NETOBSERV-2523: Split maps to avoid stack size error (#855)

* Split maps to avoid stack size error

- All feature-related data is now seggregated in their own maps (except
  for rtt and ipsec as that's just a couple of bytes)
- As a result, userland code is refactored; maps accesses can now be
  conditioned by feature
- Since we have gauges that track maps sizes, we can remove the
  "enriched" stats metric as it becomes redundant

* Padding, fix tests

* Apply suggestions from code review

Co-authored-by: Julien Pinsonneau <[email protected]>

* Remove TODO comment

---------

Co-authored-by: Julien Pinsonneau <[email protected]>

Author: jotak

.mk/bc.mk

@@ -31,6 +31,10 @@ define MAPS
 {
 	"direct_flows":"ringbuf",
 	"aggregated_flows":"hash",
+	"aggregated_flows_dns":"per_cpu_hash",
+	"aggregated_flows_pkt_drop":"per_cpu_hash",
+	"aggregated_flows_network_events":"per_cpu_hash",
+	"aggregated_flows_xlat":"per_cpu_hash",
 	"additional_flow_metrics":"per_cpu_hash",
 	"packet_record":"ringbuf",
 	"dns_flows":"hash",

bpf/flows.c

@@ -112,16 +112,16 @@ static __always_inline void update_existing_flow(flow_metrics *aggregate_flow, p
     }
 }
 
-static inline void update_dns(additional_metrics *extra_metrics, pkt_info *pkt, int dns_errno) {
+static inline void update_dns(dns_metrics *dns_metrics, pkt_info *pkt, int dns_errno) {
     if (pkt->dns_id != 0) {
-        extra_metrics->end_mono_time_ts = pkt->current_ts;
-        extra_metrics->dns_record.id = pkt->dns_id;
-        extra_metrics->dns_record.flags = pkt->dns_flags;
-        extra_metrics->dns_record.latency = pkt->dns_latency;
-        __builtin_memcpy(extra_metrics->dns_record.name, pkt->dns_name, DNS_NAME_MAX_LEN);
+        dns_metrics->end_mono_time_ts = pkt->current_ts;
+        dns_metrics->id = pkt->dns_id;
+        dns_metrics->flags = pkt->dns_flags;
+        dns_metrics->latency = pkt->dns_latency;
+        __builtin_memcpy(dns_metrics->name, pkt->dns_name, DNS_NAME_MAX_LEN);
     }
     if (dns_errno != 0) {
-        extra_metrics->dns_record.errno = dns_errno;
+        dns_metrics->errno = dns_errno;
     }
 }
 
@@ -241,31 +241,29 @@ static inline int flow_monitor(struct __sk_buff *skb, u8 direction) {
 
     // Update additional metrics (per-CPU map)
     if (pkt.dns_id != 0 || dns_errno != 0) {
-        additional_metrics *extra_metrics =
-            (additional_metrics *)bpf_map_lookup_elem(&additional_flow_metrics, &id);
+        dns_metrics *extra_metrics = (dns_metrics *)bpf_map_lookup_elem(&aggregated_flows_dns, &id);
         if (extra_metrics != NULL) {
             update_dns(extra_metrics, &pkt, dns_errno);
         } else {
-            additional_metrics new_metrics;
+            dns_metrics new_metrics;
             __builtin_memset(&new_metrics, 0, sizeof(new_metrics));
             new_metrics.start_mono_time_ts = pkt.current_ts;
             new_metrics.end_mono_time_ts = pkt.current_ts;
             new_metrics.eth_protocol = eth_protocol;
-            new_metrics.dns_record.id = pkt.dns_id;
-            new_metrics.dns_record.flags = pkt.dns_flags;
-            new_metrics.dns_record.latency = pkt.dns_latency;
-            __builtin_memcpy(new_metrics.dns_record.name, pkt.dns_name, DNS_NAME_MAX_LEN);
-            new_metrics.dns_record.errno = dns_errno;
-            long ret =
-                bpf_map_update_elem(&additional_flow_metrics, &id, &new_metrics, BPF_NOEXIST);
+            new_metrics.id = pkt.dns_id;
+            new_metrics.flags = pkt.dns_flags;
+            new_metrics.latency = pkt.dns_latency;
+            __builtin_memcpy(new_metrics.name, pkt.dns_name, DNS_NAME_MAX_LEN);
+            new_metrics.errno = dns_errno;
+            long ret = bpf_map_update_elem(&aggregated_flows_dns, &id, &new_metrics, BPF_NOEXIST);
             if (ret != 0) {
                 if (trace_messages && ret != -EEXIST) {
                     bpf_printk("error adding DNS %d\n", ret);
                 }
                 if (ret == -EEXIST) {
                     // Concurrent write from another CPU; retry
-                    additional_metrics *extra_metrics =
-                        (additional_metrics *)bpf_map_lookup_elem(&additional_flow_metrics, &id);
+                    dns_metrics *extra_metrics =
+                        (dns_metrics *)bpf_map_lookup_elem(&aggregated_flows_dns, &id);
                     if (extra_metrics != NULL) {
                         update_dns(extra_metrics, &pkt, dns_errno);
                     } else {

bpf/maps_definition.h

@@ -20,6 +20,46 @@ struct {
     __uint(pinning, LIBBPF_PIN_BY_NAME);
 } aggregated_flows SEC(".maps");
 
