Use eBPF to speed up your Service Mesh like crossing an Einstein-Rosen Bridge.

Overview

merbridge

Use eBPF to speed up your Service Mesh like crossing an Einstein-Rosen Bridge.

Usage

You just only need to run the following command to your Istio cluster to get eBPF to speed up Istio:

kubectl apply -f https://raw.githubusercontent.com/merbridge/merbridge/main/deploy/all-in-one.yaml
Comments
  • ADD cniserver listen fd backup

    ADD cniserver listen fd backup

    1.Provides a method to save cniserver listen FDs when the cniserver container is restarted or pod is recreate. 2.The general idea is to do a temporary save via a FDs-back server roll-in roll-out. 3.Currently the code is simply implemented and needs further optimization and testing. We look forward to community discussion and further guidance on optimization.

    needs-e2e-test 
    opened by dafu-wu 22
  • Why don't print redirect xxx bytes with eBPF successfully? It means redirect failed?

    Why don't print redirect xxx bytes with eBPF successfully? It means redirect failed?

    I tested this project in my local machine, and i found when it exec redirect(mb_redir.c), it never print debugf("redirect %d bytes with eBPF successfully", msg->size);, so it means redirect failed? In this case, the bookinfo example runs successfully.

    __section("sk_msg") int mb_msg_redir(struct sk_msg_md *msg)
    {
        struct pair p = {
            .dip = msg->local_ip4,
            .dport = bpf_htons(msg->local_port),
            .sip = msg->remote_ip4,
            .sport = msg->remote_port >> 16,
        };
        long ret = bpf_msg_redirect_hash(msg, &sock_pair_map, &p, BPF_F_INGRESS);
        if (ret)
            debugf("redirect %d bytes with eBPF successfully", msg->size);
        return 1;
    }
    

    why the key is :

        struct pair p = {
            .dip = msg->local_ip4,
            .dport = bpf_htons(msg->local_port),
            .sip = msg->remote_ip4,
            .sport = msg->remote_port >> 16,
        };
    

    i change the key like this:

        struct pair p = {
            .sip = msg->local_ip4,
            .sport = bpf_htons(msg->local_port),
            .dip = msg->remote_ip4,
            .dport = msg->remote_port >> 16,
        };
    

    and it print the log like:

    python-933173  [005] d... 17818.380818: bpf_trace_printk: [debug] redirect 314 bytes with eBPF successfully
    

    but the bookinfo example i tested is failed because the connection was closed, it can't connect to details and reviews. It confuses me.

    opened by zhengzepeng 11
  • `failed to pin program cgroup/connect4` in `kind`

    `failed to pin program cgroup/connect4` in `kind`

    $ uname -r
    5.10.46-5rodete1-amd64
    

    Installed with

    kubectl apply -f https://raw.githubusercontent.com/merbridge/merbridge/main/deploy/all-in-one.yaml
    

    Kubernetes:

    Server Version: version.Info{Major:"1", Minor:"23", GitVersion:"v1.23.0", GitCommit:"ab69524f795c42094a6630298ff53f3c3ebab7f4", GitTreeState:"clean", BuildDate:"2021-12-07T21:30:26Z", GoVersion:"go1.17.3", Compiler:"gc", Platform:"linux/amd64"}
    

    running in kind

    bug good first issue 
    opened by howardjohn 9
  • use cgroup_ips map to improve mb_connect performance

    use cgroup_ips map to improve mb_connect performance

    bpf_sk_lookup_tcp may cost 50-150ns per ops, It is more expensive.

    Without cache:

     [email protected]  ~/workspace/mebpf   main ±  sudo go test -bench .
    goos: linux
    goarch: amd64
    pkg: github.com/merbridge/merbridge
    cpu: AMD Ryzen 9 3900 12-Core Processor             
    BenchmarkConnect/eBPF-24                1000000000               0.4532 ns/op
    BenchmarkConnect/eBPF/mb_sock_connect        108              3203 ns/op
    BenchmarkSockops/eBPF-24                1000000000               0.4327 ns/op
    BenchmarkSockops/eBPF/mb_sockops             954               689.2 ns/op
    PASS
    ok      github.com/merbridge/merbridge  20.530s
    

    After cached:

     [email protected]  ~/workspace/mebpf   main ±  sudo go test -bench .
    goos: linux
    goarch: amd64
    pkg: github.com/merbridge/merbridge
    cpu: AMD Ryzen 9 3900 12-Core Processor             
    BenchmarkConnect/eBPF-24                1000000000               0.4539 ns/op
    BenchmarkConnect/eBPF/mb_sock_connect        107              2475 ns/op
    BenchmarkSockops/eBPF-24                1000000000               0.4545 ns/op
    BenchmarkSockops/eBPF/mb_sockops             963               672.1 ns/op
    PASS
    ok      github.com/merbridge/merbridge  21.205s
    

