fix(#139): do not check for host endianness in IP conversion #443
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Signed-off-by: Igor Klemenski <[email protected]>
rectified95
changed the title
nddq
approved these changes
Jun 6, 2024
7 tasks
|
Relates to #95 |
anubhabMajumdar
approved these changes
Jun 7, 2024
Carpe-Wang
pushed a commit
to Carpe-Wang/retina
that referenced
this pull request
Jun 11, 2024
…microsoft#443) Function `determineEndian()` always returns the same value since the host byte order is always little-endian, so it can be skipped. What's more, the byte order of IP address values passed by eBPF programs doesn't need to be changed, because Golang's `net.IP` type expects big-endian byte arrays. **Details:** We always enter this if-branch `binary.LittleEndian.PutUint32(ip, nn)` which looks like it performs conversion TO little-endian, while it actually expects to receive input already IN little-endian. Note, the input number's bytes are kept in the same order - this function merely converts a uint32 to a byte array. The result is we convert a big-endian number to a big-endian byte array. ``` func (littleEndian) PutUint32(b []byte, v uint32) { _ = b[3] // early bounds check to guarantee safety of writes below b[0] = byte(v) b[1] = byte(v >> 8) b[2] = byte(v >> 16) b[3] = byte(v >> 24) } ``` Crucially, `net.IP` expects big-endian byte arrays. For example, IP `15.14.0.0` (`0x0F0E0000` in host order, and `0x00000E0F` in network order) should be passed in as `[0F, 0E, 00, 00]` (most significant byte at the lowest memory address) and so doesn't need inverting. Example here: https://play.golang.com/p/ykiP6mLB_gG In summary, we currently do not perform byte order conversion and shouldn't start to, either in GO or eBPF code. Fixes microsoft#139 This PR looks almost identical to microsoft#161 which was rejected because it didn't include byte order conversion in eBPF, but turns out that's not needed. It also uses the correct uint-to-array conversion functions. - [x] I have read the [contributing documentation](https://retina.sh/docs/contributing). - [x] I signed and signed-off the commits (`git commit -S -s ...`). See [this documentation](https://docs.github.com/en/authentication/managing-commit-signature-verification/about-commit-signature-verification) on signing commits. - [x] I have correctly attributed the author(s) of the code. - [x] I have tested the changes locally. - [x] I have followed the project's style guidelines. - [x] I have updated the documentation, if necessary. - [x] I have added tests, if applicable. Signed-off-by: Igor Klemenski <[email protected]> Signed-off-by: Carpe-Wang <[email protected]>
github-merge-queue bot
pushed a commit
that referenced
this pull request
Jun 12, 2024
# Description Partially closes #95. #443 will remove the usage of `unsafe` in `utils_linux` ## Related Issue If this pull request is related to any issue, please mention it here. Additionally, make sure that the issue is assigned to you before submitting this pull request. ## Checklist - [ ] I have read the [contributing documentation](https://retina.sh/docs/contributing). - [ ] I signed and signed-off the commits (`git commit -S -s ...`). See [this documentation](https://docs.github.com/en/authentication/managing-commit-signature-verification/about-commit-signature-verification) on signing commits. - [ ] I have correctly attributed the author(s) of the code. - [ ] I have tested the changes locally. - [ ] I have followed the project's style guidelines. - [ ] I have updated the documentation, if necessary. - [ ] I have added tests, if applicable. ## Screenshots (if applicable) or Testing Completed  ## Additional Notes Add any additional notes or context about the pull request here. --- Please refer to the [CONTRIBUTING.md](../CONTRIBUTING.md) file for more information on how to contribute to this project.
