Fix missing the first socket detail event in HTTPS protocol (#165)

apache · Dec 9, 2024 · 699d6a6 · 699d6a6
1 parent a5281ba
commit 699d6a6
Show file tree

Hide file tree

Showing 4 changed files with 60 additions and 67 deletions.
diff --git a/CHANGES.md b/CHANGES.md
@@ -12,6 +12,7 @@ Release Notes.
 * Decode the BPF data by self instant `binary.Read` to reduce CPU usage.
 * Fix the unaligned memory accesses for `upload_socket_data_buf`.
 * Support for connecting to the backend server over TLS without requiring `ca.pem`.
+* Fix missing the first socket detail event in HTTPS protocol.
 
 #### Bug Fixes
 * Fix the base image cannot run in the arm64.

diff --git a/bpf/accesslog/syscalls/transfer.h b/bpf/accesslog/syscalls/transfer.h
@@ -78,53 +78,6 @@ struct {
 	__uint(type, BPF_MAP_TYPE_PERF_EVENT_ARRAY);
 } socket_detail_data_queue SEC(".maps");
 
-
-static __inline void upload_socket_detail(void *ctx, __u64 conid, struct active_connection_t *connection, __u8 func_name, struct sock_data_args_t *data_args, bool ssl, __u64 end_nacs) {
-    // only send the original socket syscall(not ssl)
-    if (ssl == true) {
-        return;
-    }
-    __u32 kZero = 0;
-    struct socket_detail_t *detail = bpf_map_lookup_elem(&socket_detail_event_per_cpu_map, &kZero);
-    if (detail == NULL) {
-        return;
-    }
-
-    detail->connection_id = conid;
-    detail->random_id = connection->random_id;
-    detail->data_id = data_args->data_id;
-
-    detail->start_nacs = data_args->start_nacs;
-    detail->end_nacs = end_nacs;
-
-    detail->l4_duration = data_args->exit_l4_time - data_args->enter_l4_time;
-    detail->l3_duration = data_args->l3_duration;
-    detail->l3_local_duration = data_args->l3_local_duration;
-    detail->l3_output_duration = data_args->l3_output_duration;
-    detail->l3_resolve_mac_duration = data_args->total_resolve_mac_time;
-    detail->l3_net_filter_duration = data_args->total_net_filter_time;
-    detail->l2_duration = data_args->l2_duration;
-    detail->l2_ready_send_duration = data_args->l2_ready_send_duration;
-    detail->l2_send_duration = data_args->l2_send_duration;
-    detail->ifindex = data_args->ifindex;
-    detail->l4_total_package_size = data_args->total_package_size;
-    detail->l4_package_count = data_args->package_count;
-    detail->l4_retransmit_package_count = data_args->retransmit_package_count;
-    detail->l3_resolve_mac_count = data_args->total_resolve_mac_count;
-    detail->l3_net_filter_count = data_args->total_net_filter_count;
-    detail->op_func_name = func_name;
-    detail->data_protocol = connection->protocol;
-    detail->ssl = connection->ssl;
-    detail->l2_package_to_queue_time = data_args->total_package_to_queue_time;
-    detail->l3_total_recv_time = data_args->l3_rcv_duration;
-    detail->l2_enter_queue_count = data_args->l2_enter_queue_count;
-    detail->l4_package_rcv_from_queue_time = data_args->total_package_receive_from_queue_time;
-
-    // loss package detail
-
-    bpf_perf_event_output(ctx, &socket_detail_data_queue, BPF_F_CURRENT_CPU, detail, sizeof(*detail));
-}
-
 static __always_inline void process_write_data(void *ctx, __u64 id, struct sock_data_args_t *args, ssize_t bytes_count,
                                         __u32 data_direction, const bool vecs, __u8 func_name, bool ssl) {
     __u64 curr_nacs = bpf_ktime_get_ns();
@@ -187,8 +140,46 @@ static __always_inline void process_write_data(void *ctx, __u64 id, struct sock_
     }
 
     __u64 conid = gen_tgid_fd(tgid, args->fd);
-    // upload the socket detail
-    upload_socket_detail(ctx, conid, conn, func_name, args, ssl, curr_nacs);
+    // upload the socket detail, detail can only be send when the ssl are same:
+    // 1. when the SSL connection sends SSL(unencrypted) message
+    // 2. when the not SSL connection sends plain data
+    if (conn->ssl == ssl) {
+        __u32 kZero = 0;
+        struct socket_detail_t *detail = bpf_map_lookup_elem(&socket_detail_event_per_cpu_map, &kZero);
+        if (detail != NULL) {
+            detail->connection_id = conid;
+            detail->random_id = conn->random_id;
+            detail->data_id = args->data_id;
+
+            detail->start_nacs = args->start_nacs;
+            detail->end_nacs = curr_nacs;
+
+            detail->l4_duration = args->exit_l4_time - args->enter_l4_time;
+            detail->l3_duration = args->l3_duration;
+            detail->l3_local_duration = args->l3_local_duration;
+            detail->l3_output_duration = args->l3_output_duration;
+            detail->l3_resolve_mac_duration = args->total_resolve_mac_time;
+            detail->l3_net_filter_duration = args->total_net_filter_time;
+            detail->l2_duration = args->l2_duration;
+            detail->l2_ready_send_duration = args->l2_ready_send_duration;
+            detail->l2_send_duration = args->l2_send_duration;
+            detail->ifindex = args->ifindex;
+            detail->l4_total_package_size = args->total_package_size;
+            detail->l4_package_count = args->package_count;
+            detail->l4_retransmit_package_count = args->retransmit_package_count;
+            detail->l3_resolve_mac_count = args->total_resolve_mac_count;
+            detail->l3_net_filter_count = args->total_net_filter_count;
+            detail->op_func_name = func_name;
+            detail->data_protocol = conn->protocol;
+            detail->ssl = conn->ssl;
+            detail->l2_package_to_queue_time = args->total_package_to_queue_time;
+            detail->l3_total_recv_time = args->l3_rcv_duration;
+            detail->l2_enter_queue_count = args->l2_enter_queue_count;
+            detail->l4_package_rcv_from_queue_time = args->total_package_receive_from_queue_time;
+
+            bpf_perf_event_output(ctx, &socket_detail_data_queue, BPF_F_CURRENT_CPU, detail, sizeof(*detail));
+        }
+    }
 
