Use eBPF to speed up your Service Mesh like crossing an Einstein-Rosen Bridge.

Overview

merbridge

Use eBPF to speed up your Service Mesh like crossing an Einstein-Rosen Bridge.

Usage

You just only need to run the following command to your Istio cluster to get eBPF to speed up Istio:

kubectl apply -f https://raw.githubusercontent.com/merbridge/merbridge/main/deploy/all-in-one.yaml
Issues
  • Why don't print redirect xxx bytes with eBPF successfully? It means redirect failed?

    Why don't print redirect xxx bytes with eBPF successfully? It means redirect failed?

    I tested this project in my local machine, and i found when it exec redirect(mb_redir.c), it never print debugf("redirect %d bytes with eBPF successfully", msg->size);, so it means redirect failed? In this case, the bookinfo example runs successfully.

    __section("sk_msg") int mb_msg_redir(struct sk_msg_md *msg)
    {
        struct pair p = {
            .dip = msg->local_ip4,
            .dport = bpf_htons(msg->local_port),
            .sip = msg->remote_ip4,
            .sport = msg->remote_port >> 16,
        };
        long ret = bpf_msg_redirect_hash(msg, &sock_pair_map, &p, BPF_F_INGRESS);
        if (ret)
            debugf("redirect %d bytes with eBPF successfully", msg->size);
        return 1;
    }
    

    why the key is :

        struct pair p = {
            .dip = msg->local_ip4,
            .dport = bpf_htons(msg->local_port),
            .sip = msg->remote_ip4,
            .sport = msg->remote_port >> 16,
        };
    

    i change the key like this:

        struct pair p = {
            .sip = msg->local_ip4,
            .sport = bpf_htons(msg->local_port),
            .dip = msg->remote_ip4,
            .dport = msg->remote_port >> 16,
        };
    

    and it print the log like:

    python-933173  [005] d... 17818.380818: bpf_trace_printk: [debug] redirect 314 bytes with eBPF successfully
    

    but the bookinfo example i tested is failed because the connection was closed, it can't connect to details and reviews. It confuses me.

    opened by zhengzepeng 11
  • `failed to pin program cgroup/connect4` in `kind`

    `failed to pin program cgroup/connect4` in `kind`

    $ uname -r
    5.10.46-5rodete1-amd64
    

    Installed with

    kubectl apply -f https://raw.githubusercontent.com/merbridge/merbridge/main/deploy/all-in-one.yaml
    

    Kubernetes:

    Server Version: version.Info{Major:"1", Minor:"23", GitVersion:"v1.23.0", GitCommit:"ab69524f795c42094a6630298ff53f3c3ebab7f4", GitTreeState:"clean", BuildDate:"2021-12-07T21:30:26Z", GoVersion:"go1.17.3", Compiler:"gc", Platform:"linux/amd64"}
    

    running in kind

    bug good first issue 
    opened by howardjohn 9
  • [WIP]add /approve support for ci-bot merge

    [WIP]add /approve support for ci-bot merge

    Fixes #67

    Comment /merge in later PR, it will be merged.

    You have to manage the APPROVERS list here. (The current version of gh-ci-bot cannot read from https://github.com/merbridge/merbridge/blob/059c65629628b6b4df73dc2e02038cc1c7b9ef57/CODEOWNERS 😄)

    opened by pacoxu 5
  • Bump golangci/golangci-lint-action from 2 to 3.1.0

    Bump golangci/golangci-lint-action from 2 to 3.1.0

    Bumps golangci/golangci-lint-action from 2 to 3.1.0.

