Merge branch 'main' of https://github.com/kmesh-net/kmesh

kmesh-net · May 31, 2024 · e4c38f0 · e4c38f0
2 parents c3d9874 + 12b8d0c
commit e4c38f0
Show file tree

Hide file tree

Showing 38 changed files with 670 additions and 209 deletions.
diff --git a/.github/workflows/release-master.yaml b/.github/workflows/release-master.yaml
@@ -0,0 +1,27 @@
+name: Latest Release
+
+on:
+  push:
+    branches:
+      - "main"
+    paths-ignore:
+      - "**/*.png"
+      - "**/*.svg"
+      - "**/*.yaml"
+      - "**/*.md"
+
+jobs:
+  latest-release:
+    name: Push image to ghcr.io
+    runs-on: ubuntu-22.04
+    steps:
+      - name: checkout code
+        uses: actions/checkout@v3
+      - name: docker build
+        # master branch alway use latest tag
+        run: sudo TAG=latest make docker
+      - name: login registry
+        # This is where you will update the PAT to GITHUB_TOKEN
+        run: echo "${{ secrets.GH_PAT }}" | docker login ghcr.io -u $ --password-stdin
+      - name: docker push
+        run: docker push ghcr.io/kmesh-net/kmesh:latest
diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
@@ -2,19 +2,20 @@
 
 Welcome to Kmesh!
 
--   [Before you get started](#before-you-get-started)
-    -   [Code of Conduct](#code-of-conduct)
-    -   [Community Expectations](#community-expectations)
--   [Getting started](#getting-started)
--   [Your First Contribution](#your-first-contribution)
-    -   [Find something to work on](#find-something-to-work-on)
-        -   [Find a good first topic](#find-a-good-first-topic)
-        -   [Work on an Issue](#work-on-an-issue)
-        -   [File an Issue](#file-an-issue)
--   [Contributor Workflow](#contributor-workflow)
-    -   [Creating Pull Requests](#creating-pull-requests)
-    -   [Code Review](#code-review)
-    -   [Testing](#testing)
+- [Contributing](#contributing)
+- [Before you get started](#before-you-get-started)
+  - [Code of Conduct](#code-of-conduct)
+  - [Community Expectations](#community-expectations)
+- [Getting started](#getting-started)
+- [Your First Contribution](#your-first-contribution)
+  - [Find something to work on](#find-something-to-work-on)
+    - [Find a good first topic](#find-a-good-first-topic)
+      - [Work on an issue](#work-on-an-issue)
+    - [File an Issue](#file-an-issue)
+- [Contributor Workflow](#contributor-workflow)
+  - [Creating Pull Requests](#creating-pull-requests)
+  - [Code Review](#code-review)
+- [Memebership](#memebership)
 
 # Before you get started
 
@@ -34,7 +35,6 @@ and intended to realize multi-cloud centralized management, high availability, f
 - Make your changes on your fork repository.
 - Submit a PR.
 
-
 # Your First Contribution
 
 We will help you to contribute in different areas like filing issues, developing features, fixing critical bugs and
@@ -104,3 +104,11 @@ To make it easier for your PR to receive reviews, consider the reviewers will ne
 * follow [good coding guidelines](https://github.com/golang/go/wiki/CodeReviewComments).
 * write [good commit messages](https://chris.beams.io/posts/git-commit/).
 * break large changes into a logical series of smaller patches which individually make easily understandable changes, and in aggregate solve a broader issue.
+
+# Memebership
+
+We encourage all contributors to become members. Learn more about requirements and responsibilities of membership in our [Community Membership doc](https://github.com/kmesh-net/website/blob/main/content/en/docs/community/membership.md).
+
+If you have made contributions that meet the requirements of becoming KMesh member, simply file an [issue](https://github.com/kmesh-net/kmesh/issues/new?assignees=&labels=&projects=&template=membership-request.md&title=REQUEST%3A+New+membership+for+%3Cyour+name%3E) to apply.
+
+Kmesh community welcomes all interested developers to become members of the Kmesh community!
diff --git a/Makefile b/Makefile
@@ -170,3 +170,7 @@ clean:
 	$(QUIET) make clean -C bpf/deserialization_to_bpf_map
 	$(call printlog, CLEAN, "kernel")
 	$(QUIET) make clean -C kernel/ko_src
+
+	$(QUIET) if docker ps -a -q -f name=kmesh-build | grep -q .; then \
+		docker rm -f kmesh-build; \
+	fi
diff --git a/bpf/include/bpf_common.h b/bpf/include/bpf_common.h
@@ -16,14 +16,14 @@
 
