Refactor conntrack cleanup - v4 and v6 #256

jayanthvn · 2024-04-24T06:17:57Z

Issue #, if available:

Description of changes:
During the conntrack cleanup loop, we need to first hydrate the local cache and then in the next loop we check with kernel conntrack to make sure the entry in kernel is available..this is for cases when egress traffic entry is made in local conntrack table but not yet preset in the kernel contrack table when the cleanup routine runs...

{"level":"info","ts":"2024-04-24T05:57:52.764Z","logger":"ebpf-client","caller":"wait/backoff.go:227","msg":"Check for any stale entries in the conntrack map"}
{"level":"info","ts":"2024-04-24T05:57:52.765Z","logger":"ebpf-client","caller":"wait/backoff.go:227","msg":"hydrated local conntrack cache"}


{"level":"info","ts":"2024-04-24T05:59:32.766Z","logger":"ebpf-client","caller":"wait/backoff.go:227","msg":"Check for any stale entries in the conntrack map"}
{"level":"info","ts":"2024-04-24T05:59:32.768Z","logger":"ebpf-client","caller":"wait/backoff.go:227","msg":"Done cleanup of conntrack map"}


{"level":"info","ts":"2024-04-24T06:01:12.768Z","logger":"ebpf-client","caller":"wait/backoff.go:227","msg":"Check for any stale entries in the conntrack map"}
{"level":"info","ts":"2024-04-24T06:01:12.769Z","logger":"ebpf-client","caller":"wait/backoff.go:227","msg":"hydrated local conntrack cache"}


{"level":"info","ts":"2024-04-24T06:02:52.769Z","logger":"ebpf-client","caller":"wait/backoff.go:227","msg":"Check for any stale entries in the conntrack map"}
{"level":"info","ts":"2024-04-24T06:02:52.771Z","logger":"ebpf-client","caller":"wait/backoff.go:227","msg":"Conntrack cleanup","Delete - ":"Conntrack Key : Source IP - 192.168.44.201 Source port - 40370 Dest IP - 192.168.52.173 Dest port - 8080 Protocol - 6 Owner IP - 192.168.52.173"}
{"level":"info","ts":"2024-04-24T06:02:52.771Z","logger":"ebpf-client","caller":"wait/backoff.go:227","msg":"Conntrack cleanup","Delete - ":"Conntrack Key : Source IP - 192.168.51.250 Source port - 34880 Dest IP - 192.168.52.173 Dest port - 8080 Protocol - 6 Owner IP - 192.168.52.173"}
{"level":"info","ts":"2024-04-24T06:02:52.771Z","logger":"ebpf-client","caller":"wait/backoff.go:227","msg":"Done cleanup of conntrack map"}

[root@ip-192-168-50-132 ~]# /opt/cni/bin/aws-eks-na-cli ebpf dump-maps 9
Conntrack Key : Source IP - 192.168.44.201 Source port - 40370 Dest IP - 192.168.52.173 Dest port - 8080 Protocol - 6 Owner IP - 192.168.52.173
Value : 
Conntrack Val -  1
*******************************
Conntrack Key : Source IP - 192.168.51.250 Source port - 34880 Dest IP - 192.168.52.173 Dest port - 8080 Protocol - 6 Owner IP - 192.168.52.173
Value : 
Conntrack Val -  1
*******************************
Done reading all entries

[root@ip-192-168-50-132 ~]# /opt/cni/bin/aws-eks-na-cli ebpf dump-maps 9
No Entries found, Empty map

By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.

