Merge pull request #1273 from lec-bit/new_kernel

adapt bpf2go files in new kernel

Author: kmesh-bot

Makefile

@@ -82,8 +82,7 @@ ifeq ($(TAG),)
   $(error "TAG cannot be empty")
 endif
 
-TMP_FILES := bpf/kmesh/bpf2go/bpf2go.go \
-	config/kmesh_marcos_def.h \
+TMP_FILES := config/kmesh_marcos_def.h \
 	mk/api-v2-c.pc \
 	mk/bpf.pc \
 	bpf/include/bpf_helper_defs_ext.h \

bpf/include/bpf_common.h

@@ -223,4 +223,86 @@ static inline void *get_ptr_val_from_map(void *map, __u8 map_type, const void *p
         val_tmp;                                                                                                       \
     })
 
+static inline void record_kmesh_managed_ip(__u32 family, __u32 ip4, __u32 *ip6)
+{
+    int err;
+    __u32 value = 0;
+    struct manager_key key = {0};
+    if (family == AF_INET)
+        key.addr.ip4 = ip4;
+    if (family == AF_INET6 && ip6)
+        IP6_COPY(key.addr.ip6, ip6);
+
+    err = bpf_map_update_elem(&map_of_manager, &key, &value, BPF_ANY);
+    if (err)
+        BPF_LOG(ERR, KMESH, "record ip failed, err is %d\n", err);
+}
+
+static inline void remove_kmesh_managed_ip(__u32 family, __u32 ip4, __u32 *ip6)
+{
+    struct manager_key key = {0};
+    if (family == AF_INET)
+        key.addr.ip4 = ip4;
+    if (family == AF_INET6 && ip6)
+        IP6_COPY(key.addr.ip6, ip6);
+
+    int err = bpf_map_delete_elem(&map_of_manager, &key);
+    if (err && err != -ENOENT)
+        BPF_LOG(ERR, KMESH, "remove ip failed, err is %d\n", err);
+}
+
+static inline bool conn_from_sim(struct bpf_sock_ops *skops, __u32 ip, __u16 port)
+{
+    __u16 remote_port = GET_SKOPS_REMOTE_PORT(skops);
+    if (bpf_ntohs(remote_port) != port)
+        return false;
+
+    if (skops->family == AF_INET)
+        return (bpf_ntohl(skops->remote_ip4) == ip);
+
+    return (
+        skops->remote_ip6[0] == 0 && skops->remote_ip6[1] == 0 && skops->remote_ip6[2] == 0
+        && bpf_ntohl(skops->remote_ip6[3]) == ip);
+}
+
+static inline bool skops_conn_from_cni_sim_add(struct bpf_sock_ops *skops)
+{
+    // cni sim connect CONTROL_CMD_IP:929(0x3a1)
+    // 0x3a1 is the specific port handled by the cni to enable Kmesh
+    return conn_from_sim(skops, CONTROL_CMD_IP, ENABLE_KMESH_PORT);
+}
+
+static inline bool skops_conn_from_cni_sim_delete(struct bpf_sock_ops *skops)
+{
+    // cni sim connect CONTROL_CMD_IP:930(0x3a2)
+    // 0x3a2 is the specific port handled by the cni to disable Kmesh
+    return conn_from_sim(skops, CONTROL_CMD_IP, DISABLE_KMESH_PORT);
+}
+
+static inline void skops_handle_kmesh_managed_process(struct bpf_sock_ops *skops)
+{
+    if (skops_conn_from_cni_sim_add(skops))
+        record_kmesh_managed_ip(skops->family, skops->local_ip4, skops->local_ip6);
+    if (skops_conn_from_cni_sim_delete(skops))
+        remove_kmesh_managed_ip(skops->family, skops->local_ip4, skops->local_ip6);
+}
+
+static inline bool is_managed_by_kmesh(struct bpf_sock_ops *skops)
+{
+    struct manager_key key = {0};
+    if (skops->family == AF_INET)
+        key.addr.ip4 = skops->local_ip4;
+    if (skops->family == AF_INET6) {
+        if (is_ipv4_mapped_addr(skops->local_ip6))
+            key.addr.ip4 = skops->local_ip6[3];
+        else
+            IP6_COPY(key.addr.ip6, skops->local_ip6);
+    }
+
+    int *value = bpf_map_lookup_elem(&map_of_manager, &key);
+    if (!value)
+        return false;
+    return (*value == 0);
+}
+
 #endif