    The optimization results in a 20% performance improvement for connect programs.

    needs-e2e-test 
    opened by kebe7jun 8
  • feat: add support for kuma service mesh

    feat: add support for kuma service mesh

    • Updated make files to build helm chart and k8s deployment manifest with Kuma support
    • Bumped helm chart to 0.5.0
    • Kuma supports DNS redirection like Istio does, so I updated ebpf files which so far were only used for Istio, to also be compiled for Kuma
    • As Kuma also supports dynamic reload, I updated hack/reload-prog.sh to be able to use it with Kuma
      • shebang has to be in the first line of the script, so I moved it there
      • as the shell code is definitelly written with bash in mind (i.e. usage of arrays), I changed shebang from sh to bash
    • Updated all README.md files with kuma-related instructions and informations
    • Added scripts/install-kuma.sh script which can be used to install kuma and wait till the deployment will be ready
    • Modified github actions workflow to include e2e test for kuma

    Signed-off-by: Bart Smykla [email protected]

    needs-e2e-test 
    opened by bartsmykla 8
  • Add support for ipv6

    Add support for ipv6

    To enable ipv6 only, just add the following env in the daemon set:

    env:
      - name: ENABLE_IPV4
        value: "false"
      - name: ENABLE_IPV6
        value: "true"
    

    Note that ipv6 requires cni-mode enabled

    needs-e2e-test 
    opened by dddddai 7
  • Bump github.com/spf13/cobra from 1.5.0 to 1.6.0

    Bump github.com/spf13/cobra from 1.5.0 to 1.6.0

    Bumps github.com/spf13/cobra from 1.5.0 to 1.6.0.

    Release notes

    Sourced from github.com/spf13/cobra's releases.

    v1.6.0

    Summer 2022 Release

    Some exciting changes make their way to Cobra! Command completions continue to get better and better (including adding --help and --version automatic flags to the completions list). Grouping is now possible in your help output as well! And you can now use the OnFinalize method to cleanup things when all "work" is done. Checkout the full changelog below:


    Features 🌠

    Deprecation 👎🏼

    • ExactValidArgs is deprecated (but not being removed entirely). This is abit nuanced, so checkout #1643 for further information and the updated user_guide.md on how this may affect you (and how you can take advantage of the correct behavior in the validators): @​umarcor #1643

    Bug fixes 🐛

    Dependencies 🗳️

    Testing 🤔

    Docs ✏️

    Misc 💭

    Note: Per #1804, we will be moving away from "seasonal" releases and doing more generic point release targets. Continue to track the milestones and issues in the spf13/cobra GitHub repository for more information!

    Great work everyone! Cobra would never be possible without your contributions! 🐍

    ... (truncated)

    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    dependencies go 
    opened by dependabot[bot] 5
  • Bump k8s.io/client-go from 0.23.6 to 0.24.0

    Bump k8s.io/client-go from 0.23.6 to 0.24.0

    Bumps k8s.io/client-go from 0.23.6 to 0.24.0.

    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    dependencies go 
    opened by dependabot[bot] 5
  • [WIP]add /approve support for ci-bot merge

    [WIP]add /approve support for ci-bot merge

    Fixes #67

    Comment /merge in later PR, it will be merged.

    You have to manage the APPROVERS list here. (The current version of gh-ci-bot cannot read from https://github.com/merbridge/merbridge/blob/059c65629628b6b4df73dc2e02038cc1c7b9ef57/CODEOWNERS 😄)

    opened by pacoxu 5
  • Bump github.com/cilium/ebpf from 0.8.1 to 0.9.0

    Bump github.com/cilium/ebpf from 0.8.1 to 0.9.0

    Bumps github.com/cilium/ebpf from 0.8.1 to 0.9.0.

    Release notes

    Sourced from github.com/cilium/ebpf's releases.

    Releasing the BTF package!

    This release makes package btf public, allowing type information embedded in eBPF ELF objects and vmlinux to be read programmatically from Go. This enables use cases like searching and inspecting the kernel's types and function signatures at runtime, or ensuring alignment between structures defined in Go and C. Package btf stands on its own and does not require adopting other subpackages, potentially making it useful beyond the domain of eBPF. Additionally, parsing BTF was made significantly faster and now consumes less memory.

