add bypass logic for kmesh #297

weli-l · 2024-05-07T12:44:45Z

What type of PR is this?

What this PR does / why we need it:

This PR introduces the implementation of the bypass kmesh function and reuses the map_of_manager table.
If the map contains pod data and the value of the corresponding record is 0, the traffic of the current pod is managed by kmesh.
If the map contains pod data and the value of the corresponding record is 1, the traffic of the current pod is bypassed.

Which issue(s) this PR fixes:
Fixes #

Special notes for your reviewer:

Self-verification report

ads module

root@ubuntu-1:~# kubectl get pods -A -owide
NAMESPACE            NAME                                            READY   STATUS    RESTARTS   AGE     IP            NODE                    NOMINATED NODE   READINESS GATES
default              fortio-client-deployment-6966bf9488-h8wmz       1/1     Running   0          22s     10.244.1.14   ambient-worker          <none>           <none>
default              fortio-server-deployment-97cf895fc-k8z57        1/1     Running   0          22s     10.244.1.15   ambient-worker          <none>           <none>
default              fortio-server-deployment-97cf895fc-s2c6t        1/1     Running   0          22s     10.244.1.13   ambient-worker          <none>           <none>
istio-system         istio-cni-node-gtdg8                            1/1     Running   0          4h46m   172.18.0.3    ambient-control-plane   <none>           <none>
istio-system         istio-cni-node-vd6mv                            1/1     Running   0          4h46m   172.18.0.2    ambient-worker          <none>           <none>
istio-system         istiod-76c587b7cd-jt778                         1/1     Running   0          4h46m   10.244.1.2    ambient-worker          <none>           <none>
istio-system         ztunnel-8wbkn                                   1/1     Running   0          4h46m   10.244.1.3    ambient-worker          <none>           <none>
istio-system         ztunnel-kjn95                                   1/1     Running   0          4h46m   10.244.0.5    ambient-control-plane   <none>           <none>
kmesh-system         kmesh-n9n78                                     1/1     Running   0          43s     10.244.1.12   ambient-worker          <none>           <none>
kube-system          coredns-565d847f94-7lnc8                        1/1     Running   0          4h48m   10.244.0.3    ambient-control-plane   <none>           <none>
kube-system          coredns-565d847f94-g8x4w                        1/1     Running   0          4h48m   10.244.0.4    ambient-control-plane   <none>           <none>
kube-system          etcd-ambient-control-plane                      1/1     Running   0          4h48m   172.18.0.3    ambient-control-plane   <none>           <none>

##use fortio to test
root@ubuntu-1:~# kubectl exec -it fortio-client-deployment-6966bf9488-h8wmz    -- fortio load -c 1  -t 30s -qps 0 -jitter=true 10.96.5.66

##Open a new window and enter netns in fortio-client.
root@ambient-worker:/# ss -t
State                Recv-Q                Send-Q                                Local Address:Port                                  Peer Address:Port                    Process
ESTAB                0                     74                                      10.244.1.14:43974                                  10.244.1.13:http-alt

enable bypass control

root@ubuntu-1:~# kubectl label pod fortio-client-deployment-6966bf9488-h8wmz  kmesh.net/bypass=enabled
pod/fortio-client-deployment-6966bf9488-h8wmz labeled

##use fortio to test
root@ubuntu-1:~# kubectl exec -it fortio-client-deployment-6966bf9488-h8wmz    -- fortio load -c 1  -t 30s -qps 0 -jitter=true 10.96.5.66

##Open a new window and enter netns in fortio-client.
root@ambient-worker:/# ss -t
State                   Recv-Q                Send-Q                                 Local Address:Port                                  Peer Address:Port                Process
ESTAB                   0                     74                                       10.244.1.14:44956                                   10.96.5.66:http
SYN-SENT                0                     1                                        10.244.1.14:60300                                      0.0.0.1:931

disable bypass control

root@ubuntu-1:~# kubectl label pod fortio-client-deployment-6966bf9488-h8wmz  kmesh.net/bypass-
pod/fortio-client-deployment-6966bf9488-h8wmz unlabeled

