diff --git a/Fix-pod-management-cannot-be-canceled.patch b/Fix-pod-management-cannot-be-canceled.patch deleted file mode 100644 index 5adf937dc4d1b5ed15c47d294c5dfa7b552c2c39..0000000000000000000000000000000000000000 --- a/Fix-pod-management-cannot-be-canceled.patch +++ /dev/null @@ -1,26 +0,0 @@ -From f75438dd75c2991f396d4d5c7f8fc4d11410bd5d Mon Sep 17 00:00:00 2001 -From: weli-l <1289113577@qq.com> -Date: Thu, 11 Jul 2024 16:35:22 +0800 -Subject: [PATCH] fix pod management cannot be canceld - ---- - pkg/controller/manage/kmesh_manage.go | 3 --- - 1 file changed, 3 deletions(-) - -diff --git a/pkg/controller/manage/kmesh_manage.go b/pkg/controller/manage/kmesh_manage.go -index f79dee4..f273083 100644 ---- a/pkg/controller/manage/kmesh_manage.go -+++ b/pkg/controller/manage/kmesh_manage.go -@@ -210,9 +210,6 @@ func shouldEnroll(client kubernetes.Interface, pod *corev1.Pod) bool { - if strings.EqualFold(pod.Labels[constants.DataPlaneModeLabel], constants.DataPlaneModeKmesh) { - return true - } -- if pod.Annotations[constants.KmeshRedirectionAnnotation] == "enabled" { -- return true -- } - - ns, err := client.CoreV1().Namespaces().Get(context.TODO(), pod.Namespace, metav1.GetOptions{}) - if err != nil { --- -2.34.1 - diff --git a/Kmesh.spec b/Kmesh.spec index 18a406e3b0a7fddb295c42853a3b982f9669ff29..278086d222ac1fa5cad2ddd158d2ef3ba3bbba48 100644 --- a/Kmesh.spec +++ b/Kmesh.spec @@ -1,11 +1,11 @@ %global codepath kmesh Name: Kmesh -Version: 0.4.0 -Release: 2 +Version: 0.4.1 +Release: 3 Summary: %{name} is a eBPF-based service mesh kernel solution License: ASL 2.0 and GPL-2.0 URL: https://github.com/kmesh-net -Source0: https://github.com/kmesh-net/kmesh/releases/tag/v%{version}.tar.gz +Source0: https://github.com/kmesh-net/kmesh/archive/refs/tags/v%{version}.tar.gz BuildRequires: cmake make pkgconf dracut BuildRequires: protobuf protobuf-c protobuf-c-devel @@ -21,8 +21,12 @@ Requires: libboundscheck Patch0001: Downgrade-go-version-to-v1.21.4.patch Patch0002: Remove-useless-tag-in-Makefile.patch -Patch0003: Fix-pod-management-cannot-be-canceled.patch Patch0004: Support-uid-gid.patch +Patch0005: fix-oncn-mda-don-t-support-use-ipv6-family-in-sockop.patch +Patch0006: remove-libboundscheck-dependency.patch +Patch0007: The-FN-get_netns_cookie-in-the-6.x-kernel-is-changed.patch +Patch0008: add-sockmap-dump-function.patch + %description %{name} is a eBPF-based service mesh kernel solution. @@ -43,7 +47,7 @@ go mod tidy %install mkdir -p %{buildroot}%{_bindir} install %{_builddir}/%{codepath}-%{version}/kmesh-daemon %{buildroot}%{_bindir} -install -Dpm 0600 %{_builddir}/%{codepath}-%{version}/kmesh-cni %{buildroot}%{_bindir} +install -Dpm 0600 %{_builddir}/%{codepath}-%{version}/kmesh-cni %{buildroot}%{_bindir} install %{_builddir}/%{codepath}-%{version}/build/kmesh-start-pre.sh %{buildroot}%{_bindir} install %{_builddir}/%{codepath}-%{version}/build/kmesh-stop-post.sh %{buildroot}%{_bindir} install %{_builddir}/%{codepath}-%{version}/oncn-mda/deploy/mdacore %{buildroot}%{_bindir} @@ -122,6 +126,13 @@ rm -rf %{buildroot} %attr(0500,root,root) /kmesh/start_kmesh.sh %changelog +* Wed Sep 03 2025 Yu Peng - 0.4.1-3 +- Sync Version + fix-oncn-mda-don-t-support-use-ipv6-family-in-sockop.patch + remove-libboundscheck-dependency.patch + The-FN-get_netns_cookie-in-the-6.x-kernel-is-changed.patch + add-sockmap-dump-function.patch + * Wed Feb 19 2025 weli-l<1289113577@qq.com> - 0.4.0-2 - modify ebpf prog premissions diff --git a/The-FN-get_netns_cookie-in-the-6.x-kernel-is-changed.patch b/The-FN-get_netns_cookie-in-the-6.x-kernel-is-changed.patch new file mode 100644 index 0000000000000000000000000000000000000000..f41eedb14fec1b5dee86bb7dcd51f141da16a75d --- /dev/null +++ b/The-FN-get_netns_cookie-in-the-6.x-kernel-is-changed.patch @@ -0,0 +1,32 @@ +From 411b0126f3693b53cc72bc01c0be919d24071fd1 Mon Sep 17 00:00:00 2001 +From: bitcoffee +Date: Sun, 15 Dec 2024 20:31:19 +0800 +Subject: [PATCH] fix helper function in the 6.x kernel cannot be correctly + matched on the Kmesh macros env + +The FN(get_netns_cookie) in the 6.x kernel is changed to +FN(get_netns_cookie, 212, ##ctx). Original logic cannot adapt