    Note: Modifications to btf.Types are not (yet) reflected in the BTF info loaded into the kernel. This will be implemented in the near future, and will provide the flexibility of, for example, creating maps with arbitrarily crafted key/value type information for pretty-printing map dumps, among many other exciting use cases.

    Users of the ringbuf and perf packages can now avoid allocations when reading samples with the addition of ReadInto().

    Feature probes for program helpers (features.HaveProgramHelper()) were added, as well as a few miscellaneous probes for large instruction limit, bounded loops and the supported eBPF ISA. This now brings the library mostly on par with bpftool's probing capabilities, except for a few program types that require BTF.

    There was also one important bugfix where CO-RE relocations in bpf2bpf subprograms were not applied. Users are strongly encouraged to upgrade.

    Enjoy!

    Breaking changes

    • Deprecations:
      • CollectionSpec.RewriteMaps is deprecated in favour of CollectionOptions.MapReplacements
      • features.HaveProgType is deprecated in favour of features.HaveProgramType
    • CollectionSpec.BTF is now called CollectionSpec.Types
    • link.K(ret)probe and link.Tracepoint signatures have changed, they now take an additional options parameter. Pass nil to retain the old behaviour.

    Features

    Bug fixes

    Miscellaneous

    ... (truncated)

    Commits
    • 951bb28 features: rename HaveProgType API
    • d1edf5a features: add HaveProgramHelper API
    • c4f6259 btf: Add spec types iterator
    • 00ae3f2 testdata: loader - declare constant in custom .rodata.test section
    • 1ff15d2 collection: make RewriteConstants operate on custom .rodata* sections
    • 20cccef testdata: loader - read from anonymous (global) constant
    • 9850db7 elf_reader: tolerate untyped/local map relocations from llvm 7/9
    • 1e37e4f elf_reader: accept ELF data sections without a corresponding BTF datasec
    • 88c2d0c elf_reader: freeze all data sections with .rodata* prefix
    • 1e1f08c Makefile: disable journald logging in podman
    • Additional commits viewable in compare view

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    dependencies go 
    opened by dependabot[bot] 4
  • Bump docker/metadata-action from 3 to 4

    Bump docker/metadata-action from 3 to 4

    ⚠️ Dependabot is rebasing this PR ⚠️

    Rebasing might not happen immediately, so don't worry if this takes some time.

    Note: if you make any changes to this PR yourself, they will take precedence over the rebase.


    Bumps docker/metadata-action from 3 to 4.

    Release notes

    Sourced from docker/metadata-action's releases.

    v4.0.0

    • Node 16 as default runtime by @​crazy-max (#176)
      • This requires a minimum Actions Runner version of v2.285.0, which is by default available in GHES 3.4 or later.
    • Do not sanitize before pattern matching by @​crazy-max (#201)
      • Breaking change with type=match pattern matching

    Full Changelog: https://github.com/docker/metadata-action/compare/v3.8.0...v4.0.0

    v3.8.0

    Full Changelog: https://github.com/docker/metadata-action/compare/v3.7.0...v3.8.0

    v3.7.0

    • Handle comments for multi-line inputs (#172)
    • Missing json output in action.yml (#167)
    • Update dev dependencies and workflow (#175)
    • Bump minimist from 1.2.5 to 1.2.6 (#182)
    • Bump moment from 2.29.1 to 2.29.2 (#180)
    • Bump @​actions/github from 5.0.0 to 5.0.1 (#179)
    • Bump node-fetch from 2.6.1 to 2.6.7 (#173)

    v3.6.2

    • Handle raw statement for pre-release (#155 #156)

    v3.6.1

    • Preserve quotes inside unquoted field (#153)

    v3.6.0

    • base_ref global expression (#142)
    • Trim tags and flavor inputs (#143)
    • Bump @​actions/core from 1.5.0 to 1.6.0 (#135)
    • Bump ansi-regex from 5.0.0 to 5.0.1 (#134)
    • Bump tmpl from 1.0.4 to 1.0.5 (#132)
    • Bump csv-parse from 4.16.0 to 4.16.3 (#131)

    v3.5.0

    • Add global expression date (#121)
    • Bump @​actions/core from 1.4.0 to 1.5.0 (#122)

    v3.4.1

    • Only return edge if branch matches (#115)

    v3.4.0

    • PEP 440 support (#108)

    ... (truncated)

    Upgrade guide

    Sourced from docker/metadata-action's upgrade guide.

