adapt 6.6

Signed-off-by: lec-bit <[email protected]>

Author: lec-bit

bpf/include/common.h

@@ -5,6 +5,7 @@
 #define _COMMON_H_
 
 #include "../../config/kmesh_marcos_def.h"
+#include <linux/in.h>
 #include <stddef.h>
 #include <stdbool.h>
 #include <stdint.h>
@@ -16,8 +17,60 @@
 
 #include "errno.h"
 
+struct bpf_mem_ptr {
+    void *ptr;
+    __u32 size;
+};
+
 #if ENHANCED_KERNEL
+#if KERNEL_KFUNC
+extern int bpf_parse_header_msg_func(void *src, int src__sz) __ksym;
+extern int bpf_km_header_strnstr_func(void *ctx, int ctx__sz, const char *key, int key__sz, const char *subptr) __ksym;
+extern int bpf_km_header_strncmp_func(const char *key, int key__sz, const char *target, int target__sz, int opt) __ksym;
+extern int bpf_setsockopt_func(void *bpf_mem, int bpf_mem__sz, int optname, const char *optval, int optval__sz) __ksym;
+extern int bpf_getsockopt_func(void *bpf_mem, int bpf_mem__sz, int optname, char *optval, int optval__sz) __ksym;
+
+#define bpf_km_header_strncmp bpf_km_header_strncmp_func
+
+int bpf_km_header_strnstr(void *ctx, const char *key, int key__sz, const char *subptr, int subptr__sz)
+{
+    struct bpf_mem_ptr msg_tmp = {.ptr = ctx, .size = sizeof(struct bpf_sock_addr)};
+    return bpf_km_header_strnstr_func(&msg_tmp, sizeof(struct bpf_mem_ptr), key, key__sz, subptr);
+}
+
+int bpf_parse_header_msg(struct bpf_sock_addr *ctx)
+{
+    struct bpf_mem_ptr msg_tmp = {.ptr = ctx, .size = sizeof(struct bpf_sock_addr)};
+    return bpf_parse_header_msg_func(&msg_tmp, sizeof(struct bpf_mem_ptr));
+}
+
+// Due to the limitation of bpf verifier, optval and optval__sz are required to correspond.
+// The strnlen function cannot be used here, so the string is redefined.
+int bpf_km_setsockopt(struct bpf_sock_addr *ctx, int level, int optname, const char *optval, int optval__sz)
+{
+    const char kmesh_module_name[] = "kmesh_defer";
+    if (level != IPPROTO_TCP || optval__sz != sizeof(kmesh_module_name))
+        return -1;
+
+    struct bpf_mem_ptr msg_tmp = {.ptr = ctx, .size = sizeof(struct bpf_sock_addr)};
+    return bpf_setsockopt_func(
+        &msg_tmp, sizeof(struct bpf_mem_ptr), optname, (void *)kmesh_module_name, sizeof(kmesh_module_name));
+}
+
+int bpf_km_getsockopt(struct bpf_sock_addr *ctx, int level, int optname, char *optval, int optval__sz)
+{
+    if (level != IPPROTO_TCP) {
+        return -1;
+    }
+    struct bpf_mem_ptr msg_tmp = {.ptr = ctx, .size = sizeof(struct bpf_sock_addr)};
+    return bpf_getsockopt_func(&msg_tmp, sizeof(struct bpf_mem_ptr), optname, (void *)optval, optval__sz);
+}
+
+#else
 #include <bpf_helper_defs_ext.h>
+#define bpf_km_setsockopt bpf_setsockopt
+#define bpf_km_getsockopt bpf_getsockopt
+#endif
 #endif
 
 #define bpf_unused __attribute__((__unused__))
@@ -121,14 +174,8 @@ static inline bool is_ipv4_mapped_addr(__u32 ip6[4])
         (dst)[3] = (src)[3];                                                                                           \
     } while (0)
 
-#if OE_23_03
-#define bpf__strncmp                  bpf_strncmp
-#define GET_SKOPS_REMOTE_PORT(sk_ops) (__u16)((sk_ops)->remote_port)
-#else
 #define GET_SKOPS_REMOTE_PORT(sk_ops) (__u16)((sk_ops)->remote_port >> 16)
-#endif
-
-#define GET_SKOPS_LOCAL_PORT(sk_ops) (__u16)((sk_ops)->local_port)
+#define GET_SKOPS_LOCAL_PORT(sk_ops)  (__u16)((sk_ops)->local_port)
 
 #define MAX_BUF_LEN 100
 #define MAX_IP4_LEN 16
@@ -244,7 +291,7 @@ static inline int convert_v6(char *data, __u32 *ip6)
         __u16 ip_1 = (ip >> 0) & 0xFFFF;
         __u16 ip_2 = (ip >> 16) & 0xFFFF;
         for (int j = 0; j < 2; j++) {
-            __u16 ip_1 = (ip)&0xFFFF;
+            __u16 ip_1 = (ip) & 0xFFFF;
             __u8 h_1 = (ip_1 >> 0) & 0xFF;
             __u8 h_2 = (ip_1 >> 8) & 0xFF;
             *data++ = hex_digits[(h_1 >> 4) & 0xF];

bpf/include/inner_map_defs.h

@@ -10,8 +10,8 @@
 typedef enum { MAP_TYPE_64, MAP_TYPE_192, MAP_TYPE_296, MAP_TYPE_1600, MAP_TYPE_MAX } map_in_map_type;
 
 #define MAP_GET_TYPE(idx)                (__u8)((__u32)(idx) >> 24)
-#define MAP_GET_INDEX(idx)               (__u32)((__u32)(idx)&0xFFFFFF)
-#define MAP_GEN_OUTER_KEY(map_type, pos) ((__u32)((((__u8)(map_type)&0xFF) << 24) + ((__u32)(pos)&0xFFFFFF)))
+#define MAP_GET_INDEX(idx)               (__u32)((__u32)(idx) & 0xFFFFFF)
+#define MAP_GEN_OUTER_KEY(map_type, pos) ((__u32)((((__u8)(map_type) & 0xFF) << 24) + ((__u32)(pos) & 0xFFFFFF)))
 
 #define MAP_VAL_SIZE_64   64
 #define MAP_VAL_SIZE_192  192

bpf/kmesh/ads/cgroup_sock.c

@@ -19,11 +19,10 @@
 #if KMESH_ENABLE_HTTP
 
 static const char kmesh_module_name[] = "kmesh_defer";
-static char kmesh_module_name_get[KMESH_MODULE_NAME_LEN] = "";
 static inline int sock4_traffic_control(struct bpf_sock_addr *ctx)
 {
     int ret;
-
+    char kmesh_module_name_get[KMESH_MODULE_NAME_LEN] = "";
     Listener__Listener *listener = NULL;
 
     if (ctx->protocol != IPPROTO_TCP)
@@ -42,9 +41,9 @@ static inline int sock4_traffic_control(struct bpf_sock_addr *ctx)
     BPF_LOG(DEBUG, KMESH, "bpf find listener addr=[%s:%u]\n", ip2str(&ip, 1), bpf_ntohs(ctx->user_port));
 
 #if ENHANCED_KERNEL
-    ret = bpf_getsockopt(ctx, IPPROTO_TCP, TCP_ULP, (void *)kmesh_module_name_get, KMESH_MODULE_NAME_LEN);
+    ret = bpf_km_getsockopt(ctx, IPPROTO_TCP, TCP_ULP, kmesh_module_name_get, KMESH_MODULE_NAME_LEN);
     if (CHECK_MODULE_NAME_NULL(ret) || bpf__strncmp(kmesh_module_name_get, KMESH_MODULE_NAME_LEN, kmesh_module_name)) {
-        ret = bpf_setsockopt(ctx, IPPROTO_TCP, TCP_ULP, (void *)kmesh_module_name, sizeof(kmesh_module_name));
+        ret = bpf_km_setsockopt(ctx, IPPROTO_TCP, TCP_ULP, kmesh_module_name, sizeof(kmesh_module_name));
         if (ret)
             BPF_LOG(ERR, KMESH, "bpf set sockopt failed! ret %d\n", ret);
         return 0;

bpf/kmesh/ads/include/ctx/sock_ops.h

@@ -22,16 +22,6 @@ typedef struct bpf_sock_ops ctx_buff_t;
     name.ipv4 = (ctx)->remote_ip4;                                                                                     \
     name.port = (ctx)->remote_port
 
-#if OE_23_03
-#define SET_CTX_ADDRESS(ctx, address)                                                                                  \
-    (ctx)->remote_ip4 = (address)->ipv4;                                                                               \
-    (ctx)->remote_port = (address)->port
-
-#define MARK_REJECTED(ctx)                                                                                             \
-    BPF_LOG(DEBUG, KMESH, "mark reject\n");                                                                            \
-    (ctx)->remote_ip4 = 0;                                                                                             \
-    (ctx)->remote_port = 0
-#else
 #define SET_CTX_ADDRESS(ctx, address)                                                                                  \
     (ctx)->replylong[2] = (address)->ipv4;                                                                             \
     (ctx)->replylong[3] = (address)->port
@@ -40,6 +30,5 @@ typedef struct bpf_sock_ops ctx_buff_t;
     BPF_LOG(DEBUG, KMESH, "mark reject\n");                                                                            \
     (ctx)->replylong[2] = 0;                                                                                           \
     (ctx)->replylong[3] = 0
-#endif
 
 #endif //__BPF_CTX_SOCK_OPS_H

bpf/kmesh/ads/include/kmesh_common.h

@@ -31,11 +31,6 @@
         val;                                                                                                           \
     })
 
-struct bpf_mem_ptr {
-    void *ptr;
-    __u32 size;
-};
-
 static inline int bpf__strncmp(const char *dst, int n, const char *src)
 {
     if (dst == NULL || src == NULL)
@@ -84,7 +79,7 @@ enum kmesh_l7_msg_type { MSG_UNKNOW = 0, MSG_REQUEST, MSG_MID_REPONSE, MSG_FINAL
 enum kmesh_strncmp_type { STRNCMP_FAILED = 0, STRNCMP_PREFIX, STRNCMP_EXACT };
 
 #define KMESH_PROTO_TYPE_WIDTH (8)
-#define GET_RET_PROTO_TYPE(n)  ((n)&0xff)
+#define GET_RET_PROTO_TYPE(n)  ((n) & 0xff)
 #define GET_RET_MSG_TYPE(n)    (((n) >> KMESH_PROTO_TYPE_WIDTH) & 0xff)
 
 #define CHECK_MODULE_NAME_NULL(ret) ((ret) == -EINVAL)

build/docker/builder.dockerfile

@@ -5,10 +5,10 @@
 #
 
 # base image
-FROM openeuler/openeuler:23.09
+FROM openeuler/openeuler:24.03
 
 # Setup Go
-COPY --from=golang:1.23.2 /usr/local/go/ /usr/local/go/
+COPY --from=golang:latest /usr/local/go/ /usr/local/go/
 RUN mkdir -p /go
 ENV GOROOT /usr/local/go
 ENV GOPATH /go

build/docker/dockerfile

@@ -1,7 +1,7 @@
 # Usage:
 # docker run -itd --privileged=true -v /etc/cni/net.d:/etc/cni/net.d -v /opt/cni/bin:/opt/cni/bin -v /mnt:/mnt -v /sys/fs/bpf:/sys/fs/bpf -v /lib/modules:/lib/modules --name kmesh kmesh:latest
 #
-FROM openeuler/openeuler:23.09
+FROM openeuler/openeuler:24.03
 