to +the 6.x kernel. Modify kmesh_macros_env to adapt to the new kernel +logic. + +Signed-off-by: bitcoffee +--- + kmesh_macros_env.sh | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/kmesh_macros_env.sh b/kmesh_macros_env.sh +index 01a6934..ddfdf13 100644 +--- a/kmesh_macros_env.sh ++++ b/kmesh_macros_env.sh +@@ -8,7 +8,7 @@ function set_config() { + } + + # MDA_LOOPBACK_ADDR +-if grep -q "FN(get_netns_cookie)" $KERNEL_HEADER_LINUX_BPF; then ++if grep -q "FN(get_netns_cookie" $KERNEL_HEADER_LINUX_BPF; then + set_config MDA_LOOPBACK_ADDR 1 + else + set_config MDA_LOOPBACK_ADDR 0 +-- +2.33.0 + diff --git a/add-sockmap-dump-function.patch b/add-sockmap-dump-function.patch new file mode 100644 index 0000000000000000000000000000000000000000..3f4a30db28f251e78726d33ce760c5c5ef951f4a --- /dev/null +++ b/add-sockmap-dump-function.patch @@ -0,0 +1,545 @@ +From 7a892ba8c584ab4535b2749611ef498f5289ce3e Mon Sep 17 00:00:00 2001 +From: bitcoffee +Date: Tue, 24 Dec 2024 22:54:46 +0800 +Subject: [PATCH 1/4] add sockmap dump function + +--- + oncn-mda/cli_src/CMakeLists.txt | 3 + + oncn-mda/cli_src/func/dump.c | 214 ++++++++++++++++++++++++++++++ + oncn-mda/cli_src/func/global.c | 2 +- + oncn-mda/cli_src/mdadump.c | 7 + + oncn-mda/ebpf_src/sock_redirect.c | 96 +++++++++++++- + oncn-mda/include/data.h | 3 + + oncn-mda/include/dump.h | 6 + + oncn-mda/include/macli.h | 12 ++ + oncn-mda/include/writecap.h | 80 +++++++++++ + 9 files changed, 421 insertions(+), 2 deletions(-) + create mode 100644 oncn-mda/cli_src/func/dump.c + create mode 100644 oncn-mda/cli_src/mdadump.c + create mode 100644 oncn-mda/include/dump.h + create mode 100644 oncn-mda/include/writecap.h + +diff --git a/oncn-mda/cli_src/CMakeLists.txt b/oncn-mda/cli_src/CMakeLists.txt +index 5bf849f..7c710b3 100644 +--- a/oncn-mda/cli_src/CMakeLists.txt ++++ b/oncn-mda/cli_src/CMakeLists.txt +@@ -16,4 +16,7 @@ endif($ENV{HS_COVERAGE_ENABLE}) + add_executable(mdacore mdacore.c ${SRC_LIST}) + target_link_libraries(mdacore -lbpf -lelf -lz -lm) + ++add_executable(mdadump mdadump.c ${SRC_LIST}) ++target_link_libraries(mdadump -lbpf -lelf -lz -lm) ++ + MESSAGE("======================Leave cli folder=======================") +diff --git a/oncn-mda/cli_src/func/dump.c b/oncn-mda/cli_src/func/dump.c +new file mode 100644 +index 0000000..72a4916 +--- /dev/null ++++ b/oncn-mda/cli_src/func/dump.c +@@ -0,0 +1,214 @@ ++// SPDX-License-Identifier: (GPL-2.0-only OR BSD-2-Clause) ++/* Copyright Authors of Kmesh */ ++ ++#include ++#include "macli.h" ++#include "writecap.h" ++volatile sig_atomic_t g_keep_running = TRUE; ++ ++static void init_filter_rule(struct sock_param *input) ++{ ++ (void)memset(input, 0x0, sizeof(struct sock_param)); ++} ++ ++void dump_usage(void) ++{ ++ printf("Usage: dump {OPTIONS}\n"); ++ printf(" OPTIONS: -i|--ip: filter ip,eg:1.1.1.1/24\n"); ++ printf(" OPTIONS: -p|--ports: filter ports,eg:15001~15006\n"); ++ printf(" OPTIONS: -w|--write: output file\n"); ++} ++ ++static const struct option g_dump_optionsp[] = { ++ {"ip", required_argument, NULL, 'i'}, ++ {"ports", required_argument, NULL, 'p'}, ++ {"writes", required_argument, NULL, 'w'}, ++ {NULL} ++}; ++ ++int get_input_dump_ip(const char* src, struct sock_param* filter_rules) ++{ ++ if (filter_rules->dump_params.current_cidr_num >= MAX_PARAM_LENGTH) { ++ printf("over the max cidrs set num, max is %d\n", MAX_PARAM_LENGTH); ++ return FAILED; ++ } ++ char tmp_arg[MAX_CIDR_LENGTH] = {0}; ++ (void)strncpy(tmp_arg, src, MAX_IP_LENGTH); ++ (void)strncat(tmp_arg, "/32", sizeof(tmp_arg) - strlen(tmp_arg)); ++ __u32 ip; ++ __u32 mask; ++ if (check_cidr(tmp_arg, &ip, &mask) != SUCCESS) ++ return FAILED; ++ int current_param_num = filter_rules->dump_params.current_cidr_num++; ++ filter_rules->dump_params.dump_cidr[current_param_num].ip4 = ip; ++ filter_rules->dump_params.dump_cidr[current_param_num].mask = mask; ++ return SUCCESS; ++} ++ ++int get_input_dump_port(const char* src, struct sock_param *filter_rules) ++{ ++ if (strlen(src) > MAX_PORT_RANGE_LENGTH - 1) { ++ printf("input ports is too long! your input: %s\n", src); ++ return FAILED; ++ } ++ if (filter_rules->dump_params.current_port_num >= MAX_PARAM_LENGTH) { ++ printf("over the max ports set num, max is %d\n", MAX_PARAM_LENGTH); ++ return FAILED; ++ } ++ __u32 begin_port; ++ __u32 end_port; ++ if (check_port(src, &begin_port, &end_port) != SUCCESS) { ++ return FAILED; ++ } ++ int current_param_num = filter_rules->dump_params.current_port_num++; ++ filter_rules->dump_params.dump_port[current_param_num].begin_port = begin_port; ++ filter_rules->dump_params.dump_port[current_param_num].end_port = end_port; ++ return SUCCESS; ++} ++ ++int dump_get_opt(int argc, char **argv, struct sock_param *input_dump_filter_rules, char *output_file) ++{ ++ int opt; ++ optind = 1; ++ while ((opt = getopt_long(argc, argv, "i:p:w:", g_dump_optionsp, NULL)) >= 0) { ++ switch (opt) { ++ case 'i': ++ if (get_input_dump_ip(optarg, input_dump_filter_rules) != SUCCESS) ++ return FAILED; ++ break; ++ case 'p': ++ if (get_input_dump_port(optarg, input_dump_filter_rules) != SUCCESS) ++ return FAILED; ++ break; ++ case 'w': { ++ char dirBuff[PATH_MAX] = {0}; ++ (void)strncpy(dirBuff, optarg, PATH_MAX - 1); ++ char *baseName = basename(optarg); ++ char *tmpPath = dirname(dirBuff); ++ ++ if (realpath(tmpPath, output_file) == NULL) { ++ printf("input file path %s error! errno:%d\n", tmpPath, errno); ++ return FAILED; ++ } ++ (void)strncat(output_file, "/", PATH_MAX - strlen(output_file) - 1); ++ (void)strncat(output_file, baseName, PATH_MAX - strlen(output_file) - 1); ++ break; ++ } ++ case '?': ++ default: ++ dump_usage(); ++ return FAILED; ++ } ++ } ++ if (optind != argc) { ++ printf("unknown param!\n"); ++ dump_usage(); ++ return FAILED; ++ } ++ return SUCCESS; ++} ++ ++ ++void sig_handler(int sig) ++{ ++ if (sig == SIGINT) { ++ g_keep_running = FALSE; ++ } ++} ++ ++int update_dump_param(struct mesh_map_info *param_map_info, struct sock_param *param_list) ++{ ++ int key = 0; ++ if (bpf_map_update_elem(param_map_info->fd, &key, param_list, BPF_EXIST)) { ++ printf("update key ip failed! errno:%d\n", errno); ++ return FAILED; ++ } ++ return SUCCESS; ++} ++ ++int init_dump(struct sock_param *param_list, struct mesh_map_info *dump_map_info, struct mesh_map_info *param_map_info) ++{ ++ init_filter_rule(param_list); ++ init_mesh_map(dump_map_info, pinmap_file_path[MESH_MAP_OPS_DUMP_I_MAP], ++ to_str(SOCK_DUMP_MAP_I_NAME), NULL); ++ init_mesh_map(param_map_info, pinmap_file_path[MESH_MAP_OPS_PARAM_MAP], ++ to_str(SOCK_PARAM_MAP_NAME), NULL); ++ ++ if (dump_map_info->fd < 0 || param_map_info->fd < 0) { ++ printf("can not found the pin file %s, %s, is the serviceMesh on?\n", ++ dump_map_info->pin_file_path, param_map_info->pin_file_path); ++ return FAILED; ++ } ++ ++ if (get_map_filter_rule(param_map_info, param_list) != SUCCESS) ++ return FAILED; ++ return SUCCESS; ++} ++ ++void get_next_dump_data(int output_file, struct mesh_map_info *dump_map_info) ++{ ++ struct dump_data dump_datas = {0}; ++ if (bpf_map_lookup_and_delete_elem(dump_map_info->fd, NULL, &dump_datas) == 0) { ++ write_console(&dump_datas); ++ } else if (errno == ENOENT) ++ return; ++ else { ++ printf("get next dump message failed, errno:%d\n", errno); ++ g_keep_running = FALSE; ++ } ++} ++ ++void close_dump_fd(struct mesh_map_info *dump_map_info, struct mesh_map_info *param_map_info) ++{ ++ if (dump_map_info->fd > 0) ++ close((*dump_map_info).fd); ++ if (param_map_info->fd > 0) ++ close((*param_map_info).fd); ++} ++ ++int do_dump(int argc, char **argv) ++{ ++ int ret = FAILED; ++ g_keep_running = TRUE; ++ char output_file_name[PATH_MAX] = {0}; ++ int output_file = FALSE; ++ if (signal(SIGINT, sig_handler) == SIG_ERR) { ++ printf("create the signal failed!\n"); ++ return ERROR; ++ } ++ ++ struct sock_param param_list; ++ struct mesh_map_info dump_map_info; ++ struct mesh_map_info param_map_info; ++ if (init_dump(¶m_list, &dump_map_info, ¶m_map_info) != SUCCESS) ++ goto err; ++ ++ if (dump_get_opt(argc, argv, ¶m_list, output_file_name) != SUCCESS) ++ goto err; ++ ++ if (strcmp(output_file_name, "") != 0) { ++ printf("can not open the cap file\n"); ++ goto err; ++ } ++ ++ param_list.dump_params.switch_on = TRUE; ++ if (update_dump_param(¶m_map_info, ¶m_list) != SUCCESS) { ++ printf("start dump failed!\n"); ++ goto err; ++ } ++ ++ while(g_keep_running == TRUE) ++ get_next_dump_data(output_file, &dump_map_info); ++ ++ param_list.dump_params.switch_on = FALSE; ++ param_list.dump_params.current_cidr_num = 0; ++ param_list.dump_params.current_port_num = 0; ++ if (update_dump_param(¶m_map_info, ¶m_list)) { ++ printf("stop dump failed!\n"); ++ goto err; ++ } ++ ret = SUCCESS; ++err: ++ close_dump_fd(&dump_map_info, ¶m_map_info); ++ return ret; ++} +\ No newline at end of file +diff --git a/oncn-mda/cli_src/func/global.c b/oncn-mda/cli_src/func/global.c +index fc0a2b7..949a00d 100644 +--- a/oncn-mda/cli_src/func/global.c ++++ b/oncn-mda/cli_src/func/global.c +@@ -177,7 +177,7 @@ static int get_map_fd(const char *const map_name, int *const fd) + return SUCCESS; + } + +-static int init_mesh_map( ++int init_mesh_map( + struct mesh_map_info *const fds_map, + const char *const pin_file_path, + const char *const map_name, +diff --git a/oncn-mda/cli_src/mdadump.c b/oncn-mda/cli_src/mdadump.c +new file mode 100644 +index 0000000..0b27bf6 +--- /dev/null ++++ b/oncn-mda/cli_src/mdadump.c +@@ -0,0 +1,7 @@ ++#include ++#include "dump.h" ++ ++int main(int argc, char *argv[]) ++{ ++ return do_dump(argc, argv); ++} +diff --git a/oncn-mda/ebpf_src/sock_redirect.c b/oncn-mda/ebpf_src/sock_redirect.c +index 456afeb..78af95e 100644 +--- a/oncn-mda/ebpf_src/sock_redirect.c ++++ b/oncn-mda/ebpf_src/sock_redirect.c +@@ -3,6 +3,100 @@ + + #include "mesh_accelerate.h" + ++static int filter_dump_ip(const struct sk_msg_md *const msg, const struct sock_param *const param) ++{ ++ if (param->dump_params.current_cidr_num == 0) ++ return FILTER_PASS; ++ ++ bpf_log(DEBUG, "filter param:sip:%u, dip:%u\n", msg->local_ip4, msg->remote_ip4); ++ __u32 local_ip4 = bpf_ntohl(msg->local_ip4); ++ __u32 remote_ip4 = bpf_ntohl(msg->remote_ip4); ++ ++ for (int i = 0; i < MAX_PARAM_LENGTH; ++i) { ++ if (i >= param->dump_params.current_cidr_num) ++ break; ++ if (param->dump_params.dump_cidr[i].ip4 == local_ip4 || ++ param->dump_params.dump_cidr[i].ip4 == remote_ip4) ++ return FILTER_PASS; ++ } ++ return FILTER_RETURN; ++} ++ ++static int adj_filter_dump_port(const struct port_range *const param, __u32 msg_sport, __u32 msg_dport) ++{ ++ __u32 begin_port = param->begin_port; ++ __u32 end_port = param->end_port; ++ bpf_log(DEBUG, "filter param need:begin ports: %u, end ports:%u\n", begin_port, end_port); ++ if ((msg_sport >= begin_port && msg_sport <= end_port) || ++ (msg_dport >= begin_port && msg_dport <= end_port)) ++ return FILTER_PASS; ++ return FILTER_RETURN; ++} ++ ++static int filter_dump_port(const struct sk_msg_md *const msg, const struct sock_param *const param) ++{ ++ if (param->dump_params.current_port_num == 0) ++ return FILTER_PASS; ++ ++ __u32 msg_sport = msg->local_port; ++ __u32 msg_dport = bpf_ntohl(msg->remote_port); ++ ++ for (int i = 0; i < MAX_PARAM_LENGTH; ++i) { ++ if (i >= param->dump_params.current_port_num) ++ break; ++ if (adj_filter_dump_port(&(param->dump_params.dump_port[i]), msg_sport, msg_dport) == FILTER_PASS) ++ return FILTER_PASS; ++ } ++ return FILTER_RETURN; ++} ++ ++static void get_dump_data(const struct sk_msg_md *const msg, struct dump_data *const data) ++{ ++ __u64 current_timestamp = bpf_ktime_get_ns(); ++ data->timestamp = current_timestamp; ++ data->sip = msg->local_ip4; ++ data->sport = (bpf_htonl(msg->local_port) >> FORMAT_IP_LENGTH); ++ data->dip = msg->remote_ip4; ++ data->dport = (force_read(msg->remote_port) >> FORMAT_IP_LENGTH); ++ data->data_length = msg->size; ++ bpf_probe_read_kernel(data->data, 4096, (void *)(long)msg->data); ++} ++ ++static void dump_msg(const struct sk_msg_md *const msg) ++{ ++ bpf_log(DEBUG, "begin dump\n"); ++ int index = 0; ++ struct sock_param *param = bpf_map_lookup_elem(&SOCK_PARAM_MAP_NAME, &index); ++ if (param == NULL) ++ return; ++ ++ if (param->dump_params.switch_on == FALSE) ++ return; ++ ++ bpf_log(DEBUG, "dump"); ++ ++ if (filter_dump_ip(msg, param) != FILTER_PASS) { ++ bpf_log(DEBUG, "ip:%u, ports:%u filtered by ip\n", msg->local_ip4, msg->local_port); ++ return; ++ } ++ ++ if (filter_dump_port(msg, param) != FILTER_PASS) { ++ bpf_log(DEBUG, "ip:%u, ports:%u filtered by port\n", msg->local_ip4, msg->local_port); ++ return; ++ } ++ ++ struct dump_data *data = NULL; ++ data = bpf_map_lookup_elem(&SOCK_DUMP_CPU_ARRAY_NAME, &index); ++ if (data == NULL) ++ return; ++ ++ get_dump_data(msg, data); ++ ++ if (bpf_map_push_elem(&SOCK_DUMP_MAP_I_NAME, data, BPF_EXIST)) ++ bpf_log(ERROR, "push the element failed!\n"); ++ bpf_log(DEBUG, "dump success\n"); ++} ++ + SEC("sk_msg") + int SOCK_REDIRECT_NAME(struct sk_msg_md *const msg) + { +@@ -23,7 +117,7 @@ int SOCK_REDIRECT_NAME(struct sk_msg_md *const msg) + ret = bpf_msg_redirect_hash(msg, &SOCK_OPS_MAP_NAME, redir_key, BPF_F_INGRESS); + if (ret != SK_DROP) { + bpf_log(DEBUG, "redirect the sk success\n"); +- ++ dump_msg(msg); + } else { + // If you connect to the peer machine, you do end up in this branch + bpf_log(INFO, "no such socket, may be peer socket on another machine\n"); +diff --git a/oncn-mda/include/data.h b/oncn-mda/include/data.h +index 951a3ab..7098ef5 100644 +--- a/oncn-mda/include/data.h ++++ b/oncn-mda/include/data.h +@@ -15,6 +15,8 @@ + #define SK_BPF_GID_UID 18000 + #define BPF_SO_ORIGINAL_DST 800 + ++#define MAX_DUMP_DATA_LENGTH 4096 ++ + #define SUCCESS 0 + #define FAILED 1 + +@@ -139,6 +141,7 @@ struct dump_data { + __u32 dip; + __u32 dport; + __u32 data_length; ++ __u8 data[MAX_DUMP_DATA_LENGTH]; + }; + + #pragma pack() +diff --git a/oncn-mda/include/dump.h b/oncn-mda/include/dump.h +new file mode 100644 +index 0000000..b76f474 +--- /dev/null ++++ b/oncn-mda/include/dump.h +@@ -0,0 +1,6 @@ ++#ifndef __DUMP_H__ ++#define __DUMP_H__ ++ ++int do_dump(int argc, char *argv[]); ++ ++#endif +\ No newline at end of file +diff --git a/oncn-mda/include/macli.h b/oncn-mda/include/macli.h +index 1db7e7a..cd0dcd7 100644 +--- a/oncn-mda/include/macli.h ++++ b/oncn-mda/include/macli.h +@@ -101,6 +101,9 @@ struct mesh_service_info { + struct mesh_prog_info prog_fds[MESH_PROG_NUM]; + }; + ++extern const char pinmap_file_path[][PATH_MAX]; ++extern const char pinprog_file_path[][PATH_MAX]; ++ + // global.c + int check_cidr(const char *const src, __u32 *const ip, __u32 *const mask); + int check_port(const char *const src, __u32 *const begin_port, __u32 *const end_port); +@@ -120,4 +123,13 @@ void close_fds(int cgroup_fd, const struct mesh_service_info *const fds); + + // chain.c + int do_chain(int argc, char *const *argv, struct sock_param *const filter_rules); ++int init_mesh_map( ++ struct mesh_map_info *const fds_map, ++ const char *const pin_file_path, ++ const char *const map_name, ++#if LIBBPF_HIGHER_0_6_0_VERSION ++ struct create_map_attr *const map_attr); ++#else ++ struct bpf_create_map_attr *const map_attr); ++#endif + #endif +diff --git a/oncn-mda/include/writecap.h b/oncn-mda/include/writecap.h +new file mode 100644 +index 0000000..2aabc82 +--- /dev/null ++++ b/oncn-mda/include/writecap.h +@@ -0,0 +1,80 @@ ++/* SPDX-License-Identifier: (GPL-2.0-only OR BSD-2-Clause) */ ++/* Copyright Authors of Kmesh */ ++ ++#include "data.h" ++#include ++#include ++#include ++ ++#include ++#include ++#include ++#include ++#include ++ ++#define MAC_LENGTH 6 ++#define MAX_IP_PORT_LENGTH 32 ++#define MAX_IP_LENGTH 16 ++const int NANO_2_SECOND_RATE = 1000000000; ++ ++int get_sys_time(__u64 ktime, time_t *dataTime) ++{ ++ struct sysinfo info; ++ time_t boot_time; ++ if (sysinfo(&info)) { ++ return FAILED; ++ } ++ time_t cur_time = time(NULL); ++ if (cur_time > info.uptime) ++ boot_time = cur_time - info.uptime; ++ else ++ boot_time = info.uptime - cur_time; ++ *dataTime = boot_time + ktime / NANO_2_SECOND_RATE; ++ return SUCCESS; ++} ++ ++int format_ip(__u32 ip4, char *ip, int ipSize) ++{ ++ struct in_addr src; ++ src.s_addr = ip4; ++ if (inet_ntop(AF_INET, &src, ip, ipSize) == NULL) { ++ printf("can not convert the ip:%d\n", ip4); ++ return FAILED; ++ } ++ return SUCCESS; ++} ++ ++int format_ip_port(__u32 ip4, __u32 port, char *ip, int ipSize) ++{ ++ char tmp_ip[MAX_IP_LENGTH] = {0}; ++ ++ if (format_ip(ip4, tmp_ip, MAX_IP_LENGTH) != SUCCESS) ++ return FAILED; ++ (void)snprintf(ip, ipSize - 1, "%s:%u", tmp_ip, port); ++ return SUCCESS; ++} ++ ++void write_console(const struct dump_data *data) ++{ ++ time_t print_time; ++ ++ char srcIP[MAX_IP_PORT_LENGTH] = {0}; ++ char dstIP[MAX_IP_PORT_LENGTH] = {0}; ++ format_ip_port(data->sip, ntohl(data->sport << 16), srcIP, sizeof(srcIP)); ++ format_ip_port(data->dip, ntohl(data->dport << 16), dstIP, sizeof(dstIP)); ++ if (get_sys_time(data->timestamp, &print_time) == FAILED) ++ printf("[%llu],ip:%s > %s\n", data->timestamp, srcIP, dstIP); ++ else { ++ struct tm print_tm; ++ localtime_r(&print_time, &print_tm); ++ printf("[%d-%d-%d %d:%d:%d],ip:%s > %s, data length:%d\n", ++ print_tm.tm_year + 1900, print_tm.tm_mon + 1, print_tm.tm_mday, ++ print_tm.tm_hour, print_tm.tm_min, print_tm.tm_sec, ++ srcIP, dstIP, data->data_length); ++ int print_length = data->data_length <= MAX_DUMP_DATA_LENGTH ? data->data_length : MAX_DUMP_DATA_LENGTH; ++ for (int i = 0; i < print_length; i++) { ++ printf("%c", data->data[i]); ++ } ++ printf("\n"); ++ } ++} +-- +2.33.0 + diff --git a/fix-oncn-mda-don-t-support-use-ipv6-family-in-sockop.patch b/fix-oncn-mda-don-t-support-use-ipv6-family-in-sockop.patch new file mode 100644 index 0000000000000000000000000000000000000000..b0c8fc15850e161f11665db3bb9b208cd506d8a5 --- /dev/null +++ b/fix-oncn-mda-don-t-support-use-ipv6-family-in-sockop.patch @@ -0,0 +1,26 @@ +From 3ec7e0af60ea52a1db143a5cb001c0cf171da064 Mon Sep 17 00:00:00 2001 +From: bitcoffee +Date: Thu, 12 Dec 2024 19:13:53 +0800 +Subject: [PATCH] fix oncn-mda don't support use ipv6 family in sockops + +Signed-off-by: bitcoffee +--- + oncn-mda/ebpf_src/sock_ops.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/oncn-mda/ebpf_src/sock_ops.c b/oncn-mda/ebpf_src/sock_ops.c +index f5ab001..92840cc 100644 +--- a/oncn-mda/ebpf_src/sock_ops.c ++++ b/oncn-mda/ebpf_src/sock_ops.c +@@ -397,7 +397,7 @@ static void clean_ops_map(struct bpf_sock_ops *const skops) + SEC("sockops") + int SOCK_OPS_NAME(struct bpf_sock_ops *const skops) + { +- if (skops->family != AF_INET) ++ if ((skops->family != AF_INET) && (skops->family != AF_INET6)) + return 0; + + switch (skops->op) { +-- +2.33.0 + diff --git a/remove-libboundscheck-dependency.patch b/remove-libboundscheck-dependency.patch new file mode 100644 index 0000000000000000000000000000000000000000..de3746b1d34770bc809c7113587258ddcc9b4b5b --- /dev/null +++ b/remove-libboundscheck-dependency.patch @@ -0,0 +1,269 @@ +From 66c6cd8aa818fc1b31f0d646817b7577c11396fc Mon Sep 17 00:00:00 2001 +From: bitcoffee +Date: Thu, 12 Dec 2024 19:41:12 +0800 +Subject: [PATCH] remove libboundscheck dependency + +Signed-off-by: bitcoffee +--- + oncn-mda/cli_src/CMakeLists.txt | 2 +- + oncn-mda/cli_src/func/chain.c | 23 ++++---------- + oncn-mda/cli_src/func/global.c | 53 +++++++++------------------------ + oncn-mda/cli_src/func/log.c | 2 +- + oncn-mda/cli_src/func/switch.c | 16 ++++------ + oncn-mda/include/log.h | 1 - + oncn-mda/include/macli.h | 1 - + 7 files changed, 28 insertions(+), 70 deletions(-) + +diff --git a/oncn-mda/cli_src/CMakeLists.txt b/oncn-mda/cli_src/CMakeLists.txt +index 471da73..5bf849f 100644 +--- a/oncn-mda/cli_src/CMakeLists.txt ++++ b/oncn-mda/cli_src/CMakeLists.txt +@@ -14,6 +14,6 @@ if($ENV{HS_COVERAGE_ENABLE}) + endif($ENV{HS_COVERAGE_ENABLE}) + + add_executable(mdacore mdacore.c ${SRC_LIST}) +-target_link_libraries(mdacore -lbpf -lboundscheck -lelf -lz -lm) ++target_link_libraries(mdacore -lbpf -lelf -lz -lm) + + MESSAGE("======================Leave cli folder=======================") +diff --git a/oncn-mda/cli_src/func/chain.c b/oncn-mda/cli_src/func/chain.c +index 3890606..4cf2988 100644 +--- a/oncn-mda/cli_src/func/chain.c ++++ b/oncn-mda/cli_src/func/chain.c +@@ -32,14 +32,9 @@ static int get_input_ip(const char *const src, struct input_filter_rule *const i + macli_log(ERR, "over the max cidrs set num, max is %d\n", MAX_PARAM_LENGTH); + return FAILED; + } +- int ret = strcpy_s(input_filter_rules->input_ip[(input_filter_rules->input_ip_num)++], MAX_CIDR_LENGTH, src); +- if (ret == ERANGE_AND_RESET) { +- macli_log(ERR, "input cidr string too long!\n"); +- return FAILED; +- } else if (ret != EOK) { +- macli_log(ERR, "get filter rules failed! errno:%d\n", ret); +- return FAILED; +- } ++ (void)memset(input_filter_rules->input_ip[(input_filter_rules->input_ip_num)], 0x0, MAX_CIDR_LENGTH); ++ (void)strncpy(input_filter_rules->input_ip[(input_filter_rules->input_ip_num)++], src, MAX_CIDR_LENGTH - 1); ++ + return SUCCESS; + } + +@@ -49,15 +44,9 @@ static int get_input_port(const char *const src, struct input_filter_rule *const + macli_log(ERR, "over the max ports set num, max is %d\n", MAX_PARAM_LENGTH); + return FAILED; + } +- int ret = +- strcpy_s(input_filter_rules->input_port[(input_filter_rules->input_port_num)++], MAX_PORT_RANGE_LENGTH, src); +- if (ret == ERANGE_AND_RESET) { +- macli_log(ERR, "input port string is too long!\n"); +- return FAILED; +- } else if (ret != EOK) { +- macli_log(ERR, "get filter rules failed! errno:%d\n", ret); +- return FAILED; +- } ++ (void)memset(input_filter_rules->input_port[(input_filter_rules->input_port_num)], 0x0, MAX_PORT_RANGE_LENGTH); ++ (void)strncpy(input_filter_rules->input_port[(input_filter_rules->input_port_num)++], src, MAX_PORT_RANGE_LENGTH - 1); ++ + return SUCCESS; + } + +diff --git a/oncn-mda/cli_src/func/global.c b/oncn-mda/cli_src/func/global.c +index 2579078..a0f17ab 100644 +--- a/oncn-mda/cli_src/func/global.c ++++ b/oncn-mda/cli_src/func/global.c +@@ -113,10 +113,8 @@ static int get_prog_fd(const char *const prog_name, int *const fd) + __u32 obj_id = 0; + __u32 info_length = sizeof(struct bpf_prog_info); + while (true) { +- if (memset_s(&prog_info, info_length, 0x0, info_length) != EOK) { +- macli_log(ERR, "system memset failed!\n"); +- return FAILED; +- } ++ (void)memset(&prog_info, 0x0, info_length); ++ + if (bpf_prog_get_next_id(obj_id, &obj_id)) { + if (errno == ENOENT) + break; +@@ -151,10 +149,7 @@ static int get_map_fd(const char *const map_name, int *const fd) + __u32 obj_id = 0; + __u32 info_length = sizeof(struct bpf_map_info); + while (true) { +- if (memset_s(&map_info, info_length, 0x0, info_length) != EOK) { +- macli_log(ERR, "system memset failed!\n"); +- return FAILED; +- } ++ (void)memset(&map_info, 0x0, info_length); + if (bpf_map_get_next_id(obj_id, &obj_id)) { + if (errno == ENOENT) + break; +@@ -192,13 +187,10 @@ static int init_mesh_map( + struct bpf_create_map_attr *const map_attr) + #endif + { +- int ret = EOK; +- ret += strcpy_s(fds_map->name, BPF_OBJ_NAME_LEN, map_name); +- ret += strcpy_s(fds_map->pin_file_path, PATH_MAX, pin_file_path); +- if (ret != EOK) { +- macli_log(ERR, "system copy string failed!"); +- return FAILED; +- } ++ (void)memset(fds_map->name, 0x0, BPF_OBJ_NAME_LEN); ++ (void)strncpy(fds_map->name, map_name, BPF_OBJ_NAME_LEN - 1); ++ (void)memset(fds_map->pin_file_path, 0x0, PATH_MAX); ++ (void)strncpy(fds_map->pin_file_path, pin_file_path, PATH_MAX - 1); + if (get_map_fd(fds_map->name, &(fds_map->fd)) != SUCCESS) + return FAILED; + fds_map->xattr = map_attr; +@@ -212,12 +204,8 @@ static int init_mesh_prog( + enum bpf_attach_type attach_type, + int attach_fd) + { +- int ret = EOK; +- ret = strcpy_s(fds_prog->name, BPF_OBJ_NAME_LEN, prog_name); +- if (ret != EOK) { +- macli_log(ERR, "system copy string failed!"); +- return FAILED; +- } ++ (void)memset(fds_prog->name, 0x0, BPF_OBJ_NAME_LEN); ++ (void)strncpy(fds_prog->name, prog_name, BPF_OBJ_NAME_LEN - 1); + if (get_prog_fd(fds_prog->name, &(fds_prog->fd)) != SUCCESS) + return FAILED; + fds_prog->attach_type = attach_type; +@@ -228,13 +216,8 @@ static int init_mesh_prog( + + static int init_mesh_prog_pin_file(struct mesh_prog_info *const fds_prog, const char *const pin_file_path) + { +- int ret = EOK; +- ret = strcpy_s(fds_prog->pin_file_path, PATH_MAX, pin_file_path); +- if (ret != EOK) { +- macli_log(ERR, "system copy string failed!"); +- return FAILED; +- } +- ++ (void)memset(fds_prog->pin_file_path, 0x0, PATH_MAX); ++ (void)strncpy(fds_prog->pin_file_path, pin_file_path, PATH_MAX - 1); + return SUCCESS; + } + +@@ -318,7 +301,7 @@ int get_u32_num(const char *const src, __u32 *const ret) + const int convert_base = 10; + char tmp_buff[TMP_BUF_SIZE] = {0}; + unsigned long tmp = strtoul(src, NULL, convert_base); +- if (sprintf_s(tmp_buff, sizeof(tmp_buff), "%lu", tmp) < 0) { ++ if (snprintf(tmp_buff, sizeof(tmp_buff), "%lu", tmp) < 0) { + macli_log(ERR, "system sprintf string failed!