    Upgrade notes

    v2 to v3

    • Repository has been moved to docker org. Replace crazy-max/[email protected] with docker/[email protected]
    • The default bake target has been changed: ghaction-docker-meta > docker-metadata-action

    v1 to v2

    inputs

    New Unchanged Removed
    tags images tag-sha
    flavor sep-tags tag-edge
    labels sep-labels tag-edge-branch
    tag-semver
    tag-match
    tag-match-group
    tag-latest
    tag-schedule
    tag-custom
    tag-custom-only
    label-custom

    tag-sha

    tags: |
      type=sha
    

    tag-edge / tag-edge-branch

    tags: |
      # default branch
      type=edge
    </tr></table> 
    

    ... (truncated)

    Commits
    • 69f6fc9 Merge pull request #203 from crazy-max/san-fix
    • 2f5b5ae Sanitize tag earlier
    • f206c36 Merge pull request #202 from crazy-max/v4-prep
    • a20adfa readme: set metadata-action to v4
    • 26b9439 Merge pull request #201 from crazy-max/fix-sanitization
    • 467883f Merge pull request #176 from crazy-max/node-16
    • 5edf56f Node 16 as default runtime
    • 678218f Note about image name and tag sanitization
    • e44c1fb Do not sanitize before pattern matching
    • See full diff in compare view

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    dependencies github_actions 
    opened by dependabot[bot] 4
  • Pod sidecar mode detected error

    Pod sidecar mode detected error

    Bug Description

    If a request is made by the application before Sidecar is even active, it will cause subsequent eBPF programs to assume that the Pod has been running in non-Sidecar mode.

    See https://github.com/merbridge/merbridge/blob/589d7099d8e45e695c58bb96ec51e56f0d3f39ac/bpf/headers/cgroup.h#L44-L47

    Version

    latest
    
    opened by kebe7jun 0
  • Bump k8s.io/client-go from 0.25.1 to 0.25.4

    Bump k8s.io/client-go from 0.25.1 to 0.25.4

    Bumps k8s.io/client-go from 0.25.1 to 0.25.4.

    Commits
    • 7226b15 Update dependencies to v0.25.4 tag
    • 166ab05 Merge pull request #112808cheftako/automated-cherry-pick-of-#112689
    • 4b5a638 Updated vendor to the new preferred versions.
    • See full diff in compare view

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    dependencies go 
    opened by dependabot[bot] 2
  • Bump k8s.io/api from 0.25.1 to 0.25.4

    Bump k8s.io/api from 0.25.1 to 0.25.4

    Bumps k8s.io/api from 0.25.1 to 0.25.4.

    Commits
    • 88912e3 Update dependencies to v0.25.4 tag
    • e7b469b Merge pull request #112808cheftako/automated-cherry-pick-of-#112689
    • 1102e6f Updated vendor to the new preferred versions.
    • See full diff in compare view

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    dependencies go 
    opened by dependabot[bot] 2
  • Error when trying to run Merbridge in debug mode (VScode)

    Error when trying to run Merbridge in debug mode (VScode)

    Bug Description

      • The error when trying to run the code base in the main branch using "dlv" is
    Build Error: go build -o /home/xxx/github/merbridge/app/__debug_bin -gcflags all=-N -l .
    # istio.io/istio/pilot/pkg/config/memory
    ../../../go/pkg/mod/istio.io/[email protected]/pilot/pkg/config/memory/controller.go:36:17: undefined: atomic.Bool
    note: module requires Go 1.19
    # istio.io/istio/pilot/pkg/config/kube/ingress
    ../../../go/pkg/mod/istio.io/[email protected]/pilot/pkg/config/kube/ingress/controller.go:100:17: undefined: atomic.Bool
    note: module requires Go 1.19 (exit status 2)
    
    Go Version is set using GVM 
    Go version =>  go version go1.19 linux/amd64
    Make version => GNU Make 4.3 (Built for x86_64-pc-linux-gnu)
    
      • Running command "go run -exec sudo ./app/main.go" gives the following error
    [ -f bpf/mb_connect.c ] && make -C bpf load || make -C bpf load-from-obj
    make[1]: Entering directory '/home/xxx/github/merbridge/bpf'
    clang -O2 -g  -Wall -target bpf -I/usr/include/x86_64-linux-gnu  -DMESH=1 -DENABLE_IPV4=1 -DENABLE_IPV6=0 -DUSE_RECONNECT -c mb_connect.c -o mb_connect.o
    make[1]: clang: No such file or directory
    make[1]: *** [Makefile:79: mb_connect.o] Error 127
    make[1]: Leaving directory '/home/xxx/github/merbridge/bpf'
    make[1]: Entering directory '/home/xxx/github/merbridge/bpf'
    sudo mount -t bpf bpf /sys/fs/bpf
    sudo mkdir -p /sys/fs/bpf/tc/globals
    [ -f /sys/fs/bpf/cookie_original_dst ] || sudo bpftool map create /sys/fs/bpf/cookie_original_dst type lru_hash key 8 value 24 entries 65535 name cookie_original_dst
    sudo: bpftool: command not found
    make[1]: *** [Makefile:91: load-map-cookie_original_dst] Error 1
    make[1]: Leaving directory '/home/xxx/github/merbridge/bpf'
    make: *** [Makefile:3: load] Error 2
    Error: failed to load ebpf programs: unexpected exit code: 2, err: exit status 2
    Usage:
      mbctl [flags]
    