##Open a new window and enter netns in fortio-client.
root@ubuntu-1:~# kubectl exec -it fortio-client-deployment-6966bf9488-h8wmz    -- fortio load -c 1  -t 30s -qps 0 -jitter=true 10.96.5.66

root@ambient-worker:/# ss -t
State                   Recv-Q                Send-Q                               Local Address:Port                                Peer Address:Port                    Process
SYN-SENT                0                     1                                      10.244.1.14:32894                                    0.0.0.1:932
ESTAB                   0                     74                                     10.244.1.14:35880                                10.244.1.13:http-alt
SYN-SENT                0                     1                                      10.244.1.14:60300                                    0.0.0.1:931

workload module

root@ubuntu-1:~# kubectl get pods -A -owide
NAMESPACE            NAME                                            READY   STATUS    RESTARTS   AGE     IP            NODE                    NOMINATED NODE   READINESS GATES
default              fortio-client-deployment-6966bf9488-k5qpd       1/1     Running   0          4h15m   10.244.1.9    ambient-worker          <none>           <none>
default              fortio-server-deployment-97cf895fc-5qj64        1/1     Running   0          4h15m   10.244.1.8    ambient-worker          <none>           <none>
default              fortio-server-deployment-97cf895fc-c7jz9        1/1     Running   0          4h15m   10.244.1.10   ambient-worker          <none>           <none>
istio-system         istio-cni-node-gtdg8                            1/1     Running   0          4h40m   172.18.0.3    ambient-control-plane   <none>           <none>
istio-system         istio-cni-node-vd6mv                            1/1     Running   0          4h40m   172.18.0.2    ambient-worker          <none>           <none>
istio-system         istiod-76c587b7cd-jt778                         1/1     Running   0          4h40m   10.244.1.2    ambient-worker          <none>           <none>
istio-system         ztunnel-8wbkn                                   1/1     Running   0          4h40m   10.244.1.3    ambient-worker          <none>           <none>
istio-system         ztunnel-kjn95                                   1/1     Running   0          4h40m   10.244.0.5    ambient-control-plane   <none>           <none>
kmesh-system         kmesh-x7t8t                                     1/1     Running   0          4h21m   10.244.1.4    ambient-worker          <none>           <none>
kube-system          coredns-565d847f94-7lnc8                        1/1     Running   0          4h42m   10.244.0.3    ambient-control-plane   <none>           <none>

##get svc ip
root@ubuntu-1:~# kubectl get svc
NAME            TYPE        CLUSTER-IP   EXTERNAL-IP   PORT(S)   AGE
fortio-server   ClusterIP   10.96.5.66   <none>        80/TCP    4h20m
kubernetes      ClusterIP   10.96.0.1    <none>        443/TCP   4h43m

##use fortio to test
root@ubuntu-1:~/lw/kmesh# kubectl exec -it fortio-client-deployment-6966bf9488-k5qpd    -- fortio load -c 1  -t 30s -qps 0 -jitter=true 10.96.5.66

##Open a new window and enter netns in fortio-client.
root@ambient-worker:/# ss -t
State                Recv-Q                Send-Q                                Local Address:Port                                  Peer Address:Port                    Process
ESTAB                0                     74                                       10.244.1.9:44012                                  10.244.1.10:http-alt

enable bypass control

root@ubuntu-1:~# kubectl label pod fortio-client-deployment-6966bf9488-k5qpd  kmesh.net/bypass=enabled
pod/fortio-client-deployment-6966bf9488-k5qpd labeled

##Open a new window and enter netns in fortio-client.
root@ambient-worker:/# ss -t
State                   Recv-Q                Send-Q                                 Local Address:Port                                  Peer Address:Port                Process
SYN-SENT                0                     1                                         10.244.1.9:49046                                      0.0.0.1:931
ESTAB                   0                     74                                        10.244.1.9:51946                                   10.96.5.66:http

disable bypass control

root@ubuntu-1:~/lw/kmesh# kubectl label pod fortio-client-deployment-6966bf9488-k5qpd  kmesh.net/bypass-
pod/fortio-client-deployment-6966bf9488-k5qpd unlabeled