* Remove callSkip to prevent Logger.check error (#254) * Refactor conntrack cleanup - v4 and v6 (#256) * Refactor conntrack cleanup * Minor optimization * minor change * Bump google.golang.org/grpc from 1.62.0 to 1.63.2 (#253) Bumps [google.golang.org/grpc](https://github.com/grpc/grpc-go) from 1.62.0 to 1.63.2. - [Release notes](https://github.com/grpc/grpc-go/releases) - [Commits](grpc/grpc-go@v1.62.0...v1.63.2) --- updated-dependencies: - dependency-name: google.golang.org/grpc dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump golang.org/x/sys from 0.18.0 to 0.19.0 (#252) Bumps [golang.org/x/sys](https://github.com/golang/sys) from 0.18.0 to 0.19.0. - [Commits](golang/sys@v0.18.0...v0.19.0) --- updated-dependencies: - dependency-name: golang.org/x/sys dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump github.com/onsi/gomega from 1.31.1 to 1.33.0 (#261) Bumps [github.com/onsi/gomega](https://github.com/onsi/gomega) from 1.31.1 to 1.33.0. - [Release notes](https://github.com/onsi/gomega/releases) - [Changelog](https://github.com/onsi/gomega/blob/master/CHANGELOG.md) - [Commits](onsi/gomega@v1.31.1...v1.33.0) --- updated-dependencies: - dependency-name: github.com/onsi/gomega dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Handle PolicyEndpoint Slice(s) deletion gracefully (#259) * Handle PE slices during delete * Handle PE slice cleanup - Pod selector churn * Remove stale code --------- Co-authored-by: Jayanth Varavani <[email protected]> * Added support for network policies applied to pods with a '.' in their pod name (#225) * Bump github.com/aws/amazon-vpc-cni-k8s from 1.18.0 to 1.18.1 (#262) Bumps [github.com/aws/amazon-vpc-cni-k8s](https://github.com/aws/amazon-vpc-cni-k8s) from 1.18.0 to 1.18.1. - [Release notes](https://github.com/aws/amazon-vpc-cni-k8s/releases) - [Changelog](https://github.com/aws/amazon-vpc-cni-k8s/blob/v1.18.1/CHANGELOG.md) - [Commits](aws/amazon-vpc-cni-k8s@v1.18.0...v1.18.1) --- updated-dependencies: - dependency-name: github.com/aws/amazon-vpc-cni-k8s dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump github.com/onsi/ginkgo/v2 from 2.17.1 to 2.17.2 (#263) Bumps [github.com/onsi/ginkgo/v2](https://github.com/onsi/ginkgo) from 2.17.1 to 2.17.2. - [Release notes](https://github.com/onsi/ginkgo/releases) - [Changelog](https://github.com/onsi/ginkgo/blob/master/CHANGELOG.md) - [Commits](onsi/ginkgo@v2.17.1...v2.17.2) --- updated-dependencies: - dependency-name: github.com/onsi/ginkgo/v2 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Update eBPF SDK (#269) --------- Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: Ryota Sakamoto <[email protected]> Co-authored-by: Jayanth Varavani <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Apurup Chevuru <[email protected]> Co-authored-by: Zach Dorame-Barajas <[email protected]>