    Flags:
          --cni-bin-dir string      /opt/cni/bin mount path (default "/host/opt/cni/bin")
          --cni-config-dir string   /etc/cni/net.d mount path (default "/host/etc/cni/net.d")
          --cni-mode                Enable Merbridge CNI plugin
      -d, --debug                   Debug mode
          --enable-hot-restart      enable hot restart
      -h, --help                    help for mbctl
          --host-proc string        /proc mount path (default "/host/proc")
          --host-var-run string     /var/run mount path (default "/host/var/run")
      -k, --kind                    Enable when Kubernetes is running in Kind
          --kubeconfig string       Kubernetes configuration file
          --kubecontext string      The name of the kube config context to use
      -m, --mode string             Service mesh mode, current support istio, linkerd and kuma (default "istio")
      -r, --use-reconnect           Use re-connect mode for same-node acceleration (default true)
    
    exit status 1
    

    Version

    $uname -a 
    Linux xxx 5.15.0-52-generic #58-Ubuntu SMP Thu Oct 13 08:03:55 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux
    
    $ cat /etc/os-release 
    PRETTY_NAME="Ubuntu 22.04.1 LTS"
    NAME="Ubuntu"
    VERSION_ID="22.04"
    VERSION="22.04.1 LTS (Jammy Jellyfish)"
    VERSION_CODENAME=jammy
    ID=ubuntu
    ID_LIKE=debian
    HOME_URL="https://www.ubuntu.com/"
    SUPPORT_URL="https://help.ubuntu.com/"
    BUG_REPORT_URL="https://bugs.launchpad.net/ubuntu/"
    PRIVACY_POLICY_URL="https://www.ubuntu.com/legal/terms-and-policies/privacy-policy"
    UBUNTU_CODENAME=jammy
    
    istioctl version 
    1.15.3
    
    opened by abhayakyy 4
  • Bump github.com/stretchr/testify from 1.8.0 to 1.8.1

    Bump github.com/stretchr/testify from 1.8.0 to 1.8.1

    Bumps github.com/stretchr/testify from 1.8.0 to 1.8.1.

    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    dependencies go 
    opened by dependabot[bot] 1
Releases(0.7.2)
  • 0.7.2(Oct 24, 2022)

    What's Changed

    • Fix exclude inbound ports by @dddddai in https://github.com/merbridge/merbridge/pull/202
    • Add support for ipv6 by @dddddai in https://github.com/merbridge/merbridge/pull/114
    • ADD cniserver listen fd backup by @dafu-wu in https://github.com/merbridge/merbridge/pull/179
    • Check existing pods after cni is ready by @dddddai in https://github.com/merbridge/merbridge/pull/206
    • Reduce unnecessary helper calls by @dddddai in https://github.com/merbridge/merbridge/pull/207
    • switch to go1.19 and upgrade golangci-lint and cilium/ebpf by @kebe7jun in https://github.com/merbridge/merbridge/pull/211

    • Use go-tc instead of shell by @kebe7jun in https://github.com/merbridge/merbridge/pull/219
    • Bump golang from 1.19.0 to 1.19.1 by @dependabot in https://github.com/merbridge/merbridge/pull/212
    • manually upgrade deps by @kebe7jun in https://github.com/merbridge/merbridge/pull/220
    • Bump codecov/codecov-action from 3.1.0 to 3.1.1 by @dependabot in https://github.com/merbridge/merbridge/pull/213
    • Bump golang from 1.19.1 to 1.19.2 by @dependabot in https://github.com/merbridge/merbridge/pull/226
    • speed up arm64 build by @kebe7jun in https://github.com/merbridge/merbridge/pull/229
    • Fix after uninstalling Merbridge, the recvmsg and sendmsg programs remain by @kebe7jun in https://github.com/merbridge/merbridge/pull/230
    • use cgroup_ips map to improve mb_connect performance by @kebe7jun in https://github.com/merbridge/merbridge/pull/227