    Release notes

    Sourced from golangci/golangci-lint-action's releases.

    v3.1.0

    What's Changed

    New features

    CI

    Dependabot

    Misc

    New Contributors

    Full Changelog: https://github.com/golangci/golangci-lint-action/compare/v3...v3.1.0

    v3.0.0

    What's Changed

    New Contributors

    Full Changelog: https://github.com/golangci/golangci-lint-action/compare/v2...v3.0.0

    Bump version v2.5.2

    Bug fixes

    • 5c56cd6 Extract and don't mangle User Args. (#200)

    Dependencies

    • e3c53fe bump @​typescript-eslint/eslint-plugin (#194)
    • 3b9f80e bump @​typescript-eslint/parser from 4.18.0 to 4.19.0 (#195)
    • 9845713 bump @​types/node from 14.14.35 to 14.14.37 (#197)
    • e789ee1 bump eslint from 7.22.0 to 7.23.0 (#196)
    • f2e9a96 bump @​typescript-eslint/eslint-plugin (#188)
    • 818081a bump @​types/node from 14.14.34 to 14.14.35 (#189)
    • 6671836 bump @​typescript-eslint/parser from 4.17.0 to 4.18.0 (#190)

    ... (truncated)

    Commits
    • b517f99 fix version in package-lock.json (#407)
    • 9636c5b Update version to 3.1.0 in package.json (#406)
    • 03e4bef ci(dep): Add step to commit changes if PR has dependencies label (#108)
    • cdfc708 Allow to disable caching completely (#351)
    • 7d5614c build(deps-dev): bump eslint from 8.9.0 to 8.10.0 (#405)
    • c675eb7 Update all direct dependencies (#404)
    • 423fbaf Remove Setup-Go (#403)
    • bcfc6f9 build(deps-dev): bump eslint-plugin-import from 2.25.3 to 2.25.4 (#402)
    • d34ac2a build(deps): bump setup-go from v2.1.4 to v2.2.0 (#401)
    • e4b538e build(deps-dev): bump @​types/node from 16.11.10 to 17.0.19 (#400)
    • Additional commits viewable in compare view

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    dependencies github_actions 
    opened by dependabot[bot] 4
  • > fix CNI error if pod injected ignored

    > fix CNI error if pod injected ignored

    CNI should output preResult if ignored. Error:

      Warning  FailedCreatePodSandBox  18s   kubelet            Failed to create pod sandbox: rpc error: code = Unknown desc = failed to set up sandbox container "d7d0ed31a1022c49cd8a393c7c9548923961b046d4f36a15eaf13f1e60abba2d" network for pod "client-79889f5dfc-gs2ms": networkPlugin cni failed to set up pod "client-79889f5dfc-gs2ms_service-graph01" network: unexpected end of JSON input
    
    needs-e2e-test 
    opened by kebe7jun 3
  • Bump github.com/stretchr/testify from 1.7.1 to 1.7.2

    Bump github.com/stretchr/testify from 1.7.1 to 1.7.2

    Bumps github.com/stretchr/testify from 1.7.1 to 1.7.2.

    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    dependencies go 
    opened by dependabot[bot] 3
  • Bump golang from 1.18.1 to 1.18.2

    Bump golang from 1.18.1 to 1.18.2

    Bumps golang from 1.18.1 to 1.18.2.

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    dependencies docker 
    opened by dependabot[bot] 3
  • "run local ip controller error: load failed:

    Bug Description

    I just tried to install latest merbridge on debian hosted nodes, but gave the next error:

    image

    Any idea how can I fix it?

    Version

    5.10.0-13-amd64 #1 SMP Debian 5.10.106-1 (2022-03-17) x86_64 GNU/Linux
    
    PRETTY_NAME="Debian GNU/Linux 11 (bullseye)"
    NAME="Debian GNU/Linux"
    VERSION_ID="11"
    VERSION="11 (bullseye)"
    
    bug 
    opened by dyipon 3
  • Bump k8s.io/client-go from 0.23.1 to 0.23.4

    Bump k8s.io/client-go from 0.23.1 to 0.23.4

    Bumps k8s.io/client-go from 0.23.1 to 0.23.4.

