ctmap: improve dump of CT_SERVICE entries #28913

julianwiedmann · 2023-11-01T04:23:27Z

The CT tuple (== key) for CT entries is typically stored in "reply" layout

.saddr/.daddr match a reply packet,
.sport/.dport are in reverse order of a reply packet

The exception is CT_SERVICE entries, where the CT tuple is stored in "forward" layout

.saddr/.daddr match a forward packet,
.sport/.dport are in reverse order of a forward packet

ctmap's .Dump() implementations didn't consider this, so when dumping a CT map the CT_SERVICE entries would be printed in opposite direction. Fix up the formatting, and also print CT_SERVICE entries as dedicated type ("TCP SVC") instead of aliasing with "TCP OUT" entries.

before:
---
TCP OUT 10.96.0.1:443 -> 10.244.0.113:46298 service expires=153061 RxPackets=0 RxBytes=1 RxFlagsSeen=0x00 LastRxReport=0 TxPackets=0 TxBytes=0 TxFlagsSeen=0x1a LastTxReport=145061 Flags=0x0010 [ SeenNonSyn ] RevNAT=1 SourceSecurityID=0 IfIndex=0
TCP OUT 10.96.0.1:443 -> 10.244.0.161:59970 service expires=153062 RxPackets=0 RxBytes=1 RxFlagsSeen=0x00 LastRxReport=0 TxPackets=0 TxBytes=0 TxFlagsSeen=0x1a LastTxReport=145061 Flags=0x0010 [ SeenNonSyn ] RevNAT=1 SourceSecurityID=0 IfIndex=0
TCP OUT 10.96.0.1:443 -> 10.244.0.87:49382 service expires=153062 RxPackets=0 RxBytes=1 RxFlagsSeen=0x00 LastRxReport=0 TxPackets=0 TxBytes=0 TxFlagsSeen=0x1a LastTxReport=145061 Flags=0x0010 [ SeenNonSyn ] RevNAT=1 SourceSecurityID=0 IfIndex=0

after:
---
TCP SVC 10.244.0.113:46298 -> 10.96.0.1:443 expires=155382 RxPackets=0 RxBytes=1 RxFlagsSeen=0x00 LastRxReport=0 TxPackets=0 TxBytes=0 TxFlagsSeen=0x1a LastTxReport=147382 Flags=0x0010 [ SeenNonSyn ] RevNAT=1 SourceSecurityID=0 IfIndex=0
TCP SVC 10.244.0.161:59970 -> 10.96.0.1:443 expires=155376 RxPackets=0 RxBytes=1 RxFlagsSeen=0x00 LastRxReport=0 TxPackets=0 TxBytes=0 TxFlagsSeen=0x1a LastTxReport=147376 Flags=0x0010 [ SeenNonSyn ] RevNAT=1 SourceSecurityID=0 IfIndex=0
TCP SVC 10.244.0.87:49382 -> 10.96.0.1:443 expires=155365 RxPackets=0 RxBytes=1 RxFlagsSeen=0x00 LastRxReport=0 TxPackets=0 TxBytes=0 TxFlagsSeen=0x1a LastTxReport=147361 Flags=0x0010 [ SeenNonSyn ] RevNAT=1 SourceSecurityID=0 IfIndex=0

Conntrack entries for Service connections are now printed in the canonical "source -> destination" format when using the "bpf ct list" command.

The CT tuple (== key) for CT entries is typically stored in "reply" layout - .saddr/.daddr match a reply packet, - .sport/.dport are in reverse order of a reply packet The exception is CT_SERVICE entries, where the CT tuple is stored in "forward" layout - .saddr/.daddr match a forward packet, - .sport/.dport are in reverse order of a forward packet ctmap's .Dump() implementations didn't consider this, so when dumping a CT map the CT_SERVICE entries would be printed in opposite direction. Fix up the formatting, and also print CT_SERVICE entries as dedicated type ("TCP SVC") instead of aliasing with "TCP OUT" entries. before: --- TCP OUT 10.96.0.1:443 -> 10.244.0.113:46298 service expires=153061 RxPackets=0 RxBytes=1 RxFlagsSeen=0x00 LastRxReport=0 TxPackets=0 TxBytes=0 TxFlagsSeen=0x1a LastTxReport=145061 Flags=0x0010 [ SeenNonSyn ] RevNAT=1 SourceSecurityID=0 IfIndex=0 TCP OUT 10.96.0.1:443 -> 10.244.0.161:59970 service expires=153062 RxPackets=0 RxBytes=1 RxFlagsSeen=0x00 LastRxReport=0 TxPackets=0 TxBytes=0 TxFlagsSeen=0x1a LastTxReport=145061 Flags=0x0010 [ SeenNonSyn ] RevNAT=1 SourceSecurityID=0 IfIndex=0 TCP OUT 10.96.0.1:443 -> 10.244.0.87:49382 service expires=153062 RxPackets=0 RxBytes=1 RxFlagsSeen=0x00 LastRxReport=0 TxPackets=0 TxBytes=0 TxFlagsSeen=0x1a LastTxReport=145061 Flags=0x0010 [ SeenNonSyn ] RevNAT=1 SourceSecurityID=0 IfIndex=0 after: --- TCP SVC 10.244.0.113:46298 -> 10.96.0.1:443 expires=155382 RxPackets=0 RxBytes=1 RxFlagsSeen=0x00 LastRxReport=0 TxPackets=0 TxBytes=0 TxFlagsSeen=0x1a LastTxReport=147382 Flags=0x0010 [ SeenNonSyn ] RevNAT=1 SourceSecurityID=0 IfIndex=0 TCP SVC 10.244.0.161:59970 -> 10.96.0.1:443 expires=155376 RxPackets=0 RxBytes=1 RxFlagsSeen=0x00 LastRxReport=0 TxPackets=0 TxBytes=0 TxFlagsSeen=0x1a LastTxReport=147376 Flags=0x0010 [ SeenNonSyn ] RevNAT=1 SourceSecurityID=0 IfIndex=0 TCP SVC 10.244.0.87:49382 -> 10.96.0.1:443 expires=155365 RxPackets=0 RxBytes=1 RxFlagsSeen=0x00 LastRxReport=0 TxPackets=0 TxBytes=0 TxFlagsSeen=0x1a LastTxReport=147361 Flags=0x0010 [ SeenNonSyn ] RevNAT=1 SourceSecurityID=0 IfIndex=0 Signed-off-by: Julian Wiedmann <jwi@isovalent.com>

julianwiedmann · 2023-11-01T04:50:22Z

/test

ldelossa

LGTM

christarazi

Nice find!

julianwiedmann marked this pull request as ready for review November 1, 2023 08:51

julianwiedmann requested a review from a team as a code owner November 1, 2023 08:51

julianwiedmann requested a review from ldelossa November 1, 2023 08:51

christarazi self-requested a review November 1, 2023 16:20

ldelossa approved these changes Nov 3, 2023

View reviewed changes

christarazi approved these changes Nov 3, 2023

View reviewed changes

maintainer-s-little-helper bot added the ready-to-merge This PR has passed all tests and received consensus from code owners to merge. label Nov 3, 2023

christarazi merged commit a48bce8 into cilium:main Nov 3, 2023

julianwiedmann deleted the 1.15-ct-service-dump branch November 4, 2023 03:21

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

ctmap: improve dump of CT_SERVICE entries #28913

ctmap: improve dump of CT_SERVICE entries #28913

Uh oh!

julianwiedmann commented Nov 1, 2023 •

edited

Loading

Uh oh!

julianwiedmann commented Nov 1, 2023

Uh oh!

ldelossa left a comment •

edited

Loading

Uh oh!

christarazi left a comment

Uh oh!

Uh oh!

ctmap: improve dump of CT_SERVICE entries #28913

ctmap: improve dump of CT_SERVICE entries #28913

Uh oh!

Conversation

julianwiedmann commented Nov 1, 2023 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

julianwiedmann commented Nov 1, 2023

Uh oh!

ldelossa left a comment • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Choose a reason for hiding this comment

Uh oh!

christarazi left a comment

Choose a reason for hiding this comment

Uh oh!

Uh oh!

julianwiedmann commented Nov 1, 2023 •

edited

Loading

ldelossa left a comment •

edited

Loading