    New Contributors

    • @dafu-wu made their first contribution in https://github.com/merbridge/merbridge/pull/179

    Full Changelog: https://github.com/merbridge/merbridge/compare/0.7.1...0.7.2

    Source code(tar.gz)
    Source code(zip)
  • 0.7.1(Aug 15, 2022)

    What's Changed

    • Bump golang from 1.18.3 to 1.18.4 by @dependabot in https://github.com/merbridge/merbridge/pull/183
    • Bump docker/setup-qemu-action from 1 to 2 by @dependabot in https://github.com/merbridge/merbridge/pull/154
    • Bump docker/setup-buildx-action from 1 to 2 by @dependabot in https://github.com/merbridge/merbridge/pull/155
    • Bump docker/build-push-action from 2 to 3 by @dependabot in https://github.com/merbridge/merbridge/pull/151
    • Bump docker/metadata-action from 3 to 4 by @dependabot in https://github.com/merbridge/merbridge/pull/152
    • Bump docker/login-action from 1 to 2 by @dependabot in https://github.com/merbridge/merbridge/pull/153
    • Bump github.com/stretchr/testify from 1.7.3 to 1.8.0 by @dependabot in https://github.com/merbridge/merbridge/pull/182
    • Pick interfaces smarter by @dddddai in https://github.com/merbridge/merbridge/pull/187
      • add CODE_OF_CONDUCT.md by @kebe7jun in https://github.com/merbridge/merbridge/pull/188
    • Bump apache/skywalking-eyes from 0.2.0 to 0.4.0 by @dependabot in https://github.com/merbridge/merbridge/pull/184
    • Bump golang from 1.18.4 to 1.19.0 by @dependabot in https://github.com/merbridge/merbridge/pull/195
    • Fix install specified kuma version error by @kebe7jun in https://github.com/merbridge/merbridge/pull/193
    • add some uts and some optimization by @nicole-lihui in https://github.com/merbridge/merbridge/pull/192
    • Make kubeconfig configurable by @hanxiaop in https://github.com/merbridge/merbridge/pull/194
    • Bump github.com/sirupsen/logrus from 1.8.1 to 1.9.0 by @dependabot in https://github.com/merbridge/merbridge/pull/196
    • feat: make CNI plugin to work with Kuma by @bartsmykla in https://github.com/merbridge/merbridge/pull/200

    New Contributors

    • @nicole-lihui made their first contribution in https://github.com/merbridge/merbridge/pull/192
    • @hanxiaop made their first contribution in https://github.com/merbridge/merbridge/pull/194

    Full Changelog: https://github.com/merbridge/merbridge/compare/0.7.0...0.7.1

    Source code(tar.gz)
    Source code(zip)
  • 0.7.0(Jul 18, 2022)

    What's Changed

    • feat: add support for kuma service mesh by @bartsmykla in https://github.com/merbridge/merbridge/pull/177
    • chore: few small stylistic improvements and fixes by @bartsmykla in https://github.com/merbridge/merbridge/pull/178
    • Avoid using goroutines to keep listeners by @dddddai in https://github.com/merbridge/merbridge/pull/180
    • use host name to filter pods by @dddddai in https://github.com/merbridge/merbridge/pull/181
    • Bump github.com/spf13/cobra from 1.4.0 to 1.5.0 by @dependabot in https://github.com/merbridge/merbridge/pull/175

    New Contributors

    • @bartsmykla made their first contribution in https://github.com/merbridge/merbridge/pull/177

    Full Changelog: https://github.com/merbridge/merbridge/compare/0.6.1...0.7.0

    Source code(tar.gz)
    Source code(zip)
  • 0.6.1(Jun 28, 2022)

    What's Changed

    • Script to load locally hacked eBPF Programs by @vishnoianil in https://github.com/merbridge/merbridge/pull/166
    • WIP: + add codecov by @kebe7jun in https://github.com/merbridge/merbridge/pull/160
    • Bump golang from 1.18.1 to 1.18.2 by @dependabot in https://github.com/merbridge/merbridge/pull/165
    • Bump github.com/stretchr/testify from 1.7.1 to 1.7.3 by @dependabot in https://github.com/merbridge/merbridge/pull/174
    • Bump golang from 1.18.2 to 1.18.3 by @dependabot in https://github.com/merbridge/merbridge/pull/169
    • Use tc instead of xdp by @dddddai in https://github.com/merbridge/merbridge/pull/171
    • fix CNI error if pod injected ignored by @kebe7jun in https://github.com/merbridge/merbridge/pull/173

