tcptracer-bpf.c: remove dead entries from the tuplepid_ipv{4,6}

.lintignore

@@ -1,2 +1,3 @@
 ./pkg/tracer/tcptracer-ebpf.go
 ./ebpf/tcptracer-ebpf.go
+./.git/*

tcptracer-bpf.c

@@ -525,7 +525,7 @@ int kprobe__tcp_set_state(struct pt_regs *ctx)
 		return 0;
 	}
 
-	if (state != TCP_ESTABLISHED) {
+	if (state != TCP_ESTABLISHED && state != TCP_CLOSE) {
 		return 0;
 	}
 
@@ -535,6 +535,10 @@ int kprobe__tcp_set_state(struct pt_regs *ctx)
 		if (!read_ipv4_tuple(&t, status, skp)) {
 			return 0;
 		}
+		if (state == TCP_CLOSE) {
+			bpf_map_delete_elem(&tuplepid_ipv4, &t);
+			return 0;
+		}
 
 		struct pid_comm_t *pp;
 
@@ -569,6 +573,10 @@ int kprobe__tcp_set_state(struct pt_regs *ctx)
 		if (!read_ipv6_tuple(&t, status, skp)) {
 			return 0;
 		}
+		if (state == TCP_CLOSE) {
+			bpf_map_delete_elem(&tuplepid_ipv6, &t);
+			return 0;
+		}
 
 		struct pid_comm_t *pp;
 		pp = bpf_map_lookup_elem(&tuplepid_ipv6, &t);

tests/multiple_connections_refused.sh

@@ -0,0 +1,9 @@
+#!/bin/bash
+
+readonly nonlistening_port=65530
+
+for _ in $(seq 1 "$1"); do
+    wget -q http://127.0.0.1:"${nonlistening_port}" &>/dev/null
+done
+
+exit 0

tests/run

@@ -7,69 +7,18 @@ if [[ $EUID -ne 0 ]]; then
     exit 1
 fi
 
-readonly dir="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
-readonly tracer="${dir}/tracer"
-readonly port=61111
-readonly netns=$(mktemp /tmp/tcptracer-bpf-test-netns-XXXXXXXX)
-readonly tracer_output=$(mktemp /tmp/tcptracer-bpf-test-stdout-XXXXXXXX)
-exec 3<> <(tail --pid "$$" -f "${tracer_output}")
-server_pid=-1
-tracer_pid=-1
+test_pid=-1
 
 function shutdown() {
-    if [[ $server_pid -ne -1 ]]; then
-        kill $server_pid 2>/dev/null || true
+    if [[ $test_pid -ne -1 ]]; then
+        kill $test_pid 2>/dev/null || true
     fi
-    if [[ $tracer_pid -ne -1 ]]; then
-        kill $tracer_pid 2>/dev/null || true
-    fi
-    exec 3>&-
-    rm "${tracer_output}"
-    umount -f "${netns}"
-    rm "${netns}"
 }
 
 trap shutdown EXIT
 
-unshare --net="${netns}" ip link set lo up
-nsenter --net="${netns}" "${tracer}" >&3 &
-tracer_pid=$!
-
-sleep 1 # wait for tracer to load
-
-# stop and fail here when tracer encountered an error and didn't start
-ps -p "$tracer_pid" >/dev/null
-
-nsenter --net="${netns}" nc -l "${port}" &
-server_pid=$!
-nsenter --net="${netns}" nc 127.0.0.1 "${port}" &
+timeout 150 ./test.sh &
+test_pid=$!
+wait $test_pid
 
