kmesh compilate macros init

build.sh

@@ -2,8 +2,9 @@
 ROOT_DIR=$(dirname $(readlink -f ${BASH_SOURCE[0]}))
 
 function prepare() {
-    ARCH=$(arch)
-    if [ "$ARCH" == "x86_64" ]; then
+    sh kmesh_macros_env.sh
+    sh kmesh_bpf_env.sh
+    if [ "$(arch)" == "x86_64" ]; then
             export EXTRA_CDEFINE="-D__x86_64__"
     fi
 
@@ -12,7 +13,6 @@ function prepare() {
 
     (cd $ROOT_DIR/vendor/google.golang.org/protobuf/cmd/protoc-gen-go && go build -mod=vendor)
     export PATH=$PATH:$ROOT_DIR/vendor/google.golang.org/protobuf/cmd/protoc-gen-go/
-    cp $ROOT_DIR/depends/include/5.10.0-60.18.0.50.oe2203/bpf_helper_defs_ext.h $ROOT_DIR/bpf/include/
 }
 
 function install() {

config/kmesh_marcos_def.h

@@ -0,0 +1,49 @@
+/*
+ * Copyright (c) Huawei Technologies Co., Ltd. 2022-2022. All rights reserved.
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at:
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+/* When the two ends use loopback addresses for communication, there is a 
+ * low probability that link conflicts occur. The namespace cookie 
+ * corresponding to each container is added to the hash key to avoid 
+ * loopback address link conflicts. Obtains the namespace cookie of the
+ * current container based on the bpf_get_netns_cookie auxiliary function.
+*/
+#define MDA_LOOPBACK_ADDR	1
+
+/* supports NAT acceleration. That is, acceleration can also be performed 
+ * when iptables is used to forward traffic between service containers 
+ * and sidecar containers. The bpf_sk_original_addr auxiliary function is 
+ * used to obtain the original destination address.
+*/
+#define MDA_NAT_ACCEL		1
+
+/* supports acceleration function filtering based on GID and UID. 
+ * That is, the GID or UID corresponding to the process to be accelerated 
+ * is configured in the configuration file. The bpf_get_sockops_uid_gid 
+ * auxiliary function is used to obtain the GID and UID of the current 
+ * process.
+*/
+#define MDA_GID_UID_FILTER	1
+
+/* In the kernel network protocol stack, the port is stored in u16, 
+ * but in the bpf network module, the port is stored in u32. Therefore, 
+ * after the endian conversion, the 16-bit port needs to be obtained from 
+ * the 32-bit data structure. You need to find the position of the valid 
+ * 16 bits. Generally, after the port is extended from 16 bits to 32 bits, 
+ * the port is in the upper 16 bits after the endian conversion. 
+ * Therefore, you need to offset the port before using the u16 RX port.
+ * In some specific kernels, the port stored in sockops is in the lower 
+ * 16 bits and does not need to be offset.
+ */
+#define MDA_PORT_OFFSET		1

kmesh_bpf_env.sh

@@ -0,0 +1,9 @@
+#!/bin/bash
+
+ROOT_DIR=$(dirname $(readlink -f ${BASH_SOURCE[0]}))
+VERSION=$(uname -r | cut -d '.' -f 1,2)
+OE_VERSION=$(uname -r | grep -o 'oe[^.]*')
+
+if [ "$OE_VERSION" == "oe2303" ]; then
+        cp $ROOT_DIR/depends/include/6.1/bpf_helper_defs_ext.h $ROOT_DIR/bpf/include/
+fi