    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

    Dependabot will merge this PR once CI passes on it, as requested by @kebe7jun.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    dependencies go 
    opened by dependabot[bot] 3
  • debug info: add newlines

    debug info: add newlines

    Currently a lot of info is printed in debug without newlines. This makes it unreadable since it all ends up on one line and is buffered

    ex:

    f280a not in this node, bypass     pilot-agent-1628777 [003] .... 5124899.630602: 0: dest ip: 0x2a0f280a not in this node, bypass     pilot-agent-1628569 [002] .... 5126538.276516: 0: dest ip: 0x2a0f280a not in this node, bypass     pilot-agent-1628777 [000] .... 5126623.887315: 0: dest ip: 0x2a0f280a not in this node, bypass     pilot-agent-1628568 [003] .... 5128303.118174: 0: dest ip: 0x2a0f280a not in this node, bypass     pilot-agent-1628777 [000] .... 5128330.799006: 0: dest ip: 0x2a0f280a not in this node, bypass     pilot-agent-1628785 [007] .... 5130055.044222: 0: dest ip: 0x2a0f280a not in this node, bypass     pilot-agent-1632027 [006] .... 5130256.736341: 0: dest ip: 0x2a0f280a not in this node, bypass     pilot-agent-1628777 [005] .... 5131810.409821: 0: dest ip: 0x2a0f280a not in this node, bypass     pilot-agent-1632027 [003] .... 5132225.059776: 0: dest ip: 0x2a0f280a not in this node, bypass     pilot-agent-1628566 [006] .... 5133395.345887: 0: dest ip: 0x2a0f280a not in this node, bypass     pilot-agent-1628789 [002] .... 5133397.411860: 0: dest ip: 0x2a0f280a not in this node, bypass     pilot-agent-1628789 [003] .... 5133573.295491: 0: dest ip: 0x2a0f280a not in this node, bypass     pilot-agent-1628562 [006] .... 5134188.960511: 0: dest ip: 0x2a0f280a not in this node, bypass     pilot-agent-1628789 [000] .... 5135317.813910: 0: dest ip: 0x2a0f280a not in this node, bypass     pilot-agent-1628566 [005] .... 5135880.181155: 0: dest ip: 0x2a0f280a not in this node, bypass     pilot-agent-1628789 [004] .... 5137066.007069: 0: dest ip: 0x2a0f280a not in this node, bypass     pilot-agent-1628566 [003] .... 5137655.821161: 0: dest ip: 0x2a0f280a not in this node, bypass     pilot-agent-1628787 [001] .... 5139051.791122: 0: dest ip: 0x2a0f280a not in this node, bypass     pilot-agent-1628560 [000] .... 5139397.050254: 0: dest ip: 0x2a0f280a not in this node, bypass     pilot-agent-1628785 [002] .... 5140736.662290: 0: dest ip: 0x2a0f280a not in this node, bypass     pilot-agent-1628569 [005] .... 5141349.168534: 0: dest ip: 0x2a0f280a not in this node, bypass     pilot-agent-1628778 [007] .... 5142591.914237: 0: dest ip: 0x2a0f280a not in this node, bypass     pilot-agent-1632027 [004] .... 5143305.112070: 0: dest ip: 0x2a0f280a not in this node, bypass     pilot-agent-2324859 [002] .... 5144365.424764: 0: dest ip: 0x2a0f280a not in this node, bypass     pilot-agent-1628562 [004] .... 5145109.377559: 0: dest ip: 0x2a0f280a not in this node, bypass     pilot-agent-1628785 [002] .... 5146344.062722: 0: dest ip: 0x2a0f280a not in this node, bypass     pilot-agent-1628568 [007] .... 5146758.073905: 0: dest ip: 0x2a0f280a not in this node, bypass     pilot-agent-2324859 [005] .... 5148313.206178: 0: dest ip: 0x2a0f280a not in this node, bypass     pilot-agent-1875792 [001] .... 5148633.105773: 0: dest ip: 0x2a0f280a not in this node, bypass     pilot-agent-1628779 [005] .... 5150236.062082: 0: dest ip: 0x2a0f280a not in this node, bypass     pilot-agent-1628562 [006] .... 5150511.243033: 0: dest ip: 0x2a0f280a not in this node, bypass     pilot-agent-2324859 [006] .... 5152052.184488: 0: dest ip: 0x2a0f280a not in this node, bypass     pilot-agent-1875792 [001] .... 5152323.772080: 0: dest ip: 0x2a0f280a not in this node, bypass     pilot-agent-1628779 [003] .... 5153776.344605: 0: dest ip: 0x2a0f280a not in this node, bypass     pilot-agent-1628569 [001] .... 5154207.977014: 0: dest ip: 0x2a0f280a not in this node, bypass     pilot-agent-1628782 [001] .... 5155701.097554: 0: dest ip: 0x2a0f280a not in this node, bypass     pilot-agent-1628562 [005] .... 5155858.361471: 0: dest ip: 0x2a0f280a not in this node, bypass    wrk:worker_0-1628577 [007] .... 5157580.385303: 0: dest ip: 0x1400240a not in this node, bypass    wrk:worker_0-1628798 [007] .... 5157580.391976: 0: dest ip: 0x1400240a not in this node, bypass
    
