Skip to content

Track skb by address #194

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Jun 26, 2023
Merged

Track skb by address #194

merged 2 commits into from
Jun 26, 2023

Conversation

jschwinger233
Copy link
Member

This PR introduces a bpf map to store matched skb addresses, so for any skb whose address can be found in the map, we see it a matched one without filter check.

This can be useful to observe NAT-ed / encrypted / encapsulated traffic.

Fixes: #84

Signed-off-by: Zhichuan Liang gray.liang@isovalent.com

@jschwinger233
bpf: add track_skb logic in bpf program
d6349eb 
This commit introduces a bpf map `skb_addresses` to store matched skbs,
so the consequent skbs whose addresses can be found in the map are seen as
matched ones without filter checks.

Signed-off-by: Zhichuan Liang <gray.liang@isovalent.com>
@jschwinger233
Copy link
Member Author

jschwinger233 commented Jun 21, 2023
edited
Loading

Now pwru can clearly see the full process of IPsec:

$ s ./pwru --filter-dst-ip 10.244.0.88 --output-meta --output-tuple --filter-track-skb --filter-netns 4026533589
2023/06/21 18:11:53 Per cpu buffer size: 4096 bytes
2023/06/21 18:11:53 Attaching kprobes (via kprobe-multi)...
1498 / 1498 [-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------] 100.00% ? p/s
2023/06/21 18:11:53 Attached (ignored 0)
2023/06/21 18:11:53 Listening for events..
               SKB    CPU          PROCESS                     FUNC
0xffff90f72f43fae8      2             [nc]               __netif_rx netns=4026533589 mark=0x0 ifindex=8 proto=8 mtu=1500 len=60 10.244.1.165:34998->10.244.0.88:80(tcp)
0xffff90f72f43fae8      2             [nc]        netif_rx_internal netns=4026533589 mark=0x0 ifindex=8 proto=8 mtu=1500 len=60 10.244.1.165:34998->10.244.0.88:80(tcp)
0xffff90f72f43fae8      2             [nc]       enqueue_to_backlog netns=4026533589 mark=0x0 ifindex=8 proto=8 mtu=1500 len=60 10.244.1.165:34998->10.244.0.88:80(tcp)
0xffff90f72f43fae8      2             [nc]      __netif_receive_skb netns=4026533589 mark=0x0 ifindex=8 proto=8 mtu=1500 len=60 10.244.1.165:34998->10.244.0.88:80(tcp)
0xffff90f72f43fae8      2             [nc] __netif_receive_skb_one_core netns=4026533589 mark=0x0 ifindex=8 proto=8 mtu=1500 len=60 10.244.1.165:34998->10.244.0.88:80(tcp)
0xffff90f72f43fae8      2             [nc]             tcf_classify netns=4026533589 mark=0x0 ifindex=8 proto=8 mtu=1500 len=60 10.244.1.165:34998->10.244.0.88:80(tcp)
0xffff90f72f43fae8      2             [nc]      skb_ensure_writable netns=4026533589 mark=0x0 ifindex=8 proto=8 mtu=1500 len=74 10.244.1.165:34998->10.244.0.88:80(tcp)
0xffff90f72f43fae8      2             [nc]                   ip_rcv netns=4026533589 mark=0xbc5a6e00 ifindex=8 proto=8 mtu=1500 len=60 10.244.1.165:34998->10.244.0.88:80(tcp)
0xffff90f72f43fae8      2             [nc]              ip_rcv_core netns=4026533589 mark=0xbc5a6e00 ifindex=8 proto=8 mtu=1500 len=60 10.244.1.165:34998->10.244.0.88:80(tcp)
0xffff90f72f43fae8      2             [nc]                tcp_wfree netns=4026533589 mark=0xbc5a6e00 ifindex=8 proto=8 mtu=1500 len=60 10.244.1.165:34998->10.244.0.88:80(tcp)
0xffff90f72f43fae8      2             [nc]             nf_hook_slow netns=4026533589 mark=0xbc5a6e00 ifindex=8 proto=8 mtu=1500 len=60 10.244.1.165:34998->10.244.0.88:80(tcp)
0xffff90f72f43fae8      2             [nc]   __inet_lookup_listener netns=4026533589 mark=0xbc5a6e00 ifindex=8 proto=8 mtu=1500 len=60 10.244.1.165:34998->10.244.0.88:80(tcp)
0xffff90f72f43fae8      2             [nc]       inet_lhash2_lookup netns=4026533589 mark=0xbc5a6e00 ifindex=8 proto=8 mtu=1500 len=60 10.244.1.165:34998->10.244.0.88:80(tcp)
0xffff90f72f43fae8      2             [nc]       inet_lhash2_lookup netns=4026533589 mark=0xbc5a6e00 ifindex=8 proto=8 mtu=1500 len=60 10.244.1.165:34998->10.244.0.88:80(tcp)
0xffff90f72f43fae8      2             [nc]       tcp_v4_early_demux netns=4026533589 mark=0xbc5a6e00 ifindex=8 proto=8 mtu=1500 len=60 10.244.1.165:34998->10.244.0.88:80(tcp)
0xffff90f72f43fae8      2             [nc]     ip_route_input_noref netns=4026533589 mark=0xbc5a6e00 ifindex=8 proto=8 mtu=1500 len=60 10.244.1.165:34998->10.244.0.88:80(tcp)
0xffff90f72f43fae8      2             [nc]       ip_route_input_rcu netns=4026533589 mark=0xbc5a6e00 ifindex=8 proto=8 mtu=1500 len=60 10.244.1.165:34998->10.244.0.88:80(tcp)
0xffff90f72f43fae8      2             [nc]      ip_route_input_slow netns=4026533589 mark=0xbc5a6e00 ifindex=8 proto=8 mtu=1500 len=60 10.244.1.165:34998->10.244.0.88:80(tcp)
0xffff90f72f43fae8      2             [nc]          __mkroute_input netns=4026533589 mark=0xbc5a6e00 ifindex=8 proto=8 mtu=1500 len=60 10.244.1.165:34998->10.244.0.88:80(tcp)
0xffff90f72f43fae8      2             [nc]      fib_validate_source netns=4026533589 mark=0xbc5a6e00 ifindex=8 proto=8 mtu=1500 len=60 10.244.1.165:34998->10.244.0.88:80(tcp)
0xffff90f72f43fae8      2             [nc]    __fib_validate_source netns=4026533589 mark=0xbc5a6e00 ifindex=8 proto=8 mtu=1500 len=60 10.244.1.165:34998->10.244.0.88:80(tcp)
0xffff90f72f43fae8      2             [nc]               ip_forward netns=4026533589 mark=0xbc5a6e00 ifindex=8 proto=8 mtu=1500 len=60 10.244.1.165:34998->10.244.0.88:80(tcp)
0xffff90f72f43fae8      2             [nc]      __xfrm_policy_check netns=4026533589 mark=0xbc5a6e00 ifindex=8 proto=8 mtu=1500 len=60 10.244.1.165:34998->10.244.0.88:80(tcp)
0xffff90f72f43fae8      2             [nc]          decode_session4 netns=4026533589 mark=0xbc5a6e00 ifindex=8 proto=8 mtu=1500 len=60 10.244.1.165:34998->10.244.0.88:80(tcp)
0xffff90f72f43fae8      2             [nc] security_xfrm_decode_session netns=4026533589 mark=0xbc5a6e00 ifindex=8 proto=8 mtu=1500 len=60 10.244.1.165:34998->10.244.0.88:80(tcp)
0xffff90f72f43fae8      2             [nc]     __xfrm_route_forward netns=4026533589 mark=0xbc5a6e00 ifindex=8 proto=8 mtu=1500 len=60 10.244.1.165:34998->10.244.0.88:80(tcp)
0xffff90f72f43fae8      2             [nc]          decode_session4 netns=4026533589 mark=0xbc5a6e00 ifindex=8 proto=8 mtu=1500 len=60 10.244.1.165:34998->10.244.0.88:80(tcp)