bpf/kmesh/ads/sockops.c

@@ -19,7 +19,13 @@ int sockops_prog(struct bpf_sock_ops *skops)
         return BPF_OK;
 
     switch (skops->op) {
+    case BPF_SOCK_OPS_TCP_CONNECT_CB:
+        skops_handle_kmesh_managed_process(skops);
+        break;
     case BPF_SOCK_OPS_ACTIVE_ESTABLISHED_CB:
+        if (!is_managed_by_kmesh(skops))
+            break;
+
         if (bpf_sock_ops_cb_flags_set(skops, BPF_SOCK_OPS_STATE_CB_FLAG) != 0) {
             BPF_LOG(ERR, SOCKOPS, "set sockops cb failed!\n");
         } else {

bpf/kmesh/bpf2go/bpf2go.go

@@ -18,18 +18,18 @@
 package bpf2go
 
 // go run github.com/cilium/ebpf/cmd/bpf2go --help
-//go:generate go run github.com/cilium/ebpf/cmd/bpf2go --output-dir kernelnative/normal --go-package normal -cc clang  --cflags $EXTRA_CFLAGS --cflags $EXTRA_CDEFINE KmeshCgroupSock ../ads/cgroup_sock.c -- -I../ads/include -I../../include -I../../../api/v2-c -DCGROUP_SOCK_MANAGE -DKERNEL_VERSION_HIGHER_5_13_0=1
+//go:generate go run github.com/cilium/ebpf/cmd/bpf2go --output-dir kernelnative/$ENHANCED_KERNEL --go-package $ENHANCED_KERNEL -cc clang  --cflags $EXTRA_CFLAGS --cflags $EXTRA_CDEFINE KmeshCgroupSock ../ads/cgroup_sock.c -- -I../ads/include -I../../include -I../../../api/v2-c -DCGROUP_SOCK_MANAGE -DKERNEL_VERSION_HIGHER_5_13_0=1
 //go:generate go run github.com/cilium/ebpf/cmd/bpf2go --output-dir dualengine --go-package dualengine -cc clang  --cflags $EXTRA_CFLAGS --cflags $EXTRA_CDEFINE KmeshCgroupSockWorkload ../workload/cgroup_sock.c -- -I../workload/include -I../../include -I../probes -DKERNEL_VERSION_HIGHER_5_13_0=1
-//go:generate go run github.com/cilium/ebpf/cmd/bpf2go --output-dir kernelnative/enhanced --go-package enhanced -cc clang  --cflags $EXTRA_CFLAGS --cflags $EXTRA_CDEFINE KmeshSockops ../ads/sockops.c -- -I../ads/include -I../../include -I../../../api/v2-c -DKERNEL_VERSION_HIGHER_5_13_0=1
+//go:generate go run github.com/cilium/ebpf/cmd/bpf2go --output-dir kernelnative/$ENHANCED_KERNEL --go-package $ENHANCED_KERNEL -cc clang  --cflags $EXTRA_CFLAGS --cflags $EXTRA_CDEFINE KmeshSockops ../ads/sockops.c -- -I../ads/include -I../../include -I../../../api/v2-c -DKERNEL_VERSION_HIGHER_5_13_0=1
 //go:generate go run github.com/cilium/ebpf/cmd/bpf2go --output-dir dualengine --go-package dualengine -cc clang --cflags $EXTRA_CFLAGS --cflags $EXTRA_CDEFINE KmeshSockopsWorkload ../workload/sockops.c -- -I../workload/include -I../../include -I../probes -DKERNEL_VERSION_HIGHER_5_13_0=1
 //go:generate go run github.com/cilium/ebpf/cmd/bpf2go --output-dir dualengine --go-package dualengine -cc clang  --cflags $EXTRA_CFLAGS --cflags $EXTRA_CDEFINE KmeshXDPAuth ../workload/xdp.c -- -I../workload/include -I../../include -I../../../api/v2-c -DKERNEL_VERSION_HIGHER_5_13_0=1
 //go:generate go run github.com/cilium/ebpf/cmd/bpf2go --output-dir dualengine --go-package dualengine -cc clang  --cflags $EXTRA_CFLAGS --cflags $EXTRA_CDEFINE KmeshSendmsg ../workload/sendmsg.c -- -I../workload/include -I../../include -DKERNEL_VERSION_HIGHER_5_13_0=1
 //go:generate go run github.com/cilium/ebpf/cmd/bpf2go --output-dir general --go-package general -cc clang  --cflags $EXTRA_CFLAGS --cflags $EXTRA_CDEFINE KmeshTcMarkEncrypt ../general/tc_mark_encrypt.c -- -I../general/include -I../../include -DKERNEL_VERSION_HIGHER_5_13_0=1
 //go:generate go run github.com/cilium/ebpf/cmd/bpf2go --output-dir general --go-package general -cc clang  --cflags $EXTRA_CFLAGS --cflags $EXTRA_CDEFINE KmeshTcMarkDecrypt ../general/tc_mark_decrypt.c -- -I../general/include -I../../include -DKERNEL_VERSION_HIGHER_5_13_0=1
 