    opened by howardjohn 3
  • Use tc instead of xdp

    Use tc instead of xdp

    https://docs.cilium.io/en/v1.10/bpf/

    For virtual devices like veth devices XDP is unsuitable in this case since the kernel operates solely on a skb here and generic XDP has a few limitations where it does not operate with cloned skb’s. The latter is heavily used from the TCP/IP stack in order to hold data segments for retransmission where the generic XDP hook would simply get bypassed instead. Moreover, generic XDP needs to linearize the entire skb resulting in heavily degraded performance. tc BPF on the other hand is more flexible as it specializes on the skb input context case and thus does not need to cope with the limitations from generic XDP.

    needs-e2e-test 
    opened by dddddai 2
  • Minikube Performance Test

    Minikube Performance Test

    I have done performance testing to check the improvements. Based on my observation there is degradation in average response time compared to normal istio deployment. Please let me know if anybody has observed similar behavior

    opened by shiva-kalgudi 1
  • Bump github.com/spf13/cobra from 1.4.0 to 1.5.0

    Bump github.com/spf13/cobra from 1.4.0 to 1.5.0

    Bumps github.com/spf13/cobra from 1.4.0 to 1.5.0.

    Release notes

    Sourced from github.com/spf13/cobra's releases.

    v1.5.0

    Spring 2022 Release 🌥️

    Hello everyone! Welcome to another release of cobra. Completions continue to get better and better. This release adds a few really cool new features. We also continue to patch versions of our dependencies as they become available via dependabot. Happy coding!

    Active help 👐🏼

    Shout out to @​marckhouzam for a big value add: Active Help spf13/cobra#1482. With active help, a program can provide some inline warnings or hints for users as they hit tab. Now, your CLIs can be even more intuitive to use!

    Currently active help is only supported for bash V2 and zsh. Marc wrote a whole guide on how to do this, so make sure to give it a good read to learn how you can add this to your cobra code! https://github.com/spf13/cobra/blob/master/active_help.md

    Group flags 🧑🏼‍🤝‍🧑🏼

    Cobra now has the ability to mark flags as required or exclusive as a group. Shout out to our newest maintainer @​johnSchnake for this! spf13/cobra#1654 Let's say you have a username flag that MUST be partnered with a password flag. Well, now, you can enforce those as being required together:

    rootCmd.Flags().StringVarP(&u, "username", "u", "", "Username (required if password is set)")
    rootCmd.Flags().StringVarP(&pw, "password", "p", "", "Password (required if username is set)")
    rootCmd.MarkFlagsRequiredTogether("username", "password")
    

    Flags may also be marked as "mutally exclusive" with the MarkFlagsMutuallyExclusive(string, string ... ) command API. Refer to our user guide documentation for further info!

    Completions 👀

    Documentation 📝

    ... (truncated)

    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    dependencies go 
    opened by dependabot[bot] 1
  • 【Merbridge performance test  Lots Of Errors】