 WORKDIR /kmesh
 

config/kmesh_marcos_def.h

@@ -24,28 +24,6 @@
  */
 #define MDA_GID_UID_FILTER 1
 
-/*
- * openEuler-23.03 is an innovative version of openEuler, in the early time, we
- * developed kmesh based on openEuler-23.03, and the implementation of kmesh
- * was related to the openEuler-23.03 kernel. Now, the general implementation
- * of kmesh differs from the previous openEuler-23.03 version, so we need to
- * use this macro to distinguish these differences.
- * The main differences between the general implementation of kmesh and the
- * openEuler-23.03 version are as follows:
- * 1. Use replylong parameter instead of directly modifying the remote IP and Port;
- * 2. Use bpf__strncmp instead of bpf_strncmp for string comparison;
- * 3. Fix Port shift bug on openEuler-23.03.In the kernel network protocol
- *    stack, the port is stored in u16, but in the bpf network module, the port
- *    is stored in u32. Therefore, after the endian conversion, the 16-bit port
- *    needs to be obtained from the 32-bit data structure.
- *    You need to find the position of the valid 16 bits. Generally, after the
- *    port is extended from 16 bits to 32 bits, the port is in the upper 16
- *    bits after the endian conversion. Therefore, you need to offset the port
- *    before using the u16 RX port. In some specific kernels, the port stored
- *    in sockops is in the lower 16 bits and does not need to be offset.
- */
-#define OE_23_03 0
-
 /*
  * in kernel 6.x version, add the new iter type ITER_UBUF, and we need add code
  * for the corresponding scenarios.
@@ -68,3 +46,8 @@
  * is enabled accordingly.
  * */
 #define LIBBPF_HIGHER_0_6_0_VERSION 0
+
+/*
+ * Determine whether the current kernel version supports the use of kfunc.
+ */
+#define KERNEL_KFUNC 0

kernel/ko_src/kmesh/Makefile

@@ -10,7 +10,7 @@
 obj-m := kmesh.o
 kmesh-objs = kmesh_main.o defer_connect.o \
 	kmesh_parse_protocol_data.o \
-	kmesh_parse_http_1_1.o
+	kmesh_parse_http_1_1.o kmesh_func.o
 
 KERNELDIR ?= /lib/modules/$(shell uname -r)/build
 PWD := $(shell pwd)

kernel/ko_src/kmesh/defer_connect.c

@@ -1,7 +1,6 @@
 // SPDX-License-Identifier: (GPL-2.0-only OR BSD-2-Clause)
 /* Copyright Authors of Kmesh */
 
-#include "../../../config/kmesh_marcos_def.h"
 #include <linux/init.h>
 #include <linux/module.h>
 #include <linux/kmod.h>
@@ -21,9 +20,24 @@
 #include "defer_connect.h"
 
 static struct proto *kmesh_defer_proto = NULL;
-#define KMESH_DELAY_ERROR -1000
 
-#define BPF_CGROUP_RUN_PROG_INET4_CONNECT_KMESH(sk, uaddr, t_ctx)                                                      \
+#ifdef KERNEL_KFUNC
+#define BPF_CGROUP_RUN_PROG_INET4_CONNECT_KMESH(sk, uaddr, uaddrlen, t_ctx)                                            \
+    ({                                                                                                                 \
+        int __ret = -1;                                                                                                \
+        if (t_ctx == NULL) {                                                                                           \
+            __ret = -EINVAL;                                                                                           \
+        } else {                                                                                                       \
+            __ret = __cgroup_bpf_run_filter_sock_addr(sk, uaddr, uaddrlen, CGROUP_INET4_CONNECT, t_ctx, NULL);         \
+        }                                                                                                              \
+        __ret;                                                                                                         \
+    })
+
+#define SET_FDEFER_CONNECT_ON(sk)  (inet_set_bit(DEFER_CONNECT, sk))
+#define SET_FDEFER_CONNECT_OFF(sk) (inet_clear_bit(DEFER_CONNECT, sk))
+#define IS_DEFER_CONNECT(sk)       (inet_test_bit(DEFER_CONNECT, sk))
+#else
+#define BPF_CGROUP_RUN_PROG_INET4_CONNECT_KMESH(sk, uaddr, uaddrlen, t_ctx)                                            \
     ({                                                                                                                 \
         int __ret = -1;                                                                                                \
         if (t_ctx == NULL) {                                                                                           \
@@ -34,6 +48,11 @@ static struct proto *kmesh_defer_proto = NULL;
         __ret;                                                                                                         \
     })
 
+#define SET_FDEFER_CONNECT_ON(sk)  (inet_sk(sk)->defer_connect = 1)
+#define SET_FDEFER_CONNECT_OFF(sk) (inet_sk(sk)->defer_connect = 0)
+#define IS_DEFER_CONNECT(sk)       (inet_sk(sk)->defer_connect == 1)
+#endif
+
 static int defer_connect(struct sock *sk, struct msghdr *msg, size_t size)
 {
     struct bpf_mem_ptr tmpMem = {0};
@@ -43,6 +62,7 @@ static int defer_connect(struct sock *sk, struct msghdr *msg, size_t size)
     const struct iovec *iov;
     struct bpf_sock_addr_kern sock_addr;
     struct sockaddr_in uaddr;
+    int uaddrlen = sizeof(struct sockaddr_in);
     void __user *ubase;
     int err;
     u32 dport, daddr;
@@ -54,7 +74,11 @@ static int defer_connect(struct sock *sk, struct msghdr *msg, size_t size)
         ubase = iov->iov_base;
         kbuf_size = iov->iov_len;
     } else if (iter_is_iovec(&msg->msg_iter)) {
+#ifdef KERNEL_KFUNC
+        iov = msg->msg_iter.__iov;
+#else
         iov = msg->msg_iter.iov;
+#endif
         ubase = iov->iov_base;
         kbuf_size = iov->iov_len;
 #if ITER_TYPE_IS_UBUF
@@ -79,31 +103,11 @@ static int defer_connect(struct sock *sk, struct msghdr *msg, size_t size)
     tmpMem.size = kbuf_size;
     tmpMem.ptr = kbuf;
 
-#if OE_23_03
-    tcp_call_bpf_3arg(
-        sk,
-        BPF_SOCK_OPS_TCP_DEFER_CONNECT_CB,
-        ((u64)(&tmpMem) & U32_MAX),
-        (((u64)(&tmpMem) >> 32) & U32_MAX),
-        kbuf_size);
-    daddr = sk->sk_daddr;
-    dport = sk->sk_dport;
-
-    // daddr == 0 && dport == 0 are special flags meaning the circuit breaker is open
-    // Should reject connection here
-    if (daddr == 0 && dport == 0) {
-        tcp_set_state(sk, TCP_CLOSE);
-        sk->sk_route_caps = 0;
-        inet_sk(sk)->inet_dport = 0;
-        err = -1;
-        goto out;
-    }
-#else
     uaddr.sin_family = AF_INET;
     uaddr.sin_addr.s_addr = daddr;
     uaddr.sin_port = dport;
-    err = BPF_CGROUP_RUN_PROG_INET4_CONNECT_KMESH(sk, (struct sockaddr *)&uaddr, &tmpMem);
-#endif
+    err = BPF_CGROUP_RUN_PROG_INET4_CONNECT_KMESH(sk, (struct sockaddr *)&uaddr, &uaddrlen, &tmpMem);
+
 connect:
     err = sk->sk_prot->connect(sk, (struct sockaddr *)&uaddr, sizeof(struct sockaddr_in));
     if (unlikely(err)) {
@@ -113,7 +117,7 @@ static int defer_connect(struct sock *sk, struct msghdr *msg, size_t size)
         inet_sk(sk)->inet_dport = 0;
         goto out;
     }
-    inet_sk(sk)->defer_connect = 0;
+    SET_FDEFER_CONNECT_OFF(sk);
 
     if ((((__u32)1 << sk->sk_state) & ~(__u32)(TCPF_ESTABLISHED | TCPF_CLOSE_WAIT)) && !tcp_passive_fastopen(sk)) {
         sk_stream_wait_connect(sk, &timeo);
@@ -128,7 +132,7 @@ static int defer_connect_and_sendmsg(struct sock *sk, struct msghdr *msg, size_t
     struct socket *sock;
     int err = 0;
 
-    if (unlikely(inet_sk(sk)->defer_connect == 1)) {
+    if (unlikely(IS_DEFER_CONNECT(sk))) {
         lock_sock(sk);
 
         err = defer_connect(sk, msg, size);
@@ -163,9 +167,9 @@ static int defer_tcp_connect(struct sock *sk, struct sockaddr *uaddr, int addr_l
      * of defer_connect should be 1 and the normal connect function
      * needs to be used.
      */
-    if (inet_sk(sk)->defer_connect)
+    if (IS_DEFER_CONNECT(sk))
         return tcp_v4_connect(sk, uaddr, addr_len);
-    inet_sk(sk)->defer_connect = 1;
+    SET_FDEFER_CONNECT_ON(sk);
     sk->sk_dport = ((struct sockaddr_in *)uaddr)->sin_port;
     sk_daddr_set(sk, ((struct sockaddr_in *)uaddr)->sin_addr.s_addr);
     sk->sk_socket->state = SS_CONNECTING;