     // upload the socket data if need
     struct upload_data_args *upload_data_args = generate_socket_upload_args();

diff --git a/bpf/accesslog/tls/go_tls.c b/bpf/accesslog/tls/go_tls.c
@@ -47,7 +47,14 @@ int go_tls_write(struct pt_regs* ctx) {
     struct go_tls_connection_args_t data_args = {};
     assign_go_tls_arg(&data_args.connection_ptr, sizeof(data_args.connection_ptr), symaddrs->write_connection_loc, sp, regs);
     assign_go_tls_arg(&data_args.buffer_ptr, sizeof(data_args.buffer_ptr), symaddrs->write_buffer_loc, sp, regs);
+
+    struct go_interface conn_intf = {};
+    conn_intf.type = 1;
+    conn_intf.ptr = data_args.connection_ptr;
+    int fd = get_fd_from_go_tls_conn(conn_intf, symaddrs);
+    set_conn_as_ssl(ctx, tgid, fd, SOCKET_OPTS_TYPE_GOTLS_WRITE);
     data_args.start_nacs = bpf_ktime_get_ns();
+    data_args.fd = fd;
     bpf_map_update_elem(&go_tls_active_connection_args, &tgid_goid, &data_args, 0);
     return 0;
 }
@@ -87,18 +94,11 @@ int go_tls_write_ret(struct pt_regs* ctx) {
 
     struct go_tls_connection_args_t *args = bpf_map_lookup_elem(&go_tls_active_connection_args, &tgid_goid);
     if (args) {
-        struct go_interface conn_intf = {};
-        conn_intf.type = 1;
-        conn_intf.ptr = args->connection_ptr;
-        int fd = get_fd_from_go_tls_conn(conn_intf, symaddrs);
-
-        set_conn_as_ssl(ctx, tgid, fd, SOCKET_OPTS_TYPE_GOTLS_WRITE);
-
         struct sock_data_args_t data_args = {};
-        data_args.fd = fd;
+        data_args.fd = args->fd;
         data_args.buf = args->buffer_ptr;
         data_args.start_nacs = args->start_nacs;
-        data_args.data_id = get_socket_data_id(6, id, fd);
+        data_args.data_id = get_socket_data_id(6, id, args->fd);
 
         process_write_data(ctx, id, &data_args, retval0, SOCK_DATA_DIRECTION_EGRESS, false, SOCKET_OPTS_TYPE_GOTLS_WRITE, true);
     }
@@ -135,7 +135,14 @@ int go_tls_read(struct pt_regs* ctx) {
     struct go_tls_connection_args_t data_args = {};
     assign_go_tls_arg(&data_args.connection_ptr, sizeof(data_args.connection_ptr), symaddrs->read_connection_loc, sp, regs);
     assign_go_tls_arg(&data_args.buffer_ptr, sizeof(data_args.buffer_ptr), symaddrs->read_buffer_loc, sp, regs);
+    struct go_interface conn_intf = {};
+    conn_intf.type = 1;
+    conn_intf.ptr = data_args.connection_ptr;
+    int fd = get_fd_from_go_tls_conn(conn_intf, symaddrs);
+    set_conn_as_ssl(ctx, tgid, fd, SOCKET_OPTS_TYPE_GOTLS_READ);
+
     data_args.start_nacs = bpf_ktime_get_ns();
+    data_args.fd = fd;
     bpf_map_update_elem(&go_tls_active_connection_args, &tgid_goid, &data_args, 0);
     return 0;
 }
@@ -175,18 +182,11 @@ int go_tls_read_ret(struct pt_regs* ctx) {
 
     struct go_tls_connection_args_t *args = bpf_map_lookup_elem(&go_tls_active_connection_args, &tgid_goid);
     if (args) {
-        struct go_interface conn_intf = {};
-        conn_intf.type = 1;
-        conn_intf.ptr = args->connection_ptr;
-        int fd = get_fd_from_go_tls_conn(conn_intf, symaddrs);
-
-        set_conn_as_ssl(ctx, tgid, fd, SOCKET_OPTS_TYPE_GOTLS_READ);
-
         struct sock_data_args_t data_args = {};
-        data_args.fd = fd;
+        data_args.fd = args->fd;
         data_args.buf = args->buffer_ptr;
         data_args.start_nacs = args->start_nacs;
-        data_args.data_id = get_socket_data_id(8, id, fd);
+        data_args.data_id = get_socket_data_id(8, id, args->fd);
 
         process_write_data(ctx, id, &data_args, retval0, SOCK_DATA_DIRECTION_INGRESS, false, SOCKET_OPTS_TYPE_GOTLS_WRITE, true);
     }

diff --git a/bpf/accesslog/tls/go_tls.h b/bpf/accesslog/tls/go_tls.h
@@ -25,6 +25,7 @@ struct go_tls_connection_args_t {
     void* connection_ptr;
     char* buffer_ptr;
     __u64 start_nacs;
+    __u32 fd;
 };
 struct {
 	__uint(type, BPF_MAP_TYPE_HASH);