-lines_found=0
-lines_read=0
-while [[ $lines_read -lt 4 ]]; do
-    read -r -u 3 line
-    # 48704147610580 cpu#1 connect 2074 nc 127.0.0.1:52414 127.0.0.1:61111 4026532567
-    if [[ "$line" =~ ^[0-9]+\ cpu#[0-9]\ ([a-z]+)\ [0-9]+\ nc\ (127.0.0.1\:[0-9]+)\ (127.0.0.1\:[0-9]+)\ [0-9]+$ ]]; then
-        action=${BASH_REMATCH[1]}
-        saddr=${BASH_REMATCH[2]}
-        daddr=${BASH_REMATCH[3]}
-        lines_read=$((lines_read + 1))
-        printf "action: %s program: nc saddr: %s daddr: %s\n" "${action}" "${saddr}" "${daddr}"
-        if [[ "${action}" == "connect" && "$daddr" == "127.0.0.1:${port}" ]] \
-            || [[ "${action}" == "accept" && "$saddr" == "127.0.0.1:${port}" ]] \
-            || [[ "${action}" == "close" && "$daddr" == "127.0.0.1:${port}" ]] \
-            || [[ "${action}" == "close" && "$saddr" == "127.0.0.1:${port}" ]]; then
-            lines_found=$((lines_found + 1))
-        else
-            echo "^^^ unexpected values in event"
-        fi
-    fi
-done
-
-if [[ $lines_found -eq 4 ]]; then
-    echo "success"
-    exit 0
-else
-    echo "failure"
-    exit 1
-fi
+exit $?

tests/test.sh

@@ -0,0 +1,79 @@
+#!/bin/bash
+
+set -eu
+
+if [[ $EUID -ne 0 ]]; then
+    echo "root required - aborting" >&2
+    exit 1
+fi
+
+readonly dir="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
+readonly tracer="${dir}/tracer"
+readonly port=61111
+readonly netns=$(mktemp /tmp/tcptracer-bpf-test-netns-XXXXXXXX)
+readonly tracer_output=$(mktemp /tmp/tcptracer-bpf-test-stdout-XXXXXXXX)
+exec 3<> <(tail --pid "$$" -f "${tracer_output}")
+server_pid=-1
+tracer_pid=-1
+
+function shutdown() {
+    if [[ $server_pid -ne -1 ]]; then
+        kill $server_pid 2>/dev/null || true
+    fi
+    if [[ $tracer_pid -ne -1 ]]; then
+        kill $tracer_pid 2>/dev/null || true
+    fi
+    exec 3>&-
+    rm "${tracer_output}"
+    umount -f "${netns}"
+    rm "${netns}"
+}
+
+trap shutdown EXIT
+
+unshare --net="${netns}" ip link set lo up
+nsenter --net="${netns}" "${tracer}" >&3 &
+tracer_pid=$!
+
+sleep 1 # wait for tracer to load
+
+# stop and fail here when tracer encountered an error and didn't start
+ps -p "$tracer_pid" >/dev/null
+
+# generate some refused connections to test for
+# https://github.com/weaveworks/tcptracer-bpf/issues/21
+nsenter --net="${netns}" ./multiple_connections_refused.sh "1200"
+
+nsenter --net="${netns}" nc -l "${port}" &
+server_pid=$!
+nsenter --net="${netns}" nc 127.0.0.1 "${port}" &
+
+lines_found=0
+lines_read=0
+while [[ $lines_read -lt 4 ]]; do
+    read -r -u 3 line
+    # 48704147610580 cpu#1 connect 2074 nc 127.0.0.1:52414 127.0.0.1:61111 4026532567
+    if [[ "$line" =~ ^[0-9]+\ cpu#[0-9]\ ([a-z]+)\ [0-9]+\ nc\ (127.0.0.1\:[0-9]+)\ (127.0.0.1\:[0-9]+)\ [0-9]+$ ]]; then
+        action=${BASH_REMATCH[1]}
+        saddr=${BASH_REMATCH[2]}
+        daddr=${BASH_REMATCH[3]}
+        lines_read=$((lines_read + 1))
+        printf "action: %s program: nc saddr: %s daddr: %s\n" "${action}" "${saddr}" "${daddr}"
+        if [[ "${action}" == "connect" && "$daddr" == "127.0.0.1:${port}" ]] \
+            || [[ "${action}" == "accept" && "$saddr" == "127.0.0.1:${port}" ]] \
+            || [[ "${action}" == "close" && "$daddr" == "127.0.0.1:${port}" ]] \
+            || [[ "${action}" == "close" && "$saddr" == "127.0.0.1:${port}" ]]; then
+            lines_found=$((lines_found + 1))
+        else
+            echo "^^^ unexpected values in event"
+        fi
+    fi
+done
+
+if [[ $lines_found -eq 4 ]]; then
+    echo "success"
+    exit 0
+else
+    echo "failure"
+    exit 1
+fi