##Open a new window and enter netns in fortio-client.
root@ambient-worker:/# ss -t
State                   Recv-Q                Send-Q                               Local Address:Port                                Peer Address:Port                    Process
SYN-SENT                0                     1                                       10.244.1.9:49046                                    0.0.0.1:931
SYN-SENT                0                     1                                       10.244.1.9:36504                                    0.0.0.1:932
ESTAB                   0                     74                                      10.244.1.9:58812                                10.244.1.10:http-alt

Does this PR introduce a user-facing change?:

LiZhenCheng9527 · 2024-05-07T13:45:37Z

pkg/controller/bypass/bypass_controller.go

@@ -190,6 +293,16 @@ func checkSidecar(client kubernetes.Interface, pod *corev1.Pod) (bool, error) {
 	return false, nil
 }

+func checkKmesh(pod *corev1.Pod) (bool, error) {


Is the error here a redundant return value?

Is the error here a redundant return value?

done

bitcoffeeiux · 2024-05-08T03:44:37Z

bpf/kmesh/cgroup_sock.c

+static inline bool conn_from_bypass_sim_add(struct bpf_sock_addr *ctx)
+{
+    // daemon sim connect 0.0.0.0:931(0x3a3)
+    // 0x3a3 is the specific port handled by the daemon for enable Kmesh


Annotation Error.
It's not to mark enable kmesh but enable bypass.

Annotation Error. It's not to mark enable kmesh but enable bypass.

I've changed it.

bitcoffeeiux · 2024-05-08T03:44:49Z

bpf/kmesh/cgroup_sock.c

+static inline bool conn_from_bypass_sim_delete(struct bpf_sock_addr *ctx)
+{
+    // daemon sim connect 0.0.0.1:932(0x3a4)
+    // 0x3a4 is the specific port handled by the daemon for disable Kmesh


Same as above.

Same as above.

done

bitcoffeeiux · 2024-05-08T03:49:55Z

bpf/kmesh/cgroup_sock.c

 static inline int sock4_traffic_control(struct bpf_sock_addr *ctx)
 {
    int ret;

    Listener__Listener *listener = NULL;

+    if (check_bypass_enabled(ctx))


Why does the system check whether the bypass function is enabled before checking whether the kmesh is enabled? Most connections in the system are not manager by kmesh. Check whether bypass reduces the rate of traffic that is not taken over by kmesh.

bitcoffeeiux · 2024-05-08T03:53:08Z

bpf/kmesh/workload/cgroup_sock.c

+    return bpf_map_lookup_elem(&map_of_bypass, &cookie);
+}
+
+static inline void record_bypass_netns_cookie(struct bpf_sock_addr *ctx)


The logic seems to be consistent with record_netns_cookie? Can they be combined into one function?

The logic seems to be consistent with record_netns_cookie? Can they be combined into one function?

I've extract the function

bitcoffeeiux · 2024-05-08T03:53:23Z

bpf/kmesh/workload/cgroup_sock.c

+        BPF_LOG(ERR, KMESH, "record netcookie failed!, err is %d\n", err);
+}
+
+static inline void remove_bypass_netns_cookie(struct bpf_sock_addr *ctx)


the same as above

the same as above

done

bitcoffeeiux · 2024-05-08T03:53:50Z

bpf/kmesh/workload/cgroup_sock.c

+static inline bool conn_from_bypass_sim_add(struct bpf_sock_addr *ctx)
+{
+    // daemon sim connect 0.0.0.0:931(0x3a3)
+    // 0x3a3 is the specific port handled by the daemon for enable Kmesh


Annotation Error

Annotation Error

done

bitcoffeeiux · 2024-05-08T03:53:56Z

bpf/kmesh/workload/cgroup_sock.c

+static inline bool conn_from_bypass_sim_delete(struct bpf_sock_addr *ctx)
+{
+    // daemon sim connect 0.0.0.1:932(0x3a4)
+    // 0x3a4 is the specific port handled by the daemon for disable Kmesh


Annotation Error

Annotation Error

done

bitcoffeeiux · 2024-05-08T03:54:49Z

bpf/kmesh/workload/cgroup_sock.c

@@ -128,6 +171,14 @@ int cgroup_connect4_prog(struct bpf_sock_addr *ctx)
        remove_netns_cookie(ctx);
        return CGROUP_SOCK_OK;
    }
+    if (conn_from_bypass_sim_add(ctx)) {


Same problem, can it be merged?

Same problem, can it be merged?

yes, done

bitcoffeeiux · 2024-05-08T04:06:17Z

pkg/controller/bypass/bypass_controller.go

+	return nil
+}
+
+func enableKmeshControl(ns string) error {


Incorrect function name.

Incorrect function name.

I've changed it to bypassControlFunc

bitcoffeeiux · 2024-05-08T04:06:50Z

pkg/controller/bypass/bypass_controller.go

+		 * 0.0.0.1:932(0x3a4) is "cipher key" for cgroup/connect4
+		 * ebpf program.
+		 */
+		simip := net.ParseIP("0.0.0.1")


execFunc considers whether it is possible to extract

execFunc considers whether it is possible to extract

done

hzxuzhonghu · 2024-05-15T06:24:22Z

pkg/controller/bypass/bypass_controller.go

@@ -103,16 +115,28 @@ func StartByPassController(client kubernetes.Interface) error {
 				log.Debugf("%s/%s: Pod is being deleted, skipping further processing", pod.GetNamespace(), pod.GetName())
 				return
 			}
+
+			log.Infof("%s/%s: DELETED", pod.GetNamespace(), pod.GetName())


This message is misleading, this pod is only being relabeld

This message is misleading, this pod is only being relabeld

I have modified it

pkg/controller/bypass/bypass_controller.go

hzxuzhonghu · 2024-05-15T06:26:07Z

pkg/controller/bypass/bypass_controller.go

@@ -124,6 +148,46 @@ func StartByPassController(client kubernetes.Interface) error {
 	return nil
 }

+func bypassControlFunc(ns string, port int) error {


Please give a more explicit name

Please give a more explicit name

done

hzxuzhonghu · 2024-05-15T06:33:35Z

bpf/kmesh/cgroup_sock.c

+    __type(value, __u32);
+    __uint(max_entries, MAP_SIZE_OF_BYPASS);
+    __uint(map_flags, 0);
+} map_of_bypass SEC(".maps");


can we use the map_of_manager, when bypass set, we remove the key for the particular pod

good idea~ map_of_manager table can be reused, which reduces the memory required by Kmesh. However, it is not recommended that delete record when bypass set. Otherwise, whether the Pod is bypassed or not managed cannot be determined.
FYI, we can add the value semantics of the records in the map_of_manager table.

If the Pod record exists, the pod is managed by Kmesh.

The first byte of the value indicates whether to be bypassed.

The remaining part of the value can be used for scenario extension in the future.

I have reused map_of_manager .

If the Pod record exists, the pod is managed by Kmesh.

1: Pod has been bypassed

0: default value, pod is not been bypassed

hzxuzhonghu

BTW, for the ingress, we do some check in xdp, it is missing here

nlgwcy · 2024-05-15T08:06:29Z

bpf/kmesh/cgroup_sock.c

+{
+    // daemon sim connect 0.0.0.0:931(0x3a3)
+    // 0x3a3 is the specific port handled by the daemon for enable bypass
+    return ((bpf_ntohl(ctx->user_ip4) == 1) && (bpf_ntohl(ctx->user_port) == 0x3a30000));


adapt for openEuler 23.03

2303 adaptation is required for sockops. Currently, no adaptation is required for cgroup/connect4.

nlgwcy · 2024-05-16T03:38:12Z

bpf/kmesh/cgroup_sock.c

+ * status. Whether it is managed by kmesh is unrelated
+ * to the value. The only determining factor is whether
+ * there is cookie information for this pod in the map.
+ */


Pls add design description to PR description and update the test report

Pls add design description to PR description and update the test report

done

hzxuzhonghu · 2024-05-16T12:48:04Z

bpf/kmesh/cgroup_sock.c

    if (err)
        BPF_LOG(ERR, KMESH, "record netcookie failed!, err is %d\n", err);
 }

-static inline void remove_netns_cookie(struct bpf_sock_addr *ctx)
+void record_kmesh_netns_cookie(struct bpf_sock_addr *ctx)


Suggested change

void record_kmesh_netns_cookie(struct bpf_sock_addr *ctx)

void record_manager_netns_cookie(struct bpf_sock_addr *ctx)

hzxuzhonghu · 2024-05-20T01:20:28Z

bpf/kmesh/cgroup_sock.c

+static inline bool is_kmesh_enabled(struct bpf_sock_addr *ctx)
+{
+    __u64 cookie = bpf_get_netns_cookie(ctx);
+    return bpf_map_lookup_elem(&map_of_manager, &cookie);


should we make it align with is_by_pass_enabled

Check the
return value of bpf_map_lookup_elem !=NULL

hzxuzhonghu · 2024-05-20T01:26:12Z

bpf/kmesh/workload/cgroup_sock.c

@@ -89,20 +147,49 @@ static inline bool conn_from_cni_sim_delete(struct bpf_sock_addr *ctx)
    return ((bpf_ntohl(ctx->user_ip4) == 1) && (bpf_ntohl(ctx->user_port) == 0x3a20000));
 }

-SEC("cgroup/connect4")
-int cgroup_connect4_prog(struct bpf_sock_addr *ctx)
+static inline bool handle_kmesh_manage_process(struct bpf_sock_addr *ctx)


please add some comments, what the return value mean

Signed-off-by: weli-l <1289113577@qq.com>

nlgwcy · 2024-05-25T03:14:41Z

pkg/controller/bypass/bypass_controller.go

@@ -124,6 +146,46 @@ func StartByPassController(client kubernetes.Interface) error {
 	return nil
 }

+func handleKmeshBypass(ns string, port int) error {


port int -> oper int(add:0, del:1)

nlgwcy · 2024-05-25T03:19:10Z

pkg/controller/bypass/bypass_controller.go

+			if enableKmesh {
+				nspath, _ := getnspath(pod)
+				if err := handleKmeshBypass(nspath, 932); err != nil {
+					log.Errorf("failed to enable kmesh control")


The log information may cause misunderstanding. Pls update the log description.

The log information may cause misunderstanding. Pls update the log description.

modified

nlgwcy · 2024-05-25T03:22:37Z

pkg/controller/bypass/bypass_controller.go

+		 * to determine whether the netns is been bypass.
+		 * 0.0.0.1:<port> is "cipher key" for cgroup/connect4
+		 * ebpf program.
+		 */


The meanings of the special ports(931/932) need to described in the comments.

The meanings of the special ports(931/932) need to described in the comments.

Added

nlgwcy · 2024-05-25T04:54:24Z

bpf/kmesh/workload/sockops_tuple.c

+{
+    // bypass sim connect 0.0.0.1:931(0x3a3)
+    // 0x3a3 is the specific port handled by the cni for enable bypass
+    return conn_from_sim(skops, 1, 0x3a3);


It is recommended to define marcos instead of hard-coding numbers.

It is recommended to define marcos instead of hard-coding numbers.

I have defined in bpf_common.h

nlgwcy · 2024-05-25T04:58:41Z

bpf/kmesh/workload/sockops_tuple.c

+
+static inline bool conn_from_sim(struct bpf_sock_ops *skops, __u32 ip, __u32 port)
+{
+    __u32 rev_port = bpf_ntohl(skops->remote_port);


IMO, in oe_23.03 os scenario, it is better to correct the value of rev_port instead port

codecov-commenter · 2024-05-25T07:24:02Z

Codecov Report

Attention: Patch coverage is 0% with 66 lines in your changes are missing coverage. Please review.

❗ Your organization needs to install the Codecov GitHub app to enable full functionality.

