首頁 探索 說明
註冊 登入
root
/
ebpf
1
0
複刻 0
Files 問題管理 0 合併請求 0 Wiki
目錄樹: v1.15.1
分支列表 標籤列表
ebpf
/
containers
/
conntrack.go

conntrack.go 2.0 KB
永久連結 文件歷史 原始文件

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586878889909192939495 
  1. package containers
    2. 

  2. 

  3. import (
    4. 

  4. 	"github.com/coroot/coroot-node-agent/common"
    5. 

  5. 	"github.com/florianl/go-conntrack"
    6. 

  6. 	"github.com/vishvananda/netns"
    7. 

  7. 	"inet.af/netaddr"
    8. 

  8. 	"k8s.io/klog/v2"
    9. 

  9. 	"syscall"
    10. 

  10. )
    11. 

  11. 

  12. type Conntrack struct {
    13. 

  13. 	client *conntrack.Nfct
    14. 

  14. }
    15. 

  15. 

  16. func NewConntrack(netNs netns.NsHandle) (*Conntrack, error) {
    17. 

  17. 	c, err := conntrack.Open(&conntrack.Config{NetNS: int(netNs)})
    18. 

  18. 	if err != nil {
    19. 

  19. 		return nil, err
    20. 

  20. 	}
    21. 

  21. 	return &Conntrack{client: c}, nil
    22. 

  22. }
    23. 

  23. 

  24. func (c *Conntrack) GetActualDestination(src, dst netaddr.IPPort) *netaddr.IPPort {
    25. 

  25. 	tcp := uint8(syscall.IPPROTO_TCP)
    26. 

  26. 	sip := src.IP().IPAddr().IP
    27. 

  27. 	dip := dst.IP().IPAddr().IP
    28. 

  28. 	sport := src.Port()
    29. 

  29. 	dport := dst.Port()
    30. 

  30. 

  31. 	req := conntrack.Con{
    32. 

  32. 		Origin: &conntrack.IPTuple{
    33. 

  33. 			Src: &sip,
    34. 

  34. 			Dst: &dip,
    35. 

  35. 			Proto: &conntrack.ProtoTuple{
    36. 

  36. 				Number:  &tcp,
    37. 

  37. 				SrcPort: &sport,
    38. 

  38. 				DstPort: &dport,
    39. 

  39. 			},
    40. 

  40. 		},
    41. 

  41. 	}
    42. 

  42. 	family := conntrack.IPv4
    43. 

  43. 	if dst.IP().Is6() {
    44. 

  44. 		family = conntrack.IPv6
    45. 

  45. 	}
    46. 

  46. 	sessions, err := c.client.Get(conntrack.Conntrack, family, req)
    47. 

  47. 	if err != nil {
    48. 

  48. 		if !common.IsNotExist(err) {
    49. 

  49. 			klog.Errorf("failed to resolve actual destination for %s->%s: %s", src, dst, err)
    50. 

  50. 		}
    51. 

  51. 		return nil
    52. 

  52. 	}
    53. 

  53. 	for _, s := range sessions {
    54. 

  54. 		if !ipTupleValid(s.Origin) || !ipTupleValid(s.Reply) {
    55. 

  55. 			continue
    56. 

  56. 		}
    57. 

  57. 		var reply *conntrack.IPTuple
    58. 

  58. 		if ipTuplesEqual(req.Origin, s.Origin) {
    59. 

  59. 			reply = s.Reply
    60. 

  60. 		} else if ipTuplesEqual(req.Origin, s.Reply) {
    61. 

  61. 			reply = s.Origin
    62. 

  62. 		}
    63. 

  63. 		if reply == nil {
    64. 

  64. 			continue
    65. 

  65. 		}
    66. 

  66. 		ip, ok := netaddr.FromStdIP(*reply.Src)
    67. 

  67. 		if !ok {
    68. 

  68. 			continue
    69. 

  69. 		}
    70. 

  70. 		res := netaddr.IPPortFrom(ip, *reply.Proto.SrcPort)
    71. 

  71. 		return &res
    72. 

  72. 	}
    73. 

  73. 	return nil
    74. 

  74. }
    75. 

  75. 

  76. func (c *Conntrack) Close() error {
    77. 

  77. 	return c.client.Close()
    78. 

  78. }
    79. 

  79. 

  80. func ipTuplesEqual(a, b *conntrack.IPTuple) bool {
    81. 

  81. 	return a.Src.Equal(*b.Src) && a.Dst.Equal(*b.Dst) && *a.Proto.SrcPort == *b.Proto.SrcPort && *a.Proto.DstPort == *b.Proto.DstPort
    82. 

  82. }
    83. 

  83. 

  84. func ipTupleValid(t *conntrack.IPTuple) bool {
    85. 

  85. 	if t == nil {
    86. 

  86. 		return false
    87. 

  87. 	}
    88. 

  88. 	if t.Src == nil || t.Dst == nil || t.Proto == nil {
    89. 

  89. 		return false
    90. 

  90. 	}
    91. 

  91. 	if t.Proto.SrcPort == nil || t.Proto.DstPort == nil {
    92. 

  92. 		return false
    93. 

  93. 	}
    94. 

  94. 	return true
    95. 

  95. }
    96.