This is an automated email from the ASF dual-hosted git repository.
liuhan pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/skywalking.git
The following commit(s) were added to refs/heads/master by this push:
new 88f38a41e5 Support to analysis the ztunnel mTLS security policy
(#12656)
88f38a41e5 is described below
commit 88f38a41e5d8df0b3974d952507eee0c4f8aa29f
Author: mrproliu <741550...@qq.com>
AuthorDate: Fri Sep 27 16:09:40 2024 +0800
Support to analysis the ztunnel mTLS security policy (#12656)
---
apm-protocol/apm-network/src/main/proto | 2 +-
docs/en/changes/changes.md | 2 +-
.../provider/handler/AccessLogServiceHandler.java | 50 +++++++++++++---------
3 files changed, 32 insertions(+), 22 deletions(-)
diff --git a/apm-protocol/apm-network/src/main/proto
b/apm-protocol/apm-network/src/main/proto
index 4f3b17e1b0..5be4278b70 160000
--- a/apm-protocol/apm-network/src/main/proto
+++ b/apm-protocol/apm-network/src/main/proto
@@ -1 +1 @@
-Subproject commit 4f3b17e1b0b3c3dcc0e1ed3da86efaac785ea157
+Subproject commit 5be4278b70f61423b481c17af9caa808e178eec3
diff --git a/docs/en/changes/changes.md b/docs/en/changes/changes.md
index 937ef19c45..5ec1eff672 100644
--- a/docs/en/changes/changes.md
+++ b/docs/en/changes/changes.md
@@ -69,7 +69,7 @@
* Fix query `getGlobalTopology` throw exception when didn't find any services
by the given Layer.
* Fix the previous analysis result missing in the ALS `k8s-mesh` analyzer.
* Fix `findEndpoint` query requires `keyword` when using BanyanDB.
-* Support to analysis the ztunnel mapped IP address in eBPF Access Log
Receiver.
+* Support to analysis the ztunnel mapped IP address and mTLS mode in eBPF
Access Log Receiver.
* Adapt BanyanDB Java Client 0.7.0.
* Add SkyWalking Java Agent self observability dashboard.
* Add Component ID(5022) for the GoFrame framework.
diff --git
a/oap-server/server-receiver-plugin/skywalking-ebpf-receiver-plugin/src/main/java/org/apache/skywalking/oap/server/receiver/ebpf/provider/handler/AccessLogServiceHandler.java
b/oap-server/server-receiver-plugin/skywalking-ebpf-receiver-plugin/src/main/java/org/apache/skywalking/oap/server/receiver/ebpf/provider/handler/AccessLogServiceHandler.java
index 602f68a268..66f277719a 100644
---
a/oap-server/server-receiver-plugin/skywalking-ebpf-receiver-plugin/src/main/java/org/apache/skywalking/oap/server/receiver/ebpf/provider/handler/AccessLogServiceHandler.java
+++
b/oap-server/server-receiver-plugin/skywalking-ebpf-receiver-plugin/src/main/java/org/apache/skywalking/oap/server/receiver/ebpf/provider/handler/AccessLogServiceHandler.java
@@ -46,6 +46,7 @@ import
org.apache.skywalking.apm.network.ebpf.accesslog.v3.EBPFTimestamp;
import org.apache.skywalking.apm.network.ebpf.accesslog.v3.IPAddress;
import
org.apache.skywalking.apm.network.ebpf.accesslog.v3.KubernetesProcessAddress;
import
org.apache.skywalking.apm.network.ebpf.accesslog.v3.ZTunnelAttachmentEnvironment;
+import
org.apache.skywalking.apm.network.ebpf.accesslog.v3.ZTunnelAttachmentSecurityPolicy;
import org.apache.skywalking.library.kubernetes.ObjectID;
import org.apache.skywalking.oap.meter.analyzer.k8s.K8sInfoRegistry;
import org.apache.skywalking.oap.server.core.Const;
@@ -530,6 +531,34 @@ public class AccessLogServiceHandler extends
EBPFAccessLogServiceGrpc.EBPFAccess
.build();
}
+ protected int buildConnectionComponentId(ConnectionInfo connectionInfo) {
+ final AccessLogConnection originalConnection =
connectionInfo.getOriginalConnection();
+ if (originalConnection.hasAttachment() &&
originalConnection.getAttachment().hasZTunnel() &&
+
ZTunnelAttachmentSecurityPolicy.MTLS.equals(originalConnection.getAttachment().getZTunnel().getSecurityPolicy()))
{
+ return 142; // mTLS
+ }
+ return buildProtocolComponentID(connectionInfo);
+ }
+
+ protected int buildProtocolComponentID(ConnectionInfo connectionInfo) {
+ boolean isTLS = connectionInfo.getTlsMode() ==
AccessLogConnectionTLSMode.TLS;
+ switch (connectionInfo.getProtocolType()) {
+ case HTTP_1:
+ case HTTP_2:
+ if (isTLS) {
+ return 129; // https
+ }
+ return 49; // http
+ case TCP:
+ if (isTLS) {
+ return 130; // tls
+ }
+ return 110; // tcp
+ }
+ return 0;
+ }
+
+ @Getter
public class ConnectionInfo {
private final AccessLogConnection originalConnection;
private final NamingControl namingControl;
@@ -539,7 +568,6 @@ public class AccessLogServiceHandler extends
EBPFAccessLogServiceGrpc.EBPFAccess
private final AccessLogConnectionTLSMode tlsMode;
private final AccessLogProtocolType protocolType;
private final NodeInfo nodeInfo;
- @Getter
private final boolean valid;
public ConnectionInfo(NamingControl namingControl, NodeInfo nodeInfo,
AccessLogConnection connection) {
@@ -623,7 +651,7 @@ public class AccessLogServiceHandler extends
EBPFAccessLogServiceGrpc.EBPFAccess
serviceRelation.setSourceLayer(Layer.K8S_SERVICE);
serviceRelation.setDetectPoint(parseToSourceRole());
- serviceRelation.setComponentId(buildComponentId());
+ serviceRelation.setComponentId(buildConnectionComponentId(this));
serviceRelation.setTlsMode(tlsMode);
serviceRelation.setDestServiceName(destServiceName);
@@ -682,24 +710,6 @@ public class AccessLogServiceHandler extends
EBPFAccessLogServiceGrpc.EBPFAccess
return endpoint;
}
- public int buildComponentId() {
- boolean isTLS = tlsMode == AccessLogConnectionTLSMode.TLS;
- switch (protocolType) {
- case HTTP_1:
- case HTTP_2:
- if (isTLS) {
- return 129; // https
- }
- return 49; // http
- case TCP:
- if (isTLS) {
- return 130; // tls
- }
- return 110; // tcp
- }
- return 0;
- }
-
public org.apache.skywalking.oap.server.core.source.DetectPoint
parseToSourceRole() {
switch (role) {
case server:
