-
Notifications
You must be signed in to change notification settings - Fork 46
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
support ipv6 in workload mode #462
Conversation
Signed-off-by: wuchangye <[email protected]>
Signed-off-by: wuchangye <[email protected]>
Signed-off-by: wuchangye <[email protected]>
Signed-off-by: wuchangye <[email protected]>
Signed-off-by: wuchangye <[email protected]>
@@ -117,19 +130,26 @@ func (sc *BpfSockConnWorkload) close() error { | |||
} | |||
|
|||
func (sc *BpfSockConnWorkload) Attach() error { | |||
var err error |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
nit: You can use err directly without predefining
bpf/include/common.h
Outdated
(v4_mapped)[3] = 0; \ | ||
} while (0) | ||
|
||
#define V4_MAPPED_IN_V6(ipv6) \ |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
and what does this mean
bpf/kmesh/workload/cgroup_sock.c
Outdated
IP6_COPY(kmesh_ctx.dnat_ip.ip6, kmesh_ctx.orig_dst_addr.ip6); | ||
kmesh_ctx.dnat_port = ctx->user_port; | ||
|
||
if (!is_kmesh_enabled(ctx) || is_bypass_enabled(ctx)) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
move before COPY
bpf/include/common.h
Outdated
@@ -78,6 +78,33 @@ static inline int kmesh_map_update_elem(void *map, const void *key, const void * | |||
return (int)bpf_map_update_elem(map, key, value, BPF_ANY); | |||
} | |||
|
|||
static inline bool ipv4_mapped_addr(__u32 ip6[4]) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
static inline bool ipv4_mapped_addr(__u32 ip6[4]) | |
static inline bool is_ipv4_mapped(__u32 ip6[4]) |
bpf/kmesh/workload/cgroup_sock.c
Outdated
kmesh_workload_tail_call(ctx, TAIL_CALL_CONNECT6_INDEX); | ||
|
||
// if tail call failed will run this code | ||
BPF_LOG(ERR, KMESH, "workload tail call failed, err is %d\n", ret); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
BPF_LOG(ERR, KMESH, "workload tail call failed, err is %d\n", ret); | |
BPF_LOG(ERR, KMESH, "workload tail call in v6 failed, err is %d\n", ret); |
pkg/bpf/bpf_kmesh_workload.go
Outdated
sc.Info6.AttachType = prog.AttachType | ||
|
||
if err = sc.MapOfTailCallProg.Update( | ||
uint32(1), |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
a const definition is required for tail_call index.
pkg/cni/plugin/plugin.go
Outdated
@@ -157,7 +157,7 @@ func disableKmeshControl(ns string) error { | |||
return err | |||
} | |||
errno, ok := err.(syscall.Errno) | |||
if ok && errno == 115 { // -EINPROGRESS, Operation now in progress | |||
if ok && (errno == 115 || errno == 101) { // -EINPROGRESS, Operation now in progress | Network is unreachable |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
error code definition is required.
Signed-off-by: wuchangye <[email protected]>
Signed-off-by: wuchangye <[email protected]>
Signed-off-by: wuchangye <[email protected]>
Signed-off-by: wuchangye <[email protected]>
Signed-off-by: wuchangye <[email protected]>
@@ -31,4 +31,13 @@ const ( | |||
|
|||
BPF_LOG_ERR = 0 | |||
BPF_LOG_DEBUG = 3 | |||
|
|||
// Ip(0.0.0.2 | ::2) used for control command, e.g. KmeshControl | ByPass | |||
ControlCommandIp4 = "0.0.0.2" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
In the IPv6 environment, control commands such as management and bypass commands triggered by 0.0.0.1 return 101 (Network is unreachable), and sockops:BPF_SOCK_OPS_TCP_CONNECT_CB hook cannot be triggered. ::1 indicates that control commands can be triggered, but the obtained local_ip value is also ::1. The actual pod IP address cannot be obtained.
Solution:
0.0.0.2/::2 is used as the IP address of the control command.
Signed-off-by: wuchangye <[email protected]>
bpf/include/bpf_common.h
Outdated
{ | ||
// daemon sim connect 0.0.0.0:931(0x3a3) | ||
// daemon sim connect 0.0.0.0:931 | ::1:931(0x3a3) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
should change to 0.2
Signed-off-by: wuchangye <[email protected]>
73c995d
to
a975a23
Compare
/lgtm |
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: hzxuzhonghu The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
What type of PR is this?
/kind feature
What this PR does / why we need it:
Which issue(s) this PR fixes:
#291
Special notes for your reviewer:
workload mode supports IPv6
Does this PR introduce a user-facing change?: