github/kubeshark
1
0
Fork 0
mirror of https://github.com/kubeshark/kubeshark.git synced 2025-06-27 00:29:31 +00:00
Code Issues Packages Projects Releases Wiki Activity

Hotfix tap issues - restart service mesh tapping when tap targets change, fallback to source namespace (#953)

Browse Source 
* Read from service mesh network namespaces upon update (#944)  #patch

* Set the entry namespace to the source namespace if the destination is not resolved (#950)
This commit is contained in:
Nimrod Gilboa Markevich 2022-03-30 17:13:56 +03:00 committed by GitHub
parent f8c0ddd69a
commit 2ef6afa395
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 15 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
agent/pkg/api/main.go
View File

@ -183,6 +183,7 @@ func resolveIP(connectionInfo *tapApi.ConnectionInfo) (resolvedSource string, re
} }
} else { } else {
resolvedSource = resolvedSourceObject.FullAddress resolvedSource = resolvedSourceObject.FullAddress
namespace = resolvedSourceObject.Namespace
} }
unresolvedDestination := fmt.Sprintf("%s:%s", connectionInfo.ServerIP, connectionInfo.ServerPort) unresolvedDestination := fmt.Sprintf("%s:%s", connectionInfo.ServerIP, connectionInfo.ServerPort)
@ -194,7 +195,11 @@ func resolveIP(connectionInfo *tapApi.ConnectionInfo) (resolvedSource string, re
} }
} else { } else {
resolvedDestination = resolvedDestinationObject.FullAddress resolvedDestination = resolvedDestinationObject.FullAddress
namespace = resolvedDestinationObject.Namespace // Overwrite namespace (if it was set according to the source)
// Only overwrite if non-empty
if resolvedDestinationObject.Namespace != "" {
namespace = resolvedDestinationObject.Namespace
}
} }
} }
return resolvedSource, resolvedDestination, namespace return resolvedSource, resolvedDestination, namespace

10
tap/passive_tapper.go
View File

@ -112,7 +112,7 @@ func UpdateTapTargets(newTapTargets []v1.Pod) {
tapTargets = newTapTargets tapTargets = newTapTargets
packetSourceManager.UpdatePods(tapTargets) packetSourceManager.UpdatePods(tapTargets, !*nodefrag, mainPacketInputChan)
if tlsTapperInstance != nil { if tlsTapperInstance != nil {
if err := tlstapper.UpdateTapTargets(tlsTapperInstance, &tapTargets, *procfs); err != nil { if err := tlstapper.UpdateTapTargets(tlsTapperInstance, &tapTargets, *procfs); err != nil {
@ -198,12 +198,8 @@ func initializePacketSources() error {
} }
var err error var err error
if packetSourceManager, err = source.NewPacketSourceManager(*procfs, *fname, *iface, *servicemesh, tapTargets, behaviour); err != nil { packetSourceManager, err = source.NewPacketSourceManager(*procfs, *fname, *iface, *servicemesh, tapTargets, behaviour, !*nodefrag, mainPacketInputChan)
return err return err
} else {
packetSourceManager.ReadPackets(!*nodefrag, mainPacketInputChan)
return nil
}
} }
func initializePassiveTapper(opts *TapOpts, outputItems chan *api.OutputChannelItem) (*tcpStreamMap, *tcpAssembler) { func initializePassiveTapper(opts *TapOpts, outputItems chan *api.OutputChannelItem) (*tcpStreamMap, *tcpAssembler) {

17
tap/source/packet_source_manager.go
View File

@ -24,7 +24,7 @@ type PacketSourceManager struct {
} }
func NewPacketSourceManager(procfs string, filename string, interfaceName string, func NewPacketSourceManager(procfs string, filename string, interfaceName string,
mtls bool, pods []v1.Pod, behaviour TcpPacketSourceBehaviour) (*PacketSourceManager, error) { mtls bool, pods []v1.Pod, behaviour TcpPacketSourceBehaviour, ipdefrag bool, packets chan<- TcpPacketInfo) (*PacketSourceManager, error) {
hostSource, err := newHostPacketSource(filename, interfaceName, behaviour) hostSource, err := newHostPacketSource(filename, interfaceName, behaviour)
if err != nil { if err != nil {
return nil, err return nil, err
@ -43,7 +43,7 @@ func NewPacketSourceManager(procfs string, filename string, interfaceName string
behaviour: behaviour, behaviour: behaviour,
} }
sourceManager.UpdatePods(pods) go hostSource.readPackets(ipdefrag, packets)
return sourceManager, nil return sourceManager, nil
} }
@ -64,16 +64,16 @@ func newHostPacketSource(filename string, interfaceName string,
return source, nil return source, nil
} }
func (m *PacketSourceManager) UpdatePods(pods []v1.Pod) { func (m *PacketSourceManager) UpdatePods(pods []v1.Pod, ipdefrag bool, packets chan<- TcpPacketInfo) {
if m.config.mtls { if m.config.mtls {
m.updateMtlsPods(m.config.procfs, pods, m.config.interfaceName, m.config.behaviour) m.updateMtlsPods(m.config.procfs, pods, m.config.interfaceName, m.config.behaviour, ipdefrag, packets)
} }
m.setBPFFilter(pods) m.setBPFFilter(pods)
} }
func (m *PacketSourceManager) updateMtlsPods(procfs string, pods []v1.Pod, func (m *PacketSourceManager) updateMtlsPods(procfs string, pods []v1.Pod,
interfaceName string, behaviour TcpPacketSourceBehaviour) { interfaceName string, behaviour TcpPacketSourceBehaviour, ipdefrag bool, packets chan<- TcpPacketInfo) {
relevantPids := m.getRelevantPids(procfs, pods) relevantPids := m.getRelevantPids(procfs, pods)
logger.Log.Infof("Updating mtls pods (new: %v) (current: %v)", relevantPids, m.sources) logger.Log.Infof("Updating mtls pods (new: %v) (current: %v)", relevantPids, m.sources)
@ -90,6 +90,7 @@ func (m *PacketSourceManager) updateMtlsPods(procfs string, pods []v1.Pod,
source, err := newNetnsPacketSource(procfs, pid, interfaceName, behaviour) source, err := newNetnsPacketSource(procfs, pid, interfaceName, behaviour)
if err == nil { if err == nil {
go source.readPackets(ipdefrag, packets)
m.sources[pid] = source m.sources[pid] = source
} }
} }
@ -153,12 +154,6 @@ func (m *PacketSourceManager) setBPFFilter(pods []v1.Pod) {
} }
} }
func (m *PacketSourceManager) ReadPackets(ipdefrag bool, packets chan<- TcpPacketInfo) {
for _, src := range m.sources {
go src.readPackets(ipdefrag, packets)
}
}
func (m *PacketSourceManager) Close() { func (m *PacketSourceManager) Close() {
for _, src := range m.sources { for _, src := range m.sources {
src.close() src.close()