-//go:generate go run github.com/cilium/ebpf/cmd/bpf2go --output-dir kernelnative/normal --go-package normal -cc clang  --cflags $EXTRA_CFLAGS --cflags $EXTRA_CDEFINE KmeshCgroupSockCompat ../ads/cgroup_sock.c -- -I../ads/include -I../../include -I../../../api/v2-c -DCGROUP_SOCK_MANAGE -DKERNEL_VERSION_HIGHER_5_13_0=0
+//go:generate go run github.com/cilium/ebpf/cmd/bpf2go --output-dir kernelnative/$ENHANCED_KERNEL --go-package $ENHANCED_KERNEL -cc clang  --cflags $EXTRA_CFLAGS --cflags $EXTRA_CDEFINE KmeshCgroupSockCompat ../ads/cgroup_sock.c -- -I../ads/include -I../../include -I../../../api/v2-c -DCGROUP_SOCK_MANAGE -DKERNEL_VERSION_HIGHER_5_13_0=0
 //go:generate go run github.com/cilium/ebpf/cmd/bpf2go --output-dir dualengine --go-package dualengine -cc clang  --cflags $EXTRA_CFLAGS --cflags $EXTRA_CDEFINE KmeshCgroupSockWorkloadCompat ../workload/cgroup_sock.c -- -I../workload/include -I../../include -I../probes -DKERNEL_VERSION_HIGHER_5_13_0=0
-//go:generate go run github.com/cilium/ebpf/cmd/bpf2go --output-dir kernelnative/enhanced --go-package enhanced -cc clang  --cflags $EXTRA_CFLAGS --cflags $EXTRA_CDEFINE KmeshSockopsCompat ../ads/sockops.c -- -I../ads/include -I../../include -I../../../api/v2-c -DKERNEL_VERSION_HIGHER_5_13_0=0
+//go:generate go run github.com/cilium/ebpf/cmd/bpf2go --output-dir kernelnative/$ENHANCED_KERNEL --go-package $ENHANCED_KERNEL -cc clang  --cflags $EXTRA_CFLAGS --cflags $EXTRA_CDEFINE KmeshSockopsCompat ../ads/sockops.c -- -I../ads/include -I../../include -I../../../api/v2-c -DKERNEL_VERSION_HIGHER_5_13_0=0
 //go:generate go run github.com/cilium/ebpf/cmd/bpf2go --output-dir dualengine --go-package dualengine  -cc clang  --cflags $EXTRA_CFLAGS --cflags $EXTRA_CDEFINE KmeshSockopsWorkloadCompat ../workload/sockops.c -- -I../workload/include -I../../include -I../probes -DKERNEL_VERSION_HIGHER_5_13_0=0
 //go:generate go run github.com/cilium/ebpf/cmd/bpf2go --output-dir dualengine --go-package dualengine -cc clang  --cflags $EXTRA_CFLAGS --cflags $EXTRA_CDEFINE KmeshXDPAuthCompat ../workload/xdp.c -- -I../workload/include -I../../include -I../../../api/v2-c -DKERNEL_VERSION_HIGHER_5_13_0=0
 //go:generate go run github.com/cilium/ebpf/cmd/bpf2go --output-dir dualengine --go-package dualengine -cc clang  --cflags $EXTRA_CFLAGS --cflags $EXTRA_CDEFINE KmeshSendmsgCompat ../workload/sendmsg.c -- -I../workload/include -I../../include -DKERNEL_VERSION_HIGHER_5_13_0=0