diff --git a/bpf/dns_tracker.h b/bpf/dns_tracker.h index 571526958..9a2a9b2bf 100644 --- a/bpf/dns_tracker.h +++ b/bpf/dns_tracker.h @@ -75,9 +75,11 @@ static __always_inline void track_dns_packet(struct __sk_buff *skb, pkt_info *pk } struct dns_header dns; + int ret; u32 dns_offset = (long)pkt->l4_hdr - (long)skb->data + len; - if (bpf_skb_load_bytes(skb, dns_offset, &dns, sizeof(dns)) < 0) { + if ((ret = bpf_skb_load_bytes(skb, dns_offset, &dns, sizeof(dns))) < 0) { + pkt->dns_errno = -ret; return; } @@ -97,6 +99,7 @@ static __always_inline void track_dns_packet(struct __sk_buff *skb, pkt_info *pk pkt->dns_latency = ts - *value; pkt->dns_id = dns_id; pkt->dns_flags = flags; + pkt->dns_errno = -ret; bpf_map_delete_elem(&dns_flows, &dns_req); } } // end of dns response diff --git a/bpf/flows.c b/bpf/flows.c index 219660e64..fe69375c7 100644 --- a/bpf/flows.c +++ b/bpf/flows.c @@ -97,6 +97,7 @@ static inline int flow_monitor(struct __sk_buff *skb, u8 direction) { aggregate_flow->dns_record.id = pkt.dns_id; aggregate_flow->dns_record.flags = pkt.dns_flags; aggregate_flow->dns_record.latency = pkt.dns_latency; + aggregate_flow->dns_record.errno = pkt.dns_errno; long ret = bpf_map_update_elem(&aggregated_flows, &id, aggregate_flow, BPF_ANY); if (trace_messages && ret != 0) { // usually error -16 (-EBUSY) is printed here. @@ -119,6 +120,7 @@ static inline int flow_monitor(struct __sk_buff *skb, u8 direction) { .dns_record.id = pkt.dns_id, .dns_record.flags = pkt.dns_flags, .dns_record.latency = pkt.dns_latency, + .dns_record.errno = pkt.dns_errno, }; // even if we know that the entry is new, another CPU might be concurrently inserting a flow diff --git a/bpf/types.h b/bpf/types.h index f9790427b..1205da3b4 100644 --- a/bpf/types.h +++ b/bpf/types.h @@ -89,6 +89,7 @@ typedef struct flow_metrics_t { u16 id; u16 flags; u64 latency; + u8 errno; } __attribute__((packed)) dns_record; u64 flow_rtt; } __attribute__((packed)) flow_metrics; @@ -162,6 +163,7 @@ typedef struct pkt_info_t { u16 dns_id; u16 dns_flags; u64 dns_latency; + u8 dns_errno; } pkt_info; // Structure for payload metadata diff --git a/pkg/ebpf/bpf_bpfeb.go b/pkg/ebpf/bpf_bpfeb.go index bb10a1591..7f6ceebd8 100644 --- a/pkg/ebpf/bpf_bpfeb.go +++ b/pkg/ebpf/bpf_bpfeb.go @@ -25,6 +25,7 @@ type BpfDnsRecordT struct { Id uint16 Flags uint16 Latency uint64 + Errno uint8 } type BpfFlowId BpfFlowIdT diff --git a/pkg/ebpf/bpf_bpfeb.o b/pkg/ebpf/bpf_bpfeb.o index 12b4001b8..dd836501e 100644 Binary files a/pkg/ebpf/bpf_bpfeb.o and b/pkg/ebpf/bpf_bpfeb.o differ diff --git a/pkg/ebpf/bpf_bpfel.go b/pkg/ebpf/bpf_bpfel.go index 8556d19a5..0f869406b 100644 --- a/pkg/ebpf/bpf_bpfel.go +++ b/pkg/ebpf/bpf_bpfel.go @@ -25,6 +25,7 @@ type BpfDnsRecordT struct { Id uint16 Flags uint16 Latency uint64 + Errno uint8 } type BpfFlowId BpfFlowIdT diff --git a/pkg/ebpf/bpf_bpfel.o b/pkg/ebpf/bpf_bpfel.o index 5e001e1de..9284fc0b5 100644 Binary files a/pkg/ebpf/bpf_bpfel.o and b/pkg/ebpf/bpf_bpfel.o differ diff --git a/pkg/flow/record_test.go b/pkg/flow/record_test.go index 8709af0b6..316bbe699 100644 --- a/pkg/flow/record_test.go +++ b/pkg/flow/record_test.go @@ -43,6 +43,7 @@ func TestRecordBinaryEncoding(t *testing.T) { 01, 00, // id 0x80, 00, // flags 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, // latency + 0x00, // errno // u64 flow_rtt 0xad, 0xde, 0xef, 0xbe, 0xef, 0xbe, 0xad, 0xde, })) @@ -82,6 +83,7 @@ func TestRecordBinaryEncoding(t *testing.T) { Id: 0x0001, Flags: 0x0080, Latency: 0x1817161514131211, + Errno: 0, }, FlowRtt: 0xdeadbeefbeefdead, },