 #define map_of_manager      kmesh_manage
 #define MAP_SIZE_OF_MANAGER 8192
-/*0x3a10000 is the specific port handled by the cni to enable kmesh*/
-#define ENABLE_KMESH_PORT 0x3a10000
-/*0x3a20000 is the specific port handled by the cni to enable kmesh*/
-#define DISABLE_KMESH_PORT 0x3a20000
-/*0x3a30000 is the specific port handled by the daemon to enable bypass*/
-#define ENABLE_BYPASS_PORT 0x3a30000
-/*0x3a40000 is the specific port handled by the daemon to enable bypass*/
-#define DISABLE_BYPASS_PORT 0x3a40000
+/*0x3a1(929) is the specific port handled by the cni to enable kmesh*/
+#define ENABLE_KMESH_PORT 0x3a1
+/*0x3a2(930) is the specific port handled by the cni to enable kmesh*/
+#define DISABLE_KMESH_PORT 0x3a2
+/*0x3a3(931) is the specific port handled by the daemon to enable bypass*/
+#define ENABLE_BYPASS_PORT 0x3a3
+/*0x3a4(932) is the specific port handled by the daemon to enable bypass*/
+#define DISABLE_BYPASS_PORT 0x3a4
 
 typedef struct {
     __u32 is_bypassed;
@@ -104,28 +104,28 @@ static inline bool conn_from_bypass_sim_add(struct bpf_sock_addr *ctx)
 {
     // daemon sim connect 0.0.0.0:931(0x3a3)
     // 0x3a3 is the specific port handled by the daemon to enable bypass
-    return ((bpf_ntohl(ctx->user_ip4) == 1) && (bpf_ntohl(ctx->user_port) == ENABLE_BYPASS_PORT));
+    return ((bpf_ntohl(ctx->user_ip4) == 1) && (bpf_ntohs(ctx->user_port) == ENABLE_BYPASS_PORT));
 }
 
 static inline bool conn_from_bypass_sim_delete(struct bpf_sock_addr *ctx)
 {
     // daemon sim connect 0.0.0.1:932(0x3a4)
     // 0x3a4 is the specific port handled by the daemon to disable bypass
-    return ((bpf_ntohl(ctx->user_ip4) == 1) && (bpf_ntohl(ctx->user_port) == DISABLE_BYPASS_PORT));
+    return ((bpf_ntohl(ctx->user_ip4) == 1) && (bpf_ntohs(ctx->user_port) == DISABLE_BYPASS_PORT));
 }
 
 static inline bool conn_from_cni_sim_add(struct bpf_sock_addr *ctx)
 {
     // cni sim connect 0.0.0.0:929(0x3a1)
     // 0x3a1 is the specific port handled by the cni to enable Kmesh
-    return ((bpf_ntohl(ctx->user_ip4) == 1) && (bpf_ntohl(ctx->user_port) == ENABLE_KMESH_PORT));
+    return ((bpf_ntohl(ctx->user_ip4) == 1) && (bpf_ntohs(ctx->user_port) == ENABLE_KMESH_PORT));
 }
 
 static inline bool conn_from_cni_sim_delete(struct bpf_sock_addr *ctx)
 {
     // cni sim connect 0.0.0.1:930(0x3a2)
     // 0x3a2 is the specific port handled by the cni to disable Kmesh
-    return ((bpf_ntohl(ctx->user_ip4) == 1) && (bpf_ntohl(ctx->user_port) == DISABLE_KMESH_PORT));
+    return ((bpf_ntohl(ctx->user_ip4) == 1) && (bpf_ntohs(ctx->user_port) == DISABLE_KMESH_PORT));
 }
 
 /* This function is used to store and delete cookie

diff --git a/bpf/include/common.h b/bpf/include/common.h
@@ -69,7 +69,12 @@ static inline int kmesh_map_update_elem(void *map, const void *key, const void *
 }
 
