Conntrack: Add RecordType and HashId fields (#230)

ronensc · web-flow · commit b74bf07508b0 · 2022-06-28T15:25:26.000+03:00
* Add hash id to records

* Add type field

* Add a common internal prefix to field names

* Change prefix of internal fields to underscore "_"
diff --git a/pkg/api/conn_track.go b/pkg/api/conn_track.go
@@ -19,6 +19,11 @@ package api
 
 import "time"
 
+const (
+	HashIdFieldName     = "_HashId"
+	RecordTypeFieldName = "_RecordType"
+)
+
 type ConnTrack struct {
 	// TODO: should by a pointer instead?
 	KeyDefinition        KeyDefinition `yaml:"keyDefinition,omitempty" doc:"fields that are used to identify the connection"`
diff --git a/pkg/pipeline/conntrack/conntrack.go b/pkg/pipeline/conntrack/conntrack.go
@@ -22,6 +22,7 @@ import (
 	"fmt"
 	"hash"
 	"hash/fnv"
+	"strconv"
 	"time"
 
 	"github.com/benbjohnson/clock"
@@ -141,14 +142,20 @@ func (ct *conntrackImpl) Track(flowLogs []config.GenericMap) []config.GenericMap
 			ct.connStore.addConnection(computedHash.hashTotal, conn)
 			ct.updateConnection(conn, fl, computedHash)
 			if ct.shouldOutputNewConnection {
-				outputRecords = append(outputRecords, conn.toGenericMap())
+				record := conn.toGenericMap()
+				addHashField(record, computedHash.hashTotal)
+				addTypeField(record, api.ConnTrackOutputRecordTypeName("NewConnection"))
+				outputRecords = append(outputRecords, record)
 			}
 		} else {
 			ct.updateConnection(conn, fl, computedHash)
 		}
 
 		if ct.shouldOutputFlowLogs {
-			outputRecords = append(outputRecords, fl)
+			record := fl.Copy()
+			addHashField(record, computedHash.hashTotal)
+			addTypeField(record, api.ConnTrackOutputRecordTypeName("FlowLog"))
+			outputRecords = append(outputRecords, record)
 		}
 	}
 
@@ -167,7 +174,10 @@ func (ct *conntrackImpl) popEndConnections() []config.GenericMap {
 		lastUpdate := conn.getLastUpdate()
 		if lastUpdate.Before(expireTime) {
 			// The last update time of this connection is too old. We want to pop it.
-			outputRecords = append(outputRecords, conn.toGenericMap())
+			record := conn.toGenericMap()
+			addHashField(record, conn.getHash().hashTotal)
+			addTypeField(record, api.ConnTrackOutputRecordTypeName("EndConnection"))
+			outputRecords = append(outputRecords, record)
 			shouldDelete, shouldStop = true, false
 		} else {
 			// No more expired connections
@@ -238,3 +248,11 @@ func NewConnectionTrack(config api.ConnTrack, clock clock.Clock) (ConnectionTrac
 	}
 	return conntrack, nil
 }
+
+func addHashField(record config.GenericMap, hashId uint64) {
+	record[api.HashIdFieldName] = strconv.FormatUint(hashId, 16)
+}
+
+func addTypeField(record config.GenericMap, recordType string) {
+	record[api.RecordTypeFieldName] = recordType
+}
diff --git a/pkg/pipeline/conntrack/conntrack_test.go b/pkg/pipeline/conntrack/conntrack_test.go
@@ -77,40 +77,15 @@ func buildMockConnTrackConfig(isBidirectional bool, outputRecordType []string) *
 	}
 }
 
-func newMockRecordConnAB(srcIP string, srcPort int, dstIP string, dstPort int, protocol int, bytesAB, bytesBA, packetsAB, packetsBA, numFlowLogs float64) config.GenericMap {
-	return config.GenericMap{
-		"SrcAddr":     srcIP,
-		"SrcPort":     srcPort,
-		"DstAddr":     dstIP,
-		"DstPort":     dstPort,
-		"Proto":       protocol,
-		"Bytes_AB":    bytesAB,
-		"Bytes_BA":    bytesBA,
-		"Packets_AB":  packetsAB,
-		"Packets_BA":  packetsBA,
-		"numFlowLogs": numFlowLogs,
-	}
-}
-
-func newMockRecordConn(srcIP string, srcPort int, dstIP string, dstPort int, protocol int, bytes, packets, numFlowLogs float64) config.GenericMap {
-	return config.GenericMap{
-		"SrcAddr":     srcIP,
-		"SrcPort":     srcPort,
-		"DstAddr":     dstIP,
-		"DstPort":     dstPort,
-		"Proto":       protocol,
-		"Bytes":       bytes,
-		"Packets":     packets,
-		"numFlowLogs": numFlowLogs,
-	}
-}
-
 func TestTrack(t *testing.T) {
 	ipA := "10.0.0.1"
 	ipB := "10.0.0.2"
 	portA := 9001
 	portB := 9002
 	protocol := 6
+	hashId := "705baa5149302fa1"
+	hashIdAB := "705baa5149302fa1"
+	hashIdBA := "cc40f571f40f3111"
 