\n"); + return FAILED; + } +@@ -332,12 +315,8 @@ int get_u32_num(const char *const src, __u32 *const ret) + + int check_cidr(const char *const src, __u32 *const ip, __u32 *const mask) + { +- int ret = EOK; + char tmp_buff[MAX_CIDR_LENGTH] = {0}; +- if ((ret = strcpy_s(tmp_buff, sizeof(tmp_buff), src)) != EOK) { +- macli_log(ERR, "system copy string failed! errno:%d\n", ret); +- return FAILED; +- } ++ (void)strncpy(tmp_buff, src, sizeof(tmp_buff) - 1); + char *ip_part = tmp_buff; + char *p = strrchr(tmp_buff, '/'); + if (p == NULL) +@@ -358,12 +337,8 @@ int check_cidr(const char *const src, __u32 *const ip, __u32 *const mask) + + int check_port(const char *const src, __u32 *const begin_port, __u32 *const end_port) + { +- int ret = EOK; + char tmp_buff[MAX_PORT_RANGE_LENGTH] = {0}; +- if ((ret = strcpy_s(tmp_buff, sizeof(tmp_buff), src)) != EOK) { +- macli_log(ERR, "system copy string failed! errno:%d\n", ret); +- return FAILED; +- } ++ (void)strncpy(tmp_buff, src, sizeof(tmp_buff) - 1); + // support 80-90 + // support 80 + char *num1 = tmp_buff; +diff --git a/oncn-mda/cli_src/func/log.c b/oncn-mda/cli_src/func/log.c +index 9381c7e..b7b8287 100644 +--- a/oncn-mda/cli_src/func/log.c ++++ b/oncn-mda/cli_src/func/log.c +@@ -20,7 +20,7 @@ void ma_log(enum LOG_LEVEL level, const char *format, ...) + va_list ap; + va_start(ap, format); + char fmt_str[MAX_FMT_STR_LENGTH] = {0}; +- if (vsnprintf_s(fmt_str, sizeof(fmt_str), sizeof(fmt_str) - 1, format, ap) == -1) { ++ if (vsnprintf(fmt_str, sizeof(fmt_str), format, ap) < 0) { + va_end(ap); + return; + } +diff --git a/oncn-mda/cli_src/func/switch.c b/oncn-mda/cli_src/func/switch.c +index 416f00e..3974ba8 100644 +--- a/oncn-mda/cli_src/func/switch.c ++++ b/oncn-mda/cli_src/func/switch.c +@@ -365,7 +365,6 @@ static int check_file_access(const char *const config_path) + + static int read_chain_config(const char *const config_path, struct sock_param *const filter_rules) + { +- int ret; + if (check_file_access(config_path) != SUCCESS) + return FAILED; + FILE *config_file = fopen(config_path, "r"); +@@ -384,10 +383,10 @@ static int read_chain_config(const char *const config_path, struct sock_param *c + if (*p == '#' || *p == '\0') + continue; + +- if ((ret = strcpy_s(buf_save, sizeof(buf_save), buf)) != EOK) { +- macli_log(ERR, "system copy string failed! errno:%d\n", ret); +- continue; +- } ++ (void)memset(buf_save, 0x0, sizeof(buf_save)); ++ (void)strncpy(buf_save, buf, sizeof(buf_save)); ++ buf_save[MAX_BUFSIZE - 1] = 0; ++ + char *chain_argv[MAX_INPUT] = {0}; + int chain_argc = 0; + if (parser_arg(buf, (int)strlen(buf), &chain_argc, chain_argv) != SUCCESS) +@@ -519,15 +518,12 @@ int do_enable(int argc, char *const *argv) + char config_path[PATH_MAX] = {0}; + struct sock_param filter_rules = {0}; + struct mesh_service_info fds = {0}; +- int ret; + + if (set_rlimit() != SUCCESS) + return FAILED; + +- if ((ret = strcpy_s(config_path, PATH_MAX, CONFIGFILE_PATH)) != EOK) { +- macli_log(ERR, "system copy string failed! errno:%d\n", ret); +- return FAILED; +- } ++ (void)memset(config_path, 0x0, PATH_MAX); ++ (void)strncpy(config_path, CONFIGFILE_PATH, PATH_MAX - 1); + + if (enable_get_opt(argc, argv, config_path, &is_help) != SUCCESS) + return FAILED; +diff --git a/oncn-mda/include/log.h b/oncn-mda/include/log.h +index bfc026f..86162e0 100644 +--- a/oncn-mda/include/log.h ++++ b/oncn-mda/include/log.h +@@ -8,7 +8,6 @@ + #include + #include + #include +-#include "securec.h" + + enum LOG_LEVEL { FATAL = 0, ERR, WARN, INFO, DEBUG }; + +diff --git a/oncn-mda/include/macli.h b/oncn-mda/include/macli.h +index ebe8f69..1db7e7a 100644 +--- a/oncn-mda/include/macli.h ++++ b/oncn-mda/include/macli.h +@@ -20,7 +20,6 @@ + #include + #include + #include +-#include "securec.h" + #include "data.h" + #include "log.h" + +-- +2.33.0 + diff --git a/v0.4.0.tar.gz b/v0.4.1.tar.gz similarity index 77% rename from v0.4.0.tar.gz rename to v0.4.1.tar.gz index ed91aaaa51bd01392435b39f95abc5ca2c65d211..d12576adc7f9b6d4dd029444eeff8179a06fbff8 100644 Binary files a/v0.4.0.tar.gz and b/v0.4.1.tar.gz differ