    【Merbridge performance test Lots Of Errors】

    Bug Description

    【question】

       pilot-agent-69571   [006] d... 270197.943731: bpf_trace_printk: [debug] get current pod ip error
         pilot-agent-69571   [006] d... 270197.943738: bpf_trace_printk: [debug] call from sidecar container: cookie: 780438927, ip: 0xa9fcf8ac, port: 8080
         pilot-agent-91591   [030] d... 270198.324635: bpf_trace_printk: [debug] get current pod ip error
         pilot-agent-91591   [030] d... 270198.324643: bpf_trace_printk: [debug] call from sidecar container: cookie: 780424679, ip: 0xaffcf8ac, port: 8080
         pilot-agent-93300   [023] d... 270198.968152: bpf_trace_printk: [debug] get current pod ip error
         pilot-agent-93300   [023] d... 270198.968160: bpf_trace_printk: [debug] call from sidecar container: cookie: 780603512, ip: 0x88fcf8ac, port: 8080
         pilot-agent-4007    [031] d... 270199.160107: bpf_trace_printk: [debug] get current pod ip error
         pilot-agent-4007    [031] d... 270199.160116: bpf_trace_printk: [debug] call from sidecar container: cookie: 780349765, ip: 0x90fcf8ac, port: 8080
         pilot-agent-93217   [007] d... 270200.129528: bpf_trace_printk: [debug] get current pod ip error
         pilot-agent-93217   [007] d... 270200.129535: bpf_trace_printk: [debug] call from sidecar container: cookie: 780508501, ip: 0xbafcf8ac, port: 8080
         pilot-agent-3763    [017] d... 270201.118915: bpf_trace_printk: [debug] get current pod ip error
         pilot-agent-3763    [017] d... 270201.118924: bpf_trace_printk: [debug] call from sidecar container: cookie: 780646392, ip: 0xaafcf8ac, port: 8080
         pilot-agent-94600   [038] d... 270201.803920: bpf_trace_printk: [debug] get current pod ip error
               <...>-94887   [034] d... 270201.803927: bpf_trace_printk: [debug] get current pod ip error
    

    【Kubernetes Cluster】

    os| Kernel | cpu | memory -- | -- | -- | -- UOS | 5.10.0-10.uelc20.x86_64 | 40 | 256 UOS | 5.10.0-10.uelc20.x86_64 | 40 | 256 UOS | 5.10.0-10.uelc20.x86_64 | 40 | 256


    【Test Process】

    1. deploy merbridge with cni on.
    2. use load-tool to test merbridge. note: We access backend services through ingress-gateway. see ingress-gateway. see image
    3. run test script.
    4. there are so many error,see below logs.

    Version

    Kubernetes Version:v1.19.15
    kubectl Version:v1.19.15
    istio Version:1.11.5
    net plugin:   calico/kube-controllers:v3.20.1
    Kernel Version:             5.10.0-10.uelc20.x86_64
    OS Image:                   UnionTech OS Server 20
    Operating System:           linux
    Architecture:               amd64
    Container Runtime Version:  docker://20.10.8
    Kubelet Version:            v1.19.15
    Kube-Proxy Version:         v1.19.15
    
    good first issue 
    opened by tanjunchen 4
  • Bump github.com/cilium/ebpf from 0.8.1 to 0.9.0

    Bump github.com/cilium/ebpf from 0.8.1 to 0.9.0

    Bumps github.com/cilium/ebpf from 0.8.1 to 0.9.0.

    Release notes

    Sourced from github.com/cilium/ebpf's releases.

    Releasing the BTF package!

    This release makes package btf public, allowing type information embedded in eBPF ELF objects and vmlinux to be read programmatically from Go. This enables use cases like searching and inspecting the kernel's types and function signatures at runtime, or ensuring alignment between structures defined in Go and C. Package btf stands on its own and does not require adopting other subpackages, potentially making it useful beyond the domain of eBPF. Additionally, parsing BTF was made significantly faster and now consumes less memory.

    Note: Modifications to btf.Types are not (yet) reflected in the BTF info loaded into the kernel. This will be implemented in the near future, and will provide the flexibility of, for example, creating maps with arbitrarily crafted key/value type information for pretty-printing map dumps, among many other exciting use cases.

    Users of the ringbuf and perf packages can now avoid allocations when reading samples with the addition of ReadInto().

    Feature probes for program helpers (features.HaveProgramHelper()) were added, as well as a few miscellaneous probes for large instruction limit, bounded loops and the supported eBPF ISA. This now brings the library mostly on par with bpftool's probing capabilities, except for a few program types that require BTF.