 	flAB1 := newMockFlowLog(ipA, portA, ipB, portB, protocol, 111, 11)
 	flAB2 := newMockFlowLog(ipA, portA, ipB, portB, protocol, 222, 22)
@@ -127,41 +102,41 @@ func TestTrack(t *testing.T) {
 			buildMockConnTrackConfig(true, []string{"newConnection"}),
 			[]config.GenericMap{flAB1, flAB2, flBA3, flBA4},
 			[]config.GenericMap{
-				newMockRecordConnAB(ipA, portA, ipB, portB, protocol, 111, 0, 11, 0, 1),
+				newMockRecordNewConnAB(ipA, portA, ipB, portB, protocol, 111, 0, 11, 0, 1).withHash(hashId).get(),
 			},
 		},
 		{
 			"bidirectional, output new connection and flow log",
 			buildMockConnTrackConfig(true, []string{"newConnection", "flowLog"}),
 			[]config.GenericMap{flAB1, flAB2, flBA3, flBA4},
 			[]config.GenericMap{
-				newMockRecordConnAB(ipA, portA, ipB, portB, protocol, 111, 0, 11, 0, 1),
-				flAB1,
-				flAB2,
-				flBA3,
-				flBA4,
+				newMockRecordNewConnAB(ipA, portA, ipB, portB, protocol, 111, 0, 11, 0, 1).withHash(hashId).get(),
+				newMockRecordFromFlowLog(flAB1).withHash(hashId).get(),
+				newMockRecordFromFlowLog(flAB2).withHash(hashId).get(),
+				newMockRecordFromFlowLog(flBA3).withHash(hashId).get(),
+				newMockRecordFromFlowLog(flBA4).withHash(hashId).get(),
 			},
 		},
 		{
 			"unidirectional, output new connection",
 			buildMockConnTrackConfig(false, []string{"newConnection"}),
 			[]config.GenericMap{flAB1, flAB2, flBA3, flBA4},
 			[]config.GenericMap{
-				newMockRecordConn(ipA, portA, ipB, portB, protocol, 111, 11, 1),
-				newMockRecordConn(ipB, portB, ipA, portA, protocol, 333, 33, 1),
+				newMockRecordNewConn(ipA, portA, ipB, portB, protocol, 111, 11, 1).withHash(hashIdAB).get(),
+				newMockRecordNewConn(ipB, portB, ipA, portA, protocol, 333, 33, 1).withHash(hashIdBA).get(),
 			},
 		},
 		{
 			"unidirectional, output new connection and flow log",
 			buildMockConnTrackConfig(false, []string{"newConnection", "flowLog"}),
 			[]config.GenericMap{flAB1, flAB2, flBA3, flBA4},
 			[]config.GenericMap{
-				newMockRecordConn(ipA, portA, ipB, portB, protocol, 111, 11, 1),
-				flAB1,
-				flAB2,
-				newMockRecordConn(ipB, portB, ipA, portA, protocol, 333, 33, 1),
-				flBA3,
-				flBA4,
+				newMockRecordNewConn(ipA, portA, ipB, portB, protocol, 111, 11, 1).withHash(hashIdAB).get(),
+				newMockRecordFromFlowLog(flAB1).withHash(hashIdAB).get(),
+				newMockRecordFromFlowLog(flAB2).withHash(hashIdAB).get(),
+				newMockRecordNewConn(ipB, portB, ipA, portA, protocol, 333, 33, 1).withHash(hashIdBA).get(),
+				newMockRecordFromFlowLog(flBA3).withHash(hashIdBA).get(),
+				newMockRecordFromFlowLog(flBA4).withHash(hashIdBA).get(),
 			},
 		},
 	}
@@ -191,6 +166,7 @@ func TestEndConn_Bidirectional(t *testing.T) {
 	portA := 9001
 	portB := 9002
 	protocol := 6
+	hashId := "705baa5149302fa1"
 