kmesh_macros_env.sh

@@ -0,0 +1,33 @@
+#!/bin/bash
+
+VERSION=$(uname -r | cut -d '.' -f 1,2)
+OE_VERSION=$(uname -r | grep -o 'oe[^.]*')
+
+function set_config() {
+    sed -i -r -e "s/($1)([ \t]*)([0-9]+)/\1\2$2/" config/kmesh_marcos_def.h
+}
+
+function set_config_oe2303() {
+    set_config MDA_LOOPBACK_ADDR 1
+    set_config MDA_NAT_ACCEL 0
+    set_config MDA_GID_UID_FILTER 0
+    set_config MDA_PORT_OFFSET 0
+}
+
+function set_config_all_disabled() {
+    set_config MDA_LOOPBACK_ADDR 0
+    set_config MDA_NAT_ACCEL 0
+    set_config MDA_GID_UID_FILTER 0
+    set_config MDA_PORT_OFFSET 1
+}
+
+function set_kmesh_env_config() {
+
+   # openEuler 2303
+    if [ "$OE_VERSION" == "oe2303" ]; then
+            set_config_oe2303
+    else
+            set_config_all_disabled
+    fi
+}
+set_kmesh_env_config

oncn-mda/cli_src/func/chain.c

@@ -19,8 +19,10 @@
 static const struct option g_chain_options[] = {
 	{"ip",			required_argument, NULL, 'i'},
 	{"ports",		required_argument, NULL, 'p'},
+#if MDA_GID_UID_FILTER
 	{"uid-owner",	required_argument, NULL, 'u'},
 	{"gid-owner",	required_argument, NULL, 'g'},
+#endif
 	{"jump",		required_argument, NULL, 'j'},
 	{NULL}
 };
@@ -30,8 +32,10 @@ static void chain_usage(void)
 	(void)printf("config file usage: chain {OPTIONS}\n");
 	(void)printf("       OPTIONS: -i|--ip:        filter cidr:ip/mask\n");
 	(void)printf("                -p|--ports:     filter ports,eg:15001-15006\n");
+#if MDA_GID_UID_FILTER
 	(void)printf("                -u|--uid-owner: filter uids,eg:1337\n");
 	(void)printf("                -g|--gid-owner: filter gids,eg:1337\n");
+#endif
 	(void)printf("                -j|--jump:      RETURN or ACCEPT,eg:accept/return\n");
 }
 
@@ -70,38 +74,6 @@ static int get_input_port(const char* const src, struct input_filter_rule* const
 	return SUCCESS;
 }
 
-static int get_input_uid(const char* const src, struct input_filter_rule* const input_filter_rules)
-{
-	if (input_filter_rules->input_uid_num >= MAX_UID_GID_LENGTH) {
-		macli_log(ERR, "over the max uids set num, max is %d\n", MAX_PARAM_LENGTH);
-		return FAILED;
-	}
-	__u32 tmp_uid;
-	if (get_u32_num(src, &tmp_uid) != SUCCESS) {
-		macli_log(ERR, "not a valid uids! you input:%s\n", src);
-		return FAILED;
-	}
-	input_filter_rules->input_uid[(input_filter_rules->input_uid_num)++] = tmp_uid;
-
-	return SUCCESS;
-}
-
-static int get_input_gid(const char* const src, struct input_filter_rule* const input_filter_rules)
-{
-	if (input_filter_rules->input_gid_num >= MAX_UID_GID_LENGTH) {
-		macli_log(ERR, "over the max gids set num, max is %d\n", MAX_PARAM_LENGTH);
-		return FAILED;
-	}
-	__u32 tmp_gid;
-	if (get_u32_num(src, &tmp_gid) != SUCCESS) {
-		macli_log(ERR, "not a valid gids! you input:%s\n", src);
-		return FAILED;
-	}
-	input_filter_rules->input_gid[(input_filter_rules->input_gid_num)++] = tmp_gid;
-
-	return SUCCESS;
-}
-
 static int set_cidr_filter_rule(struct input_cidr* const p, __u32 ipv4, __u32 mask)
 {
 	if (p->current_cidr_num + 1 > MAX_PARAM_LENGTH) {
@@ -132,32 +104,6 @@ static int set_port_filter_rule(struct input_port* const p, __u32 begin_port, __
 	return SUCCESS;
 }
 
