add service metrics

Signed-off-by: LiZhenCheng9527 <[email protected]>
kmesh-net · Jul 29, 2024 · 33eaba6 · 33eaba6
1 parent df8b1b0
commit 33eaba6
Show file tree

Hide file tree

Showing 7 changed files with 495 additions and 141 deletions.
diff --git a/bpf/kmesh/probes/metrics.h b/bpf/kmesh/probes/metrics.h
@@ -14,7 +14,6 @@ struct metric_key {
 };
 
 struct metric_data {
-    __u32 direction;      // update on connect
     __u32 conn_open;      // update on connect
     __u32 conn_close;     // update on close
     __u32 conn_failed;    // update on close
@@ -45,21 +44,38 @@ static inline void construct_metric_key(struct bpf_sock *sk, __u8 direction, str
         if (sk->family == AF_INET) {
             key->src_ip.ip4 = sk->src_ip4;
             key->dst_ip.ip4 = sk->dst_ip4;
-        } else {
+        }
+        if (sk->family == AF_INET6) {
             bpf_memcpy(key->src_ip.ip6, sk->src_ip6, IPV6_ADDR_LEN);
             bpf_memcpy(key->dst_ip.ip6, sk->dst_ip6, IPV6_ADDR_LEN);
         }
-        key->dst_port = bpf_ntohl(sk->dst_port);
-    } else {
+        key->dst_port = bpf_ntohs(sk->dst_port);
+    }
+    if (direction == INBOUND) {
         if (sk->family == AF_INET) {
             key->src_ip.ip4 = sk->dst_ip4;
             key->dst_ip.ip4 = sk->src_ip4;
-        } else {
+        }
+        if (sk->family == AF_INET6) {
             bpf_memcpy(key->src_ip.ip6, sk->dst_ip6, IPV6_ADDR_LEN);
             bpf_memcpy(key->dst_ip.ip6, sk->src_ip6, IPV6_ADDR_LEN);
         }
         key->dst_port = sk->src_port;
     }
+
+    if (is_ipv4_mapped_addr(key->src_ip.ip6)) {
+        key->src_ip.ip4 = key->src_ip.ip6[3];
+        key->dst_ip.ip4 = key->dst_ip.ip6[3];
+        key->src_ip.ip6[0] = key->src_ip.ip4;
+        key->dst_ip.ip6[0] = key->dst_ip.ip4;
+        key->src_ip.ip6[1] = 0;
+        key->src_ip.ip6[2] = 0;
+        key->src_ip.ip6[3] = 0;
+        key->dst_ip.ip6[1] = 0;
+        key->dst_ip.ip6[2] = 0;
+        key->dst_ip.ip6[3] = 0;
+    }
+
     return;
 }
 
@@ -87,7 +103,6 @@ metric_on_connect(struct bpf_sock *sk, struct bpf_tcp_sock *tcp_sock, struct soc
     metric = (struct metric_data *)bpf_map_lookup_elem(&map_of_metrics, &key);
     if (!metric) {
         data.conn_open++;
-        data.direction = storage->direction;
         int err = bpf_map_update_elem(&map_of_metrics, &key, &data, BPF_NOEXIST);
         if (err) {
             BPF_LOG(ERR, PROBE, "metric_on_connect update failed, err is %d\n", err);
@@ -97,7 +112,6 @@ metric_on_connect(struct bpf_sock *sk, struct bpf_tcp_sock *tcp_sock, struct soc
     }
 
     metric->conn_open++;
-    metric->direction = storage->direction;
 notify:
     report_metrics(&key);
     return;
@@ -114,7 +128,6 @@ metric_on_close(struct bpf_sock *sk, struct bpf_tcp_sock *tcp_sock, struct sock_
     metric = (struct metric_data *)bpf_map_lookup_elem(&map_of_metrics, &key);
     if (!metric) {
         // connect failed
-        data.direction = storage->direction;
         data.conn_failed++;
         int err = bpf_map_update_elem(&map_of_metrics, &key, &data, BPF_NOEXIST);
         if (err) {

