Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

don't miss, or fail to forget, initial connections #2704

Merged
merged 2 commits into from
Jul 13, 2017
Merged

don't miss, or fail to forget, initial connections #2704

merged 2 commits into from
Jul 13, 2017

Conversation

rade
Copy link
Member

@rade rade commented Jul 11, 2017

...when initialising eBPF-based connection tracking.

See commit comments for details.

Fixes #2689.
Fixes #2700.
Obsoletes #2674.

@rade rade requested a review from 2opremio July 11, 2017 20:01
@rade rade force-pushed the 2689-2700-ebpf-init branch from 5827b66 to 23a96f7 Compare July 11, 2017 20:25
rade added 2 commits July 11, 2017 22:50
@rade
don't miss, or fail to forget, initial connections
ebc3cdd 
...when initialising eBPF-based connection tracking.

Previously we were ignoring all eBPF events until we had gathered the
existing connections. That means we could a) miss connections created
during the gathering, and b) fail to forget connections that got
closed during the gathering.

The fix comprises the following changes:

1. pay attention to eBPF events immediately. That way we do not
miss anything.

2. remember connections for which we received a Close event during the
initalisation phase, and subsequently drop gathered existing
connections that match these. That way we do not erroneously consider
a gathered connection as open when it got closed since the gathering.

3. drop gathered existing connections which match connections detected
through eBPF events. The latter typically have more / current
metadata. In particular, PIDs can be missing from the former.

Fixes #2689.
Fixes #2700.
@rade
re-add tests that were previously failing when using ebpf
b39b3e6
@rade rade force-pushed the 2689-2700-ebpf-init branch from 23a96f7 to b39b3e6 Compare July 11, 2017 21:50
@rade rade merged commit e603a28 into master Jul 13, 2017
@dlespiau dlespiau deleted the 2689-2700-ebpf-init branch November 2, 2017 12:29
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@2opremio 2opremio 2opremio approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@rade @2opremio