+// Key: the flow identifier. Value: dns metrics for that identifier.
+struct {
+    __uint(type, BPF_MAP_TYPE_PERCPU_HASH);
+    __type(key, flow_id);
+    __type(value, dns_metrics);
+    __uint(max_entries, 1 << 24);
+    __uint(map_flags, BPF_F_NO_PREALLOC);
+    __uint(pinning, LIBBPF_PIN_BY_NAME);
+} aggregated_flows_dns SEC(".maps");
+
+// Key: the flow identifier. Value: drops metrics for that identifier.
+struct {
+    __uint(type, BPF_MAP_TYPE_PERCPU_HASH);
+    __type(key, flow_id);
+    __type(value, pkt_drop_metrics);
+    __uint(max_entries, 1 << 24);
+    __uint(map_flags, BPF_F_NO_PREALLOC);
+    __uint(pinning, LIBBPF_PIN_BY_NAME);
+} aggregated_flows_pkt_drop SEC(".maps");
+
+// Key: the flow identifier. Value: network events metrics for that identifier.
+struct {
+    __uint(type, BPF_MAP_TYPE_PERCPU_HASH);
+    __type(key, flow_id);
+    __type(value, network_events_metrics);
+    __uint(max_entries, 1 << 24);
+    __uint(map_flags, BPF_F_NO_PREALLOC);
+    __uint(pinning, LIBBPF_PIN_BY_NAME);
+} aggregated_flows_network_events SEC(".maps");
+
+// Key: the flow identifier. Value: xlat metrics for that identifier.
+struct {
+    __uint(type, BPF_MAP_TYPE_PERCPU_HASH);
+    __type(key, flow_id);
+    __type(value, xlat_metrics);
+    __uint(max_entries, 1 << 24);
+    __uint(map_flags, BPF_F_NO_PREALLOC);
+    __uint(pinning, LIBBPF_PIN_BY_NAME);
+} aggregated_flows_xlat SEC(".maps");
+
 // Key: the flow identifier. Value: extra metrics for that identifier.
 struct {
     __uint(type, BPF_MAP_TYPE_PERCPU_HASH);

bpf/network_events_monitoring.h

@@ -22,7 +22,8 @@ static inline int lookup_and_update_existing_flow_network_events(flow_id *id, u8
 
     bpf_probe_read_kernel(cookie, md_len, user_cookie);
 
-    additional_metrics *extra_metrics = bpf_map_lookup_elem(&additional_flow_metrics, id);
+    network_events_metrics *extra_metrics =
+        bpf_map_lookup_elem(&aggregated_flows_network_events, id);
     if (extra_metrics != NULL) {
         u8 idx = extra_metrics->network_events_idx;
         extra_metrics->end_mono_time_ts = bpf_ktime_get_ns();
@@ -93,15 +94,15 @@ static inline int trace_network_events(struct sk_buff *skb, struct psample_metad
 
     // there is no matching flows so lets create new one and add the network event metadata
     u64 current_time = bpf_ktime_get_ns();
-    additional_metrics new_flow;
+    network_events_metrics new_flow;
     __builtin_memset(&new_flow, 0, sizeof(new_flow));
     new_flow.start_mono_time_ts = current_time;
     new_flow.end_mono_time_ts = current_time;
     new_flow.eth_protocol = eth_protocol;
     new_flow.network_events_idx = 0;
     bpf_probe_read_kernel(new_flow.network_events[0], md_len, user_cookie);
     new_flow.network_events_idx++;
-    ret = bpf_map_update_elem(&additional_flow_metrics, &id, &new_flow, BPF_NOEXIST);
+    ret = bpf_map_update_elem(&aggregated_flows_network_events, &id, &new_flow, BPF_NOEXIST);
     if (ret != 0) {
         if (trace_messages && ret != -EEXIST) {
             bpf_printk("error network events creating new flow %d\n", ret);

