From 88ed97466db56ec911f7a1d7c16ffae98ca81d0f Mon Sep 17 00:00:00 2001 From: bitcoffee Date: Thu, 12 Dec 2024 20:42:29 +0800 Subject: [PATCH] Optimizationos made to oncn-mda The first patch is optimized in the sockops. If the current receive directiono is in dual-stack mode, the obtained family is an ipv6 family. As a result, oncn-mda acceleration cannoot be used. Although the ipv6 family is used, the actual ip address is still an ipv4 address. The secoond patch is optimized in client. The oncn-mda does not depend on the libboundscheck function library. Replace the libboundscheck function library with the standard function library and modify the functiono library. Signed-off-by: bitcoffee --- Kmesh.spec | 10 +- ...-t-support-use-ipv6-family-in-sockop.patch | 26 ++ remove-libboundscheck-dependency.patch | 269 ++++++++++++++++++ 3 files changed, 302 insertions(+), 3 deletions(-) create mode 100644 fix-oncn-mda-don-t-support-use-ipv6-family-in-sockop.patch create mode 100644 remove-libboundscheck-dependency.patch diff --git a/Kmesh.spec b/Kmesh.spec index 8c125a3..cca700b 100644 --- a/Kmesh.spec +++ b/Kmesh.spec @@ -1,7 +1,7 @@ %global codepath kmesh Name: Kmesh Version: 0.4.1 -Release: 2 +Release: 3 Summary: %{name} is a eBPF-based service mesh kernel solution License: ASL 2.0 and GPL-2.0 URL: https://github.com/kmesh-net @@ -12,16 +12,16 @@ BuildRequires: protobuf protobuf-c protobuf-c-devel BuildRequires: golang >= 1.21.4 BuildRequires: clang >= 10.0.1 llvm >= 10.0.1 BuildRequires: libbpf-devel kernel-devel >= 5.10 -BuildRequires: libboundscheck BuildRequires: uname-build-checks Requires: bpftool Requires: libbpf -Requires: libboundscheck Patch0001: Downgrade-go-version-to-v1.21.4.patch Patch0002: Remove-useless-tag-in-Makefile.patch Patch0003: Support-uid-gid.patch +Patch0004: fix-oncn-mda-don-t-support-use-ipv6-family-in-sockop.patch +Patch0005: remove-libboundscheck-dependency.patch %description %{name} is a eBPF-based service mesh kernel solution. @@ -121,6 +121,10 @@ rm -rf %{buildroot} %attr(0500,root,root) /kmesh/start_kmesh.sh %changelog +* Thu Dec 12 2024 bitcoffee - 0.4.1-3 +- 1. fix oncn-mda don't support ipv4 mapped ipv6 + 2. remove libboundscheck dependence + * Mon Nov 25 2024 weli-l<1289113577@qq.com> - 0.4.1-2 - add dockerfile for Kmesh diff --git a/fix-oncn-mda-don-t-support-use-ipv6-family-in-sockop.patch b/fix-oncn-mda-don-t-support-use-ipv6-family-in-sockop.patch new file mode 100644 index 0000000..b0c8fc1 --- /dev/null +++ b/fix-oncn-mda-don-t-support-use-ipv6-family-in-sockop.patch @@ -0,0 +1,26 @@ +From 3ec7e0af60ea52a1db143a5cb001c0cf171da064 Mon Sep 17 00:00:00 2001 +From: bitcoffee +Date: Thu, 12 Dec 2024 19:13:53 +0800 +Subject: [PATCH] fix oncn-mda don't support use ipv6 family in sockops + +Signed-off-by: bitcoffee +--- + oncn-mda/ebpf_src/sock_ops.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/oncn-mda/ebpf_src/sock_ops.c b/oncn-mda/ebpf_src/sock_ops.c +index f5ab001..92840cc 100644 +--- a/oncn-mda/ebpf_src/sock_ops.c ++++ b/oncn-mda/ebpf_src/sock_ops.c +@@ -397,7 +397,7 @@ static void clean_ops_map(struct bpf_sock_ops *const skops) + SEC("sockops") + int SOCK_OPS_NAME(struct bpf_sock_ops *const skops) + { +- if (skops->family != AF_INET) ++ if ((skops->family != AF_INET) && (skops->family != AF_INET6)) + return 0; + + switch (skops->op) { +-- +2.33.0 + diff --git a/remove-libboundscheck-dependency.patch b/remove-libboundscheck-dependency.patch new file mode 100644 index 0000000..de3746b --- /dev/null +++ b/remove-libboundscheck-dependency.patch @@ -0,0 +1,269 @@ +From 66c6cd8aa818fc1b31f0d646817b7577c11396fc Mon Sep 17 00:00:00 2001 +From: bitcoffee +Date: Thu, 12 Dec 2024 19:41:12 +0800 +Subject: [PATCH] remove libboundscheck dependency + +Signed-off-by: bitcoffee +--- + oncn-mda/cli_src/CMakeLists.txt | 2 +- + oncn-mda/cli_src/func/chain.c | 23 ++++---------- + oncn-mda/cli_src/func/global.c | 53 +++++++++------------------------ + oncn-mda/cli_src/func/log.c | 2 +- + oncn-mda/cli_src/func/switch.c | 16 ++++------ + oncn-mda/include/log.h | 1 - + oncn-mda/include/macli.h | 1 - + 7 files changed, 28 insertions(+), 70 deletions(-) + +diff --git a/oncn-mda/cli_src/CMakeLists.txt b/oncn-mda/cli_src/CMakeLists.txt +index 471da73..5bf849f 100644 +--- a/oncn-mda/cli_src/CMakeLists.txt ++++ b/oncn-mda/cli_src/CMakeLists.txt +@@ -14,6 +14,6 @@ if($ENV{HS_COVERAGE_ENABLE}) + endif($ENV{HS_COVERAGE_ENABLE}) + + add_executable(mdacore mdacore.c ${SRC_LIST}) +-target_link_libraries(mdacore -lbpf -lboundscheck -lelf -lz -lm) ++target_link_libraries(mdacore -lbpf -lelf -lz -lm) + + MESSAGE("======================Leave cli folder=======================") +diff --git a/oncn-mda/cli_src/func/chain.c b/oncn-mda/cli_src/func/chain.c +index 3890606..4cf2988 100644 +--- a/oncn-mda/cli_src/func/chain.c ++++ b/oncn-mda/cli_src/func/chain.c +@@ -32,14 +32,9 @@ static int get_input_ip(const char *const src, struct input_filter_rule *const i + macli_log(ERR, "over the max cidrs set num, max is %d\n", MAX_PARAM_LENGTH); + return FAILED; + } +- int ret = strcpy_s(input_filter_rules->input_ip[(input_filter_rules->input_ip_num)++], MAX_CIDR_LENGTH, src); +- if (ret == ERANGE_AND_RESET) { +- macli_log(ERR, "input cidr string too long!\n"); +- return FAILED; +- } else if (ret != EOK) { +- macli_log(ERR, "get filter rules failed! errno:%d\n", ret); +- return FAILED; +- } ++ (void)memset(input_filter_rules->input_ip[(input_filter_rules->input_ip_num)], 0x0, MAX_CIDR_LENGTH); ++ (void)strncpy(input_filter_rules->input_ip[(input_filter_rules->input_ip_num)++], src, MAX_CIDR_LENGTH - 1); ++ + return SUCCESS; + } + +@@ -49,15 +44,9 @@ static int get_input_port(const char *const src, struct input_filter_rule *const + macli_log(ERR, "over the max ports set num, max is %d\n", MAX_PARAM_LENGTH); + return FAILED; + } +- int ret = +- strcpy_s(input_filter_rules->input_port[(input_filter_rules->input_port_num)++], MAX_PORT_RANGE_LENGTH, src); +- if (ret == ERANGE_AND_RESET) { +- macli_log(ERR, "input port string is too long!\n"); +- return FAILED; +- } else if (ret != EOK) { +- macli_log(ERR, "get filter rules failed! errno:%d\n", ret); +- return FAILED; +- } ++ (void)memset(input_filter_rules->input_port[(input_filter_rules->input_port_num)], 0x0, MAX_PORT_RANGE_LENGTH); ++ (void)strncpy(input_filter_rules->input_port[(input_filter_rules->input_port_num)++], src, MAX_PORT_RANGE_LENGTH - 1); ++ + return SUCCESS; + } + +diff --git a/oncn-mda/cli_src/func/global.c b/oncn-mda/cli_src/func/global.c +index 2579078..a0f17ab 100644 +--- a/oncn-mda/cli_src/func/global.c ++++ b/oncn-mda/cli_src/func/global.c +@@ -113,10 +113,8 @@ static int get_prog_fd(const char *const prog_name, int *const fd) + __u32 obj_id = 0; + __u32 info_length = sizeof(struct bpf_prog_info); + while (true) { +- if (memset_s(&prog_info, info_length, 0x0, info_length) != EOK) { +- macli_log(ERR, "system memset failed!\n"); +- return FAILED; +- } ++ (void)memset(&prog_info, 0x0, info_length); ++ + if (bpf_prog_get_next_id(obj_id, &obj_id)) { + if (errno == ENOENT) + break; +@@ -151,10 +149,7 @@ static int get_map_fd(const char *const map_name, int *const fd) + __u32 obj_id = 0; + __u32 info_length = sizeof(struct bpf_map_info); + while (true) { +- if (memset_s(&map_info, info_length, 0x0, info_length) != EOK) { +- macli_log(ERR, "system memset failed!\n"); +- return FAILED; +- } ++ (void)memset(&map_info, 0x0, info_length); + if (bpf_map_get_next_id(obj_id, &obj_id)) { + if (errno == ENOENT) + break; +@@ -192,13 +187,10 @@ static int init_mesh_map( + struct bpf_create_map_attr *const map_attr) + #endif + { +- int ret = EOK; +- ret += strcpy_s(fds_map->name, BPF_OBJ_NAME_LEN, map_name); +- ret += strcpy_s(fds_map->pin_file_path, PATH_MAX, pin_file_path); +- if (ret != EOK) { +- macli_log(ERR, "system copy string failed!"); +- return FAILED; +- } ++ (void)memset(fds_map->name, 0x0, BPF_OBJ_NAME_LEN); ++ (void)strncpy(fds_map->name, map_name, BPF_OBJ_NAME_LEN - 1); ++ (void)memset(fds_map->pin_file_path, 0x0, PATH_MAX); ++ (void)strncpy(fds_map->pin_file_path, pin_file_path, PATH_MAX - 1); + if (get_map_fd(fds_map->name, &(fds_map->fd)) != SUCCESS) + return FAILED; + fds_map->xattr = map_attr; +@@ -212,12 +204,8 @@ static int init_mesh_prog( + enum bpf_attach_type attach_type, + int attach_fd) + { +- int ret = EOK; +- ret = strcpy_s(fds_prog->name, BPF_OBJ_NAME_LEN, prog_name); +- if (ret != EOK) { +- macli_log(ERR, "system copy string failed!"); +- return FAILED; +- } ++ (void)memset(fds_prog->name, 0x0, BPF_OBJ_NAME_LEN); ++ (void)strncpy(fds_prog->name, prog_name, BPF_OBJ_NAME_LEN - 1); + if (get_prog_fd(fds_prog->name, &(fds_prog->fd)) != SUCCESS) + return FAILED; + fds_prog->attach_type = attach_type; +@@ -228,13 +216,8 @@ static int init_mesh_prog( + + static int init_mesh_prog_pin_file(struct mesh_prog_info *const fds_prog, const char *const pin_file_path) + { +- int ret = EOK; +- ret = strcpy_s(fds_prog->pin_file_path, PATH_MAX, pin_file_path); +- if (ret != EOK) { +- macli_log(ERR, "system copy string failed!"); +- return FAILED; +- } +- ++ (void)memset(fds_prog->pin_file_path, 0x0, PATH_MAX); ++ (void)strncpy(fds_prog->pin_file_path, pin_file_path, PATH_MAX - 1); + return SUCCESS; + } + +@@ -318,7 +301,7 @@ int get_u32_num(const char *const src, __u32 *const ret) + const int convert_base = 10; + char tmp_buff[TMP_BUF_SIZE] = {0}; + unsigned long tmp = strtoul(src, NULL, convert_base); +- if (sprintf_s(tmp_buff, sizeof(tmp_buff), "%lu", tmp) < 0) { ++ if (snprintf(tmp_buff, sizeof(tmp_buff), "%lu", tmp) < 0) { + macli_log(ERR, "system sprintf string failed!