-
Notifications
You must be signed in to change notification settings - Fork 153
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #702 from l1b0k/release-1.9
update policy image
- Loading branch information
Showing
4 changed files
with
267 additions
and
106 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,101 @@ | ||
| From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 | ||
| From: l1b0k <[email protected]> | ||
| Date: Sat, 12 Oct 2024 09:33:24 +0800 | ||
| Subject: fix disable per-package lb | ||
|
|
||
| Signed-off-by: l1b0k <[email protected]> | ||
| --- | ||
| bpf/bpf_lxc.c | 5 ++--- | ||
| daemon/cmd/daemon_main.go | 3 +++ | ||
| pkg/datapath/linux/config/config.go | 5 +++++ | ||
| pkg/option/config.go | 6 ++++++ | ||
| 4 files changed, 16 insertions(+), 3 deletions(-) | ||
|
|
||
| diff --git a/bpf/bpf_lxc.c b/bpf/bpf_lxc.c | ||
| index 2773e2c276..7e424204e2 100644 | ||
| --- a/bpf/bpf_lxc.c | ||
| +++ b/bpf/bpf_lxc.c | ||
| @@ -58,9 +58,9 @@ | ||
| * Most services with L7 LB flag can not be redirected to their proxy port | ||
| * in bpf_sock, so we must check for those via per packet LB as well. | ||
| */ | ||
| -#if !defined(ENABLE_SOCKET_LB_FULL) || \ | ||
| +#if (!defined(ENABLE_SOCKET_LB_FULL) || \ | ||
| defined(ENABLE_SOCKET_LB_HOST_ONLY) || \ | ||
| - defined(ENABLE_L7_LB) | ||
| + defined(ENABLE_L7_LB) ) && !defined(DISABLE_PER_PACKET_LB) | ||
| # define ENABLE_PER_PACKET_LB 1 | ||
| #endif | ||
|
|
||
| @@ -1247,7 +1247,6 @@ static __always_inline int __tail_handle_ipv4(struct __ctx_buff *ctx) | ||
|
|
||
| if (unlikely(!is_valid_lxc_src_ipv4(ip4))) | ||
| return DROP_INVALID_SIP; | ||
| - | ||
| #ifdef ENABLE_PER_PACKET_LB | ||
| { | ||
| struct ipv4_ct_tuple tuple = {}; | ||
| diff --git a/daemon/cmd/daemon_main.go b/daemon/cmd/daemon_main.go | ||
| index de2ad4900b..8b495d972f 100644 | ||
| --- a/daemon/cmd/daemon_main.go | ||
| +++ b/daemon/cmd/daemon_main.go | ||
| @@ -1147,6 +1147,9 @@ func initializeFlags() { | ||
| flags.MarkHidden(option.EnableStaleCiliumEndpointCleanup) | ||
| option.BindEnv(option.EnableStaleCiliumEndpointCleanup) | ||
|
|
||
| + flags.Bool(option.DisablePerPacketLB, false, "Disable svc func.") | ||
| + option.BindEnv(option.DisablePerPacketLB) | ||
| + | ||
| viper.BindPFlags(flags) | ||
| } | ||
|
|
||
| diff --git a/pkg/datapath/linux/config/config.go b/pkg/datapath/linux/config/config.go | ||
| index 060328adf9..4201e878fb 100644 | ||
| --- a/pkg/datapath/linux/config/config.go | ||
| +++ b/pkg/datapath/linux/config/config.go | ||
| @@ -98,6 +98,11 @@ func (h *HeaderfileWriter) WriteNodeConfig(w io.Writer, cfg *datapath.LocalNodeC | ||
|
|
||
| cDefinesMap["KERNEL_HZ"] = fmt.Sprintf("%d", option.Config.KernelHz) | ||
|
|
||
| + if option.Config.DisablePerPacketLB { | ||
| + log.Infof("Disabling per-packet LB policy") | ||
| + cDefinesMap["DISABLE_PER_PACKET_LB"] = "1" | ||
| + } | ||
| + | ||
| if option.Config.EnableIPv6 { | ||
| extraMacrosMap["ROUTER_IP"] = routerIP.String() | ||
| fw.WriteString(defineIPv6("ROUTER_IP", routerIP)) | ||
| diff --git a/pkg/option/config.go b/pkg/option/config.go | ||
| index d4d9643f4e..80b5eb2c7c 100644 | ||
| --- a/pkg/option/config.go | ||
| +++ b/pkg/option/config.go | ||
| @@ -1104,6 +1104,8 @@ const ( | ||
| // EnableStaleCiliumEndpointCleanup sets whether Cilium should perform cleanup of | ||
| // stale CiliumEndpoints during init. | ||
| EnableStaleCiliumEndpointCleanup = "enable-stale-cilium-endpoint-cleanup" | ||
| + | ||
| + DisablePerPacketLB = "disable-per-package-lb" | ||
| ) | ||
|
|
||
| // Default string arguments | ||
| @@ -2262,6 +2264,8 @@ type DaemonConfig struct { | ||
| // This will attempt to remove local CiliumEndpoints that are not managed by Cilium | ||
| // following Endpoint restoration. | ||
| EnableStaleCiliumEndpointCleanup bool | ||
| + | ||
| + DisablePerPacketLB bool | ||
| } | ||
|
|
||
| var ( | ||
| @@ -3257,6 +3261,8 @@ func (c *DaemonConfig) Populate() { | ||
| c.EnableK8sTerminatingEndpoint = viper.GetBool(EnableK8sTerminatingEndpoint) | ||
| c.EnableStaleCiliumEndpointCleanup = viper.GetBool(EnableStaleCiliumEndpointCleanup) | ||
|
|
||
| + c.DisablePerPacketLB = viper.GetBool(DisablePerPacketLB) | ||
| + | ||
| // Disable Envoy version check if L7 proxy is disabled. | ||
| c.DisableEnvoyVersionCheck = viper.GetBool(DisableEnvoyVersionCheck) | ||
| if !c.EnableL7Proxy { | ||
| -- | ||
| 2.46.0 | ||
|
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,51 @@ | ||
| From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 | ||
| From: l1b0k <[email protected]> | ||
| Date: Mon, 14 Oct 2024 16:33:42 +0800 | ||
| Subject: logging | ||
|
|
||
| Signed-off-by: l1b0k <[email protected]> | ||
| --- | ||
| pkg/maps/ctmap/ctmap.go | 19 +++++++++++++------ | ||
| 1 file changed, 13 insertions(+), 6 deletions(-) | ||
|
|
||
| diff --git a/pkg/maps/ctmap/ctmap.go b/pkg/maps/ctmap/ctmap.go | ||
| index 868871811b..052cab28e9 100644 | ||
| --- a/pkg/maps/ctmap/ctmap.go | ||
| +++ b/pkg/maps/ctmap/ctmap.go | ||
| @@ -496,6 +496,13 @@ func doGC4(m *Map, filter *GCFilter) gcStats { | ||
| globalDeleteLock[m.mapType].Lock() | ||
| stats.dumpError = m.DumpReliablyWithCallback(filterCallback, stats.DumpStats) | ||
| globalDeleteLock[m.mapType].Unlock() | ||
| + | ||
| + log.Infof("gc map %s id %d max %d deleted %d alived %d", m.Name(), m.InnerID, m.MaxEntries, stats.deleted, stats.aliveEntries) | ||
| + cur := stats.aliveEntries + stats.deleted | ||
| + if float64(cur)/float64(m.MaxEntries) >= 0.9 { | ||
| + log.Infof("ConntrackFull table %s current %d maxEntries %d", m.Name(), cur, m.MaxEntries) | ||
| + } | ||
| + | ||
| return stats | ||
| } | ||
|
|
||
| @@ -566,13 +573,13 @@ func GC(m *Map, filter *GCFilter) int { | ||
| // The consumer of the buffer invokes the function. | ||
| // | ||
| // The SNAT is being used for the following cases: | ||
| -// 1. By NodePort BPF on an intermediate node before fwd'ing request from outside | ||
| +// 1. By NodePort BPF on an intermediate node before fwd'ing request from outside | ||
| // to a destination node. | ||
| -// 2. A packet from local endpoint sent to outside (BPF-masq). | ||
| -// 3. A packet from a host local application (i.e. running in the host netns) | ||
| -// This is needed to prevent SNAT from hijacking such connections. | ||
| -// 4. By DSR on a backend node to SNAT responses with service IP+port before | ||
| -// sending to a client. | ||
| +// 2. A packet from local endpoint sent to outside (BPF-masq). | ||
| +// 3. A packet from a host local application (i.e. running in the host netns) | ||
| +// This is needed to prevent SNAT from hijacking such connections. | ||
| +// 4. By DSR on a backend node to SNAT responses with service IP+port before | ||
| +// sending to a client. | ||
| // | ||
| // In the case of 1-3, we always create a CT_EGRESS CT entry. This allows the | ||
| // CT GC to remove corresponding SNAT entries. In the case of 4, will create | ||
| -- | ||
| 2.47.0 | ||
|
|
Oops, something went wrong.