 #if OE_23_03
-#define bpf__strncmp bpf_strncmp
+#define bpf__strncmp                  bpf_strncmp
+#define GET_SKOPS_REMOTE_PORT(sk_ops) (__u16)((sk_ops)->remote_port)
+#else
+#define GET_SKOPS_REMOTE_PORT(sk_ops) (__u16)((sk_ops)->remote_port >> 16)
 #endif
 
+#define GET_SKOPS_LOCAL_PORT(sk_ops) (__u16)((sk_ops)->local_port)
+
 #endif // _COMMON_H_
diff --git a/bpf/kmesh/ads/sockops.c b/bpf/kmesh/ads/sockops.c
@@ -33,9 +33,8 @@ static int sockops_traffic_control(struct bpf_sock_ops *skops, struct bpf_mem_pt
     int ret;
     /* 1 lookup listener */
     DECLARE_VAR_ADDRESS(skops, addr);
-#if !OE_23_03
-    addr.port = addr.port >> 16;
-#endif
+    addr.port = GET_SKOPS_REMOTE_PORT(skops);
+
     Listener__Listener *listener = map_lookup_listener(&addr);
 
     if (!listener) {

diff --git a/bpf/kmesh/bpf2go/bpf2go.go b/bpf/kmesh/bpf2go/bpf2go.go
@@ -25,6 +25,6 @@ package bpf2go
 //go:generate go run github.com/cilium/ebpf/cmd/bpf2go -cc clang  --cflags $EXTRA_CFLAGS --cflags $EXTRA_CDEFINE KmeshCgroupSockWorkload ../workload/cgroup_sock.c -- -I../workload/include -I../../include
 //go:generate go run github.com/cilium/ebpf/cmd/bpf2go -cc clang  --cflags $EXTRA_CFLAGS --cflags $EXTRA_CDEFINE KmeshSockops ../ads/sockops.c -- -I../ads/include -I../../include -I../../../api/v2-c
 //go:generate go run github.com/cilium/ebpf/cmd/bpf2go -cc clang  --cflags $EXTRA_CFLAGS --cflags $EXTRA_CDEFINE KmeshTracePoint ../ads/tracepoint.c -- -I../ads/include -I../../include
-//go:generate go run github.com/cilium/ebpf/cmd/bpf2go -cc clang  --cflags $EXTRA_CFLAGS --cflags $EXTRA_CDEFINE KmeshSockopsWorkload ../workload/sockops_tuple.c -- -I../workload/include -I../../include
+//go:generate go run github.com/cilium/ebpf/cmd/bpf2go -cc clang  --cflags $EXTRA_CFLAGS --cflags $EXTRA_CDEFINE KmeshSockopsWorkload ../workload/sockops.c -- -I../workload/include -I../../include
 //go:generate go run github.com/cilium/ebpf/cmd/bpf2go -cc clang  --cflags $EXTRA_CFLAGS --cflags $EXTRA_CDEFINE KmeshXDPAuth ../workload/xdp.c -- -I../workload/include -I../../include
 //go:generate go run github.com/cilium/ebpf/cmd/bpf2go -cc clang  --cflags $EXTRA_CFLAGS --cflags $EXTRA_CDEFINE KmeshSendmsg ../workload/sendmsg.c -- -I../workload/include -I../../include
diff --git a/bpf/kmesh/workload/include/backend.h b/bpf/kmesh/workload/include/backend.h
@@ -82,7 +82,7 @@ static inline int backend_manager(ctx_buff_t *ctx, backend_value *backend_v, __u
             return -EINVAL;
         }
         if (service_id == backend_v->service[i]) {
-            BPF_LOG(DEBUG, BACKEND, "access the backend by service:%d\n", service_id);
+            BPF_LOG(DEBUG, BACKEND, "access the backend by service:%u\n", service_id);
 #pragma unroll
             for (__u32 j = 0; j < MAX_PORT_COUNT; j++) {
                 if (user_port == service_v->service_port[j]) {

diff --git a/bpf/kmesh/workload/sockops_tuple.c → bpf/kmesh/workload/sockops.c b/bpf/kmesh/workload/sockops_tuple.c → bpf/kmesh/workload/sockops.c
@@ -42,7 +42,7 @@ struct {
     __type(value, __u32);
     __uint(max_entries, MAP_SIZE_OF_MANAGER);
     __uint(map_flags, 0);
-} map_of_kmesh_hashmap SEC(".maps");
+} map_of_kmesh_socket SEC(".maps");
 
