rfac: changed tcp_conn proposal based on new approach

Signed-off-by: Yash Patel <[email protected]>

Author: yp969803

docs/proposal/pics/tcp_long_conn_design.png

@@ -91,7 +91,7 @@ The "Design Details" section below is for the real
 nitty-gritty.
 -->
 
-TCP connection information will be collected using eBPF sockops, sk_msg and kprobes hooks, and stored in ebpf hash maps using socket cookie as a unique key for hashmap. RingBuffer map is used for sending connection info periodically to userspace.
+TCP connection information will be collected using eBPF cgroup_skb hook. RingBuffer map is used for sending connection info periodically to userspace.
 
 
 ### Design Details
@@ -105,185 +105,69 @@ proposal will be implemented, this is the place to discuss them.
 
 #### Collecting Metrics
 
-Decelearing ebpf hash map in probe.h to store information about tcp_connections.
+Decelearing ebpf cgroup_skb hooks, which will trigger when the traffic passes through the cgroup socket.
 
 ```
-// Ebpf map to store active tcp connections
-struct {
-    __uint(type, BPF_MAP_TYPE_HASH);
-    __type(key, __u64); // use sock_cookie as key
-    __type(value, struct tcp_probe_info);
-    __uint(max_entries, MAP_SIZE_OF_TCP_CONNS);
-    __uint(map_flags, BPF_F_NO_PREALLOC);
-} map_of_tcp_conns SEC(".maps");
-
-```
-Sockpos ebpf hook is triggered at various socket events, we will use this hook to store and refresh connection information at the time of connection established, connection state change, retransmits (also trigger in packet losss).
-Updating workload/sockops.c
-
-```
-SEC("sockops_active")
-int sockops_active_prog(struct bpf_sock_ops *skops)
+SEC("cgroup_skb/ingress")
+int cgroup_skb_ingress_prog(struct __sk_buff *skb)
 {
-    __u64 sock_cookie = bpf_get_socket_cookie(skops);
-
-    if (skops->family != AF_INET && skops->family != AF_INET6)
-        return 0;
-
-    switch (skops->op) {
-    case BPF_SOCK_OPS_TCP_CONNECT_CB:
-        skops_handle_kmesh_managed_process(skops);
-        break;
-
-    case BPF_SOCK_OPS_ACTIVE_ESTABLISHED_CB:
-        if (!is_managed_by_kmesh(skops))
-            break;
-        observe_on_connect_established(skops->sk, sock_cookie, OUTBOUND);
-        if (bpf_sock_ops_cb_flags_set(skops, BPF_SOCK_OPS_STATE_CB_FLAG) != 0
-            || bpf_sock_ops_cb_flags_set(skops, BPF_SOCK_OPS_RETRANS_CB_FLAG) != 0
-            || bpf_sock_ops_cb_flags_set(skops, BPF_SOCK_OPS_RTT_CB_FLAG) != 0) {
-            BPF_LOG(ERR, SOCKOPS, "set sockops cb failed!\n");
-        }
-        __u64 *current_sk = (__u64 *)skops->sk;
-        struct bpf_sock_tuple *dst = bpf_map_lookup_elem(&map_of_orig_dst, current_sk);
-        if (dst != NULL)
-            enable_encoding_metadata(skops);
-        break;
-
-    default:
-        break;
-    }
-    return 0;
-}
+    if (skb->family != AF_INET && skb->family != AF_INET6)
+        return SK_PASS;
 
-SEC("sockops_passive")
-int sockops_passive_prog(struct bpf_sock_ops *skops)
-{
-    __u64 sock_cookie = bpf_get_socket_cookie(skops);
-
-    if (skops->family != AF_INET && skops->family != AF_INET6)
-        return 0;
-
-    switch (skops->op) {
-    case BPF_SOCK_OPS_PASSIVE_ESTABLISHED_CB:
-        if (!is_managed_by_kmesh(skops) || skip_specific_probe(skops))
-            break;
-        observe_on_connect_established(skops->sk, sock_cookie, INBOUND);
-        if (bpf_sock_ops_cb_flags_set(skops, BPF_SOCK_OPS_STATE_CB_FLAG) != 0
-            || bpf_sock_ops_cb_flags_set(skops, BPF_SOCK_OPS_RETRANS_CB_FLAG) != 0
-            || bpf_sock_ops_cb_flags_set(skops, BPF_SOCK_OPS_RTT_CB_FLAG) != 0) {
-            BPF_LOG(ERR, SOCKOPS, "set sockops cb failed!\n");
-        }
-        auth_ip_tuple(skops);
-        break;
-
-    default:
-        break;
-    }
-    return 0;
-}
+    struct bpf_sock *sk = skb->sk;
+    if (!sk)
+        return SK_PASS;
 
-SEC("sockops_utils")
-int sockops_utils_prog(struct bpf_sock_ops *skops)
-{
-    // Filter by IPv4 or IPv6
-    if (skops->family != AF_INET && skops->family != AF_INET6)
-        return 0;
-
-    switch (skops->op) {
-    case BPF_SOCK_OPS_STATE_CB:
-        if (skops->args[1] == BPF_TCP_CLOSE) {
-            clean_auth_map(skops);
-            clean_dstinfo_map(skops);
-        }
-        if (!is_managed_by_kmesh(skops))
-            break;
-        observe_on_status_change(skops->sk, skops->args[0]);
-        break;
-
-    case BPF_SOCK_OPS_RETRANS_CB:
-        if (!is_managed_by_kmesh(skops))
-            break;
-        observe_on_retransmit(skops->sk);
-        break;
-
-    case BPF_SOCK_OPS_RTT_CB:
-        if (!is_managed_by_kmesh(skops))
-            break;
-        observe_on_rtt(skops->sk);
-        break;
-
-    default:
-        break;
-    }
-    return 0;
+    if (!is_managed_by_kmesh_skb(skb))
+        return SK_PASS;
+    observe_on_data(sk);
+    return SK_PASS;
 }
 
-```
-
-Sk_msg hook is triggered when the packet leaves the socket, we will be using sk_msg ebpf hook for refreshing sent bytes data, also we are triggering flush_conn function here to send the connection info to userspace using ringbuffer map.
-Updating sendmsg_prog func in send_msg.c
-
-```
-SEC("sk_msg")
-int sendmsg_prog(struct sk_msg_md *msg)
+SEC("cgroup_skb/egress")
+int cgroup_skb_egress_prog(struct __sk_buff *skb)
 {
-    __u32 off = 0;
-    if (msg->family != AF_INET && msg->family != AF_INET6)
+    if (skb->family != AF_INET && skb->family != AF_INET6)
         return SK_PASS;
 
-    // encode org dst addr
-    encode_metadata_org_dst_addr(msg, &off, (msg->family == AF_INET));
-
-    struct bpf_sock *sk = msg->sk;
-
-    if (sk) {
-        if (is_managed_by_kmesh_skmsg(msg)) {
-            observe_on_data(sk);
-        }
-    } else {
-        BPF_LOG(ERR, KMESH, "sk_lookup success\n");
-    }
-    int key = 0;
-    __u64 *last_time = bpf_map_lookup_elem(&tcp_conn_last_flush, &key);
-    __u64 now = bpf_ktime_get_ns();
+    struct bpf_sock *sk = skb->sk;
+    if (!sk)
+        return SK_PASS;
 
-    if (!last_time) {
-        __u64 init_time = now;
-        // Initialize last flush time if not set
-        bpf_map_update_elem(&tcp_conn_last_flush, &key, &init_time, BPF_ANY);
-    } else if ((now - *last_time) >= TIMER_INTERVAL_NS) {
-        flush_tcp_conns();
-        // Update last flush time
-        bpf_map_update_elem(&tcp_conn_last_flush, &key, &now, BPF_ANY);
-    }
+    if (!is_managed_by_kmesh_skb(skb))
+        return SK_PASS;
+    observe_on_data(sk);
     return SK_PASS;
 }
 