    New Contributors

    • @vishnoianil made their first contribution in https://github.com/merbridge/merbridge/pull/166

    Full Changelog: https://github.com/merbridge/merbridge/compare/0.6.0...0.6.1

    Source code(tar.gz)
    Source code(zip)
  • 0.6.0(May 23, 2022)

    We have added support for CNI mode in version 0.6.0, where all Istio features related to traffic forwarding are supported. For more information, please see: https://merbridge.io/blog/2022/05/18/cni-mode/

    What's Changed

    • ci: remove path ignores for it is a required job by @Xunzhuo in https://github.com/merbridge/merbridge/pull/135
    • Add Merbridge Landscape Details by @Xunzhuo in https://github.com/merbridge/merbridge/pull/134
    • Bump golang from 1.17 to 1.18.0 by @dependabot in https://github.com/merbridge/merbridge/pull/101
      • impl ip ranges for xdp and connect by @kebe7jun in https://github.com/merbridge/merbridge/pull/137
    • Bump k8s.io/api from 0.23.5 to 0.23.6 by @dependabot in https://github.com/merbridge/merbridge/pull/141
    • Bump github.com/containernetworking/cni from 1.0.1 to 1.1.0 by @dependabot in https://github.com/merbridge/merbridge/pull/142
    • Install merbridge cni by @dddddai in https://github.com/merbridge/merbridge/pull/143
      • ignore host mounted cgroup path and limit output by @kebe7jun in https://github.com/merbridge/merbridge/pull/145
    • Bump k8s.io/client-go from 0.23.5 to 0.23.6 by @dependabot in https://github.com/merbridge/merbridge/pull/140
    • fix cidr match error and adapt * from istio anno by @kebe7jun in https://github.com/merbridge/merbridge/pull/148

    • Check existing pods when merbridge starts by @dddddai in https://github.com/merbridge/merbridge/pull/147
    • Avoid unnecessary bpf calls to improve performance by @dddddai in https://github.com/merbridge/merbridge/pull/159
    • fix panic if get netns error by @kebe7jun in https://github.com/merbridge/merbridge/pull/161

    • Fix exclude-inbound-ports by @dddddai in https://github.com/merbridge/merbridge/pull/163
      • add hardware checksum option for cross node pods communication by @kebe7jun in https://github.com/merbridge/merbridge/pull/162
    • Bump golang from 1.18.0 to 1.18.1 by @dependabot in https://github.com/merbridge/merbridge/pull/138

    Full Changelog: https://github.com/merbridge/merbridge/compare/0.5.1...0.6.0

    Source code(tar.gz)
    Source code(zip)
  • 0.5.1(Apr 26, 2022)

  • 0.5.0(Mar 9, 2022)

    Added:

    • Add passive sockops supported (https://github.com/merbridge/merbridge/pull/77) @kebe7jun .
    • Redirect msg to the ingress path of peer socket(https://github.com/merbridge/merbridge/pull/82) @dddddai .
    • provide helm charts to install merbridge(https://github.com/merbridge/merbridge/pull/65) @Xunzhuo .

    Fixes:

    • Correct the key size of cookie_original_dst(https://github.com/merbridge/merbridge/pull/75) @dddddai .

    Thank you to everyone who contributed in this release!

    Source code(tar.gz)
    Source code(zip)
  • 0.4.0(Feb 15, 2022)

    • Add non-reconnect mode, which can make some other service mesh products that do not support reconnection work better.
    • Optimize debug logs.
    Source code(tar.gz)
    Source code(zip)
  • 0.3.1(Feb 10, 2022)

  • 0.3.0(Feb 8, 2022)

    • Support 5.7 and above Linux kernel version.
    • Disable Hostnetwork mode of merbridge pod.
    • Auto detect cgroupv2 path.
    • Fix merbridge can not watch Pods.
    Source code(tar.gz)
    Source code(zip)
  • 0.2.0(Jan 27, 2022)

  • 0.1.1(Jan 19, 2022)

  • 0.1.0(Jan 18, 2022)

Owner
null
Stream server (serial-to-wifi bridge) for ESPHome

Stream server for ESPHome Custom component for ESPHome to expose a UART stream over WiFi or Ethernet. Can be used as a serial-to-wifi bridge as known

Oxan van Leeuwen 72 Nov 14, 2022
Allows you to observe the status of your DotA 2 (Defense of the Ancients 2) match within the Discord, through the Rich Presence service. 🎮

DotA 2 RPC (dota2-rpc-client) Allows you to observe the status of your DotA 2 (Defense of the Ancients 2) match within the Discord, through the Rich P

Anderson Silva 28 Nov 26, 2022
The InitWare Suite of Middleware allows you to manage services and system resources as logical entities called units. Its main component is a service management ("init") system.