 static inline bool is_managed_by_kmesh(__u32 ip)
 {
@@ -60,29 +60,21 @@ static inline void extract_skops_to_tuple(struct bpf_sock_ops *skops, struct bpf
     tuple_key->ipv4.saddr = skops->local_ip4;
     tuple_key->ipv4.daddr = skops->remote_ip4;
     // local_port is host byteorder
-    tuple_key->ipv4.sport = bpf_htonl(skops->local_port) >> FORMAT_IP_LENGTH;
+    tuple_key->ipv4.sport = bpf_htons(GET_SKOPS_LOCAL_PORT(skops));
     // remote_port is network byteorder
     // openEuler 2303 convert remote port different than other linux vendor
-#if !OE_23_03
-    tuple_key->ipv4.dport = skops->remote_port >> FORMAT_IP_LENGTH;
-#else
-    tuple_key->ipv4.dport = skops->remote_port;
-#endif
+
+    tuple_key->ipv4.dport = GET_SKOPS_REMOTE_PORT(skops);
 }
 
 static inline void extract_skops_to_tuple_reverse(struct bpf_sock_ops *skops, struct bpf_sock_tuple *tuple_key)
 {
     tuple_key->ipv4.saddr = skops->remote_ip4;
     tuple_key->ipv4.daddr = skops->local_ip4;
     // remote_port is network byteorder
-    // openEuler 2303 convert remote port different than other linux vendor
-#if !OE_23_03
-    tuple_key->ipv4.sport = skops->remote_port >> FORMAT_IP_LENGTH;
-#else
-    tuple_key->ipv4.sport = skops->remote_port;
-#endif
+    tuple_key->ipv4.sport = GET_SKOPS_REMOTE_PORT(skops);
     // local_port is host byteorder
-    tuple_key->ipv4.dport = bpf_htonl(skops->local_port) >> FORMAT_IP_LENGTH;
+    tuple_key->ipv4.dport = bpf_htons(GET_SKOPS_LOCAL_PORT(skops));
 }
 
 // clean map_of_auth
@@ -126,12 +118,13 @@ static inline void auth_ip_tuple(struct bpf_sock_ops *skops)
     bpf_ringbuf_submit(msg, 0);
 }
 
+// update sockmap to trigger sk_msg prog to encode metadata before sending to waypoint
 static inline void enable_encoding_metadata(struct bpf_sock_ops *skops)
 {
     int err;
     struct bpf_sock_tuple tuple_info = {0};
     extract_skops_to_tuple(skops, &tuple_info);
-    err = bpf_sock_hash_update(skops, &map_of_kmesh_hashmap, &tuple_info, BPF_ANY);
+    err = bpf_sock_hash_update(skops, &map_of_kmesh_socket, &tuple_info, BPF_ANY);
     if (err)
         BPF_LOG(ERR, SOCKOPS, "enable encoding metadta failed!, err is %d", err);
 }
@@ -157,14 +150,12 @@ static inline void remove_kmesh_managed_ip(__u32 ip)
         BPF_LOG(ERR, KMESH, "remove ip failed!, err is %d\n", err);
 }
 
-static inline bool conn_from_sim(struct bpf_sock_ops *skops, __u32 ip, __u32 port)
+static inline bool conn_from_sim(struct bpf_sock_ops *skops, __u32 ip, __u16 port)
 {
-    __u32 rev_port = bpf_ntohl(skops->remote_port);
+    __u16 remote_port = GET_SKOPS_REMOTE_PORT(skops);
     __u32 client_ip = bpf_ntohl(skops->remote_ip4);
-#if !OE_23_03
-    port >>= 16;
-#endif
-    return (client_ip == ip) && (port == rev_port);
+
+    return (client_ip == ip) && (bpf_ntohs(remote_port) == port);
 }
 
 static inline bool skops_conn_from_cni_sim_add(struct bpf_sock_ops *skops)
@@ -231,7 +222,7 @@ static inline void skops_handle_bypass_process(struct bpf_sock_ops *skops)
 }
 