0xffff90f72f43fae8      2             [nc] security_xfrm_decode_session netns=4026533589 mark=0xbc5a6e00 ifindex=8 proto=8 mtu=1500 len=60 10.244.1.165:34998->10.244.0.88:80(tcp)
0xffff90f72f43fae8      2             [nc]         pskb_expand_head netns=4026533589 mark=0xbc5a6e00 ifindex=8 proto=8 mtu=1500 len=60 10.244.1.165:34998->10.244.0.88:80(tcp)
0xffff90f72f43fae8      2             [nc]         skb_release_data netns=4026533589 mark=0xbc5a6e00 ifindex=8 proto=8 mtu=1500 len=60 10.244.1.165:34998->10.244.0.88:80(tcp)
0xffff90f72f43fae8      2             [nc] skb_headers_offset_update netns=4026533589 mark=0xbc5a6e00 ifindex=8 proto=8 mtu=1500 len=60 10.244.1.165:34998->10.244.0.88:80(tcp)
0xffff90f72f43fae8      2             [nc]             nf_hook_slow netns=4026533589 mark=0xbc5a6e00 ifindex=8 proto=8 mtu=1500 len=60 10.244.1.165:34998->10.244.0.88:80(tcp)
0xffff90f72f43fae8      2             [nc]        ip_forward_finish netns=4026533589 mark=0xbc5a6e00 ifindex=8 proto=8 mtu=1500 len=60 10.244.1.165:34998->10.244.0.88:80(tcp)
0xffff90f72f43fae8      2             [nc]             xfrm4_output netns=4026533589 mark=0xbc5a6e00 ifindex=8 proto=8 mtu=1500 len=60 10.244.1.165:34998->10.244.0.88:80(tcp)
0xffff90f72f43fae8      2             [nc]             nf_hook_slow netns=4026533589 mark=0xbc5a6e00 ifindex=8 proto=8 mtu=1500 len=60 10.244.1.165:34998->10.244.0.88:80(tcp)
0xffff90f72f43fae8      2             [nc]    apparmor_ip_postroute netns=4026533589 mark=0xbc5a6e00 ifindex=8 proto=8 mtu=1500 len=60 10.244.1.165:34998->10.244.0.88:80(tcp)
0xffff90f72f43fae8      2             [nc]           __xfrm4_output netns=4026533589 mark=0xbc5a6e00 ifindex=8 proto=8 mtu=1500 len=60 10.244.1.165:34998->10.244.0.88:80(tcp)
0xffff90f72f43fae8      2             [nc]              xfrm_output netns=4026533589 mark=0xbc5a6e00 ifindex=8 proto=8 mtu=1500 len=60 10.244.1.165:34998->10.244.0.88:80(tcp)
0xffff90f72f43fae8      2             [nc]      xfrm_dev_offload_ok netns=4026533589 mark=0xbc5a6e00 ifindex=8 proto=8 mtu=1500 len=60 10.244.1.165:34998->10.244.0.88:80(tcp)
0xffff90f72f43fae8      2             [nc]        skb_checksum_help netns=4026533589 mark=0xbc5a6e00 ifindex=8 proto=8 mtu=1500 len=60 10.244.1.165:34998->10.244.0.88:80(tcp)
0xffff90f72f43fae8      2             [nc]      skb_ensure_writable netns=4026533589 mark=0xbc5a6e00 ifindex=8 proto=8 mtu=1500 len=60 10.244.1.165:34998->10.244.0.88:80(tcp)
0xffff90f72f43fae8      2             [nc]       xfrm_output_resume netns=4026533589 mark=0xbc5a6e00 ifindex=8 proto=8 mtu=1500 len=60 10.244.1.165:34998->10.244.0.88:80(tcp)
0xffff90f72f43fae8      2             [nc]          xfrm_output_one netns=4026533589 mark=0xbc5a6e00 ifindex=8 proto=8 mtu=1500 len=60 10.244.1.165:34998->10.244.0.88:80(tcp)
0xffff90f72f43fae8      2             [nc]   xfrm_outer_mode_output netns=4026533589 mark=0xbc5a6e00 ifindex=8 proto=8 mtu=1500 len=60 10.244.1.165:34998->10.244.0.88:80(tcp)
0xffff90f72f43fae8      2             [nc] xfrm_inner_extract_output netns=4026533589 mark=0xbc5a6e00 ifindex=8 proto=8 mtu=1500 len=60 10.244.1.165:34998->10.244.0.88:80(tcp)