 	flAB1 := newMockFlowLog(ipA, portA, ipB, portB, protocol, 111, 11)
 	flAB2 := newMockFlowLog(ipA, portA, ipB, portB, protocol, 222, 22)
@@ -208,25 +184,25 @@ func TestEndConn_Bidirectional(t *testing.T) {
 			startTime.Add(0 * time.Second),
 			[]config.GenericMap{flAB1},
 			[]config.GenericMap{
-				newMockRecordConnAB(ipA, portA, ipB, portB, protocol, 111, 0, 11, 0, 1),
-				flAB1,
+				newMockRecordNewConnAB(ipA, portA, ipB, portB, protocol, 111, 0, 11, 0, 1).withHash(hashId).get(),
+				newMockRecordFromFlowLog(flAB1).withHash(hashId).get(),
 			},
 		},
 		{
 			"10s: flow AB and BA",
 			startTime.Add(10 * time.Second),
 			[]config.GenericMap{flAB2, flBA3},
 			[]config.GenericMap{
-				flAB2,
-				flBA3,
+				newMockRecordFromFlowLog(flAB2).withHash(hashId).get(),
+				newMockRecordFromFlowLog(flBA3).withHash(hashId).get(),
 			},
 		},
 		{
 			"20s: flow BA",
 			startTime.Add(20 * time.Second),
 			[]config.GenericMap{flBA4},
 			[]config.GenericMap{
-				flBA4,
+				newMockRecordFromFlowLog(flBA4).withHash(hashId).get(),
 			},
 		},
 		{
@@ -240,7 +216,7 @@ func TestEndConn_Bidirectional(t *testing.T) {
 			startTime.Add(51 * time.Second),
 			nil,
 			[]config.GenericMap{
-				newMockRecordConnAB(ipA, portA, ipB, portB, protocol, 333, 777, 33, 77, 4),
+				newMockRecordEndConnAB(ipA, portA, ipB, portB, protocol, 333, 777, 33, 77, 4).withHash(hashId).get(),
 			},
 		},
 	}
@@ -272,6 +248,8 @@ func TestEndConn_Unidirectional(t *testing.T) {
 	portA := 9001
 	portB := 9002
 	protocol := 6
+	hashIdAB := "705baa5149302fa1"
+	hashIdBA := "cc40f571f40f3111"
 
 	flAB1 := newMockFlowLog(ipA, portA, ipB, portB, protocol, 111, 11)
 	flAB2 := newMockFlowLog(ipA, portA, ipB, portB, protocol, 222, 22)
@@ -289,26 +267,26 @@ func TestEndConn_Unidirectional(t *testing.T) {
 			startTime.Add(0 * time.Second),
 			[]config.GenericMap{flAB1},
 			[]config.GenericMap{
-				newMockRecordConn(ipA, portA, ipB, portB, protocol, 111, 11, 1),
-				flAB1,
+				newMockRecordNewConn(ipA, portA, ipB, portB, protocol, 111, 11, 1).withHash(hashIdAB).get(),
+				newMockRecordFromFlowLog(flAB1).withHash(hashIdAB).get(),
 			},
 		},
 		{
 			"10s: flow AB and BA",
 			startTime.Add(10 * time.Second),
 			[]config.GenericMap{flAB2, flBA3},
 			[]config.GenericMap{
-				flAB2,
-				newMockRecordConn(ipB, portB, ipA, portA, protocol, 333, 33, 1),
-				flBA3,
+				newMockRecordFromFlowLog(flAB2).withHash(hashIdAB).get(),
+				newMockRecordNewConn(ipB, portB, ipA, portA, protocol, 333, 33, 1).withHash(hashIdBA).get(),
+				newMockRecordFromFlowLog(flBA3).withHash(hashIdBA).get(),
 			},
 		},
 		{
 			"20s: flow BA",
 			startTime.Add(20 * time.Second),
 			[]config.GenericMap{flBA4},
 			[]config.GenericMap{
-				flBA4,
+				newMockRecordFromFlowLog(flBA4).withHash(hashIdBA).get(),
 			},
 		},
 		{
@@ -322,7 +300,7 @@ func TestEndConn_Unidirectional(t *testing.T) {
 			startTime.Add(41 * time.Second),
 			nil,
 			[]config.GenericMap{
-				newMockRecordConn(ipA, portA, ipB, portB, protocol, 333, 33, 2),
+				newMockRecordEndConn(ipA, portA, ipB, portB, protocol, 333, 33, 2).withHash(hashIdAB).get(),
 			},
 		},
 		{
@@ -336,7 +314,7 @@ func TestEndConn_Unidirectional(t *testing.T) {
 			startTime.Add(51 * time.Second),
 			nil,
 			[]config.GenericMap{
-				newMockRecordConn(ipB, portB, ipA, portA, protocol, 777, 77, 2),
+				newMockRecordEndConn(ipB, portB, ipA, portA, protocol, 777, 77, 2).withHash(hashIdBA).get(),
 			},
 		},
 	}
diff --git a/pkg/pipeline/conntrack/utils_test.go b/pkg/pipeline/conntrack/utils_test.go
@@ -1,6 +1,9 @@
 package conntrack
 
-import "github.com/netobserv/flowlogs-pipeline/pkg/config"
+import (
+	"github.com/netobserv/flowlogs-pipeline/pkg/api"
+	"github.com/netobserv/flowlogs-pipeline/pkg/config"
+)
 
 func newMockFlowLog(srcIP string, srcPort int, dstIP string, dstPort int, protocol int, bytes, packets int) config.GenericMap {
 	return config.GenericMap{
@@ -13,3 +16,88 @@ func newMockFlowLog(srcIP string, srcPort int, dstIP string, dstPort int, protoc
 		"Packets": packets,
 	}
 }
+
+type mockRecord struct {
+	record config.GenericMap
+}
+
+func newMockRecordFromFlowLog(fl config.GenericMap) *mockRecord {
+	mock := &mockRecord{
+		record: config.GenericMap{},
+	}
+	for k, v := range fl {
+		mock.record[k] = v
+	}
+	mock.withType("flowLog")
+	return mock
+}
+
+func newMockRecordConnAB(srcIP string, srcPort int, dstIP string, dstPort int, protocol int, bytesAB, bytesBA, packetsAB, packetsBA, numFlowLogs float64) *mockRecord {
+	mock := &mockRecord{
+		record: config.GenericMap{
+			"SrcAddr":     srcIP,
+			"SrcPort":     srcPort,
+			"DstAddr":     dstIP,
+			"DstPort":     dstPort,
+			"Proto":       protocol,
+			"Bytes_AB":    bytesAB,
+			"Bytes_BA":    bytesBA,
+			"Packets_AB":  packetsAB,
+			"Packets_BA":  packetsBA,
+			"numFlowLogs": numFlowLogs,
+		},
+	}
+	return mock
+}
+
+func newMockRecordNewConnAB(srcIP string, srcPort int, dstIP string, dstPort int, protocol int, bytesAB, bytesBA, packetsAB, packetsBA, numFlowLogs float64) *mockRecord {
+	return newMockRecordConnAB(srcIP, srcPort, dstIP, dstPort, protocol, bytesAB, bytesBA, packetsAB, packetsBA, numFlowLogs).
+		withType("newConnection")
+
+}
+
+func newMockRecordEndConnAB(srcIP string, srcPort int, dstIP string, dstPort int, protocol int, bytesAB, bytesBA, packetsAB, packetsBA, numFlowLogs float64) *mockRecord {
+	return newMockRecordConnAB(srcIP, srcPort, dstIP, dstPort, protocol, bytesAB, bytesBA, packetsAB, packetsBA, numFlowLogs).
+		withType("endConnection")
+
+}
+
+func newMockRecordConn(srcIP string, srcPort int, dstIP string, dstPort int, protocol int, bytes, packets, numFlowLogs float64) *mockRecord {
+	mock := &mockRecord{
+		record: config.GenericMap{
+			"SrcAddr":     srcIP,
+			"SrcPort":     srcPort,
+			"DstAddr":     dstIP,
+			"DstPort":     dstPort,
+			"Proto":       protocol,
+			"Bytes":       bytes,
+			"Packets":     packets,
+			"numFlowLogs": numFlowLogs,
+		},
+	}
+	return mock
+}
+
+func newMockRecordNewConn(srcIP string, srcPort int, dstIP string, dstPort int, protocol int, bytes, packets, numFlowLogs float64) *mockRecord {
+	return newMockRecordConn(srcIP, srcPort, dstIP, dstPort, protocol, bytes, packets, numFlowLogs).
+		withType("newConnection")
+}
+
+func newMockRecordEndConn(srcIP string, srcPort int, dstIP string, dstPort int, protocol int, bytes, packets, numFlowLogs float64) *mockRecord {
+	return newMockRecordConn(srcIP, srcPort, dstIP, dstPort, protocol, bytes, packets, numFlowLogs).
+		withType("endConnection")
+}
+
+func (m *mockRecord) withHash(hashStr string) *mockRecord {
+	m.record[api.HashIdFieldName] = hashStr
+	return m
+}
+
+func (m *mockRecord) withType(recordType string) *mockRecord {
+	m.record[api.RecordTypeFieldName] = recordType
+	return m
+}
+
+func (m *mockRecord) get() config.GenericMap {
+	return m.record
+}
