Merge IPv4 and IPv6 addresses into a single type (#32)

Mario Macias · web-flow · commit 5c6d858a3605 · 2022-06-13T10:40:02.000+02:00
diff --git a/bpf/flow.h b/bpf/flow.h
@@ -17,19 +17,11 @@ struct data_link {
 } __attribute__((packed));
 
 // L3 network layer
-struct v4ip {
-    u32 src_ip;
-    u32 dst_ip;
-} __attribute__((packed));
-
-struct v6ip {
-    struct in6_addr src_ip6;
-    struct in6_addr dst_ip6;
-} __attribute__((packed));
-
+// IPv4 addresses are encoded as IPv6 addresses with prefix ::ffff/96
+// as described in https://datatracker.ietf.org/doc/html/rfc4038#section-4.2
 struct network {
-    struct v4ip v4ip;
-    struct v6ip v6ip;
+    struct in6_addr src_ip;
+    struct in6_addr dst_ip;
 } __attribute__((packed));
 
 // L4 transport layer
diff --git a/bpf/flows.c b/bpf/flows.c
@@ -6,8 +6,10 @@
 #include <linux/bpf.h>
 #include <linux/types.h>
 #include <linux/if_ether.h>
+
 #include <bpf_helpers.h>
 #include <bpf_endian.h>
+
 #include "flow.h"
 
 #define DISCARD 1
@@ -27,14 +29,18 @@ struct {
 // Constant definitions, to be overridden by the invoker
 volatile const u32 sampling = 0;
 
+const u8 ip4in6[] = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0xff, 0xff};
+
 // sets flow fields from IPv4 header information
 static inline int fill_iphdr(struct iphdr *ip, void *data_end, struct flow *flow) {
     if ((void *)ip + sizeof(*ip) > data_end) {
         return DISCARD;
     }
 
-    flow->network.v4ip.src_ip = __bpf_ntohl(ip->saddr);
-    flow->network.v4ip.dst_ip = __bpf_ntohl(ip->daddr);
+    __builtin_memcpy(flow->network.src_ip.s6_addr, ip4in6, sizeof(ip4in6));
+    __builtin_memcpy(flow->network.dst_ip.s6_addr, ip4in6, sizeof(ip4in6));
+    __builtin_memcpy(flow->network.src_ip.s6_addr + sizeof(ip4in6), &ip->saddr, sizeof(ip->saddr));
+    __builtin_memcpy(flow->network.dst_ip.s6_addr + sizeof(ip4in6), &ip->daddr, sizeof(ip->daddr));
     flow->transport.protocol = ip->protocol;
 
     switch (ip->protocol) {
@@ -64,8 +70,8 @@ static inline int fill_ip6hdr(struct ipv6hdr *ip, void *data_end, struct flow *f
         return DISCARD;
     }
 
-    flow->network.v6ip.src_ip6 = ip->saddr;
-    flow->network.v6ip.dst_ip6 = ip->daddr;
+    flow->network.src_ip = ip->saddr;
+    flow->network.dst_ip = ip->daddr;
     flow->transport.protocol = ip->nexthdr;
 
