Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

support ipv6 in workload mode #462

Merged
merged 12 commits into from
Jun 28, 2024
Merged

support ipv6 in workload mode #462

merged 12 commits into from
Jun 28, 2024

Conversation

nlgwcy
Copy link
Contributor

@nlgwcy nlgwcy commented Jun 25, 2024
edited
Loading

What type of PR is this?

/kind feature

What this PR does / why we need it:

Which issue(s) this PR fixes:
#291

Special notes for your reviewer:
workload mode supports IPv6

  • Authentication process supports IPv6
  • Kmesh management supports IPv6
  • ipv4 mapped address

Does this PR introduce a user-facing change?:

@nlgwcy
add cgroup/connect6
c6c78b1 
Signed-off-by: wuchangye <[email protected]>
@nlgwcy
ipv6 for sockops
9cc0148 
Signed-off-by: wuchangye <[email protected]>
@nlgwcy
v4 mapped addr
696bb90 
Signed-off-by: wuchangye <[email protected]>
@nlgwcy
adapt ip2str
b0a42b2 
Signed-off-by: wuchangye <[email protected]>
@nlgwcy
adapt kmesh-plugin for ipv6
9337f2c 
Signed-off-by: wuchangye <[email protected]>
LiZhenCheng9527
LiZhenCheng9527 reviewed Jun 25, 2024
View reviewed changes
bpf/kmesh/workload/cgroup_sock.c Show resolved Hide resolved
pkg/bpf/bpf_kmesh_workload.go
@@ -117,19 +130,26 @@ func (sc *BpfSockConnWorkload) close() error {
}

func (sc *BpfSockConnWorkload) Attach() error {
var err error
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nit: You can use err directly without predefining

hzxuzhonghu
hzxuzhonghu reviewed Jun 25, 2024
View reviewed changes
bpf/include/common.h Show resolved Hide resolved
bpf/include/common.h Outdated
(v4_mapped)[3] = 0; \
} while (0)

#define V4_MAPPED_IN_V6(ipv6) \
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

and what does this mean

bpf/kmesh/workload/cgroup_sock.c Outdated
IP6_COPY(kmesh_ctx.dnat_ip.ip6, kmesh_ctx.orig_dst_addr.ip6);
kmesh_ctx.dnat_port = ctx->user_port;

if (!is_kmesh_enabled(ctx) || is_bypass_enabled(ctx)) {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

move before COPY

bpf/kmesh/workload/cgroup_sock.c Show resolved Hide resolved
supercharge-xsy
supercharge-xsy reviewed Jun 26, 2024
View reviewed changes
bpf/include/common.h Outdated
@@ -78,6 +78,33 @@ static inline int kmesh_map_update_elem(void *map, const void *key, const void *
return (int)bpf_map_update_elem(map, key, value, BPF_ANY);
}

static inline bool ipv4_mapped_addr(__u32 ip6[4])
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
static inline bool ipv4_mapped_addr(__u32 ip6[4])
static inline bool is_ipv4_mapped(__u32 ip6[4])

bpf/kmesh/workload/cgroup_sock.c Outdated
kmesh_workload_tail_call(ctx, TAIL_CALL_CONNECT6_INDEX);

// if tail call failed will run this code
BPF_LOG(ERR, KMESH, "workload tail call failed, err is %d\n", ret);
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
BPF_LOG(ERR, KMESH, "workload tail call failed, err is %d\n", ret);
BPF_LOG(ERR, KMESH, "workload tail call in v6 failed, err is %d\n", ret);

pkg/bpf/bpf_kmesh_workload.go Outdated
sc.Info6.AttachType = prog.AttachType

if err = sc.MapOfTailCallProg.Update(
uint32(1),
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

a const definition is required for tail_call index.

pkg/cni/plugin/plugin.go Outdated
@@ -157,7 +157,7 @@ func disableKmeshControl(ns string) error {
return err
}
errno, ok := err.(syscall.Errno)
if ok && errno == 115 { // -EINPROGRESS, Operation now in progress
if ok && (errno == 115 || errno == 101) { // -EINPROGRESS, Operation now in progress | Network is unreachable
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

error code definition is required.

@nlgwcy
auth for ipv6
7f48708 
Signed-off-by: wuchangye <[email protected]>
@nlgwcy
fix sockops load failed
ee4fce3 
Signed-off-by: wuchangye <[email protected]>
@kmesh-bot kmesh-bot added size/XL and removed size/L labels Jun 26, 2024
nlgwcy
nlgwcy commented Jun 27, 2024
View reviewed changes
pkg/constants/constants.go
@@ -31,4 +31,13 @@ const (

BPF_LOG_ERR = 0
BPF_LOG_DEBUG = 3

// Ip(0.0.0.2 | ::2) used for control command, e.g. KmeshControl | ByPass
ControlCommandIp4 = "0.0.0.2"
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

In the IPv6 environment, control commands such as management and bypass commands triggered by 0.0.0.1 return 101 (Network is unreachable), and sockops:BPF_SOCK_OPS_TCP_CONNECT_CB hook cannot be triggered. ::1 indicates that control commands can be triggered, but the obtained local_ip value is also ::1. The actual pod IP address cannot be obtained.
Solution:
0.0.0.2/::2 is used as the IP address of the control command.

@nlgwcy
fix issue
d5354b0 
Signed-off-by: wuchangye <[email protected]>
hzxuzhonghu
hzxuzhonghu reviewed Jun 27, 2024
View reviewed changes
bpf/include/bpf_common.h Outdated
{
// daemon sim connect 0.0.0.0:931(0x3a3)
// daemon sim connect 0.0.0.0:931 | ::1:931(0x3a3)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

should change to 0.2

bpf/include/bpf_common.h Outdated Show resolved Hide resolved
@nlgwcy
fix issue
a975a23 
Signed-off-by: wuchangye <[email protected]>
@nlgwcy nlgwcy force-pushed the ipv6-1 branch 2 times, most recently from 73c995d to a975a23 Compare June 28, 2024 04:47
@hzxuzhonghu
Copy link
Member

/lgtm
/approve

@kmesh-bot kmesh-bot added the lgtm label Jun 28, 2024
@kmesh-bot
Copy link
Collaborator

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: hzxuzhonghu

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@kmesh-bot kmesh-bot merged commit 67c5295 into kmesh-net:main Jun 28, 2024
3 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@hzxuzhonghu hzxuzhonghu hzxuzhonghu left review comments

@supercharge-xsy supercharge-xsy supercharge-xsy left review comments

@LiZhenCheng9527 LiZhenCheng9527 LiZhenCheng9527 left review comments

Assignees

@hzxuzhonghu hzxuzhonghu

Labels
approved lgtm size/XL
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
5 participants
@nlgwcy @hzxuzhonghu @kmesh-bot @supercharge-xsy @LiZhenCheng9527