bpf/pkt_drops.h

@@ -9,14 +9,14 @@
 
 static inline long pkt_drop_lookup_and_update_flow(flow_id *id, u8 state, u16 flags,
                                                    enum skb_drop_reason reason, u64 len) {
-    additional_metrics *extra_metrics = bpf_map_lookup_elem(&additional_flow_metrics, id);
+    pkt_drop_metrics *extra_metrics = bpf_map_lookup_elem(&aggregated_flows_pkt_drop, id);
     if (extra_metrics != NULL) {
         extra_metrics->end_mono_time_ts = bpf_ktime_get_ns();
-        extra_metrics->pkt_drops.packets += 1;
-        extra_metrics->pkt_drops.bytes += len;
-        extra_metrics->pkt_drops.latest_state = state;
-        extra_metrics->pkt_drops.latest_flags = flags;
-        extra_metrics->pkt_drops.latest_drop_cause = reason;
+        extra_metrics->packets += 1;
+        extra_metrics->bytes += len;
+        extra_metrics->latest_state = state;
+        extra_metrics->latest_flags = flags;
+        extra_metrics->latest_drop_cause = reason;
         return 0;
     }
     return -1;
@@ -75,17 +75,17 @@ static inline int trace_pkt_drop(void *ctx, u8 state, struct sk_buff *skb,
     }
     // there is no matching flows so lets create new one and add the drops
     u64 current_time = bpf_ktime_get_ns();
-    additional_metrics new_flow;
+    pkt_drop_metrics new_flow;
     __builtin_memset(&new_flow, 0, sizeof(new_flow));
     new_flow.start_mono_time_ts = current_time;
     new_flow.end_mono_time_ts = current_time;
     new_flow.eth_protocol = eth_protocol;
-    new_flow.pkt_drops.packets = 1;
-    new_flow.pkt_drops.bytes = len;
-    new_flow.pkt_drops.latest_state = state;
-    new_flow.pkt_drops.latest_flags = flags;
-    new_flow.pkt_drops.latest_drop_cause = reason;
-    ret = bpf_map_update_elem(&additional_flow_metrics, &id, &new_flow, BPF_NOEXIST);
+    new_flow.packets = 1;
+    new_flow.bytes = len;
+    new_flow.latest_state = state;
+    new_flow.latest_flags = flags;
+    new_flow.latest_drop_cause = reason;
+    ret = bpf_map_update_elem(&aggregated_flows_pkt_drop, &id, &new_flow, BPF_NOEXIST);
     if (ret != 0) {
         if (trace_messages && ret != -EEXIST) {
             bpf_printk("error packet drop creating new flow %d\n", ret);

bpf/pkt_translation.h

@@ -9,7 +9,7 @@
 
 #define s6_addr in6_u.u6_addr8
 
-static inline void dump_xlated_flow(struct translated_flow_t *flow) {
+static inline void dump_xlated_flow(struct xlat_metrics_t *flow) {
     BPF_PRINTK("zone_id %d sport %d dport %d\n", flow->zone_id, flow->sport, flow->dport);
     int i;
     for (i = 0; i < IP_MAX_LEN; i += 4) {
@@ -22,9 +22,8 @@ static inline void dump_xlated_flow(struct translated_flow_t *flow) {
     }
 }
 
-static void __always_inline parse_tuple(struct nf_conntrack_tuple *t,
-                                        struct translated_flow_t *flow, u16 zone_id, u16 family,
-                                        u8 protocol, bool invert) {
+static void __always_inline parse_tuple(struct nf_conntrack_tuple *t, struct xlat_metrics_t *flow,
+                                        u16 zone_id, u16 family, u8 protocol, bool invert) {
     __builtin_memset(flow, 0, sizeof(*flow));
     if (invert) {
         if (is_transport_protocol(protocol)) {
@@ -74,7 +73,7 @@ static inline long translate_lookup_and_update_flow(flow_id *id, u16 flags,
                                                     struct nf_conntrack_tuple *reply_t, u16 zone_id,
                                                     u16 family, u16 eth_protocol) {
     long ret = 0;
-    struct translated_flow_t orig;
+    struct xlat_metrics_t orig;
 
     parse_tuple(orig_t, &orig, zone_id, family, id->transport_protocol, false);
 
@@ -85,33 +84,30 @@ static inline long translate_lookup_and_update_flow(flow_id *id, u16 flags,
     id->dst_port = orig.dport;
     u64 current_time = bpf_ktime_get_ns();
 
-    additional_metrics *extra_metrics = bpf_map_lookup_elem(&additional_flow_metrics, id);
+    xlat_metrics *extra_metrics = bpf_map_lookup_elem(&aggregated_flows_xlat, id);
     if (extra_metrics != NULL) {
         extra_metrics->end_mono_time_ts = current_time;
-        parse_tuple(reply_t, &extra_metrics->translated_flow, zone_id, family,
-                    id->transport_protocol, true);
+        parse_tuple(reply_t, extra_metrics, zone_id, family, id->transport_protocol, true);
         return ret;
     }
 
     // there is no matching flows so lets create new one and add the xlation
-    additional_metrics new_extra_metrics;
+    xlat_metrics new_extra_metrics;
     __builtin_memset(&new_extra_metrics, 0, sizeof(new_extra_metrics));
     new_extra_metrics.start_mono_time_ts = current_time;
     new_extra_metrics.end_mono_time_ts = current_time;
     new_extra_metrics.eth_protocol = eth_protocol;
-    parse_tuple(reply_t, &new_extra_metrics.translated_flow, zone_id, family,
-                id->transport_protocol, true);
-    ret = bpf_map_update_elem(&additional_flow_metrics, id, &new_extra_metrics, BPF_NOEXIST);
+    parse_tuple(reply_t, &new_extra_metrics, zone_id, family, id->transport_protocol, true);
+    ret = bpf_map_update_elem(&aggregated_flows_xlat, id, &new_extra_metrics, BPF_NOEXIST);
     if (ret != 0) {
         if (trace_messages && ret != -EEXIST) {
             bpf_printk("error packet translation creating new flow %d\n", ret);
         }
         if (ret == -EEXIST) {
-            additional_metrics *extra_metrics = bpf_map_lookup_elem(&additional_flow_metrics, id);
+            xlat_metrics *extra_metrics = bpf_map_lookup_elem(&aggregated_flows_xlat, id);
             if (extra_metrics != NULL) {
                 extra_metrics->end_mono_time_ts = current_time;
-                parse_tuple(reply_t, &extra_metrics->translated_flow, zone_id, family,
-                            id->transport_protocol, true);
+                parse_tuple(reply_t, extra_metrics, zone_id, family, id->transport_protocol, true);
                 return 0;
             }
         }

bpf/types.h

@@ -116,43 +116,62 @@ typedef struct flow_metrics_t {
 // Force emitting enums/structs into the ELF
 const static struct flow_metrics_t *unused2 __attribute__((unused));
 
-typedef struct additional_metrics_t {
+typedef struct dns_metrics_t {
+    u64 start_mono_time_ts;
+    u64 end_mono_time_ts;
+    u64 latency;
+    u16 id;
+    u16 flags;
+    u16 eth_protocol;
+    u8 errno;
+    char name[DNS_NAME_MAX_LEN];
+} dns_metrics;
+
+typedef struct pkt_drop_metrics_t {
+    u64 start_mono_time_ts;
+    u64 end_mono_time_ts;
+    u64 bytes;
+    u32 packets;
+    u32 latest_drop_cause;
+    u16 latest_flags;
+    u16 eth_protocol;
+    u8 latest_state;
+} pkt_drop_metrics;
+
+typedef struct network_events_metrics_t {
     u64 start_mono_time_ts;
     u64 end_mono_time_ts;
-    struct dns_record_t {
-        u64 latency;
-        u16 id;
-        u16 flags;
-        u8 errno;
-        char name[DNS_NAME_MAX_LEN];
-    } dns_record;
-    struct pkt_drops_t {
-        u64 bytes;
-        u32 packets;
-        u32 latest_drop_cause;
-        u16 latest_flags;
-        u8 latest_state;
-    } pkt_drops;
-    u64 flow_rtt;
     u8 network_events[MAX_NETWORK_EVENTS][MAX_EVENT_MD];
-    struct translated_flow_t {
-        u8 saddr[IP_MAX_LEN];
-        u8 daddr[IP_MAX_LEN];
-        u16 sport;
-        u16 dport;
-        u16 zone_id;
-    } translated_flow;
     u16 eth_protocol;
     u8 network_events_idx;
-    bool ipsec_encrypted;
+} network_events_metrics;
+
+typedef struct xlat_metrics_t {
+    u64 start_mono_time_ts;
+    u64 end_mono_time_ts;
+    u8 saddr[IP_MAX_LEN];
+    u8 daddr[IP_MAX_LEN];
+    u16 sport;
+    u16 dport;
+    u16 zone_id;
+    u16 eth_protocol;
+} xlat_metrics;
+
+typedef struct additional_metrics_t {
+    u64 start_mono_time_ts;
+    u64 end_mono_time_ts;
+    u64 flow_rtt;
     int ipsec_encrypted_ret;
+    u16 eth_protocol;
+    bool ipsec_encrypted;
 } additional_metrics;
 
 // Force emitting enums/structs into the ELF
+const static struct dns_metrics_t *unused4 __attribute__((unused));
+const static struct pkt_drop_metrics_t *unused5 __attribute__((unused));
+const static struct network_events_metrics_t *unused6 __attribute__((unused));
+const static struct xlat_metrics_t *unused13 __attribute__((unused));
 const static struct additional_metrics_t *unused3 __attribute__((unused));
-const static struct dns_record_t *unused4 __attribute__((unused));
-const static struct pkt_drops_t *unused5 __attribute__((unused));
-const static struct translated_flow_t *unused6 __attribute__((unused));
 
 // Attributes that uniquely identify a flow
 typedef struct flow_id_t {