* Refactor conntrack cleanup * Minor optimization * minor change

* Remove callSkip to prevent Logger.check error (#254) * Refactor conntrack cleanup - v4 and v6 (#256) * Refactor conntrack cleanup * Minor optimization * minor change * Bump google.golang.org/grpc from 1.62.0 to 1.63.2 (#253) Bumps [google.golang.org/grpc](https://github.com/grpc/grpc-go) from 1.62.0 to 1.63.2. - [Release notes](https://github.com/grpc/grpc-go/releases) - [Commits](grpc/grpc-go@v1.62.0...v1.63.2) --- updated-dependencies: - dependency-name: google.golang.org/grpc dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump golang.org/x/sys from 0.18.0 to 0.19.0 (#252) Bumps [golang.org/x/sys](https://github.com/golang/sys) from 0.18.0 to 0.19.0. - [Commits](golang/sys@v0.18.0...v0.19.0) --- updated-dependencies: - dependency-name: golang.org/x/sys dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump github.com/onsi/gomega from 1.31.1 to 1.33.0 (#261) Bumps [github.com/onsi/gomega](https://github.com/onsi/gomega) from 1.31.1 to 1.33.0. - [Release notes](https://github.com/onsi/gomega/releases) - [Changelog](https://github.com/onsi/gomega/blob/master/CHANGELOG.md) - [Commits](onsi/gomega@v1.31.1...v1.33.0) --- updated-dependencies: - dependency-name: github.com/onsi/gomega dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Handle PolicyEndpoint Slice(s) deletion gracefully (#259) * Handle PE slices during delete * Handle PE slice cleanup - Pod selector churn * Remove stale code --------- Co-authored-by: Jayanth Varavani <[email protected]> * Added support for network policies applied to pods with a '.' in their pod name (#225) * Bump github.com/aws/amazon-vpc-cni-k8s from 1.18.0 to 1.18.1 (#262) Bumps [github.com/aws/amazon-vpc-cni-k8s](https://github.com/aws/amazon-vpc-cni-k8s) from 1.18.0 to 1.18.1. - [Release notes](https://github.com/aws/amazon-vpc-cni-k8s/releases) - [Changelog](https://github.com/aws/amazon-vpc-cni-k8s/blob/v1.18.1/CHANGELOG.md) - [Commits](aws/amazon-vpc-cni-k8s@v1.18.0...v1.18.1) --- updated-dependencies: - dependency-name: github.com/aws/amazon-vpc-cni-k8s dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump github.com/onsi/ginkgo/v2 from 2.17.1 to 2.17.2 (#263) Bumps [github.com/onsi/ginkgo/v2](https://github.com/onsi/ginkgo) from 2.17.1 to 2.17.2. - [Release notes](https://github.com/onsi/ginkgo/releases) - [Changelog](https://github.com/onsi/ginkgo/blob/master/CHANGELOG.md) - [Commits](onsi/ginkgo@v2.17.1...v2.17.2) --- updated-dependencies: - dependency-name: github.com/onsi/ginkgo/v2 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Update eBPF SDK (#269) * Bump github.com/onsi/ginkgo/v2 from 2.17.2 to 2.19.0 (#274) Bumps [github.com/onsi/ginkgo/v2](https://github.com/onsi/ginkgo) from 2.17.2 to 2.19.0. - [Release notes](https://github.com/onsi/ginkgo/releases) - [Changelog](https://github.com/onsi/ginkgo/blob/master/CHANGELOG.md) - [Commits](onsi/ginkgo@v2.17.2...v2.19.0) --- updated-dependencies: - dependency-name: github.com/onsi/ginkgo/v2 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Configure conntrack cache table size (#280) * Configure conntrack cache table size * formating * readme * Rule sorting/strict mode fix (#289) Co-authored-by: Joseph Chen <[email protected]> * docs: Fix typo for conntrack-cache-table-size args name (#287) * Bump github.com/aws/aws-sdk-go from 1.50.30 to 1.55.3 (#291) Bumps [github.com/aws/aws-sdk-go](https://github.com/aws/aws-sdk-go) from 1.50.30 to 1.55.3. - [Release notes](https://github.com/aws/aws-sdk-go/releases) - [Commits](aws/aws-sdk-go@v1.50.30...v1.55.3) --- updated-dependencies: - dependency-name: github.com/aws/aws-sdk-go dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Update SDK and pass byte array (#299) --------- Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: Ryota Sakamoto <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Apurup Chevuru <[email protected]> Co-authored-by: Zach Dorame-Barajas <[email protected]> Co-authored-by: Joseph Chen <[email protected]> Co-authored-by: Joseph Chen <[email protected]> Co-authored-by: Younsung Lee <[email protected]>

Refactor conntrack cleanup

e1246bb

jayanthvn requested a review from a team as a code owner April 24, 2024 06:17

jayanthvn marked this pull request as draft April 24, 2024 06:18

jayanthvn added 2 commits April 25, 2024 18:40

Minor optimization

e4ea091

minor change

89cfbca

jayanthvn marked this pull request as ready for review April 25, 2024 22:05

achevuru approved these changes Apr 26, 2024

View reviewed changes

achevuru merged commit 93be822 into aws:main Apr 26, 2024
4 checks passed

younsl mentioned this pull request May 2, 2024

Intermittent connection reset and delay running time #245

Closed

emilyhuaa pushed a commit to emilyhuaa/aws-network-policy-agent that referenced this pull request Jul 31, 2024

Refactor conntrack cleanup - v4 and v6 (aws#256)

30b653d

* Refactor conntrack cleanup * Minor optimization * minor change

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Refactor conntrack cleanup - v4 and v6 #256

Refactor conntrack cleanup - v4 and v6 #256

jayanthvn commented Apr 24, 2024

Refactor conntrack cleanup - v4 and v6 #256

Refactor conntrack cleanup - v4 and v6 #256

Conversation

jayanthvn commented Apr 24, 2024