-static int set_uid_filter_rule(struct input_uid* const p, __u32 input_uid)
-{
-	if (p->current_uid_num + 1 > MAX_PARAM_LENGTH) {
-		macli_log(ERR, "can not set accept uids rule, because the rule is too much! max rule num is %d\n",
-				  MAX_PARAM_LENGTH);
-		return FAILED;
-	}
-	p->uids[p->current_uid_num] = input_uid;
-	p->current_uid_num++;
-	macli_log(DEBUG, "add uids:%u to filter\n", input_uid);
-	return SUCCESS;
-}
-
-static int set_gid_filter_rule(struct input_gid* const p, __u32 input_gid)
-{
-	if (p->current_gid_num + 1 > MAX_PARAM_LENGTH) {
-		macli_log(ERR, "can not set accept gids rule, because the rule is too much! max rule num is %d\n",
-				  MAX_PARAM_LENGTH);
-		return FAILED;
-	}
-	p->gids[p->current_gid_num] = input_gid;
-	p->current_gid_num++;
-	macli_log(DEBUG, "add gids:%u to accept filter\n", input_gid);
-	return SUCCESS;
-}
-
 static int init_cidr_param(struct sock_param* const filter_rules,
 						   const struct input_filter_rule* const input_filter_rules, bool is_accept)
 {
@@ -201,6 +147,65 @@ static int init_port_param(struct sock_param* const filter_rules,
 	return SUCCESS;
 }
 
+#if MDA_GID_UID_FILTER
+static int get_input_uid(const char* const src, struct input_filter_rule* const input_filter_rules)
+{
+	if (input_filter_rules->input_uid_num >= MAX_UID_GID_LENGTH) {
+		macli_log(ERR, "over the max uids set num, max is %d\n", MAX_PARAM_LENGTH);
+		return FAILED;
+	}
+	__u32 tmp_uid;
+	if (get_u32_num(src, &tmp_uid) != SUCCESS) {
+		macli_log(ERR, "not a valid uids! you input:%s\n", src);
+		return FAILED;
+	}
+	input_filter_rules->input_uid[(input_filter_rules->input_uid_num)++] = tmp_uid;
+
+	return SUCCESS;
+}
+
+static int get_input_gid(const char* const src, struct input_filter_rule* const input_filter_rules)
+{
+	if (input_filter_rules->input_gid_num >= MAX_UID_GID_LENGTH) {
+		macli_log(ERR, "over the max gids set num, max is %d\n", MAX_PARAM_LENGTH);
+		return FAILED;
+	}
+	__u32 tmp_gid;
+	if (get_u32_num(src, &tmp_gid) != SUCCESS) {
+		macli_log(ERR, "not a valid gids! you input:%s\n", src);
+		return FAILED;
+	}
+	input_filter_rules->input_gid[(input_filter_rules->input_gid_num)++] = tmp_gid;
+
+	return SUCCESS;
+}
+
+static int set_uid_filter_rule(struct input_uid* const p, __u32 input_uid)
+{
+	if (p->current_uid_num + 1 > MAX_PARAM_LENGTH) {
+		macli_log(ERR, "can not set accept uids rule, because the rule is too much! max rule num is %d\n",
+				  MAX_PARAM_LENGTH);
+		return FAILED;
+	}
+	p->uids[p->current_uid_num] = input_uid;
+	p->current_uid_num++;
+	macli_log(DEBUG, "add uids:%u to filter\n", input_uid);
+	return SUCCESS;
+}
+
+static int set_gid_filter_rule(struct input_gid* const p, __u32 input_gid)
+{
+	if (p->current_gid_num + 1 > MAX_PARAM_LENGTH) {
+		macli_log(ERR, "can not set accept gids rule, because the rule is too much! max rule num is %d\n",
+				  MAX_PARAM_LENGTH);
+		return FAILED;
+	}
+	p->gids[p->current_gid_num] = input_gid;
+	p->current_gid_num++;
+	macli_log(DEBUG, "add gids:%u to accept filter\n", input_gid);
+	return SUCCESS;
+}
+
 static int init_gid_param(struct sock_param* const filter_rules,
 						  const struct input_filter_rule* const input_filter_rules, bool is_accept)
 {
@@ -230,6 +235,7 @@ static int init_uid_param(struct sock_param* const filter_rules,
 	}
 	return SUCCESS;
 }
+#endif
 
 static int set_filter_rule(struct sock_param* const filter_rules,
 						   const struct input_filter_rule* const input_filter_rules, bool is_accept)
@@ -241,11 +247,13 @@ static int set_filter_rule(struct sock_param* const filter_rules,
 	if (init_port_param(filter_rules, input_filter_rules, is_accept) != SUCCESS)
 		return FAILED;
 