matmerr
pushed a commit
to matmerr/retina
that referenced
this pull request
Jul 3, 2024
…microsoft#443) # Description Function `determineEndian()` always returns the same value since the host byte order is always little-endian, so it can be skipped. What's more, the byte order of IP address values passed by eBPF programs doesn't need to be changed, because Golang's `net.IP` type expects big-endian byte arrays. **Details:** We always enter this if-branch `binary.LittleEndian.PutUint32(ip, nn)` which looks like it performs conversion TO little-endian, while it actually expects to receive input already IN little-endian. Note, the input number's bytes are kept in the same order - this function merely converts a uint32 to a byte array. The result is we convert a big-endian number to a big-endian byte array. ``` func (littleEndian) PutUint32(b []byte, v uint32) { _ = b[3] // early bounds check to guarantee safety of writes below b[0] = byte(v) b[1] = byte(v >> 8) b[2] = byte(v >> 16) b[3] = byte(v >> 24) } ``` Crucially, `net.IP` expects big-endian byte arrays. For example, IP `15.14.0.0` (`0x0F0E0000` in host order, and `0x00000E0F` in network order) should be passed in as `[0F, 0E, 00, 00]` (most significant byte at the lowest memory address) and so doesn't need inverting. Example here: https://play.golang.com/p/ykiP6mLB_gG In summary, we currently do not perform byte order conversion and shouldn't start to, either in GO or eBPF code. ## Related Issue Fixes microsoft#139 This PR looks almost identical to microsoft#161 which was rejected because it didn't include byte order conversion in eBPF, but turns out that's not needed. It also uses the correct uint-to-array conversion functions. ## Checklist - [x] I have read the [contributing documentation](https://retina.sh/docs/contributing). - [x] I signed and signed-off the commits (`git commit -S -s ...`). See [this documentation](https://docs.github.com/en/authentication/managing-commit-signature-verification/about-commit-signature-verification) on signing commits. - [x] I have correctly attributed the author(s) of the code. - [x] I have tested the changes locally. - [x] I have followed the project's style guidelines. - [x] I have updated the documentation, if necessary. - [x] I have added tests, if applicable. Signed-off-by: Igor Klemenski <[email protected]>
matmerr
pushed a commit
to matmerr/retina
that referenced
this pull request
Jul 3, 2024
# Description Partially closes microsoft#95. microsoft#443 will remove the usage of `unsafe` in `utils_linux` ## Related Issue If this pull request is related to any issue, please mention it here. Additionally, make sure that the issue is assigned to you before submitting this pull request. ## Checklist - [ ] I have read the [contributing documentation](https://retina.sh/docs/contributing). - [ ] I signed and signed-off the commits (`git commit -S -s ...`). See [this documentation](https://docs.github.com/en/authentication/managing-commit-signature-verification/about-commit-signature-verification) on signing commits. - [ ] I have correctly attributed the author(s) of the code. - [ ] I have tested the changes locally. - [ ] I have followed the project's style guidelines. - [ ] I have updated the documentation, if necessary. - [ ] I have added tests, if applicable. ## Screenshots (if applicable) or Testing Completed  ## Additional Notes Add any additional notes or context about the pull request here. --- Please refer to the [CONTRIBUTING.md](../CONTRIBUTING.md) file for more information on how to contribute to this project.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
Function
determineEndian()always returns the same value since the host byte order is always little-endian, so it can be skipped.What's more, the byte order of IP address values passed by eBPF programs doesn't need to be changed, because Golang's
net.IPtype expects big-endian byte arrays.Details:
We always enter this if-branch
binary.LittleEndian.PutUint32(ip, nn)which looks like it performs conversion TO little-endian, while it actually expects to receive input already IN little-endian.Note, the input number's bytes are kept in the same order - this function merely converts a uint32 to a byte array. The result is we convert a big-endian number to a big-endian byte array.
Crucially,
net.IPexpects big-endian byte arrays. For example, IP15.14.0.0(0x0F0E0000in host order, and0x00000E0Fin network order) should be passed in as[0F, 0E, 00, 00](most significant byte at the lowest memory address) and so doesn't need inverting. Example here: https://play.golang.com/p/ykiP6mLB_gGIn summary, we currently do not perform byte order conversion and shouldn't start to, either in GO or eBPF code.
Related Issue
Fixes #139
This PR looks almost identical to #161 which was rejected because it didn't include byte order conversion in eBPF, but turns out that's not needed. It also uses the correct uint-to-array conversion functions.
Checklist
git commit -S -s ...). See this documentation on signing commits.