\n"); + return FAILED; + } +@@ -332,12 +315,8 @@ int get_u32_num(const char *const src, __u32 *const ret) + + int check_cidr(const char *const src, __u32 *const ip, __u32 *const mask) + { +- int ret = EOK; + char tmp_buff[MAX_CIDR_LENGTH] = {0}; +- if ((ret = strcpy_s(tmp_buff, sizeof(tmp_buff), src)) != EOK) { +- macli_log(ERR, "system copy string failed! errno:%d\n", ret); +- return FAILED; +- } ++ (void)strncpy(tmp_buff, src, sizeof(tmp_buff) - 1); + char *ip_part = tmp_buff; + char *p = strrchr(tmp_buff, '/'); + if (p == NULL) +@@ -358,12 +337,8 @@ int check_cidr(const char *const src, __u32 *const ip, __u32 *const mask) + + int check_port(const char *const src, __u32 *const begin_port, __u32 *const end_port) + { +- int ret = EOK; + char tmp_buff[MAX_PORT_RANGE_LENGTH] = {0}; +- if ((ret = strcpy_s(tmp_buff, sizeof(tmp_buff), src)) != EOK) { +- macli_log(ERR, "system copy string failed! errno:%d\n", ret); +- return FAILED; +- } ++ (void)strncpy(tmp_buff, src, sizeof(tmp_buff) - 1); + // support 80-90 + // support 80 + char *num1 = tmp_buff; +diff --git a/oncn-mda/cli_src/func/log.c b/oncn-mda/cli_src/func/log.c +index 9381c7e..b7b8287 100644 +--- a/oncn-mda/cli_src/func/log.c ++++ b/oncn-mda/cli_src/func/log.c +@@ -20,7 +20,7 @@ void ma_log(enum LOG_LEVEL level, const char *format, ...) + va_list ap; + va_start(ap, format); + char fmt_str[MAX_FMT_STR_LENGTH] = {0}; +- if (vsnprintf_s(fmt_str, sizeof(fmt_str), sizeof(fmt_str) - 1, format, ap) == -1) { ++ if (vsnprintf(fmt_str, sizeof(fmt_str), format, ap) < 0) { + va_end(ap); + return; + } +diff --git a/oncn-mda/cli_src/func/switch.c b/oncn-mda/cli_src/func/switch.c +index 416f00e..3974ba8 100644 +--- a/oncn-mda/cli_src/func/switch.c ++++ b/oncn-mda/cli_src/func/switch.c +@@ -365,7 +365,6 @@ static int check_file_access(const char *const config_path) + + static int read_chain_config(const char *const config_path, struct sock_param *const filter_rules) + { +- int ret; + if (check_file_access(config_path) != SUCCESS) + return FAILED; + FILE *config_file = fopen(config_path, "r"); +@@ -384,10 +383,10 @@ static int read_chain_config(const char *const config_path, struct sock_param *c + if (*p == '#' || *p == '\0') + continue; + +- if ((ret = strcpy_s(buf_save, sizeof(buf_save), buf)) != EOK) { +- macli_log(ERR, "system copy string failed! errno:%d\n", ret); +- continue; +- } ++ (void)memset(buf_save, 0x0, sizeof(buf_save)); ++ (void)strncpy(buf_save, buf, sizeof(buf_save)); ++ buf_save[MAX_BUFSIZE - 1] = 0; ++ + char *chain_argv[MAX_INPUT] = {0}; + int chain_argc = 0; + if (parser_arg(buf, (int)strlen(buf), &chain_argc, chain_argv) != SUCCESS) +@@ -519,15 +518,12 @@ int do_enable(int argc, char *const *argv) + char config_path[PATH_MAX] = {0}; + struct sock_param filter_rules = {0}; + struct mesh_service_info fds = {0}; +- int ret; + + if (set_rlimit() != SUCCESS) + return FAILED; + +- if ((ret = strcpy_s(config_path, PATH_MAX, CONFIGFILE_PATH)) != EOK) { +- macli_log(ERR, "system copy string failed! errno:%d\n", ret); +- return FAILED; +- } ++ (void)memset(config_path, 0x0, PATH_MAX); ++ (void)strncpy(config_path, CONFIGFILE_PATH, PATH_MAX - 1); + + if (enable_get_opt(argc, argv, config_path, &is_help) != SUCCESS) + return FAILED; +diff --git a/oncn-mda/include/log.h b/oncn-mda/include/log.h +index bfc026f..86162e0 100644 +--- a/oncn-mda/include/log.h ++++ b/oncn-mda/include/log.h +@@ -8,7 +8,6 @@ + #include + #include + #include +-#include "securec.h" + + enum LOG_LEVEL { FATAL = 0, ERR, WARN, INFO, DEBUG }; + +diff --git a/oncn-mda/include/macli.h b/oncn-mda/include/macli.h +index ebe8f69..1db7e7a 100644 +--- a/oncn-mda/include/macli.h ++++ b/oncn-mda/include/macli.h +@@ -20,7 +20,6 @@ + #include + #include + #include +-#include "securec.h" + #include "data.h" + #include "log.h" + +-- +2.33.0 + -- Gitee