    There was also one important bugfix where CO-RE relocations in bpf2bpf subprograms were not applied. Users are strongly encouraged to upgrade.

    Enjoy!

    Breaking changes

    • Deprecations:
      • CollectionSpec.RewriteMaps is deprecated in favour of CollectionOptions.MapReplacements
      • features.HaveProgType is deprecated in favour of features.HaveProgramType
    • CollectionSpec.BTF is now called CollectionSpec.Types
    • link.K(ret)probe and link.Tracepoint signatures have changed, they now take an additional options parameter. Pass nil to retain the old behaviour.

    Features

    Bug fixes

    Miscellaneous

    ... (truncated)

    Commits
    • 951bb28 features: rename HaveProgType API
    • d1edf5a features: add HaveProgramHelper API
    • c4f6259 btf: Add spec types iterator
    • 00ae3f2 testdata: loader - declare constant in custom .rodata.test section
    • 1ff15d2 collection: make RewriteConstants operate on custom .rodata* sections
    • 20cccef testdata: loader - read from anonymous (global) constant
    • 9850db7 elf_reader: tolerate untyped/local map relocations from llvm 7/9
    • 1e37e4f elf_reader: accept ELF data sections without a corresponding BTF datasec
    • 88c2d0c elf_reader: freeze all data sections with .rodata* prefix
    • 1e1f08c Makefile: disable journald logging in podman
    • Additional commits viewable in compare view

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    dependencies go 
    opened by dependabot[bot] 1
  • Config knob to enable/disable dns packet redirection

    Config knob to enable/disable dns packet redirection

    Istio does not enable dns redirection by default. This PR provides an option to explicitly enable/disable DNS redirection related eBPF programs. User need to edit the merbridge daemonset and modify --dns-redir to true to enable the dns redirection.

    Signed-off-by: Anil Kumar Vishnoi [email protected]

    opened by vishnoianil 10
  • Bump k8s.io/client-go from 0.23.6 to 0.24.0

    Bump k8s.io/client-go from 0.23.6 to 0.24.0

    Bumps k8s.io/client-go from 0.23.6 to 0.24.0.

    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    dependencies go 
    opened by dependabot[bot] 2
Releases(0.6.1)
  • 0.6.1(Jun 28, 2022)

    What's Changed

    • Script to load locally hacked eBPF Programs by @vishnoianil in https://github.com/merbridge/merbridge/pull/166
    • WIP: + add codecov by @kebe7jun in https://github.com/merbridge/merbridge/pull/160
    • Bump golang from 1.18.1 to 1.18.2 by @dependabot in https://github.com/merbridge/merbridge/pull/165
    • Bump github.com/stretchr/testify from 1.7.1 to 1.7.3 by @dependabot in https://github.com/merbridge/merbridge/pull/174
    • Bump golang from 1.18.2 to 1.18.3 by @dependabot in https://github.com/merbridge/merbridge/pull/169
    • Use tc instead of xdp by @dddddai in https://github.com/merbridge/merbridge/pull/171
    • fix CNI error if pod injected ignored by @kebe7jun in https://github.com/merbridge/merbridge/pull/173

    New Contributors

    • @vishnoianil made their first contribution in https://github.com/merbridge/merbridge/pull/166

    Full Changelog: https://github.com/merbridge/merbridge/compare/0.6.0...0.6.1

    Source code(tar.gz)
    Source code(zip)
  • 0.6.0(May 23, 2022)

    We have added support for CNI mode in version 0.6.0, where all Istio features related to traffic forwarding are supported. For more information, please see: https://merbridge.io/blog/2022/05/18/cni-mode/