0xffff90f72f43fae8      2             [nc]     xfrm_replay_overflow netns=4026533589 mark=0xbc5a6e00 ifindex=8 proto=8 mtu=1500 len=60 10.244.1.231:0->10.244.0.243:0()
0xffff90f72f43fae8      2             [nc]                 pskb_put netns=4026533589 mark=0xbc5a6e00 ifindex=8 proto=8 mtu=1500 len=60 10.244.1.231:0->10.244.0.243:0()
0xffff90f72f43fae8      2             [nc]                 skb_push netns=4026533589 mark=0xbc5a6e00 ifindex=8 proto=8 mtu=1500 len=80 10.244.1.231:0->10.244.0.243:0()
0xffff90f72f43fae8      2             [nc]             skb_to_sgvec netns=4026533589 mark=0xbc5a6e00 ifindex=8 proto=8 mtu=1500 len=116 10.244.1.231:0->10.244.0.243:0()
0xffff90f72f43fae8      2             [nc]           __skb_to_sgvec netns=4026533589 mark=0xbc5a6e00 ifindex=8 proto=8 mtu=1500 len=116 10.244.1.231:0->10.244.0.243:0()
0xffff90f72f43fae8      2             [nc]           __ip_local_out netns=4026533589 mark=0xbc5a6e00 ifindex=8 proto=8 mtu=1500 len=116 10.244.1.231:0->10.244.0.243:0()
0xffff90f72f43fae8      2             [nc]             nf_hook_slow netns=4026533589 mark=0xbc5a6e00 ifindex=8 proto=8 mtu=1500 len=116 10.244.1.231:0->10.244.0.243:0()
0xffff90f72f43fae8      2             [nc]                ip_output netns=4026533589 mark=0xbc5a6e00 ifindex=8 proto=8 mtu=1500 len=116 10.244.1.231:0->10.244.0.243:0()
0xffff90f72f43fae8      2             [nc]             nf_hook_slow netns=4026533589 mark=0xbc5a6e00 ifindex=3 proto=8 mtu=1500 len=116 10.244.1.231:0->10.244.0.243:0()
0xffff90f72f43fae8      2             [nc]    apparmor_ip_postroute netns=4026533589 mark=0xbc5a6e00 ifindex=3 proto=8 mtu=1500 len=116 10.244.1.231:0->10.244.0.243:0()
0xffff90f72f43fae8      2             [nc]         ip_finish_output netns=4026533589 mark=0xbc5a6e00 ifindex=3 proto=8 mtu=1500 len=116 10.244.1.231:0->10.244.0.243:0()
0xffff90f72f43fae8      2             [nc]       __ip_finish_output netns=4026533589 mark=0xbc5a6e00 ifindex=3 proto=8 mtu=1500 len=116 10.244.1.231:0->10.244.0.243:0()
0xffff90f72f43fae8      2             [nc]        ip_finish_output2 netns=4026533589 mark=0xbc5a6e00 ifindex=3 proto=8 mtu=1500 len=116 10.244.1.231:0->10.244.0.243:0()
0xffff90f72f43fae8      2             [nc]         __dev_queue_xmit netns=4026533589 mark=0xbc5a6e00 ifindex=3 proto=8 mtu=1500 len=130 10.244.1.231:0->10.244.0.243:0()
0xffff90f72f43fae8      2             [nc]       qdisc_pkt_len_init netns=4026533589 mark=0xbc5a6e00 ifindex=3 proto=8 mtu=1500 len=130 10.244.1.231:0->10.244.0.243:0()
0xffff90f72f43fae8      2             [nc]             tcf_classify netns=4026533589 mark=0xbc5a6e00 ifindex=3 proto=8 mtu=1500 len=130 10.244.1.231:0->10.244.0.243:0()
0xffff90f72f43fae8      2             [nc]          skb_do_redirect netns=4026533589 mark=0x0 ifindex=3 proto=8 mtu=1500 len=130 10.244.1.231:0->10.244.0.243:0()
0xffff90f72f43fae8      2             [nc]           __bpf_redirect netns=4026533589 mark=0x0 ifindex=3 proto=8 mtu=1500 len=130 10.244.1.231:0->10.244.0.243:0()
0xffff90f72f43fae8      2             [nc]         __dev_queue_xmit netns=4026533589 mark=0x0 ifindex=4 proto=8 mtu=1500 len=130 10.244.1.231:0->10.244.0.243:0()
