Set default flag to 2 for TCP traceflow

[luolanzone]

Resolves #4897

[antoninbas]

I am fine with merging this, but maybe we should revisit this old issue (#1852) and instead make Traceflow more user-friendly by automatically setting the SYN bit. Users would still be able to clear the TCP flags by providing tcp_flags=0.

[luolanzone]

@antoninbas thanks for the input, I do feel we'd better to keep the same behaviors for both cases when Pod or Service as the destination. I noticed that the flag is set as 2 when the destination is Service by default in traceflow controller, not sure why it's not set for Pod case. Let's see what's @tnqn opinion.

[tnqn]

@antoninbas thanks for the input, I do feel we'd better to keep the same behaviors for both cases when Pod or Service as the destination. I noticed that the flag is set as 2 when the destination is Service by default in traceflow controller, not sure why it's not set for Pod case. Let's see what's @tnqn opinion.

I don't know the history regarding this. But defaulting tcp flags works for me. Where is the flag set for Service?

[luolanzone]

@tnqn here is the code https://github.com/antrea-io/antrea/blob/main/pkg/agent/controller/traceflow/traceflow_controller.go#L500-L504, when it's not live traffic traceflow, it will set default flag as 2.

[luolanzone]

@tnqn @antoninbas could you review again? I updated the code to set a TCP flag to 2 by default.

[antoninbas]

this code needs to be revisited for this PR:

antrea/pkg/agent/controller/traceflow/traceflow_controller.go

Lines 500 to 504 in 01817a5

	if !liveTraffic {
	// Set the SYN flag. In encap mode, the SYN flag is only required for
	// Service traffic, but probably we should always set it.
	packet.TCPFlags = 2
	}

The comment is no longer relevant and it is confusing to set the TCP flags in 2 places.

[luolanzone]

Remove this part since we always set it as 2 by default.

[antoninbas]

So I guess by setting the TCP flags here, it is not possible for the users to force the flags to be 0. I don't know if this is an issue at all though, since Traceflow is unlikely to be useful when the SYN flag is not set.

@tnqn what do you think? When we promote the API to beta, should be make the Flags field a pointer instead (*int32)?

[tnqn]

tcp_flags 0 seems only useful when we want to verify the pipeline can drop TCP NULL scan. I'm fine with changing the field to pointer to make the use case supported.

[antoninbas]

Not sure why we are adding this example at all, since the flags are now being set by default. Explicitly using tcp_flags=2 is a bit misleading?

[luolanzone]

Removed

[antoninbas]

Suggested change

	flags: 2 # Construct a SYN packet, when Protocol is TCP, flags will be set to 2 by default when it's not provided.
	flags: 2 # Construct a SYN packet: 2 is also the default value when the flags field is omitted.

[luolanzone]

Updated.

[antoninbas]

LGTM
Waiting for @tnqn to review

[antoninbas]

So I guess by setting the TCP flags here, it is not possible for the users to force the flags to be 0. I don't know if this is an issue at all though, since Traceflow is unlikely to be useful when the SYN flag is not set.

@tnqn what do you think? When we promote the API to beta, should be make the Flags field a pointer instead (*int32)?

[tnqn]

LGTM

[antoninbas]

/test-all

[tnqn]

/test-e2e