Adapt to linux 6.6 kernel

.github/workflows/main.yml

@@ -41,6 +41,7 @@ jobs:
       run: |
         sudo env "PATH=$PATH" bash ./build.sh
 
+    # The kernel version of Ubuntu 22.04 is 6.8, so the access control check is enhanced by default.
     - name: Setup Enviroments
       run: |
         echo "PKG_CONFIG_PATH=$GITHUB_WORKSPACE/mk" >> $GITHUB_ENV
@@ -54,12 +55,12 @@ jobs:
     - name: golangci-lint
       uses: golangci/golangci-lint-action@v3.7.0
       with:
-        args: "--config=common/config/.golangci.yaml --out-format colored-line-number"
+        args: "--build-tags=enhanced --config=common/config/.golangci.yaml --out-format colored-line-number"
         skip-pkg-cache: true
 
     - name: Go Test
       run: |
-        sudo env LD_LIBRARY_PATH=$LD_LIBRARY_PATH:/usr/local/lib:$GITHUB_WORKSPACE/api/v2-c:$GITHUB_WORKSPACE/bpf/deserialization_to_bpf_map PKG_CONFIG_PATH=$GITHUB_WORKSPACE/mk go test -race -v -vet=off -coverprofile=coverage.out ./pkg/...
+        sudo env LD_LIBRARY_PATH=$LD_LIBRARY_PATH:/usr/local/lib:$GITHUB_WORKSPACE/api/v2-c:$GITHUB_WORKSPACE/bpf/deserialization_to_bpf_map PKG_CONFIG_PATH=$GITHUB_WORKSPACE/mk go test -tags=enhanced -race -v -vet=off -coverprofile=coverage.out ./pkg/...
 
     - name: Upload coverage reports to Codecov
       uses: codecov/codecov-action@v4

bpf/include/common.h

@@ -5,6 +5,7 @@
 #define _COMMON_H_
 
 #include "../../config/kmesh_marcos_def.h"
+#include <linux/in.h>
 #include <stddef.h>
 #include <stdbool.h>
 #include <stdint.h>
@@ -16,8 +17,60 @@
 
 #include "errno.h"
 
+struct bpf_mem_ptr {
+    void *ptr;
+    __u32 size;
+};
+
 #if ENHANCED_KERNEL
+#if KERNEL_KFUNC
+extern int bpf_parse_header_msg_func(void *src, int src__sz) __ksym;
+extern int bpf_km_header_strnstr_func(void *ctx, int ctx__sz, const char *key, int key__sz, const char *subptr) __ksym;
+extern int bpf_km_header_strncmp_func(const char *key, int key__sz, const char *target, int target__sz, int opt) __ksym;
+extern int bpf_setsockopt_func(void *bpf_mem, int bpf_mem__sz, int optname, const char *optval, int optval__sz) __ksym;
+extern int bpf_getsockopt_func(void *bpf_mem, int bpf_mem__sz, int optname, char *optval, int optval__sz) __ksym;
+
+#define bpf_km_header_strncmp bpf_km_header_strncmp_func
+
+int bpf_km_header_strnstr(void *ctx, const char *key, int key__sz, const char *subptr, int subptr__sz)
+{
+    struct bpf_mem_ptr msg_tmp = {.ptr = ctx, .size = sizeof(struct bpf_sock_addr)};
+    return bpf_km_header_strnstr_func(&msg_tmp, sizeof(struct bpf_mem_ptr), key, key__sz, subptr);
+}
+
+int bpf_parse_header_msg(struct bpf_sock_addr *ctx)
+{
+    struct bpf_mem_ptr msg_tmp = {.ptr = ctx, .size = sizeof(struct bpf_sock_addr)};
+    return bpf_parse_header_msg_func(&msg_tmp, sizeof(struct bpf_mem_ptr));
+}
+
+// Due to the limitation of bpf verifier, optval and optval__sz are required to correspond.
+// The strnlen function cannot be used here, so the string is redefined.
+int bpf_km_setsockopt(struct bpf_sock_addr *ctx, int level, int optname, const char *optval, int optval__sz)
+{
+    const char kmesh_module_name[] = "kmesh_defer";
+    if (level != IPPROTO_TCP || optval__sz != sizeof(kmesh_module_name))
+        return -1;
+
+    struct bpf_mem_ptr msg_tmp = {.ptr = ctx, .size = sizeof(struct bpf_sock_addr)};
+    return bpf_setsockopt_func(
+        &msg_tmp, sizeof(struct bpf_mem_ptr), optname, (void *)kmesh_module_name, sizeof(kmesh_module_name));
+}
+
+int bpf_km_getsockopt(struct bpf_sock_addr *ctx, int level, int optname, char *optval, int optval__sz)
+{
+    if (level != IPPROTO_TCP) {
+        return -1;
+    }
+    struct bpf_mem_ptr msg_tmp = {.ptr = ctx, .size = sizeof(struct bpf_sock_addr)};
+    return bpf_getsockopt_func(&msg_tmp, sizeof(struct bpf_mem_ptr), optname, (void *)optval, optval__sz);
+}
+
+#else
 #include <bpf_helper_defs_ext.h>
+#define bpf_km_setsockopt bpf_setsockopt
+#define bpf_km_getsockopt bpf_getsockopt
+#endif
 #endif
 