0xffff90f72f43fae8      2             [nc]       qdisc_pkt_len_init netns=4026533589 mark=0x0 ifindex=4 proto=8 mtu=1500 len=130 10.244.1.231:0->10.244.0.243:0()
0xffff90f72f43fae8      2             [nc]             tcf_classify netns=4026533589 mark=0x0 ifindex=4 proto=8 mtu=1500 len=130 10.244.1.231:0->10.244.0.243:0()
0xffff90f72f43fae8      2             [nc]      netdev_core_pick_tx netns=4026533589 mark=0x0 ifindex=4 proto=8 mtu=1500 len=130 10.244.1.231:0->10.244.0.243:0()
0xffff90f72f43fae8      2             [nc]        validate_xmit_skb netns=4026533589 mark=0x0 ifindex=4 proto=8 mtu=1500 len=130 10.244.1.231:0->10.244.0.243:0()
0xffff90f72f43fae8      2             [nc]       netif_skb_features netns=4026533589 mark=0x0 ifindex=4 proto=8 mtu=1500 len=130 10.244.1.231:0->10.244.0.243:0()
0xffff90f72f43fae8      2             [nc]     skb_network_protocol netns=4026533589 mark=0x0 ifindex=4 proto=8 mtu=1500 len=130 10.244.1.231:0->10.244.0.243:0()
0xffff90f72f43fae8      2             [nc]       validate_xmit_xfrm netns=4026533589 mark=0x0 ifindex=4 proto=8 mtu=1500 len=130 10.244.1.231:0->10.244.0.243:0()
0xffff90f72f43fae8      2             [nc]      dev_hard_start_xmit netns=4026533589 mark=0x0 ifindex=4 proto=8 mtu=1500 len=130 10.244.1.231:0->10.244.0.243:0()
0xffff90f72f43fae8      2             [nc]    skb_tunnel_check_pmtu netns=4026533589 mark=0x0 ifindex=4 proto=8 mtu=1500 len=130 10.244.1.231:0->10.244.0.243:0()
0xffff90f72f43fae8      2             [nc] iptunnel_handle_offloads netns=4026533589 mark=0x0 ifindex=4 proto=8 mtu=1500 len=130 10.244.1.231:0->10.244.0.243:0()
0xffff90f72f43fae8      2             [nc]             udp_set_csum netns=4026533589 mark=0x0 ifindex=4 proto=8 mtu=1500 len=146 10.244.1.231:0->10.244.0.243:0()
0xffff90f72f43fae8      2             [nc]            iptunnel_xmit netns=4026533589 mark=0x0 ifindex=4 proto=8 mtu=1500 len=146 10.244.1.231:0->10.244.0.243:0()
0xffff90f72f43fae8      2             [nc]         skb_scrub_packet netns=4026533589 mark=0x0 ifindex=4 proto=8 mtu=1500 len=146 10.244.1.231:0->10.244.0.243:0()
0xffff90f72f43fae8      2             [nc]                 skb_push netns=4026533589 mark=0x0 ifindex=4 proto=8 mtu=1500 len=146 10.244.1.231:0->10.244.0.243:0()
0xffff90f72f43fae8      2             [nc]             ip_local_out netns=4026533589 mark=0x0 ifindex=4 proto=8 mtu=1500 len=166 172.23.0.3:36943->172.23.0.2:8472(udp)
0xffff90f72f43fae8      2             [nc]           __ip_local_out netns=4026533589 mark=0x0 ifindex=4 proto=8 mtu=1500 len=166 172.23.0.3:36943->172.23.0.2:8472(udp)
0xffff90f72f43fae8      2             [nc]             nf_hook_slow netns=4026533589 mark=0x0 ifindex=4 proto=8 mtu=1500 len=166 172.23.0.3:36943->172.23.0.2:8472(udp)
0xffff90f72f43fae8      2             [nc]                ip_output netns=4026533589 mark=0xc00 ifindex=4 proto=8 mtu=1500 len=166 172.23.0.3:36943->172.23.0.2:8472(udp)
0xffff90f72f43fae8      2             [nc]             nf_hook_slow netns=4026533589 mark=0xc00 ifindex=42 proto=8 mtu=1500 len=166 172.23.0.3:36943->172.23.0.2:8472(udp)