diff --git a/bpf/kmesh/workload/sockops.c b/bpf/kmesh/workload/sockops.c
@@ -38,8 +38,12 @@ static inline bool is_managed_by_kmesh(struct bpf_sock_ops *skops)
     struct manager_key key = {0};
     if (skops->family == AF_INET)
         key.addr.ip4 = skops->local_ip4;
-    if (skops->family == AF_INET6)
-        IP6_COPY(key.addr.ip6, skops->local_ip6);
+    if (skops->family == AF_INET6) {
+        if (is_ipv4_mapped_addr(skops->local_ip6))
+            key.addr.ip4 = skops->local_ip4;
+        else
+            IP6_COPY(key.addr.ip6, skops->local_ip6);
+    }
 
     int *value = bpf_map_lookup_elem(&map_of_manager, &key);
     if (!value)
@@ -75,14 +79,28 @@ static inline void extract_skops_to_tuple_reverse(struct bpf_sock_ops *skops, st
         tuple_key->ipv4.sport = GET_SKOPS_REMOTE_PORT(skops);
         // local_port is host byteorder
         tuple_key->ipv4.dport = bpf_htons(GET_SKOPS_LOCAL_PORT(skops));
-    } else {
+    } 
+    if (skops->family == AF_INET6) {
         bpf_memcpy(tuple_key->ipv6.saddr, skops->remote_ip6, IPV6_ADDR_LEN);
         bpf_memcpy(tuple_key->ipv6.daddr, skops->local_ip6, IPV6_ADDR_LEN);
         // remote_port is network byteorder
         tuple_key->ipv6.sport = GET_SKOPS_REMOTE_PORT(skops);
         // local_port is host byteorder
         tuple_key->ipv6.dport = bpf_htons(GET_SKOPS_LOCAL_PORT(skops));
     }
+
+    if (is_ipv4_mapped_addr(tuple_key->ipv6.saddr)) {
+        tuple_key->ipv4.saddr = tuple_key->ipv6.saddr[3];
+        tuple_key->ipv4.daddr = tuple_key->ipv6.daddr[3];
+        tuple_key->ipv6.saddr[0] = tuple_key->ipv4.saddr;
+        tuple_key->ipv6.daddr[0] = tuple_key->ipv4.daddr;
+        tuple_key->ipv6.saddr[1] = 0;
+        tuple_key->ipv6.saddr[2] = 0;
+        tuple_key->ipv6.saddr[3] = 0;
+        tuple_key->ipv6.daddr[1] = 0;
+        tuple_key->ipv6.daddr[2] = 0;
+        tuple_key->ipv6.daddr[3] = 0;
+    }
 }
 
 // clean map_of_auth

diff --git a/pkg/auth/rbac.go b/pkg/auth/rbac.go
@@ -146,6 +146,11 @@ func (r *Rbac) Run(ctx context.Context, mapOfTuple, mapOfAuth *ebpf.Map) {
 				continue
 			}
 
+			if msgType == MSG_TYPE_IPV6 {
+				conn.dstIp = restoreIPv4(conn.dstIp)
+				conn.srcIp = restoreIPv4(conn.srcIp)
+			}
+
 			if !r.doRbac(&conn) {
 				log.Infof("Auth denied for connection: %+v", conn)
 				// If conn is denied, write tuples into XDP map, which includes source/destination IP/Port
@@ -511,3 +516,14 @@ func (r *Rbac) getIdentityByIp(ip []byte) Identity {
 		serviceAccount: workload.GetServiceAccount(),
 	}
 }
+
+// Converting IPv4 data reported in IPv6 form to IPv4
+func restoreIPv4(bytes []byte) []byte {
+	for i := 4; i < 16; i++ {
+		if bytes[i] != 0 {
+			return bytes
+		}
+	}
+
+	return bytes[:4]
+}