    What's Changed

    • ci: remove path ignores for it is a required job by @Xunzhuo in https://github.com/merbridge/merbridge/pull/135
    • Add Merbridge Landscape Details by @Xunzhuo in https://github.com/merbridge/merbridge/pull/134
    • Bump golang from 1.17 to 1.18.0 by @dependabot in https://github.com/merbridge/merbridge/pull/101
      • impl ip ranges for xdp and connect by @kebe7jun in https://github.com/merbridge/merbridge/pull/137
    • Bump k8s.io/api from 0.23.5 to 0.23.6 by @dependabot in https://github.com/merbridge/merbridge/pull/141
    • Bump github.com/containernetworking/cni from 1.0.1 to 1.1.0 by @dependabot in https://github.com/merbridge/merbridge/pull/142
    • Install merbridge cni by @dddddai in https://github.com/merbridge/merbridge/pull/143
      • ignore host mounted cgroup path and limit output by @kebe7jun in https://github.com/merbridge/merbridge/pull/145
    • Bump k8s.io/client-go from 0.23.5 to 0.23.6 by @dependabot in https://github.com/merbridge/merbridge/pull/140
    • fix cidr match error and adapt * from istio anno by @kebe7jun in https://github.com/merbridge/merbridge/pull/148

    • Check existing pods when merbridge starts by @dddddai in https://github.com/merbridge/merbridge/pull/147
    • Avoid unnecessary bpf calls to improve performance by @dddddai in https://github.com/merbridge/merbridge/pull/159
    • fix panic if get netns error by @kebe7jun in https://github.com/merbridge/merbridge/pull/161

    • Fix exclude-inbound-ports by @dddddai in https://github.com/merbridge/merbridge/pull/163
      • add hardware checksum option for cross node pods communication by @kebe7jun in https://github.com/merbridge/merbridge/pull/162
    • Bump golang from 1.18.0 to 1.18.1 by @dependabot in https://github.com/merbridge/merbridge/pull/138

    Full Changelog: https://github.com/merbridge/merbridge/compare/0.5.1...0.6.0

    Source code(tar.gz)
    Source code(zip)
  • 0.5.1(Apr 26, 2022)

  • 0.5.0(Mar 9, 2022)

    Added:

    • Add passive sockops supported (https://github.com/merbridge/merbridge/pull/77) @kebe7jun .
    • Redirect msg to the ingress path of peer socket(https://github.com/merbridge/merbridge/pull/82) @dddddai .
    • provide helm charts to install merbridge(https://github.com/merbridge/merbridge/pull/65) @Xunzhuo .

    Fixes:

    • Correct the key size of cookie_original_dst(https://github.com/merbridge/merbridge/pull/75) @dddddai .

    Thank you to everyone who contributed in this release!

    Source code(tar.gz)
    Source code(zip)
  • 0.4.0(Feb 15, 2022)

    • Add non-reconnect mode, which can make some other service mesh products that do not support reconnection work better.
    • Optimize debug logs.
    Source code(tar.gz)
    Source code(zip)
  • 0.3.1(Feb 10, 2022)

  • 0.3.0(Feb 8, 2022)

    • Support 5.7 and above Linux kernel version.
    • Disable Hostnetwork mode of merbridge pod.
    • Auto detect cgroupv2 path.
    • Fix merbridge can not watch Pods.
    Source code(tar.gz)
    Source code(zip)
  • 0.2.0(Jan 27, 2022)

  • 0.1.1(Jan 19, 2022)

  • 0.1.0(Jan 18, 2022)

Stream server (serial-to-wifi bridge) for ESPHome

Stream server for ESPHome Custom component for ESPHome to expose a UART stream over WiFi or Ethernet. Can be used as a serial-to-wifi bridge as known

Oxan van Leeuwen 50 Jun 23, 2022
Allows you to observe the status of your DotA 2 (Defense of the Ancients 2) match within the Discord, through the Rich Presence service. 🎮

DotA 2 RPC (dota2-rpc-client) Allows you to observe the status of your DotA 2 (Defense of the Ancients 2) match within the Discord, through the Rich P

Anderson Silva 14 Jun 20, 2022
The InitWare Suite of Middleware allows you to manage services and system resources as logical entities called units. Its main component is a service management ("init") system.