 ```
+Observe_on_data function checks if the time elapsed after lsat_report is greaater than 5 sec. and if it is greater, it report's the conn_info to the ring_buffer and updates the last_report_ns.
 
-For refreshing the received bytes by a connection, we will attach a kprobe on tcp_rcv_established.
-Creating workload/kprobe.c
 ```
-SEC("kprobe/tcp_rcv_established")
-int bpf_tcp_rcv_established(struct pt_regs *ctx) {
-   
-    struct sk_buff *skb = (struct sk_buff *)PT_REGS_PARM2(ctx);
-     struct bpf_sock *sk = skb->sk;
-    if (sk) {
-        if (is_managed_by_kmesh_skb(skb)) {
-            observe_on_data(sk);
-        }
-    } else {
-        BPF_LOG(ERR, KMESH, "sk_lookup success\n");
+static inline void observe_on_data(struct bpf_sock *sk)
+{
+    struct bpf_tcp_sock *tcp_sock = NULL;
+    struct sock_storage_data *storage = NULL;
+    if (!sk)
+        return;
+    tcp_sock = bpf_tcp_sock(sk);
+    if (!tcp_sock)
+        return;
+
+    storage = bpf_sk_storage_get(&map_of_sock_storage, sk, 0, 0);
+    if (!storage) {
+        return;
+    }
+    __u64 now = bpf_ktime_get_ns();
+    if ((storage->last_report_ns != 0) && (now - storage->last_report_ns > LONG_CONN_THRESHOLD_TIME)) {
+        tcp_report(sk, tcp_sock, storage, BPF_TCP_ESTABLISHED);
     }
-    return 0;
 }
 ```
 
-We will update functions of tcp_probe.h to store and refresh the connection information on the hash map.
-
 We will update the functions of metric.go for periodic updating the workload and service metrics, also we will create a new metric for long tcp connections.
+
+![design](./pics/tcp_long_conn_design.png)
 #### User Stories (Optional)
 
 <!--