Closed supercharge-xsy closed 5 days ago
[APPROVALNOTIFIER] This PR is NOT APPROVED
This pull-request has been approved by: Once this PR has been reviewed and has the lgtm label, please ask for approval from supercharge-xsy. For more information see the Kubernetes Code Review Process.
The full list of commands accepted by this bot can be found here.
/hold
Assume this is not complete, what is the goal of recording the auth status?
behavior in this pr, drop the message in xdp prog when the tuple is doing auth
Attention: Patch coverage is 0%
with 32 lines
in your changes missing coverage. Please review.
:exclamation: Your organization needs to install the Codecov GitHub app to enable full functionality.
Flag | Coverage Δ | |
---|---|---|
unittests | 36.76% <0.00%> (?) |
Flags with carried forward coverage won't be shown. Click here to find out more.
Files | Coverage Δ | |
---|---|---|
pkg/auth/rbac.go | 54.04% <0.00%> (ø) |
|
pkg/auth/xdp_auth_handler.go | 0.00% <0.00%> (ø) |
drop the message in xdp prog when the tuple is doing auth
@supercharge-xsy If we drop the message, then client side would resend the packet. Have you tested that?
I would suggest manually increase the auth latency to see how it behaves
If we drop the message, then client side would resend the packet. Have you tested that?
I would suggest manually increase the auth latency to see how it behaves
sure, will try it
drop packet deteriorates short connection performance. will analyze the feasibility of the xdp acl solution. /close
@supercharge-xsy: Closed this PR.
What type of PR is this? /kind enhancement
What this PR does / why we need it:
Currently, authentication is performed in user mode. Some packets may be missed during authentication. This pr attempts to drop the package until authentication is complete . will test the behavior of the client. Which issue(s) this PR fixes: Fixes #
Special notes for your reviewer:
Does this PR introduce a user-facing change?: