You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
kretprobe/inet_csk_accept (reason TCP_ACCEPT_BASIC) has two big issues:
it doesn't track bytes dropped for any packet it processes (it calls get_packet_from_sock which doesn't populate the packet's skb_len, since that value is not available in the socket struct this ebpf hook receives as input; this means that the subsequent call to update_metrics_map doesn't increase the drop bytes metrics)
it misses some drops (it does a single rather than double pointer dereference of the value retrieved from accept_pids map; the rerieved pointer (and not underlying value) is assigned to int which given 2's complement notation means that anytime the memory address of the err value has the most significant bit == 0 (positive number), it returns early thinking the underlying function didn't indicate a drop)
Solutions:
We'd need to figure out how to get the sk_buff from the socket.
I tried 2 approaches unsuccessfully so far: doing the second pointer deref (ebpf verifier failure); storing the actual error value from inet_csk_accept rather than the pointer, as a signed int, which obviates the need for the double deref, but also got a verifier error.
The text was updated successfully, but these errors were encountered:
# Description
For all eBPF program in the DropReason plugin (except `inet_csk_accept`
which has issue we need to investigate
#715):
- only make ebpf map calls when necessary
- omit setting some packet fields to 0 right after `memset` is called on
the entire struct
**Details**:
Previously, we did a map lookup regardless of whether the input `retVal`
indicated a drop. Now, only for drops.
We also skip a map delete when there wasn't a earlier kprobe that saved
the corresponding PID.
## Checklist
- [x] I have read the [contributing
documentation](https://retina.sh/docs/contributing).
- [x] I signed and signed-off the commits (`git commit -S -s ...`). See
[this
documentation](https://docs.github.com/en/authentication/managing-commit-signature-verification/about-commit-signature-verification)
on signing commits.
- [x] I have correctly attributed the author(s) of the code.
- [x] I have tested the changes locally.
- [x] I have followed the project's style guidelines.
- [x] I have updated the documentation, if necessary.
- [x] I have added tests, if applicable.
Signed-off-by: Igor Klemenski <[email protected]>
kretprobe/inet_csk_accept
(reasonTCP_ACCEPT_BASIC
) has two big issues:get_packet_from_sock
which doesn't populate the packet'sskb_len
, since that value is not available in the socket struct this ebpf hook receives as input; this means that the subsequent call toupdate_metrics_map
doesn't increase the drop bytes metrics)accept_pids
map; the rerieved pointer (and not underlying value) is assigned toint
which given 2's complement notation means that anytime the memory address of theerr
value has the most significant bit == 0 (positive number), it returns early thinking the underlying function didn't indicate a drop)Solutions:
inet_csk_accept
rather than the pointer, as a signed int, which obviates the need for the double deref, but also got a verifier error.The text was updated successfully, but these errors were encountered: