Enhance get connection address strategy in access log module. (#143)

apache · Sep 19, 2024 · b4c7ffc · b4c7ffc
1 parent 2331dbe
commit b4c7ffc
Show file tree

Hide file tree

Showing 5 changed files with 35 additions and 6 deletions.
diff --git a/CHANGES.md b/CHANGES.md
@@ -11,6 +11,7 @@ Release Notes.
 * Add detect process from `CRI-O` container in Kubernetes.
 * Introduce `MonitorFilter` into access log module. 
 * Support monitoring ztunnel to adapt istio ambient mode.
+* Enhance get connection address strategy in access log module.
 
 #### Bug Fixes
 * Fixed the issue where `conntrack` could not find the Reply IP in the access log module.

diff --git a/bpf/accesslog/common/connection.h b/bpf/accesslog/common/connection.h
@@ -218,6 +218,16 @@ static __always_inline void submit_new_connection(void* ctx, bool success, __u32
     __u16 port;
     event->local_port = 0;
     event->remote_port = 0;
+    if (socket == NULL) {
+        struct task_struct* task_ptr = (struct task_struct*)bpf_get_current_task();
+        struct files_struct *files = _(task_ptr->files);
+        struct fdtable *fdtable = _(files->fdt);
+        struct file *fd_data;
+        struct file **fd_ptr;
+        bpf_probe_read_kernel(&fd_ptr, sizeof(fd_ptr), &fdtable->fd);
+        bpf_probe_read_kernel(&fd_data, sizeof(fd_data), &fd_ptr[fd]);
+        socket = _(fd_data->private_data);
+    }
     if (socket != NULL) {
         // only get from accept function(server side)
         struct sock* s;

diff --git a/bpf/include/api.h b/bpf/include/api.h
@@ -56,9 +56,22 @@ struct thread_struct {
     } uw;
 }  __attribute__((preserve_access_index));
 
+struct file {
+	void *private_data;
+} __attribute__((preserve_access_index));
+
+struct fdtable {
+	struct file **fd;      /* current fd array */
+} __attribute__((preserve_access_index));
+
+struct files_struct {
+	struct fdtable *fdt;
+} __attribute__((preserve_access_index));
+
 struct task_struct {
 	__u32 pid;
     __u32 tgid;
     struct thread_struct thread;
+    struct files_struct *files;
 }  __attribute__((preserve_access_index));
 #endif
diff --git a/bpf/include/socket.h b/bpf/include/socket.h
@@ -60,6 +60,7 @@ struct sock_common {
 
 struct socket {
 	struct sock		*sk;
+	struct file		*file;
 } __attribute__((preserve_access_index));
 
 struct iov_iter {

diff --git a/pkg/accesslog/runner.go b/pkg/accesslog/runner.go
@@ -214,6 +214,16 @@ func (r *Runner) sendLogs(allLogs map[*common.ConnectionInfo]*connectionLogs) er
 	firstLog := true
 	firstConnection := true
 	for connection, logs := range allLogs {
+		if len(logs.kernels) == 0 && len(logs.protocols) == 0 {
+			continue
+		}
+		if log.Enable(logrus.DebugLevel) {
+			log.Debugf("ready to sending access log with connection, connection ID: %d, random ID: %d, "+
+				"local: %s, remote: %s, role: %s, kernel logs count: %d, protocol log count: %d",
+				connection.ConnectionID, connection.RandomID, connection.RPCConnection.Local, connection.RPCConnection.Remote,
+				connection.RPCConnection.Role, len(logs.kernels), len(logs.protocols))
+		}
+
 		if len(logs.kernels) > 0 {
 			r.sendLogToTheStream(streaming, r.buildAccessLogMessage(firstLog, firstConnection, connection, logs.kernels, nil))
 			firstLog, firstConnection = false, false
@@ -243,12 +253,6 @@ func (r *Runner) buildAccessLogMessage(firstLog, firstConnection bool, conn *com
 	var rpcCon *v3.AccessLogConnection
 	if firstConnection {
 		rpcCon = conn.RPCConnection
-		if log.Enable(logrus.DebugLevel) {
-			log.Debugf("ready to sending access log with connection, connection ID: %d, random ID: %d, "+
-				"local: %s, remote: %s, role: %s, kernel logs count: %d, contains protocol log: %t",
-				conn.ConnectionID, conn.RandomID, rpcCon.Local, rpcCon.Remote, rpcCon.Role,
-				len(kernelLogs), protocolLog != nil)
-		}
 	}
 	return &v3.EBPFAccessLogMessage{
 		Node:        r.BuildNodeInfo(firstLog),