Flag	Coverage Δ
unittests	`31.22% <0.00%> (?)`

Flags with carried forward coverage won't be shown. Click here to find out more.

Files	Coverage Δ
pkg/controller/bypass/bypass_controller.go	`0.00% <0.00%> (ø)`

hzxuzhonghu

BTW, we have no test coverage for bypass and also lack of design docs

hzxuzhonghu · 2024-05-27T01:48:18Z

bpf/include/bpf_common.h

+#define ENABLE_KMESH_PORT   0x3a10000
+#define DISABLE_KMESH_PORT  0x3a20000
+#define ENABLE_BYPASS_PORT  0x3a30000
+#define DISABLE_BYPASS_PORT 0x3a40000


please add comment what are they? 829 ~ 831

please add comment what are they? 829 ~ 831

Added

hzxuzhonghu · 2024-05-27T01:53:50Z

bpf/include/bpf_common.h

    __u64 cookie = bpf_get_netns_cookie(ctx);
-    err = bpf_map_update_elem(&map_of_manager, &cookie, &value, BPF_NOEXIST);
+    err = bpf_map_update_elem(map, &cookie, &value, BPF_NOEXIST);


should we change BPF_NOEXIST to ANY

should we change BPF_NOEXIST to ANY

I think the data is only stored if there is no data in the map. NO_EXIST fits the scenario.

hzxuzhonghu · 2024-05-27T01:54:30Z

bpf/include/bpf_common.h

    __uint(max_entries, MAP_SIZE_OF_MANAGER);
    __uint(map_flags, 0);
 } map_of_manager SEC(".maps");

-static inline void record_netns_cookie(struct bpf_sock_addr *ctx)
+static inline void record_netns_cookie(struct bpf_map *map, struct bpf_sock_addr *ctx)


should we just rename it to record_manager_netns_cookie

should we just rename it to record_manager_netns_cookie

done

hzxuzhonghu · 2024-05-27T01:57:04Z

bpf/include/bpf_common.h

+    return value->is_bypassed;
+}
+
+static inline void remove_netns_cookie(struct bpf_map *map, struct bpf_sock_addr *ctx)


ditto: should we just rename to remove_manager_netns_cookie

ditto: should we just rename to remove_manager_netns_cookie

yes,modified

hzxuzhonghu · 2024-05-27T02:00:06Z

bpf/kmesh/workload/sockops_tuple.c

+static inline void skops_handle_kmesh_managed_process(struct bpf_sock_ops *skops)
+{
+    if (skops_conn_from_cni_sim_add(skops))
+        record_ip(skops->local_ip4);


can we also rename record_ip, we cannot get the meaning of it

can we also rename record_ip, we cannot get the meaning of it

done

hzxuzhonghu · 2024-05-27T02:00:14Z

bpf/kmesh/workload/sockops_tuple.c

+    if (skops_conn_from_cni_sim_add(skops))
+        record_ip(skops->local_ip4);
+    if (skops_conn_from_cni_sim_delete(skops))
+        remove_ip(skops->local_ip4);


same as above

same as above

done

hzxuzhonghu · 2024-05-27T02:08:39Z

pkg/controller/bypass/bypass_controller.go

+	}
+
+	if err := netns.WithNetNSPath(ns, execFunc); err != nil {
+		err = fmt.Errorf("enter ns path :%v, run execFunc failed: %v", ns, err)


can we add more info abou which pod is it handling for

Signed-off-by: weli-l <1289113577@qq.com>

hzxuzhonghu · 2024-05-27T07:35:35Z

Attention: Patch coverage is 0% with 66 lines in your changes are missing coverage. Please review.

@weli-l

hzxuzhonghu

Overall lgtm.

Just one cent:

should we define the port macros with right value like 0x3A1 instead of 0x3a10000

nlgwcy · 2024-05-27T08:18:00Z

Overall lgtm.

