Skip to content

Fix cgroup_skb/* get sk_storage failed #1350

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 3 commits into from
Apr 30, 2025
Merged

Fix cgroup_skb/* get sk_storage failed #1350

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
5b9ec37
Fix unexpected log
hzxuzhonghu Apr 28, 2025
70f3592
Fix unexpected bpf_sk_storage_get error
hzxuzhonghu Apr 28, 2025
44253ce
Address comment
hzxuzhonghu Apr 29, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
15 changes: 15 additions & 0 deletions bpf/include/bpf_common.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -260,6 +260,21 @@ static inline void remove_kmesh_managed_ip(__u32 family, __u32 ip4, __u32 *ip6)
BPF_LOG(ERR, KMESH, "remove ip failed, err is %d\n", err);
}

static inline bool sock_conn_from_sim(struct __sk_buff *skb)
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

FYI, kmesh simulate 0.0.0.2:930 or 0.0.0.2:931 when it need to manage the pod

{
__u16 dst_port = (__u16)(skb->remote_port >> 16);
if (bpf_ntohs(dst_port) != ENABLE_KMESH_PORT && bpf_ntohs(dst_port) != DISABLE_KMESH_PORT)
return false;

if (skb->protocol == AF_INET)
return bpf_ntohl(skb->remote_ip4) == CONTROL_CMD_IP;
// If directly read skb->remote_ip6. bpf prog load would fail with permission denied.
__u32 remote_ip6[4] = {0};
bpf_skb_load_bytes(skb, offsetof(struct __sk_buff, remote_ip6), &remote_ip6, sizeof(remote_ip6));
return (
remote_ip6[0] == 0 && remote_ip6[1] == 0 && remote_ip6[2] == 0 && bpf_ntohl(remote_ip6[3]) == CONTROL_CMD_IP);
}

static inline bool conn_from_sim(struct bpf_sock_ops *skops, __u32 ip, __u16 port)
{
__u16 remote_port = GET_SKOPS_REMOTE_PORT(skops);
Expand Down
6 changes: 4 additions & 2 deletions bpf/kmesh/probes/probe.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -90,13 +90,15 @@ static inline void observe_on_data(struct bpf_sock *sk)
struct sock_storage_data *storage = NULL;
if (!sk)
return;

tcp_sock = bpf_tcp_sock(sk);
if (!tcp_sock)
return;

storage = bpf_sk_storage_get(&map_of_sock_storage, sk, 0, 0);
// Use BPF_LOCAL_STORAGE_GET_F_CREATE in case a connection being established before kmesh start.
storage = bpf_sk_storage_get(&map_of_sock_storage, sk, 0, BPF_LOCAL_STORAGE_GET_F_CREATE);
if (!storage) {
BPF_LOG(ERR, PROBE, "on data: bpf_sk_storage_get failed\n");
BPF_LOG(ERR, PROBE, "on data: bpf_sk_storage_get failed dst %u \n", bpf_ntohs(sk->dst_port));
return;
}
__u64 now = bpf_ktime_get_ns();
Expand Down
10 changes: 10 additions & 0 deletions bpf/kmesh/workload/cgroup_skb.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -24,8 +24,13 @@ int cgroup_skb_ingress_prog(struct __sk_buff *skb)
if (!sk)
return SK_PASS;

if (sock_conn_from_sim(skb)) {
return SK_PASS;
}

if (!is_managed_by_kmesh_skb(skb))
return SK_PASS;

observe_on_data(sk);
return SK_PASS;
}
Expand All @@ -43,8 +48,13 @@ int cgroup_skb_egress_prog(struct __sk_buff *skb)
if (!sk)
return SK_PASS;

if (sock_conn_from_sim(skb)) {
return SK_PASS;
}

if (!is_managed_by_kmesh_skb(skb))
return SK_PASS;

observe_on_data(sk);
return SK_PASS;
}
Expand Down
Loading