InitWare isn't ready to use yet!! Unless you are doing so for fun, to experiment, or to contribute, you most likely do not want to try to install Init

null 151 Jun 15, 2022
A proxy service of incremental log of OceanBase

OceanBase Migration Serivce LogProxy OceanBase增量日志代理服务,是 OMS 的一部分。基于 liboblog, 以服务的形式,提供实时增量链路接入和管理能力,方便应用接入OceanBase增量日志;能够解决网络隔离的情况下,订阅增量日志的需求;并提供多种

OceanBase 19 Apr 21, 2022
New generation message broker service

Push1st Push1st is open source multiple protocol PUB/SUB message broker server (Pusher, MQTT, RAW WebSocket). Key features Suitable for distributed on

Naveksoft 16 Jan 18, 2022
A WiFi-enabled microcontroller capable of communicating with web-based service APIs for fast prototyping applications.

A WiFi-enabled microcontroller capable of communicating with web-based service APIs for fast prototyping applications.

Mark Hofmeister 2 Mar 9, 2022
libsinsp, libscap, the kernel module driver, and the eBPF driver sources

falcosecurity/libs As per the OSS Libraries Contribution Plan, this repository has been chosen to be the new home for libsinsp, libscap, the kernel mo

Falco 97 Jun 22, 2022
Linux Application Level Firewall based on eBPF and NFQUEUE.

eBPFSnitch eBPFSnitch is a Linux Application Level Firewall based on eBPF and NFQUEUE. It is inspired by OpenSnitch, and Douane, but utilizing modern

Harpo Roeder 641 Jun 17, 2022
eBPF bytecode assembler and compiler

An eBPF bytecode assembler and compiler that * Assembles the bytecode to object code. * Compiles the bytecode to C macro preprocessors. Symbolic

Emil Masoumi 6 Jan 23, 2022
Example how to run eBPF probes without a usermode process using fentry

Pinning eBPF Probes Simple example to demonstrate how to pin kernel function and syscall probes. Overview From my reading of the kernel code, KProbe a

pat_h/to/file 3 Jun 7, 2021
A Rust crate that simplifies the integration of Rust and eBPF programs written in C.

This crate simplifies the compilation of eBPF programs written in C integrating clang with Rust and the cargo build system with functions that can be

Simone Margaritelli 19 Mar 16, 2022
eBPF implementation that runs on top of Windows

eBPF for Windows eBPF is a well-known technology for providing programmability and agility, especially for extending an OS kernel, for use cases such

Microsoft 1.4k Jun 27, 2022
ebpfkit-monitor is a tool that detects and protects against eBPF powered rootkits

ebpfkit-monitor ebpfkit-monitor is an utility that you can use to statically analyse eBPF bytecode or monitor suspicious eBPF activity at runtime. It

Guillaume Fournier 57 Jun 27, 2022
A very basic eBPF Load Balancer in a few lines of C

An eBPF Load Balancer from scratch As seen at eBPF Summit 2021. This is not production ready :-) This uses libbpf as a git submodule. If you clone thi

Liz Rice 137 Jul 2, 2022
skbtracer on ebpf

skbtracer skbtracer 基于 ebpf 技术的 skb 网络包路径追踪利器, 实现代码基于 BCC (required Linux Kernel 4.15+) 使用样例 skbtracer.py # trace

DavadDi 45 Jun 18, 2022
some experiments with ebpf

Learning eBPF and some kernel tracing, probe DNS + TCP connection with portable bpf prog. DevEnv Ubuntu 20.04 Install go Install make, clang, llvm Ins

null 9 Jun 19, 2022
Small utility that leverages eBPF to dump the traffic of a unix domain socket

UnixDump UnixDump is a small eBPF powered utility that can be used to dump unix socket traffic. System requirements This project was developed on a Ub

Guillaume Fournier 5 Dec 1, 2021
Tool for Preventing Data Exfiltration with eBPF

bouheki: Tool for Preventing Data Exfiltration with eBPF bouheki is a KSRI implementation using LSM Hook by eBPF. Flexibility to apply restricted netw

mrtc0 44 Jun 13, 2022
The Beginner's Guide to eBPF Programming for Networking

The Beginner's Guide to eBPF Programming for Networking As seen at Cloud Native eBPF Day 2021. Setup Create a container that we can issue curl request

Liz Rice 66 Jun 21, 2022