From 480426c56b42b96b97756648e2ba47ef9fc5a0b0 Mon Sep 17 00:00:00 2001 From: Trekkie Coder Date: Sat, 31 Aug 2024 22:27:38 +0900 Subject: [PATCH 1/2] Use libbpf for ebpf tc hooks --- Dockerfile | 8 -------- cicd/common.sh | 4 ++-- cicd/docker-k0s-lb/common.sh | 4 ++-- cicd/docker-k3s-calico/common.sh | 4 ++-- cicd/docker-k3s-cilium/common.sh | 4 ++-- cicd/docker-k3s-lb/common.sh | 4 ++-- cicd/k0s-incluster/common.sh | 4 ++-- cicd/k3s-incluster/common.sh | 4 ++-- cicd/microk8s-incluster/common.sh | 2 +- loxilb-ebpf | 2 +- pkg/loxinet/dpebpf_linux.go | 2 +- 11 files changed, 17 insertions(+), 25 deletions(-) diff --git a/Dockerfile b/Dockerfile index ade2d208..f63f2d7c 100644 --- a/Dockerfile +++ b/Dockerfile @@ -34,14 +34,6 @@ RUN mkdir -p /opt/loxilb && \ if [ -d /usr/local/build/lib64 ] ; then mv /usr/local/build/lib64 /usr/local/build/lib; fi && \ cp -fr /usr/local/build/lib/* /usr/lib/ && ldconfig && \ rm -fr openssl-3.3.1* && \ - # Install loxilb's custom ntc tool - wget https://github.com/loxilb-io/iproute2/archive/refs/heads/main.zip && \ - unzip main.zip && cd iproute2-main/ && rm -fr libbpf && wget https://github.com/loxilb-io/libbpf/archive/refs/heads/main.zip && \ - unzip main.zip && mv libbpf-main libbpf && cd libbpf/src/ && mkdir build && \ - make install && DESTDIR=build OBJDIR=build make install && cd - && \ - export PKG_CONFIG_PATH=$PKG_CONFIG_PATH:`pwd`/libbpf/src/ && \ - LIBBPF_FORCE=on LIBBPF_DIR=`pwd`/libbpf/src/build ./configure && make && \ - cp -f tc/tc /usr/local/sbin/ntc && cd .. && rm -fr main.zip iproute2-main && \ # Install bpftool wget https://github.com/libbpf/bpftool/releases/download/v7.2.0/bpftool-libbpf-v7.2.0-sources.tar.gz && \ tar -xvzf bpftool-libbpf-v7.2.0-sources.tar.gz && cd bpftool/src/ && \ diff --git a/cicd/common.sh b/cicd/common.sh index a0004468..619a1c36 100644 --- a/cicd/common.sh +++ b/cicd/common.sh @@ -561,8 +561,8 @@ function create_lb_rule() { return fi - hook=$($dexec llb1 ntc filter show dev eth0 ingress | grep tc_packet_hook) - if [[ $hook != *"tc_packet_hook"* ]]; then + hook=$($dexec llb1 tc filter show dev eth0 ingress | grep tc_packet_func) + if [[ $hook != *"tc_packet_func"* ]]; then echo "ERROR : No hook point found"; exit 1 fi diff --git a/cicd/docker-k0s-lb/common.sh b/cicd/docker-k0s-lb/common.sh index 87d08bd5..01c5a55a 100755 --- a/cicd/docker-k0s-lb/common.sh +++ b/cicd/docker-k0s-lb/common.sh @@ -532,8 +532,8 @@ function create_lb_rule() { echo "$1: loxicmd create lb ${args[*]}" $dexec $1 loxicmd create lb ${args[*]} - hook=$($dexec llb1 ntc filter show dev eth0 ingress | grep tc_packet_hook) - if [[ $hook != *"tc_packet_hook"* ]]; then + hook=$($dexec llb1 tc filter show dev eth0 ingress | grep tc_packet_func) + if [[ $hook != *"tc_packet_func"* ]]; then echo "ERROR : No hook point found"; exit 1 fi diff --git a/cicd/docker-k3s-calico/common.sh b/cicd/docker-k3s-calico/common.sh index b82f6e0e..ea119602 100644 --- a/cicd/docker-k3s-calico/common.sh +++ b/cicd/docker-k3s-calico/common.sh @@ -536,8 +536,8 @@ function create_lb_rule() { echo "$1: loxicmd create lb ${args[*]}" $dexec $1 loxicmd create lb ${args[*]} - hook=$($dexec llb1 ntc filter show dev eth0 ingress | grep tc_packet_hook) - if [[ $hook != *"tc_packet_hook"* ]]; then + hook=$($dexec llb1 tc filter show dev eth0 ingress | grep tc_packet_func) + if [[ $hook != *"tc_packet_func"* ]]; then echo "ERROR : No hook point found"; exit 1 fi diff --git a/cicd/docker-k3s-cilium/common.sh b/cicd/docker-k3s-cilium/common.sh index b82f6e0e..ea119602 100644 --- a/cicd/docker-k3s-cilium/common.sh +++ b/cicd/docker-k3s-cilium/common.sh @@ -536,8 +536,8 @@ function create_lb_rule() { echo "$1: loxicmd create lb ${args[*]}" $dexec $1 loxicmd create lb ${args[*]} - hook=$($dexec llb1 ntc filter show dev eth0 ingress | grep tc_packet_hook) - if [[ $hook != *"tc_packet_hook"* ]]; then + hook=$($dexec llb1 tc filter show dev eth0 ingress | grep tc_packet_func) + if [[ $hook != *"tc_packet_func"* ]]; then echo "ERROR : No hook point found"; exit 1 fi diff --git a/cicd/docker-k3s-lb/common.sh b/cicd/docker-k3s-lb/common.sh index b82f6e0e..ea119602 100644 --- a/cicd/docker-k3s-lb/common.sh +++ b/cicd/docker-k3s-lb/common.sh @@ -536,8 +536,8 @@ function create_lb_rule() { echo "$1: loxicmd create lb ${args[*]}" $dexec $1 loxicmd create lb ${args[*]} - hook=$($dexec llb1 ntc filter show dev eth0 ingress | grep tc_packet_hook) - if [[ $hook != *"tc_packet_hook"* ]]; then + hook=$($dexec llb1 tc filter show dev eth0 ingress | grep tc_packet_func) + if [[ $hook != *"tc_packet_func"* ]]; then echo "ERROR : No hook point found"; exit 1 fi diff --git a/cicd/k0s-incluster/common.sh b/cicd/k0s-incluster/common.sh index b82f6e0e..ea119602 100755 --- a/cicd/k0s-incluster/common.sh +++ b/cicd/k0s-incluster/common.sh @@ -536,8 +536,8 @@ function create_lb_rule() { echo "$1: loxicmd create lb ${args[*]}" $dexec $1 loxicmd create lb ${args[*]} - hook=$($dexec llb1 ntc filter show dev eth0 ingress | grep tc_packet_hook) - if [[ $hook != *"tc_packet_hook"* ]]; then + hook=$($dexec llb1 tc filter show dev eth0 ingress | grep tc_packet_func) + if [[ $hook != *"tc_packet_func"* ]]; then echo "ERROR : No hook point found"; exit 1 fi diff --git a/cicd/k3s-incluster/common.sh b/cicd/k3s-incluster/common.sh index b82f6e0e..ea119602 100644 --- a/cicd/k3s-incluster/common.sh +++ b/cicd/k3s-incluster/common.sh @@ -536,8 +536,8 @@ function create_lb_rule() { echo "$1: loxicmd create lb ${args[*]}" $dexec $1 loxicmd create lb ${args[*]} - hook=$($dexec llb1 ntc filter show dev eth0 ingress | grep tc_packet_hook) - if [[ $hook != *"tc_packet_hook"* ]]; then + hook=$($dexec llb1 tc filter show dev eth0 ingress | grep tc_packet_func) + if [[ $hook != *"tc_packet_func"* ]]; then echo "ERROR : No hook point found"; exit 1 fi diff --git a/cicd/microk8s-incluster/common.sh b/cicd/microk8s-incluster/common.sh index b82f6e0e..c65963cd 100755 --- a/cicd/microk8s-incluster/common.sh +++ b/cicd/microk8s-incluster/common.sh @@ -536,7 +536,7 @@ function create_lb_rule() { echo "$1: loxicmd create lb ${args[*]}" $dexec $1 loxicmd create lb ${args[*]} - hook=$($dexec llb1 ntc filter show dev eth0 ingress | grep tc_packet_hook) + hook=$($dexec llb1 tc filter show dev eth0 ingress | grep tc_packet_hook) if [[ $hook != *"tc_packet_hook"* ]]; then echo "ERROR : No hook point found"; exit 1 diff --git a/loxilb-ebpf b/loxilb-ebpf index 110212da..771bbaff 160000 --- a/loxilb-ebpf +++ b/loxilb-ebpf @@ -1 +1 @@ -Subproject commit 110212da0fe0910b67c4e6c44e85d207082eaa19 +Subproject commit 771bbaffb6a0f42a77568f8201bf53fd4ecf7355 diff --git a/pkg/loxinet/dpebpf_linux.go b/pkg/loxinet/dpebpf_linux.go index fd12b040..452d9d25 100644 --- a/pkg/loxinet/dpebpf_linux.go +++ b/pkg/loxinet/dpebpf_linux.go @@ -434,7 +434,7 @@ func (e *DpEbpfH) loadEbpfPgm(name string) int { ret := -1 for _, f := range filters { if t, ok := f.(*nlp.BpfFilter); ok { - if strings.Contains(t.Name, C.TC_LL_SEC_DEFAULT) { + if strings.Contains(t.Name, "tc_packet_func") { ret = 0 break } From fff2abb355412550d725ac53d9917fa6dae7a446 Mon Sep 17 00:00:00 2001 From: Trekkie Coder Date: Sat, 31 Aug 2024 22:32:14 +0900 Subject: [PATCH 2/2] Use libbpf for ebpf tc hooks --- Dockerfile | 1 - 1 file changed, 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index f63f2d7c..86b5d1b5 100644 --- a/Dockerfile +++ b/Dockerfile @@ -100,7 +100,6 @@ COPY --from=build /usr/local/sbin/loxilb_dp_debug /usr/local/sbin/loxilb_dp_debu COPY --from=build /usr/local/sbin/loxicmd /usr/local/sbin/loxicmd COPY --from=build /opt/loxilb /opt/loxilb COPY --from=build /root/loxilb-io/loxilb/loxilb /root/loxilb-io/loxilb/loxilb -COPY --from=build /usr/local/sbin/ntc /usr/local/sbin/ntc COPY --from=build /usr/local/sbin/bpftool /usr/local/sbin/bpftool COPY --from=build /usr/sbin/gobgp* /usr/sbin/ COPY --from=build /root/.bashrc /root/.bashrc