Just one cent:

should we define the port macros with right value like 0x3A1 instead of 0x3a10000

It's not just this place. The code is a bit messed up with remote_port. I'll create an issue to track it.

nlgwcy · 2024-05-27T08:18:40Z

/lgtm
/approve

kmesh-bot · 2024-05-27T08:18:49Z

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: nlgwcy

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

~~OWNERS~~ [nlgwcy]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

kmesh-bot requested review from kevin-wangzefeng and kwb0523 May 7, 2024 12:44

kmesh-bot added the size/L label May 7, 2024

LiZhenCheng9527 reviewed May 7, 2024

View reviewed changes

weli-l force-pushed the dev/bypass_kmesh branch from 886d0f9 to 7b39588 Compare May 8, 2024 03:27

bitcoffeeiux reviewed May 8, 2024

View reviewed changes

weli-l force-pushed the dev/bypass_kmesh branch 5 times, most recently from c7f50b6 to f9574e6 Compare May 15, 2024 02:59

hzxuzhonghu reviewed May 15, 2024

View reviewed changes

pkg/controller/bypass/bypass_controller.go Show resolved Hide resolved

hzxuzhonghu reviewed May 15, 2024

View reviewed changes

weli-l changed the title ~~add bypass logic~~ add bypass logic for kmesh May 15, 2024

nlgwcy reviewed May 15, 2024

View reviewed changes

weli-l force-pushed the dev/bypass_kmesh branch 6 times, most recently from 5aa0f24 to fd8cd9c Compare May 16, 2024 03:36

nlgwcy reviewed May 16, 2024

View reviewed changes

weli-l force-pushed the dev/bypass_kmesh branch 3 times, most recently from febce81 to 3188327 Compare May 16, 2024 09:15

hzxuzhonghu reviewed May 16, 2024

View reviewed changes

weli-l force-pushed the dev/bypass_kmesh branch 2 times, most recently from eeda3b1 to 1553f7d Compare May 17, 2024 09:06

hzxuzhonghu reviewed May 20, 2024

View reviewed changes

weli-l force-pushed the dev/bypass_kmesh branch from 1553f7d to f067416 Compare May 23, 2024 13:37

add bypass logic for kmesh

0953e6c

Signed-off-by: weli-l <1289113577@qq.com>

weli-l force-pushed the dev/bypass_kmesh branch from f067416 to ff06dcc Compare May 23, 2024 13:37

nlgwcy reviewed May 25, 2024

View reviewed changes

weli-l force-pushed the dev/bypass_kmesh branch 2 times, most recently from b893d61 to 098f56d Compare May 25, 2024 07:36

hzxuzhonghu reviewed May 27, 2024

View reviewed changes

weli-l force-pushed the dev/bypass_kmesh branch 3 times, most recently from f089bd8 to 8be90de Compare May 27, 2024 02:46

add bypass logic for xds

09a9e0d

Signed-off-by: weli-l <1289113577@qq.com>

weli-l force-pushed the dev/bypass_kmesh branch from 8be90de to 09a9e0d Compare May 27, 2024 06:03

hzxuzhonghu reviewed May 27, 2024

View reviewed changes

kmesh-bot assigned nlgwcy May 27, 2024

kmesh-bot added the lgtm label May 27, 2024

kmesh-bot added the approved label May 27, 2024

kmesh-bot merged commit 542a5fd into kmesh-net:main May 27, 2024
3 checks passed

	void record_kmesh_netns_cookie(struct bpf_sock_addr *ctx)
	void record_manager_netns_cookie(struct bpf_sock_addr *ctx)

add bypass logic for kmesh #297

add bypass logic for kmesh #297

Conversation

weli-l commented May 7, 2024 • edited Loading

Self-verification report

ads module

enable bypass control

disable bypass control

workload module

enable bypass control

disable bypass control

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

hzxuzhonghu left a comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

codecov-commenter commented May 25, 2024 • edited Loading

Codecov Report

hzxuzhonghu left a comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

hzxuzhonghu commented May 27, 2024

hzxuzhonghu left a comment

Choose a reason for hiding this comment

nlgwcy commented May 27, 2024

nlgwcy commented May 27, 2024

kmesh-bot commented May 27, 2024

weli-l commented May 7, 2024 •

edited

Loading

codecov-commenter commented May 25, 2024 •

edited

Loading