+#if MDA_GID_UID_FILTER
 	if (init_uid_param(filter_rules, input_filter_rules, is_accept) != SUCCESS)
 		return FAILED;
 
 	if (init_gid_param(filter_rules, input_filter_rules, is_accept) != SUCCESS)
 		return FAILED;
+#endif
 
 	return SUCCESS;
 }
@@ -266,6 +274,7 @@ static int chain_get_opt(int argc, char* const *argv,
 			if (get_input_port(optarg, input_filter_rules) != SUCCESS)
 				return FAILED;
 			break;
+#if MDA_GID_UID_FILTER
 		case 'u':
 			if (get_input_uid(optarg, input_filter_rules) != SUCCESS)
 				return FAILED;
@@ -274,6 +283,7 @@ static int chain_get_opt(int argc, char* const *argv,
 			if (get_input_gid(optarg, input_filter_rules) != SUCCESS)
 				return FAILED;
 			break;
+#endif
 		case 'j':
 			if (strcmp("ACCEPT", optarg) == 0 || strcmp("accept", optarg) == 0) {
 				*is_accept = true;

oncn-mda/cli_src/func/global.c

@@ -21,7 +21,9 @@
 
 const char pinmap_file_path[][PATH_MAX] = {
 	"/sys/fs/bpf/meshAccelerate/sock_ops_map",
+#if MDA_GID_UID_FILTER
 	"/sys/fs/bpf/meshAccelerate/sock_helper_map",
+#endif
 	"/sys/fs/bpf/meshAccelerate/sock_param_map",
 	"/sys/fs/bpf/meshAccelerate/sock_proxy_map",
 	"/sys/fs/bpf/meshAccelerate/sock_dump_map",
@@ -49,13 +51,15 @@ struct bpf_create_map_attr g_sock_ops_map_xattr = {
 	.max_entries	= SKOPS_MAP_SIZE,
 };
 
+#if MDA_GID_UID_FILTER
 struct bpf_create_map_attr g_sock_ops_helper_map_xattr = {
 	.name			= to_str(SOCK_OPS_HELPER_MAP_NAME),
 	.map_type		= BPF_MAP_TYPE_HASH,
 	.key_size		= sizeof(struct sock_key),
 	.value_size		= sizeof(struct uid_gid_info),
 	.max_entries	= SKOPS_MAP_SIZE,
 };
+#endif
 
 struct bpf_create_map_attr g_sock_ops_proxy_map_xattr = {
 	.name			= to_str(SOCK_OPS_PROXY_MAP_NAME),
@@ -218,8 +222,10 @@ int init_fds(struct mesh_service_info* const fds, int cgroup_fd)
 	int ret = SUCCESS;
 	ret += init_mesh_map(&fds->map_fds[MESH_MAP_OPS_MAP], pinmap_file_path[MESH_MAP_OPS_MAP],
 						to_str(SOCK_OPS_MAP_NAME), &g_sock_ops_map_xattr);
+#if MDA_GID_UID_FILTER
 	ret += init_mesh_map(&fds->map_fds[MESH_MAP_OPS_HELPER_MAP], pinmap_file_path[MESH_MAP_OPS_HELPER_MAP],
 						to_str(SOCK_OPS_HELPER_MAP_NAME), &g_sock_ops_helper_map_xattr);
+#endif
 	ret += init_mesh_map(&fds->map_fds[MESH_MAP_OPS_PARAM_MAP], pinmap_file_path[MESH_MAP_OPS_PARAM_MAP],
 						to_str(SOCK_PARAM_MAP_NAME), &g_sock_param_map_xattr);
 	ret += init_mesh_map(&fds->map_fds[MESH_MAP_OPS_PROXY_MAP], pinmap_file_path[MESH_MAP_OPS_PROXY_MAP],