Skip to content

Fix packetcapture bpf filter issue (#6815)#6821

Merged
antoninbas merged 2 commits into
antrea-io:mainfrom
hangyan:fix-packetcapture-filter
Nov 19, 2024
Merged

Fix packetcapture bpf filter issue (#6815)#6821
antoninbas merged 2 commits into
antrea-io:mainfrom
hangyan:fix-packetcapture-filter

Conversation

@hangyan
Copy link
Copy Markdown
Member

@hangyan hangyan commented Nov 19, 2024

In PacketCapture, packets which don’t match the target BPF can be received after the socket is created and before the bpf filter is applied.This patch use a zero bpf filter(match no packet), then empty out any packets that arrived before the “zero-BPF” filter was applied.At this point the socket is definitely empty and it can’t fill up with junk because the zero-BPF is in place. Then we replace the zero-BPF with the real BPF we want.

@hangyan @antoninbas
Fix packetcapture bpf filter issue (antrea-io#6815)
bbc2d0b 
In PacketCapture, packets which don’t match the target BPF can be
received after the socket is created and before the bpf filter is
applied.This patch use a zero bpf filter(match no packet), then
empty out any packets that arrived before the “zero-BPF” filter was
applied.At this point the socket is definitely empty and it can’t
fill up with junk because the zero-BPF is in place. Then we replace
the zero-BPF with the real BPF we want.

Signed-off-by: Hang Yan <yhang@vmware.com>
Co-authored-by: Antonin Bas <antonin.bas@broadcom.com>
@hangyan hangyan requested review from antoninbas and tnqn November 19, 2024 09:40
@hangyan
fix ci
229dccb 
Signed-off-by: Hang Yan <yhang@vmware.com>
tnqn
tnqn approved these changes Nov 19, 2024
View reviewed changes
Copy link
Copy Markdown
Member

@tnqn tnqn left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@antoninbas
Copy link
Copy Markdown
Contributor

antoninbas commented Nov 19, 2024

/test-all

@antoninbas antoninbas merged commit ec6f9c6 into antrea-io:main Nov 19, 2024
@luolanzone
Copy link
Copy Markdown
Contributor

luolanzone commented Nov 21, 2024

@antoninbas should we back port this to release 2.2?

@antoninbas
Copy link
Copy Markdown
Contributor

antoninbas commented Nov 21, 2024

@luolanzone yes I think we should backport this

@antoninbas antoninbas added the action/backport Indicates a PR that requires backports. label Nov 21, 2024
hangyan added a commit to hangyan/antrea that referenced this pull request Nov 21, 2024
@hangyan @antoninbas
Fix packetcapture bpf filter issue (antrea-io#6815) (antrea-io#6821)
61e81ea 
In PacketCapture, packets which don’t match the target BPF can be
received after the socket is created and before the bpf filter is
applied. This patch uses a zero bpf filter (matches no packet), then
empties out any packets that arrived before the "zero-BPF" filter was
applied. At this point the socket is definitely empty and it can’t
fill up with junk because the zero-BPF is in place. Then we replace
the zero-BPF with the real BPF we want.

Signed-off-by: Hang Yan <yhang@vmware.com>
Co-authored-by: Antonin Bas <antonin.bas@broadcom.com>
@hangyan hangyan mentioned this pull request Nov 21, 2024
Closed
@hangyan hangyan deleted the fix-packetcapture-filter branch November 21, 2024 07:44
hangyan added a commit to hangyan/antrea that referenced this pull request Feb 10, 2025
@hangyan @antoninbas
Fix packetcapture bpf filter issue (antrea-io#6815) (antrea-io#6821)
5c9dc0e 
In PacketCapture, packets which don’t match the target BPF can be
received after the socket is created and before the bpf filter is
applied. This patch uses a zero bpf filter (matches no packet), then
empties out any packets that arrived before the "zero-BPF" filter was
applied. At this point the socket is definitely empty and it can’t
fill up with junk because the zero-BPF is in place. Then we replace
the zero-BPF with the real BPF we want.

Signed-off-by: Hang Yan <yhang@vmware.com>
Co-authored-by: Antonin Bas <antonin.bas@broadcom.com>
@hangyan hangyan mentioned this pull request Feb 10, 2025
Merged
antoninbas added a commit that referenced this pull request Feb 10, 2025
@hangyan @antoninbas
Automated cherry pick of #6821: Fix packetcapture bpf filter issue (#…
36f00ce 
…6815) (#6821)#6804: Fix PacketCapture pcapng file issue on macOS (#6804) (#6983)

* Fix packetcapture bpf filter issue (#6815) (#6821)

In PacketCapture, packets which don’t match the target BPF can be
received after the socket is created and before the bpf filter is
applied. This patch uses a zero bpf filter (matches no packet), then
empties out any packets that arrived before the "zero-BPF" filter was
applied. At this point the socket is definitely empty and it can’t
fill up with junk because the zero-BPF is in place. Then we replace
the zero-BPF with the real BPF we want.

Signed-off-by: Hang Yan <yhang@vmware.com>
Co-authored-by: Antonin Bas <antonin.bas@broadcom.com>

* Fix PacketCapture pcapng file issue on macOS (#6804)

By default, gopacket will write snap length=0 in the pcapng file
header, means unlimited snaplen. tcpdump on macOS (libpcap version 1.10.1)
cannot recognize this and will report error. This patch sets
a default value (65535) for it.

For #6795

Signed-off-by: Hang Yan <yhang@vmware.com>

---------

Signed-off-by: Hang Yan <yhang@vmware.com>
Co-authored-by: Antonin Bas <antonin.bas@broadcom.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@antoninbas antoninbas antoninbas approved these changes

@tnqn tnqn tnqn approved these changes

Assignees

No one assigned

Labels

action/backport Indicates a PR that requires backports.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@hangyan @antoninbas @luolanzone @tnqn