0xffff90f72f43fae8      2             [nc]    apparmor_ip_postroute netns=4026533589 mark=0xc00 ifindex=42 proto=8 mtu=1500 len=166 172.23.0.3:36943->172.23.0.2:8472(udp)
0xffff90f72f43fae8      2             [nc]         ip_finish_output netns=4026533589 mark=0xc00 ifindex=42 proto=8 mtu=1500 len=166 172.23.0.3:36943->172.23.0.2:8472(udp)
0xffff90f72f43fae8      2             [nc]       __ip_finish_output netns=4026533589 mark=0xc00 ifindex=42 proto=8 mtu=1500 len=166 172.23.0.3:36943->172.23.0.2:8472(udp)
0xffff90f72f43fae8      2             [nc]        ip_finish_output2 netns=4026533589 mark=0xc00 ifindex=42 proto=8 mtu=1500 len=166 172.23.0.3:36943->172.23.0.2:8472(udp)
0xffff90f72f43fae8      2             [nc]         __dev_queue_xmit netns=4026533589 mark=0xc00 ifindex=42 proto=8 mtu=1500 len=180 172.23.0.3:36943->172.23.0.2:8472(udp)
0xffff90f72f43fae8      2             [nc]       qdisc_pkt_len_init netns=4026533589 mark=0xc00 ifindex=42 proto=8 mtu=1500 len=180 172.23.0.3:36943->172.23.0.2:8472(udp)
0xffff90f72f43fae8      2             [nc]      netdev_core_pick_tx netns=4026533589 mark=0xc00 ifindex=42 proto=8 mtu=1500 len=180 172.23.0.3:36943->172.23.0.2:8472(udp)
0xffff90f72f43fae8      2             [nc]        validate_xmit_skb netns=4026533589 mark=0xc00 ifindex=42 proto=8 mtu=1500 len=180 172.23.0.3:36943->172.23.0.2:8472(udp)
0xffff90f72f43fae8      2             [nc]       netif_skb_features netns=4026533589 mark=0xc00 ifindex=42 proto=8 mtu=1500 len=180 172.23.0.3:36943->172.23.0.2:8472(udp)
0xffff90f72f43fae8      2             [nc]  passthru_features_check netns=4026533589 mark=0xc00 ifindex=42 proto=8 mtu=1500 len=180 172.23.0.3:36943->172.23.0.2:8472(udp)
0xffff90f72f43fae8      2             [nc]     skb_network_protocol netns=4026533589 mark=0xc00 ifindex=42 proto=8 mtu=1500 len=180 172.23.0.3:36943->172.23.0.2:8472(udp)
0xffff90f72f43fae8      2             [nc]       validate_xmit_xfrm netns=4026533589 mark=0xc00 ifindex=42 proto=8 mtu=1500 len=180 172.23.0.3:36943->172.23.0.2:8472(udp)
0xffff90f72f43fae8      2             [nc]      dev_hard_start_xmit netns=4026533589 mark=0xc00 ifindex=42 proto=8 mtu=1500 len=180 172.23.0.3:36943->172.23.0.2:8472(udp)
0xffff90f72f43fae8      2             [nc]   skb_clone_tx_timestamp netns=4026533589 mark=0xc00 ifindex=42 proto=8 mtu=1500 len=180 172.23.0.3:36943->172.23.0.2:8472(udp)
0xffff90f72f43fae8      2             [nc]        __dev_forward_skb netns=4026533589 mark=0xc00 ifindex=42 proto=8 mtu=1500 len=180 172.23.0.3:36943->172.23.0.2:8472(udp)
0xffff90f72f43fae8      2             [nc]       __dev_forward_skb2 netns=4026533589 mark=0xc00 ifindex=42 proto=8 mtu=1500 len=180 172.23.0.3:36943->172.23.0.2:8472(udp)
0xffff90f72f43fae8      2             [nc]         skb_scrub_packet netns=4026533589 mark=0xc00 ifindex=42 proto=8 mtu=1500 len=180 172.23.0.3:36943->172.23.0.2:8472(udp)
0xffff90f72f43fae8      2             [nc]           eth_type_trans netns=4026533589 mark=0x0 ifindex=42 proto=8 mtu=1500 len=180 172.23.0.3:36943->172.23.0.2:8472(udp)

