feat(plugins): add experimental pktmon plugin for Windows (#235)

# Description This is the first of many commits to add Windows flow support via pktmon in the form of a Retina plugin. ## Related Issue If this pull request is related to any issue, please mention it here. Additionally, make sure that the issue is assigned to you before submitting this pull request. ## Checklist - [x] I have read the [contributing documentation](https://retina.sh/docs/contributing). - [x] I signed and signed-off the commits (`git commit -S -s ...`). See [this documentation](https://docs.github.com/en/authentication/managing-commit-signature-verification/about-commit-signature-verification) on signing commits. - [x] I have correctly attributed the author(s) of the code. - [x] I have tested the changes locally. - [x] I have followed the project's style guidelines. - [ ] I have updated the documentation, if necessary. - [ ] I have added tests, if applicable. ## Screenshots (if applicable) or Testing Completed Please add any relevant screenshots or GIFs to showcase the changes made. ## Additional Notes Add any additional notes or context about the pull request here. This is an experimental build, and in the current form remains half present. Omitting Windows cgo for the time being. --- Please refer to the [CONTRIBUTING.md](../CONTRIBUTING.md) file for more information on how to contribute to this project. --------- Signed-off-by: Mathew Merrick <[email protected]>
microsoft · Jul 23, 2024 · b3c673e · b3c673e
1 parent e9f8064
commit b3c673e
Show file tree

Hide file tree

Showing 16 changed files with 1,392 additions and 87 deletions.
diff --git a/.gitignore b/.gitignore
@@ -37,3 +37,4 @@ dist/
 bin/
 
 image-metadata-*.json
+*packetmonitorsupport*/
diff --git a/.golangci.yaml b/.golangci.yaml
@@ -2,6 +2,18 @@ issues:
   max-same-issues: 0
   max-issues-per-linter: 0
   new-from-rev: origin/main
+  exclude-rules:
+    # some type names are caps/underscore to map OS primitive types
+    - path: pkg/metrics/types_windows.go
+      linters:
+        - revive
+        - gomnd
+        - var-naming
+    - path: pkg/metrics/types_linux.go
+      linters:
+        - revive
+        - gomnd
+        - var-naming
 linters:
   presets: 
   - bugs

diff --git a/.pipelines/cg-pipeline.yaml b/.pipelines/cg-pipeline.yaml
@@ -189,7 +189,7 @@ stages:
               targetType: "inline"
               script: |
                 Import-Module -Name "$(Build.SourcesDirectory)\windows\docker\DockerBuildModule.psm1" -Force
-                Build-RetinaAgentImage -fullBuilderImageName $(WINDOWS_BUILDER_IMAGE) -registry $(BUILD_REGISTRY)
+                Build-RetinaAgentImage -fullBuilderImageName $(WINDOWS_BUILDER_IMAGE) -registry $(BUILD_REGISTRY) -appInsightsID $(PROD_AI)
                 Save-Image -imageName retina-agent -registry $(BUILD_REGISTRY)
 
           - task: PublishBuildArtifacts@1

diff --git a/Makefile b/Makefile
@@ -458,6 +458,7 @@ helm-install-advanced-local-context: manifests
 helm-install-hubble:
 	helm upgrade --install retina ./deploy/hubble/manifests/controller/helm/retina/ \
 		--namespace kube-system \
+		--set os.windows=true \
 		--set operator.enabled=true \
 		--set operator.repository=$(IMAGE_REGISTRY)/$(RETINA_OPERATOR_IMAGE) \
 		--set operator.tag=$(HELM_IMAGE_TAG) \
@@ -533,4 +534,3 @@ quick-deploy-hubble:
 .PHONY: simplify-dashboards
 simplify-dashboards:
 	cd deploy/legacy/grafana/dashboards && go test . -tags=dashboard,simplifydashboard -v && cd $(REPO_ROOT)
-
diff --git a/controller/Dockerfile.windows-2022 b/controller/Dockerfile.windows-2022
@@ -1,6 +1,4 @@
 FROM --platform=linux/amd64 mcr.microsoft.com/oss/go/microsoft/golang:1.21 as builder
-
-# Build args
 ARG VERSION
 ARG APP_INSIGHTS_ID
 
@@ -15,7 +13,7 @@ RUN --mount=type=cache,target="/root/.cache/go-build" go build -v -o /usr/bin/co
 RUN --mount=type=cache,target="/root/.cache/go-build" go build -v -o /usr/bin/captureworkload.exe ./captureworkload/
 
