search

kmesh-net / kmesh

High Performance ServiceMesh Data Plane Based on Programmable Kernel
https://kmesh.net
Apache License 2.0
361 stars 46 forks source link

drop package when auth processing #424

Closed supercharge-xsy closed 5 days ago

supercharge-xsy commented 3 weeks ago

What type of PR is this? /kind enhancement

What this PR does / why we need it:

Currently, authentication is performed in user mode. Some packets may be missed during authentication. This pr attempts to drop the package until authentication is complete . will test the behavior of the client. Which issue(s) this PR fixes: Fixes #

Special notes for your reviewer:

Does this PR introduce a user-facing change?:

kmesh-bot commented 3 weeks ago

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: Once this PR has been reviewed and has the lgtm label, please ask for approval from supercharge-xsy. For more information see the Kubernetes Code Review Process.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files: - **[OWNERS](https://github.com/kmesh-net/kmesh/blob/main/OWNERS)** Approvers can indicate their approval by writing `/approve` in a comment Approvers can cancel approval by writing `/approve cancel` in a comment
supercharge-xsy commented 3 weeks ago

/hold

supercharge-xsy commented 3 weeks ago

Assume this is not complete, what is the goal of recording the auth status?

behavior in this pr, drop the message in xdp prog when the tuple is doing auth

codecov-commenter commented 2 weeks ago

Codecov Report

Attention: Patch coverage is 0% with 32 lines in your changes missing coverage. Please review.

:exclamation: Your organization needs to install the Codecov GitHub app to enable full functionality.

Flag Coverage Δ
unittests 36.76% <0.00%> (?)

Flags with carried forward coverage won't be shown. Click here to find out more.

Files Coverage Δ
pkg/auth/rbac.go 54.04% <0.00%> (ø)
pkg/auth/xdp_auth_handler.go 0.00% <0.00%> (ø)
hzxuzhonghu commented 2 weeks ago

drop the message in xdp prog when the tuple is doing auth

@supercharge-xsy If we drop the message, then client side would resend the packet. Have you tested that?

I would suggest manually increase the auth latency to see how it behaves

supercharge-xsy commented 2 weeks ago

If we drop the message, then client side would resend the packet. Have you tested that?

I would suggest manually increase the auth latency to see how it behaves

sure, will try it

supercharge-xsy commented 5 days ago

drop packet deteriorates short connection performance. will analyze the feasibility of the xdp acl solution. /close

kmesh-bot commented 5 days ago

@supercharge-xsy: Closed this PR.

In response to [this](https://github.com/kmesh-net/kmesh/pull/424#issuecomment-2188307061): >drop packet deteriorates short connection performance. will analyze the feasibility of the xdp acl solution. >/close Instructions for interacting with me using PR comments are available [here](https://git.k8s.io/community/contributors/guide/pull-requests.md). If you have questions or suggestions related to my behavior, please file an issue against the [kubernetes/test-infra](https://github.com/kubernetes/test-infra/issues/new?title=Prow%20issue:) repository.