diff --git a/bpf/dns_tracker.h b/bpf/dns_tracker.h index 571526958..3f5806486 100644 --- a/bpf/dns_tracker.h +++ b/bpf/dns_tracker.h @@ -9,6 +9,7 @@ #define DNS_PORT 53 #define DNS_QR_FLAG 0x8000 #define UDP_MAXMSG 512 +#define EINVAL 22 struct dns_header { u16 id; @@ -71,13 +72,19 @@ static __always_inline void track_dns_packet(struct __sk_buff *skb, pkt_info *pk u8 len = calc_dns_header_offset(pkt, data_end); if (!len) { + pkt->dns_errno = EINVAL; return; } struct dns_header dns; + int ret; u32 dns_offset = (long)pkt->l4_hdr - (long)skb->data + len; + pkt->dns_offset = dns_offset; + pkt->dns_tcp_len = len; + pkt->dns_skb_len = skb->len; - if (bpf_skb_load_bytes(skb, dns_offset, &dns, sizeof(dns)) < 0) { + if ((ret = bpf_skb_load_bytes(skb, dns_offset, &dns, sizeof(dns))) < 0) { + pkt->dns_errno = -ret; return; } @@ -97,6 +104,7 @@ static __always_inline void track_dns_packet(struct __sk_buff *skb, pkt_info *pk pkt->dns_latency = ts - *value; pkt->dns_id = dns_id; pkt->dns_flags = flags; + pkt->dns_errno = ret; bpf_map_delete_elem(&dns_flows, &dns_req); } } // end of dns response diff --git a/bpf/flows.c b/bpf/flows.c index 219660e64..5cad6ff87 100644 --- a/bpf/flows.c +++ b/bpf/flows.c @@ -97,6 +97,10 @@ static inline int flow_monitor(struct __sk_buff *skb, u8 direction) { aggregate_flow->dns_record.id = pkt.dns_id; aggregate_flow->dns_record.flags = pkt.dns_flags; aggregate_flow->dns_record.latency = pkt.dns_latency; + aggregate_flow->dns_record.errno = pkt.dns_errno; + aggregate_flow->dns_record.offset = pkt.dns_offset; + aggregate_flow->dns_record.tcp_len = pkt.dns_tcp_len; + aggregate_flow->dns_record.skb_len = pkt.dns_skb_len; long ret = bpf_map_update_elem(&aggregated_flows, &id, aggregate_flow, BPF_ANY); if (trace_messages && ret != 0) { // usually error -16 (-EBUSY) is printed here. @@ -119,6 +123,10 @@ static inline int flow_monitor(struct __sk_buff *skb, u8 direction) { .dns_record.id = pkt.dns_id, .dns_record.flags = pkt.dns_flags, .dns_record.latency = pkt.dns_latency, + .dns_record.errno = pkt.dns_errno, + .dns_record.offset = pkt.dns_offset, + .dns_record.tcp_len = pkt.dns_tcp_len, + .dns_record.skb_len = pkt.dns_skb_len, }; // even if we know that the entry is new, another CPU might be concurrently inserting a flow diff --git a/bpf/types.h b/bpf/types.h index f9790427b..76c69a7b8 100644 --- a/bpf/types.h +++ b/bpf/types.h @@ -89,6 +89,10 @@ typedef struct flow_metrics_t { u16 id; u16 flags; u64 latency; + u8 errno; + u32 offset; + u32 tcp_len; + u32 skb_len; } __attribute__((packed)) dns_record; u64 flow_rtt; } __attribute__((packed)) flow_metrics; @@ -162,6 +166,10 @@ typedef struct pkt_info_t { u16 dns_id; u16 dns_flags; u64 dns_latency; + u8 dns_errno; + u32 dns_offset; + u32 dns_tcp_len; + u32 dns_skb_len; } pkt_info; // Structure for payload metadata diff --git a/pkg/ebpf/bpf_bpfeb.go b/pkg/ebpf/bpf_bpfeb.go index bb10a1591..72951d16b 100644 --- a/pkg/ebpf/bpf_bpfeb.go +++ b/pkg/ebpf/bpf_bpfeb.go @@ -25,6 +25,10 @@ type BpfDnsRecordT struct { Id uint16 Flags uint16 Latency uint64 + Errno uint8 + Offset uint32 + TcpLen uint32 + SkbLen uint32 } type BpfFlowId BpfFlowIdT diff --git a/pkg/ebpf/bpf_bpfeb.o b/pkg/ebpf/bpf_bpfeb.o index 12b4001b8..30cf8292f 100644 Binary files a/pkg/ebpf/bpf_bpfeb.o and b/pkg/ebpf/bpf_bpfeb.o differ diff --git a/pkg/ebpf/bpf_bpfel.go b/pkg/ebpf/bpf_bpfel.go index 8556d19a5..460b2a88a 100644 --- a/pkg/ebpf/bpf_bpfel.go +++ b/pkg/ebpf/bpf_bpfel.go @@ -25,6 +25,10 @@ type BpfDnsRecordT struct { Id uint16 Flags uint16 Latency uint64 + Errno uint8 + Offset uint32 + TcpLen uint32 + SkbLen uint32 } type BpfFlowId BpfFlowIdT diff --git a/pkg/ebpf/bpf_bpfel.o b/pkg/ebpf/bpf_bpfel.o index 5e001e1de..07862974b 100644 Binary files a/pkg/ebpf/bpf_bpfel.o and b/pkg/ebpf/bpf_bpfel.o differ diff --git a/pkg/flow/record_test.go b/pkg/flow/record_test.go index 8709af0b6..33316b111 100644 --- a/pkg/flow/record_test.go +++ b/pkg/flow/record_test.go @@ -43,6 +43,10 @@ func TestRecordBinaryEncoding(t *testing.T) { 01, 00, // id 0x80, 00, // flags 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, // latency + 0x00, // errno + 0, 0, 0, 0, // dns offset + 0, 0, 0, 0, // tcp len + 0, 0, 0, 0, // skb len // u64 flow_rtt 0xad, 0xde, 0xef, 0xbe, 0xef, 0xbe, 0xad, 0xde, })) @@ -82,6 +86,10 @@ func TestRecordBinaryEncoding(t *testing.T) { Id: 0x0001, Flags: 0x0080, Latency: 0x1817161514131211, + Errno: 0, + Offset: 0, + TcpLen: 0, + SkbLen: 0, }, FlowRtt: 0xdeadbeefbeefdead, },