Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

policy: fix bandwidth limit in datapathv2 #624

Merged
merged 1 commit into from
Apr 30, 2024
Merged

policy: fix bandwidth limit in datapathv2 #624

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
ARG TERWAY_POLICY_IMAGE=registry-cn-zhangjiakou.ack.aliyuncs.com/acs/terway:policy-2aace3f5@sha256:8a83476396a7a940f79fbf7ccea5aee33552b1316919cc20206513332bd3e39f
ARG TERWAY_POLICY_IMAGE=registry-cn-zhangjiakou.ack.aliyuncs.com/acs/terway:policy-9557532b@sha256:5ff26d96219734e471456f34fcaa57663c72d36762a9236b289014a0a9233f7c
ARG UBUNTU_IMAGE=registry.cn-hangzhou.aliyuncs.com/acs/ubuntu:22.04-update
ARG CILIUM_LLVM_IMAGE=quay.io/cilium/cilium-llvm:547db7ec9a750b8f888a506709adb41f135b952e@sha256:4d6fa0aede3556c5fb5a9c71bc6b9585475ac9b1064f516d4c45c8fb691c9d9e
ARG CILIUM_BPFTOOL_IMAGE=quay.io/cilium/cilium-bpftool:78448c1a37ff2b790d5e25c3d8b8ec3e96e6405f@sha256:99a9453a921a8de99899ef82e0822f0c03f65d97005c064e231c06247ad8597d
Expand Down
112 changes: 112 additions & 0 deletions policy/cilium/0025-fix-edt-in-datapathv2.patch
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,112 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: l1b0k <libokang.dev@gmail.com>
Date: Tue, 30 Apr 2024 12:55:40 +0800
Subject: fix edt in datapathv2

Signed-off-by: l1b0k <libokang.dev@gmail.com>
---
bpf/bpf_host.c | 6 +++++-
bpf/bpf_lxc.c | 10 +++++++---
bpf/include/bpf/ctx/skb.h | 5 +++++
pkg/datapath/linux/config/config.go | 2 ++
4 files changed, 19 insertions(+), 4 deletions(-)

diff --git a/bpf/bpf_host.c b/bpf/bpf_host.c
index e29bbc5c97..e496664e45 100644
--- a/bpf/bpf_host.c
+++ b/bpf/bpf_host.c
@@ -1002,7 +1002,7 @@ int to_netdev(struct __ctx_buff *ctx __maybe_unused)
};
__u16 __maybe_unused proto = 0;
__u32 __maybe_unused vlan_id;
- int ret = CTX_ACT_OK;
+ int ret = CTX_ACT_PIPE;

/* Filter allowed vlan id's and pass them back to kernel.
*/
@@ -1103,6 +1103,10 @@ out:
send_trace_notify(ctx, TRACE_TO_NETWORK, 0, 0, 0,
0, trace.reason, trace.monitor);

+ if ( ret == CTX_ACT_OK ) {
+ return CTX_ACT_PIPE;
+ }
+
return ret;
}

diff --git a/bpf/bpf_lxc.c b/bpf/bpf_lxc.c
index 8583abe9cd..c0c8ba8b7f 100644
--- a/bpf/bpf_lxc.c
+++ b/bpf/bpf_lxc.c
@@ -1366,7 +1366,7 @@ int handle_xgress(struct __ctx_buff *ctx)
goto out;
}

-#if defined(ENABLE_BANDWIDTH_MANAGER)
+#if defined(ENABLE_BANDWIDTH_MANAGER) && defined(DATAPATH_IPVLAN)
edt_set_aggregate(ctx, LXC_ID);
ret = edt_sched_departure(ctx);
/* No send_drop_notify_error() here given we're rate-limiting. */
@@ -1380,14 +1380,18 @@ int handle_xgress(struct __ctx_buff *ctx)
switch (proto) {
#ifdef ENABLE_IPV6
case bpf_htons(ETH_P_IPV6):
-// edt_set_aggregate(ctx, LXC_ID);
+#if defined(ENABLE_BANDWIDTH_MANAGER) && defined(DATAPATH_VETH)
+ edt_set_aggregate(ctx, LXC_ID);
+#endif
ep_tail_call(ctx, CILIUM_CALL_IPV6_FROM_LXC);
ret = DROP_MISSED_TAIL_CALL;
break;
#endif /* ENABLE_IPV6 */
#ifdef ENABLE_IPV4
case bpf_htons(ETH_P_IP):
-// edt_set_aggregate(ctx, LXC_ID);
+#if defined(ENABLE_BANDWIDTH_MANAGER) && defined(DATAPATH_VETH)
+ edt_set_aggregate(ctx, LXC_ID);
+#endif
ep_tail_call(ctx, CILIUM_CALL_IPV4_FROM_LXC);
ret = DROP_MISSED_TAIL_CALL;
break;
diff --git a/bpf/include/bpf/ctx/skb.h b/bpf/include/bpf/ctx/skb.h
index 01fa3f78fc..e40e270f82 100644
--- a/bpf/include/bpf/ctx/skb.h
+++ b/bpf/include/bpf/ctx/skb.h
@@ -18,12 +18,17 @@
# define TC_ACT_SHOT 2
#endif

+#ifndef TC_ACT_PIPE
+# define TC_ACT_PIPE 3
+#endif
+
#ifndef TC_ACT_REDIRECT
# define TC_ACT_REDIRECT 7
#endif

#define CTX_ACT_OK TC_ACT_OK
#define CTX_ACT_DROP TC_ACT_SHOT
+#define CTX_ACT_PIPE TC_ACT_PIPE
#define CTX_ACT_TX TC_ACT_REDIRECT
#define CTX_ACT_REDIRECT TC_ACT_REDIRECT

diff --git a/pkg/datapath/linux/config/config.go b/pkg/datapath/linux/config/config.go
index dfc5096aac..060328adf9 100644
--- a/pkg/datapath/linux/config/config.go
+++ b/pkg/datapath/linux/config/config.go
@@ -869,9 +869,11 @@ func (h *HeaderfileWriter) writeTemplateConfig(fw *bufio.Writer, e datapath.Endp
switch option.Config.DatapathMode {
case datapathOption.DatapathModeIPvlan:
fmt.Fprintf(fw, "#define CONTAINER_DIRECT_ROUTING_DEV_IFINDEX 0\n")
+ fmt.Fprintf(fw, "#define DATAPATH_IPVLAN 1\n")
case datapathOption.DatapathModeVeth:
fmt.Fprintf(fw, "#define ENABLE_SKIP_FIB 1\n")
fmt.Fprintf(fw, "#define CONTAINER_DIRECT_ROUTING_DEV_IFINDEX %d\n", e.GetENIIndex())
+ fmt.Fprintf(fw, "#define DATAPATH_VETH 1\n")

// ENABLE_HOST_ROUTING has higher priority than ENABLE_REDIRECT
// CONTAINER_DIRECT_ROUTING_DEV_IFINDEX is used for both, but not for ipvl
--
2.44.0

Loading