnlock()
if !exists {
return nil, nil, fmt.Errorf("Traceflow for dataplane tag %d not found in cache", pktIn.Data.Ethertype)
}

if firstPacket {
// Uninstall the OVS flows after receiving the first packet.
c.ofClient.UninstallTraceflowFlows(tag)
}

tf, err := c.traceflowLister.Get(tfState.name)
if err != nil {
return nil, nil, err
return nil, nil, fmt.Errorf("failed to get Traceflow %s CRD: %v", tfState.name, err)
}

obs := make([]opsv1alpha1.Observation, 0)
isSender := c.isSender(uint8(tag))
obs := []opsv1alpha1.Observation{}
tableID := pktIn.TableId

if isSender {
if tfState.isSender {
ob := new(opsv1alpha1.Observation)
ob.Component = opsv1alpha1.SpoofGuard
ob.Action = opsv1alpha1.Forwarded
Expand Down
Loading

0 comments on commit b1371d5

Please sign in to comment.