-
Notifications
You must be signed in to change notification settings - Fork 2.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
hubble: add trace reason support in hubble flows #31226
hubble: add trace reason support in hubble flows #31226
Conversation
51a4fca
to
58b278f
Compare
58b278f
to
083fa5f
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
CODEOWNERS lgtm
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks solid
/test |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks good, left one question
083fa5f
to
879801c
Compare
@lambdanis addressed your feedback and now setting |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Makes sense, thanks @kaworu!
I see there is a conflict, but apart from that looks good to me.
879801c
to
973db16
Compare
/test |
973db16
to
7bd6a83
Compare
7bd6a83
to
9f33194
Compare
/test |
9f33194
to
bdff831
Compare
/test |
1 similar comment
/test |
bdff831
to
e18c3d2
Compare
/test |
cilium#30154 and cilium#31073 introduced new datapath trace reasons and had an impact on Hubble, but the sig-hubble team doesn't get automatically pulled in for review. This patch adds the sig-hubble team to review datapath_trace.go changes. Signed-off-by: Alexandre Perrin <alex@isovalent.com>
Before this patch, both the monitor package and Hubble's "threefour" parser would access the TraceNotify.Reason field directly. However, it is easy to miss that the Reason field contains the "encrypted" bit and has to be masked to retrieve the actual trace reason (e.g. TraceReasonCtReply), as shown by 9939fa2. This commit introduces several TraceNotify helpers around trace reason and encryption status, so that both the monitor code and Hubble "threefour" parser don't have to access the Reason field anymore. Signed-off-by: Alexandre Perrin <alex@isovalent.com>
Before this patch, TraceReasonEncryptOverlay traces would result in flows with ingress traffic direction. Since the flow source is the local host and destination a remote node, egress arguably make more sense to expose at a high level. Thus, this patch set the traffic direction to egress consistently for TraceReasonEncryptOverlay hubble flows. Signed-off-by: Alexandre Perrin <alex@isovalent.com>
Before this patch, the datapath trace reason was not exposed in Hubble flows. In Hubble, the trace reason is used to infer the traffic direction and reply status. Before a6bfb79 all trace reasons were CT related, so the information was "converted" by Hubble into higher level concept / terminology. Since a6bfb79 there are now non-CT trace reason that don't map with Hubble's traffic direction and/or reply status, and thus it make sense to start exposing the underlying trace reason. Signed-off-by: Alexandre Perrin <alex@isovalent.com>
e18c3d2
to
8aa0551
Compare
/test |
Reviewer note: this PR is a draft as the patch are on top of #31211, and I wish to wait for #31073 to be merged and handle conflicts in this PR.See commits, closes #31202.