InitWare isn't ready to use yet!! Unless you are doing so for fun, to experiment, or to contribute, you most likely do not want to try to install Init

null 162 Dec 2, 2022
A proxy service of incremental log of OceanBase

OceanBase Migration Serivce LogProxy OceanBase增量日志代理服务,是 OMS 的一部分。基于 liboblog, 以服务的形式,提供实时增量链路接入和管理能力,方便应用接入OceanBase增量日志;能够解决网络隔离的情况下,订阅增量日志的需求;并提供多种

OceanBase 26 Nov 25, 2022
New generation message broker service

Push1st Push1st is open source multiple protocol PUB/SUB message broker server (Pusher, MQTT, RAW WebSocket). Key features Suitable for distributed on

Naveksoft 16 Jan 18, 2022
A WiFi-enabled microcontroller capable of communicating with web-based service APIs for fast prototyping applications.

A WiFi-enabled microcontroller capable of communicating with web-based service APIs for fast prototyping applications.

Mark Hofmeister 2 Mar 9, 2022
libsinsp, libscap, the kernel module driver, and the eBPF driver sources

falcosecurity/libs As per the OSS Libraries Contribution Plan, this repository has been chosen to be the new home for libsinsp, libscap, the kernel mo

Falco 127 Nov 23, 2022
Linux Application Level Firewall based on eBPF and NFQUEUE.

eBPFSnitch eBPFSnitch is a Linux Application Level Firewall based on eBPF and NFQUEUE. It is inspired by OpenSnitch, and Douane, but utilizing modern

Harpo Roeder 664 Nov 19, 2022
eBPF bytecode assembler and compiler

An eBPF bytecode assembler and compiler that * Assembles the bytecode to object code. * Compiles the bytecode to C macro preprocessors. Symbolic

Emil Masoumi 6 Jan 23, 2022
Example how to run eBPF probes without a usermode process using fentry

Pinning eBPF Probes Simple example to demonstrate how to pin kernel function and syscall probes. Overview From my reading of the kernel code, KProbe a

pat_h/to/file 3 Jun 7, 2021
A Rust crate that simplifies the integration of Rust and eBPF programs written in C.

This crate simplifies the compilation of eBPF programs written in C integrating clang with Rust and the cargo build system with functions that can be

Simone Margaritelli 19 Mar 16, 2022
eBPF implementation that runs on top of Windows

eBPF for Windows eBPF is a well-known technology for providing programmability and agility, especially for extending an OS kernel, for use cases such

Microsoft 1.6k Nov 26, 2022
ebpfkit-monitor is a tool that detects and protects against eBPF powered rootkits

ebpfkit-monitor ebpfkit-monitor is an utility that you can use to statically analyse eBPF bytecode or monitor suspicious eBPF activity at runtime. It

Guillaume Fournier 78 Nov 12, 2022
A very basic eBPF Load Balancer in a few lines of C

An eBPF Load Balancer from scratch As seen at eBPF Summit 2021. This is not production ready :-) This uses libbpf as a git submodule. If you clone thi

Liz Rice 160 Nov 25, 2022
skbtracer on ebpf

skbtracer skbtracer 基于 ebpf 技术的 skb 网络包路径追踪利器, 实现代码基于 BCC (required Linux Kernel 4.15+) 使用样例 skbtracer.py # trace

DavadDi 52 Nov 18, 2022
some experiments with ebpf

Learning eBPF and some kernel tracing, probe DNS + TCP connection with portable bpf prog. DevEnv Ubuntu 20.04 Install go Install make, clang, llvm Ins

null 11 Aug 4, 2022
Small utility that leverages eBPF to dump the traffic of a unix domain socket

UnixDump UnixDump is a small eBPF powered utility that can be used to dump unix socket traffic. System requirements This project was developed on a Ub

Guillaume Fournier 8 Nov 19, 2022
Tool for Preventing Data Exfiltration with eBPF

bouheki: Tool for Preventing Data Exfiltration with eBPF bouheki is a KSRI implementation using LSM Hook by eBPF. Flexibility to apply restricted netw

mrtc0 49 Nov 24, 2022
The Beginner's Guide to eBPF Programming for Networking

The Beginner's Guide to eBPF Programming for Networking As seen at Cloud Native eBPF Day 2021. Setup Create a container that we can issue curl request

Liz Rice 77 Oct 18, 2022