     switch (ip->nexthdr) {
diff --git a/pkg/agent/agent_test.go b/pkg/agent/agent_test.go
@@ -70,8 +70,10 @@ func TestFlowsAgent(t *testing.T) {
 	fr1.Direction = 1 // egress
 	fr1.DataLink.SrcMac = flow.MacAddr{0x11, 0x22, 0x33, 0x44, 0x55, 0x66}
 	fr1.DataLink.DstMac = flow.MacAddr{0x77, 0x88, 0x99, 0xAA, 0xBB, 0xCC}
-	fr1.Network.SrcAddr = 0x11223344
-	fr1.Network.DstAddr = 0xaabbccdd
+	fr1.Network.SrcAddr = flow.IPAddr{0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0xff, 0xff,
+		0x11, 0x22, 0x33, 0x44}
+	fr1.Network.DstAddr = flow.IPAddr{0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0xff, 0xff,
+		0xaa, 0xbb, 0xcc, 0xdd}
 	fr1.Transport.Protocol = 123
 	fr1.Transport.SrcPort = 456
 	fr1.Transport.DstPort = 789
diff --git a/pkg/ebpf/bpf_bpfeb.o b/pkg/ebpf/bpf_bpfeb.o
diff --git a/pkg/ebpf/bpf_bpfel.o b/pkg/ebpf/bpf_bpfel.o
diff --git a/pkg/exporter/grpc_proto.go b/pkg/exporter/grpc_proto.go
@@ -63,8 +63,8 @@ func v4FlowToPB(fr *flow.Record) *pbflow.Record {
 			DstMac: macToUint64(&fr.DataLink.DstMac),
 		},
 		Network: &pbflow.Network{
-			SrcAddr: &pbflow.IP{IpFamily: &pbflow.IP_Ipv4{Ipv4: uint32(fr.Network.SrcAddr)}},
-			DstAddr: &pbflow.IP{IpFamily: &pbflow.IP_Ipv4{Ipv4: uint32(fr.Network.DstAddr)}},
+			SrcAddr: &pbflow.IP{IpFamily: &pbflow.IP_Ipv4{Ipv4: fr.Network.SrcAddr.IntEncodeV4()}},
+			DstAddr: &pbflow.IP{IpFamily: &pbflow.IP_Ipv4{Ipv4: fr.Network.DstAddr.IntEncodeV4()}},
 		},
 		Transport: &pbflow.Transport{
 			Protocol: uint32(fr.Transport.Protocol),
@@ -94,18 +94,8 @@ func v6FlowToPB(fr *flow.Record) *pbflow.Record {
 			DstMac: macToUint64(&fr.DataLink.DstMac),
 		},
 		Network: &pbflow.Network{
-			SrcAddr: &pbflow.IP{IpFamily: &pbflow.IP_Ipv6{Ipv6: []byte{fr.NetworkV6.SrcAddr[0],
-				fr.NetworkV6.SrcAddr[1], fr.NetworkV6.SrcAddr[2], fr.NetworkV6.SrcAddr[3],
-				fr.NetworkV6.SrcAddr[4], fr.NetworkV6.SrcAddr[5], fr.NetworkV6.SrcAddr[6],
-				fr.NetworkV6.SrcAddr[7], fr.NetworkV6.SrcAddr[8], fr.NetworkV6.SrcAddr[9],
-				fr.NetworkV6.SrcAddr[10], fr.NetworkV6.SrcAddr[11], fr.NetworkV6.SrcAddr[12],
-				fr.NetworkV6.SrcAddr[13], fr.NetworkV6.SrcAddr[14], fr.NetworkV6.SrcAddr[15]}}},
-			DstAddr: &pbflow.IP{IpFamily: &pbflow.IP_Ipv6{Ipv6: []byte{fr.NetworkV6.DstAddr[0],
-				fr.NetworkV6.DstAddr[1], fr.NetworkV6.DstAddr[2], fr.NetworkV6.DstAddr[3],
-				fr.NetworkV6.DstAddr[4], fr.NetworkV6.DstAddr[5], fr.NetworkV6.DstAddr[6],
-				fr.NetworkV6.DstAddr[7], fr.NetworkV6.DstAddr[8], fr.NetworkV6.DstAddr[9],
-				fr.NetworkV6.DstAddr[10], fr.NetworkV6.DstAddr[11], fr.NetworkV6.DstAddr[12],
-				fr.NetworkV6.DstAddr[13], fr.NetworkV6.DstAddr[14], fr.NetworkV6.DstAddr[15]}}},
+			SrcAddr: &pbflow.IP{IpFamily: &pbflow.IP_Ipv6{Ipv6: fr.Network.SrcAddr[:]}},
+			DstAddr: &pbflow.IP{IpFamily: &pbflow.IP_Ipv6{Ipv6: fr.Network.DstAddr[:]}},
 		},
 		Transport: &pbflow.Transport{
 			Protocol: uint32(fr.Transport.Protocol),
diff --git a/pkg/flow/account_test.go b/pkg/flow/account_test.go
@@ -10,17 +10,28 @@ import (
 
