diff --git a/bpf/include/common.h b/bpf/include/common.h index ee045c102..f692843db 100644 --- a/bpf/include/common.h +++ b/bpf/include/common.h @@ -244,7 +244,7 @@ static inline int convert_v6(char *data, __u32 *ip6) __u16 ip_1 = (ip >> 0) & 0xFFFF; __u16 ip_2 = (ip >> 16) & 0xFFFF; for (int j = 0; j < 2; j++) { - __u16 ip_1 = (ip)&0xFFFF; + __u16 ip_1 = (ip) & 0xFFFF; __u8 h_1 = (ip_1 >> 0) & 0xFF; __u8 h_2 = (ip_1 >> 8) & 0xFF; *data++ = hex_digits[(h_1 >> 4) & 0xF]; diff --git a/bpf/include/inner_map_defs.h b/bpf/include/inner_map_defs.h index 028f59ca2..f2bd28c84 100644 --- a/bpf/include/inner_map_defs.h +++ b/bpf/include/inner_map_defs.h @@ -10,8 +10,8 @@ typedef enum { MAP_TYPE_64, MAP_TYPE_192, MAP_TYPE_296, MAP_TYPE_1600, MAP_TYPE_MAX } map_in_map_type; #define MAP_GET_TYPE(idx) (__u8)((__u32)(idx) >> 24) -#define MAP_GET_INDEX(idx) (__u32)((__u32)(idx)&0xFFFFFF) -#define MAP_GEN_OUTER_KEY(map_type, pos) ((__u32)((((__u8)(map_type)&0xFF) << 24) + ((__u32)(pos)&0xFFFFFF))) +#define MAP_GET_INDEX(idx) (__u32)((__u32)(idx) & 0xFFFFFF) +#define MAP_GEN_OUTER_KEY(map_type, pos) ((__u32)((((__u8)(map_type) & 0xFF) << 24) + ((__u32)(pos) & 0xFFFFFF))) #define MAP_VAL_SIZE_64 64 #define MAP_VAL_SIZE_192 192 diff --git a/bpf/kmesh/ads/include/kmesh_common.h b/bpf/kmesh/ads/include/kmesh_common.h index 2a9c62010..4f6e52e6a 100644 --- a/bpf/kmesh/ads/include/kmesh_common.h +++ b/bpf/kmesh/ads/include/kmesh_common.h @@ -82,7 +82,7 @@ enum kmesh_l7_proto_type { PROTO_UNKNOW = 0, PROTO_HTTP_1_1, PROTO_HTTP_2_0 }; enum kmesh_l7_msg_type { MSG_UNKNOW = 0, MSG_REQUEST, MSG_MID_REPONSE, MSG_FINAL_RESPONSE }; #define KMESH_PROTO_TYPE_WIDTH (8) -#define GET_RET_PROTO_TYPE(n) ((n)&0xff) +#define GET_RET_PROTO_TYPE(n) ((n) & 0xff) #define GET_RET_MSG_TYPE(n) (((n) >> KMESH_PROTO_TYPE_WIDTH) & 0xff) #endif // _KMESH_COMMON_H_ diff --git a/docs/ctl/kmeshctl.md b/docs/ctl/kmeshctl.md index 2a736088d..9acc02acc 100644 --- a/docs/ctl/kmeshctl.md +++ b/docs/ctl/kmeshctl.md @@ -10,7 +10,7 @@ Kmesh command line tools to operate and debug Kmesh ### SEE ALSO -* [kmeshctl authz](kmeshctl_authz.md) - Enable or disable xdp authz eBPF Prog for Kmesh's authz offloading +* [kmeshctl authz](kmeshctl_authz.md) - Manage xdp authz eBPF program for Kmesh's authz offloading * [kmeshctl dump](kmeshctl_dump.md) - Dump config of kernel-native or dual-engine mode * [kmeshctl log](kmeshctl_log.md) - Get or set kmesh-daemon's logger level * [kmeshctl monitoring](kmeshctl_monitoring.md) - Control Kmesh's monitoring to be turned on as needed diff --git a/docs/ctl/kmeshctl_authz.md b/docs/ctl/kmeshctl_authz.md index b485d40b0..8e002d0bd 100644 --- a/docs/ctl/kmeshctl_authz.md +++ b/docs/ctl/kmeshctl_authz.md @@ -1,20 +1,6 @@ ## kmeshctl authz -Enable or disable xdp authz eBPF Prog for Kmesh's authz offloading - -``` -kmeshctl authz [flags] -``` - -### Examples - -``` -# Enable/Disable Kmesh's authz offloading in the specified kmesh daemon: - kmeshctl authz enable/disable - - # If you want to enable or disable authz offloading of all Kmeshs in the cluster - kmeshctl authz enable/disable -``` +Manage xdp authz eBPF program for Kmesh's authz offloading ### Options @@ -25,4 +11,7 @@ kmeshctl authz [flags] ### SEE ALSO * [kmeshctl](kmeshctl.md) - Kmesh command line tools to operate and debug Kmesh +* [kmeshctl authz disable](kmeshctl_authz_disable.md) - Disable xdp authz eBPF program for Kmesh's authz offloading +* [kmeshctl authz enable](kmeshctl_authz_enable.md) - Enable xdp authz eBPF program for Kmesh's authz offloading +* [kmeshctl authz status](kmeshctl_authz_status.md) - Display the current authorization status diff --git a/docs/ctl/kmeshctl_authz_disable.md b/docs/ctl/kmeshctl_authz_disable.md new file mode 100644 index 000000000..30f12edae --- /dev/null +++ b/docs/ctl/kmeshctl_authz_disable.md @@ -0,0 +1,25 @@ +## kmeshctl authz disable + +Disable xdp authz eBPF program for Kmesh's authz offloading + +``` +kmeshctl authz disable [podNames...] [flags] +``` + +### Examples + +``` +kmeshctl authz disable +kmeshctl authz disable pod1 pod2 +``` + +### Options + +``` + -h, --help help for disable +``` + +### SEE ALSO + +* [kmeshctl authz](kmeshctl_authz.md) - Manage xdp authz eBPF program for Kmesh's authz offloading + diff --git a/docs/ctl/kmeshctl_authz_enable.md b/docs/ctl/kmeshctl_authz_enable.md new file mode 100644 index 000000000..46417017b --- /dev/null +++ b/docs/ctl/kmeshctl_authz_enable.md @@ -0,0 +1,25 @@ +## kmeshctl authz enable + +Enable xdp authz eBPF program for Kmesh's authz offloading + +``` +kmeshctl authz enable [podNames...] [flags] +``` + +### Examples + +``` +kmeshctl authz enable +kmeshctl authz enable pod1 pod2 +``` + +### Options + +``` + -h, --help help for enable +``` + +### SEE ALSO + +* [kmeshctl authz](kmeshctl_authz.md) - Manage xdp authz eBPF program for Kmesh's authz offloading + diff --git a/docs/ctl/kmeshctl_authz_status.md b/docs/ctl/kmeshctl_authz_status.md new file mode 100644 index 000000000..b3544e1d6 --- /dev/null +++ b/docs/ctl/kmeshctl_authz_status.md @@ -0,0 +1,25 @@ +## kmeshctl authz status + +Display the current authorization status + +``` +kmeshctl authz status [podNames...] [flags] +``` + +### Examples + +``` +kmeshctl authz status +kmeshctl authz status pod1 pod2 +``` + +### Options + +``` + -h, --help help for status +``` + +### SEE ALSO + +* [kmeshctl authz](kmeshctl_authz.md) - Manage xdp authz eBPF program for Kmesh's authz offloading + diff --git a/kernel/ko_src/kmesh/kmesh_parse_protocol_data.h b/kernel/ko_src/kmesh/kmesh_parse_protocol_data.h index 5ce5be236..eff46ff6a 100644 --- a/kernel/ko_src/kmesh/kmesh_parse_protocol_data.h +++ b/kernel/ko_src/kmesh/kmesh_parse_protocol_data.h @@ -19,10 +19,10 @@ enum kmesh_l7_msg_type { MSG_UNKNOW = 0, MSG_REQUEST, MSG_MID_REPONSE, MSG_FINAL #define KMESH_PROTO_TYPE_WIDTH (8) -#define SET_RET_PROTO_TYPE(n, type) (n) = (((n)&0xff00) | ((u32)(type)&0xff)) -#define GET_RET_PROTO_TYPE(n) ((n)&0xff) +#define SET_RET_PROTO_TYPE(n, type) (n) = (((n) & 0xff00) | ((u32)(type) & 0xff)) +#define GET_RET_PROTO_TYPE(n) ((n) & 0xff) -#define SET_RET_MSG_TYPE(n, type) (n) = (((n)&0xff) | (((u32)(type)&0xff) << KMESH_PROTO_TYPE_WIDTH)) +#define SET_RET_MSG_TYPE(n, type) (n) = (((n) & 0xff) | (((u32)(type) & 0xff) << KMESH_PROTO_TYPE_WIDTH)) #define GET_RET_MSG_TYPE(n) (((n) >> KMESH_PROTO_TYPE_WIDTH) & 0xff) struct kmesh_data_node {