 # Copy into final image
-FROM  mcr.microsoft.com/windows/servercore:ltsc2022 as final
+FROM  --platform=windows/amd64 mcr.microsoft.com/windows/servercore:ltsc2022 as final
 COPY --from=builder /usr/src/retina/windows/kubeconfigtemplate.yaml kubeconfigtemplate.yaml
 COPY --from=builder /usr/src/retina/windows/setkubeconfigpath.ps1 setkubeconfigpath.ps1
 COPY --from=builder /usr/bin/controller.exe controller.exe

diff --git a/controller/Dockerfile.windows-native b/controller/Dockerfile.windows-native
@@ -2,34 +2,31 @@
 # It can't be placed in the other Windows Dockerfile, as those use
 # buildx targets, and this one requires legacy build.
 # Maybe one day: https://github.com/moby/buildkit/issues/616
-
 ARG BUILDER_IMAGE
-FROM --platform=windows/amd64 ${BUILDER_IMAGE} as builder
-# Build args
+FROM  --platform=windows/amd64 mcr.microsoft.com/oss/go/microsoft/golang:1.22-windowsservercore-ltsc2022 as builder
 WORKDIR C:\\retina
-RUN gcc.exe --version
-RUN go version
 COPY go.mod .
 COPY go.sum .
 ENV CGO_ENABLED=1
 RUN go mod download
 RUN go mod verify
 ADD . .
-RUN cp -r c:/pktmon/ pkg/plugin/windows/pktmon/packetmonitorsupport/
-RUN ls pkg/plugin/windows/pktmon/packetmonitorsupport/
 ARG VERSION
 ARG APP_INSIGHTS_ID
 SHELL ["cmd", "/S", "/C"]
 ENV VERSION=$VERSION
-ENV APP_INSIGHTS_ID=$APP_INSIGHTS_ID
 
+ENV APP_INSIGHTS_ID=$APP_INSIGHTS_ID
 RUN go build -v -o controller.exe -ldflags="-X main.version=%VERSION% -X main.applicationInsightsID=%APP_INSIGHTS_ID%" .\controller
 RUN go build -v -o captureworkload.exe -ldflags="-X main.version=%VERSION% -X main.applicationInsightsID=%APP_INSIGHTS_ID%" .\captureworkload
 
+FROM --platform=windows/amd64 ${BUILDER_IMAGE} as pktmon-builder
+WORKDIR C:\\retina
 
 FROM --platform=windows/amd64 mcr.microsoft.com/windows/nanoserver:ltsc2022 as final
 ADD https://github.com/microsoft/etl2pcapng/releases/download/v1.10.0/etl2pcapng.exe /etl2pcapng.exe
 SHELL ["powershell", "-Command", "$ErrorActionPreference = 'Stop'; $ProgressPreference = 'Continue';"]
 COPY --from=builder C:\\retina\\controller.exe controller.exe
+COPY --from=pktmon-builder C:\\pktmon\\controller-pktmon.exe controller-pktmon.exe
 COPY --from=builder C:\\retina\\captureworkload.exe captureworkload.exe
 CMD ["controller.exe"]
diff --git a/controller/Dockerfile.windows-native.dockerignore b/controller/Dockerfile.windows-native.dockerignore
@@ -1,2 +1,2 @@
-pkg/plugin/windows/pktmon/packetmonitorsupport/*
-*.tar
+pkg/plugin/windows/pktmon/packetmonitorsupport/*
+*.tar
diff --git a/pkg/metrics/types.go b/pkg/metrics/types.go
@@ -109,3 +109,5 @@ func ToPrometheusType(metric interface{}) prometheus.Collector {
 		return nil
 	}
 }
+
+type DropReasonType uint32
diff --git a/pkg/metrics/types_linux.go b/pkg/metrics/types_linux.go
@@ -0,0 +1,61 @@
+// Copyright (c) Microsoft Corporation.
+// Licensed under the MIT license.
+package metrics
+
+import "github.com/cilium/cilium/api/v1/flow"
+
+// Alert: this ordering should match the drop_reason_t enum ordering
+// in dropreason.h of DropReason plugin
+const (
+	IPTABLE_RULE_DROP DropReasonType = iota
+	IPTABLE_NAT_DROP
+	TCP_CONNECT_BASIC
+	TCP_ACCEPT_BASIC
+	TCP_CLOSE_BASIC
+	CONNTRACK_ADD_DROP
+	UNKNOWN_DROP
+)
+
+func GetDropType(value uint32) DropReasonType {
+	switch value {
+	case 0:
+		return IPTABLE_RULE_DROP
+	case 1:
+		return IPTABLE_NAT_DROP
+	case 2:
+		return TCP_CONNECT_BASIC
+	case 3:
+		return TCP_ACCEPT_BASIC
+	case 4:
+		return TCP_CLOSE_BASIC
+	case 5:
+		return CONNTRACK_ADD_DROP
+	default:
+		return UNKNOWN_DROP
+	}
+}
+
+func GetDropTypeFlowDropReason(dr flow.DropReason) string {
+	return GetDropType(uint32(dr)).String()
+}
+
+func (d DropReasonType) String() string {
+	switch d {
+	case IPTABLE_RULE_DROP:
+		return "IPTABLE_RULE_DROP"
+	case IPTABLE_NAT_DROP:
+		return "IPTABLE_NAT_DROP"
+	case TCP_CONNECT_BASIC:
+		return "TCP_CONNECT_BASIC"
+	case TCP_ACCEPT_BASIC:
+		return "TCP_ACCEPT_BASIC"
+	case TCP_CLOSE_BASIC:
+		return "TCP_CLOSE_BASIC"
+	case CONNTRACK_ADD_DROP:
+		return "CONNTRACK_ADD_DROP"
+	case UNKNOWN_DROP:
+		return "UNKNOWN_DROP"
+	default:
+		return "UNKNOWN_DROP"
+	}
+}