First it's 10.244.1.165:34998->10.244.0.88:80(tcp), then after tcf_classify it's marked with mark=0xbc5a6e00; then xfrm_inner_extract_output encaps and encrypts skb to ESP 10.244.1.231:0->10.244.0.243:0(); then tc bpf on the ifindex=3 redirects skb to ifindex=4; finally on the ifindex=4 it's encapped as vxlan 172.23.0.3:36943->172.23.0.2:8472(udp).

(And I changed perf_output to bpf_queue locally to avoid event loss)

@borkmann
Copy link
Member

This is super useful, thanks for working on this! Also, I think it would be nice to have a --follow-skb-clones option where we add new addresses to that tracker map whenever there was a clone or copy of the skb in order to get visibility where their paths go.

brb
brb reviewed Jun 23, 2023
View reviewed changes
brb
brb approved these changes Jun 23, 2023
View reviewed changes
Copy link
Member

@brb brb left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice! Minor suggestion.

@brb brb mentioned this pull request Jun 23, 2023
Closed
@brb
Copy link
Member

brb commented Jun 23, 2023

Created #200 to track Daniel's suggestion.

@jschwinger233
Add flag --filter-track-skb to enable tracking skb by address
7048cd5 
Signed-off-by: Zhichuan Liang <gray.liang@isovalent.com>
@brb brb merged commit 2b720fb into cilium:main Jun 26, 2023
@jschwinger233 jschwinger233 mentioned this pull request Aug 29, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@brb brb brb approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

track skb pointer
3 participants
@jschwinger233 @borkmann @brb