 SEC("sockops")
-int record_tuple(struct bpf_sock_ops *skops)
+int sockops_prog(struct bpf_sock_ops *skops)
 {
     if (skops->family != AF_INET && !ipv4_mapped_addr(skops->local_ip6))
         return 0;
@@ -245,7 +236,10 @@ int record_tuple(struct bpf_sock_ops *skops)
             break;
         if (bpf_sock_ops_cb_flags_set(skops, BPF_SOCK_OPS_STATE_CB_FLAG) != 0)
             BPF_LOG(ERR, SOCKOPS, "set sockops cb failed!\n");
-        enable_encoding_metadata(skops);
+        __u64 *current_sk = (__u64 *)skops->sk;
+        struct bpf_sock_tuple *dst = bpf_map_lookup_elem(&map_of_dst_info, &current_sk);
+        if (dst != NULL)
+            enable_encoding_metadata(skops);
         break;
     case BPF_SOCK_OPS_PASSIVE_ESTABLISHED_CB:
         if (!is_managed_by_kmesh(skops->local_ip4)) // local ip4 is server ip

diff --git a/build.sh b/build.sh
@@ -4,11 +4,11 @@ ROOT_DIR=$(dirname $(readlink -f ${BASH_SOURCE[0]}))
 # adjust the range of BPF code compillation based on the kernel is enhanced
 function bpf_compile_range_adjust() {
     if [ "$ENHANCED_KERNEL" == "enhanced" ]; then
-            sed -i '/tracepoint\.c/s/\(.*\)generate/\/\/go:generate/' bpf/kmesh/bpf2go/bpf2go.go
-            sed -i '/sockops\.c/s/\(.*\)generate/\/\/go:generate/' bpf/kmesh/bpf2go/bpf2go.go
+            sed -i '/ads\/tracepoint\.c/s/\(.*\)generate/\/\/go:generate/' bpf/kmesh/bpf2go/bpf2go.go
+            sed -i '/ads\/sockops\.c/s/\(.*\)generate/\/\/go:generate/' bpf/kmesh/bpf2go/bpf2go.go
     else
-            sed -i '/tracepoint\.c/s/\(.*\)generate/\/\/not go:generate/' bpf/kmesh/bpf2go/bpf2go.go
-            sed -i '/sockops\.c/s/\(.*\)generate/\/\/not go:generate/' bpf/kmesh/bpf2go/bpf2go.go
+            sed -i '/ads\/tracepoint\.c/s/\(.*\)generate/\/\/not go:generate/' bpf/kmesh/bpf2go/bpf2go.go
+            sed -i '/ads\/sockops\.c/s/\(.*\)generate/\/\/not go:generate/' bpf/kmesh/bpf2go/bpf2go.go
     fi
 }
 

diff --git a/build/docker/kmesh.dockerfile b/build/docker/kmesh.dockerfile
@@ -11,9 +11,9 @@ RUN \
     --mount=type=cache,target=/var/cache/dnf \
     yum install -y kmod util-linux iptables
 
-ADD out/$arch/*so* /usr/lib64/
-ADD out/$arch/kmesh-daemon /usr/bin/
-ADD out/$arch/kmesh-cni /usr/bin/
-ADD out/$arch/mdacore /usr/bin/
-ADD build/docker/start_kmesh.sh /kmesh
-ADD out/$arch/ko /kmesh
+COPY out/$arch/*so* /usr/lib64/
+COPY out/$arch/kmesh-daemon /usr/bin/
+COPY out/$arch/kmesh-cni /usr/bin/
+COPY out/$arch/mdacore /usr/bin/
+COPY build/docker/start_kmesh.sh /kmesh
+COPY out/$arch/ko /kmesh
diff --git a/deploy/README.md b/deploy/README.md
@@ -6,4 +6,12 @@ We provide a Helm Chart to deploy Kmesh in Kubernets Cluster.
 
 ```bash
 helm install kmesh ./deploy/helm -n kmesh-system --create-namespace
+```
+
+## Yaml
+
+We also support deploying using yaml files.
+
+```bash
+kubectl apply -f ./deploy/yaml/
 ```
diff --git a/docs/pics/fortio_performance_test.png b/docs/pics/fortio_performance_test.png