 const timeout = 5 * time.Second
 
+var (
+	srcAddr1 = IPAddr{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xff, 0xff,
+		0x12, 0x34, 0x56, 0x78}
+	srcAddr2 = IPAddr{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xff, 0xff,
+		0xaa, 0xbb, 0xcc, 0xdd}
+	dstAddr1 = IPAddr{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xff, 0xff,
+		0x43, 0x21, 0x00, 0xff}
+	dstAddr2 = IPAddr{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xff, 0xff,
+		0x11, 0x22, 0x33, 0x44}
+)
+
 var k1 = key{
 	Transport: Transport{SrcPort: 333, DstPort: 8080},
-	Network:   Network{SrcAddr: 0x12345678, DstAddr: 0x432100ff},
+	Network:   Network{SrcAddr: srcAddr1, DstAddr: dstAddr1},
 }
 var k2 = key{
 	Transport: Transport{SrcPort: 12, DstPort: 8080},
-	Network:   Network{SrcAddr: 0xaabbccdd, DstAddr: 0x432100ff},
+	Network:   Network{SrcAddr: srcAddr2, DstAddr: dstAddr1},
 }
 var k3 = key{
 	Transport: Transport{SrcPort: 333, DstPort: 443},
-	Network:   Network{SrcAddr: 0x12345678, DstAddr: 0x11223344},
+	Network:   Network{SrcAddr: srcAddr1, DstAddr: dstAddr2},
 }
 
 func TestEvict_MaxEntries(t *testing.T) {
diff --git a/pkg/flow/record.go b/pkg/flow/record.go
@@ -10,31 +10,29 @@ import (
 )
 
 const MacLen = 6
-const IP6Len = 16
-const IPv6Type = 0x86DD
 
 // IPv6Type value as defined in IEEE 802: https://www.iana.org/assignments/ieee-802-numbers/ieee-802-numbers.xhtml
+const IPv6Type = 0x86DD
 
-type RawIP uint32
 type HumanBytes uint64
 type MacAddr [MacLen]uint8
 type Direction uint8
 type TransportProtocol uint8
-type IP6Addr [IP6Len]uint8
+
+// IPAddr encodes v4 and v6 IPs with a fixed length.
+// IPv4 addresses are encoded as IPv6 addresses with prefix ::ffff/96
+// as described in https://datatracker.ietf.org/doc/html/rfc4038#section-4.2
+// (same behavior as Go's net.IP type)
+type IPAddr [net.IPv6len]uint8
 
 type DataLink struct {
 	SrcMac MacAddr
 	DstMac MacAddr
 }
 
 type Network struct {
-	SrcAddr RawIP
-	DstAddr RawIP
-}
-
-type NetworkV6 struct {
-	SrcAddr IP6Addr
-	DstAddr IP6Addr
+	SrcAddr IPAddr
+	DstAddr IPAddr
 }
 
 type Transport struct {
@@ -49,7 +47,6 @@ type key struct {
 	Direction Direction
 	DataLink  DataLink
 	Network   Network
-	NetworkV6 NetworkV6
 	Transport Transport
 	// TODO: add TOS field
 }
@@ -79,6 +76,18 @@ func (r *Record) Accumulate(src *Record) {
 	r.Packets += src.Packets
 }
 
+// IP returns the net.IP equivalent object
+func (ip *IPAddr) IP() net.IP {
+	return ip[:]
+}
+
+// IntEncodeV4 encodes an IPv4 address as an integer (in network encoding, big endian).
+// It assumes that the passed IP is already IPv4. Otherwise it would just encode the
+// last 4 bytes of an IPv6 address
+func (ip *IPAddr) IntEncodeV4() uint32 {
+	return binary.BigEndian.Uint32(ip[net.IPv6len-net.IPv4len : net.IPv6len])
+}
+
 func (p TransportProtocol) String() string {
 	switch p {
 	case 0:
@@ -118,16 +127,6 @@ func (p TransportProtocol) MarshalJSON() ([]byte, error) {
 	return []byte("\"" + p.String() + "\""), nil
 }
 
-func (i RawIP) String() string {
-	ip := make(net.IP, 4)
-	binary.BigEndian.PutUint32(ip, uint32(i))
-	return ip.String()
-}
-
-func (i RawIP) MarshalJSON() ([]byte, error) {
-	return []byte("\"" + i.String() + "\""), nil
-}
-
 const (
 	kibi = 1024
 	mibi = kibi * 1024
diff --git a/pkg/flow/record_test.go b/pkg/flow/record_test.go
@@ -16,10 +16,8 @@ func TestRecordBinaryEncoding(t *testing.T) {
 		0x03,                               // u16 direction
 		0x04, 0x05, 0x06, 0x07, 0x08, 0x09, // data_link: u8[6] src_mac
 		0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, // data_link: u8[6] dst_mac
-		0x06, 0x07, 0x08, 0x09, // network: u32 src_ip
-		0x0a, 0x0b, 0x0c, 0x0d, // network: u32 dst_ip
-		0x06, 0x07, 0x08, 0x09, 0x06, 0x07, 0x08, 0x09, 0x06, 0x07, 0x08, 0x09, 0x06, 0x07, 0x08, 0x09, // network6: u8[16] src_ip
-		0x0a, 0x0b, 0x0c, 0x0d, 0x0a, 0x0b, 0x0c, 0x0d, 0x0a, 0x0b, 0x0c, 0x0d, 0x0a, 0x0b, 0x0c, 0x0d, // network6: u8[16] dst_ip
+		0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xff, 0xff, 0x06, 0x07, 0x08, 0x09, // network: u8[16] src_ip
+		0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xff, 0xff, 0x0a, 0x0b, 0x0c, 0x0d, // network: u32 dst_ip
 		0x0e, 0x0f, // transport: u16 src_port
 		0x10, 0x11, // transport: u16 dst_port
 		0x12,                                           // transport: u8protocol
@@ -37,12 +35,8 @@ func TestRecordBinaryEncoding(t *testing.T) {
 					DstMac: MacAddr{0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f},
 				},
 				Network: Network{
-					SrcAddr: 0x09080706,
-					DstAddr: 0x0d0c0b0a,
-				},
-				NetworkV6: NetworkV6{
-					SrcAddr: IP6Addr{0x06, 0x07, 0x08, 0x09, 0x06, 0x07, 0x08, 0x09, 0x06, 0x07, 0x08, 0x09, 0x06, 0x07, 0x08, 0x09},
-					DstAddr: IP6Addr{0x0a, 0x0b, 0x0c, 0x0d, 0x0a, 0x0b, 0x0c, 0x0d, 0x0a, 0x0b, 0x0c, 0x0d, 0x0a, 0x0b, 0x0c, 0x0d},
+					SrcAddr: IPAddr{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xff, 0xff, 0x06, 0x07, 0x08, 0x09},
+					DstAddr: IPAddr{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xff, 0xff, 0x0a, 0x0b, 0x0c, 0x0d},
 				},
 				Transport: Transport{
 					SrcPort:  0x0f0e,
@@ -53,5 +47,7 @@ func TestRecordBinaryEncoding(t *testing.T) {
 			Bytes: 0x1a19181716151413,
 		},
 	}, *fr)
-
+	// assert that IP addresses are interpreted as IPv4 addresses
+	assert.Equal(t, "6.7.8.9", fr.Network.SrcAddr.IP().String())
+	assert.Equal(t, "10.11.12.13", fr.Network.DstAddr.IP().String())
 }