 #define bpf_unused __attribute__((__unused__))
@@ -121,14 +174,8 @@ static inline bool is_ipv4_mapped_addr(__u32 ip6[4])
         (dst)[3] = (src)[3];                                                                                           \
     } while (0)
 
-#if OE_23_03
-#define bpf__strncmp                  bpf_strncmp
-#define GET_SKOPS_REMOTE_PORT(sk_ops) (__u16)((sk_ops)->remote_port)
-#else
 #define GET_SKOPS_REMOTE_PORT(sk_ops) (__u16)((sk_ops)->remote_port >> 16)
-#endif
-
-#define GET_SKOPS_LOCAL_PORT(sk_ops) (__u16)((sk_ops)->local_port)
+#define GET_SKOPS_LOCAL_PORT(sk_ops)  (__u16)((sk_ops)->local_port)
 
 #define MAX_BUF_LEN 100
 #define MAX_IP4_LEN 16

bpf/include/inner_map_defs.h

@@ -33,4 +33,4 @@ typedef enum { MAP_TYPE_64, MAP_TYPE_192, MAP_TYPE_296, MAP_TYPE_1600, MAP_TYPE_
 
 #define FLIP_BIT(bitmap, n) ((bitmap)[(n) / 8] ^= (1U << ((n) % 8)))
 
-#endif // __INNER_MAP_H__
+#endif // __INNER_MAP_H__

bpf/kmesh/ads/cgroup_sock.c

@@ -19,11 +19,10 @@
 #if KMESH_ENABLE_HTTP
 
 static const char kmesh_module_name[] = "kmesh_defer";
-static char kmesh_module_name_get[KMESH_MODULE_NAME_LEN] = "";
 static inline int sock4_traffic_control(struct bpf_sock_addr *ctx)
 {
     int ret;
-
+    char kmesh_module_name_get[KMESH_MODULE_NAME_LEN] = "";
     Listener__Listener *listener = NULL;
 
     if (ctx->protocol != IPPROTO_TCP)
@@ -42,9 +41,9 @@ static inline int sock4_traffic_control(struct bpf_sock_addr *ctx)
     BPF_LOG(DEBUG, KMESH, "bpf find listener addr=[%s:%u]\n", ip2str(&ip, 1), bpf_ntohs(ctx->user_port));
 
 #if ENHANCED_KERNEL
-    ret = bpf_getsockopt(ctx, IPPROTO_TCP, TCP_ULP, (void *)kmesh_module_name_get, KMESH_MODULE_NAME_LEN);
+    ret = bpf_km_getsockopt(ctx, IPPROTO_TCP, TCP_ULP, kmesh_module_name_get, KMESH_MODULE_NAME_LEN);
     if (CHECK_MODULE_NAME_NULL(ret) || bpf__strncmp(kmesh_module_name_get, KMESH_MODULE_NAME_LEN, kmesh_module_name)) {
-        ret = bpf_setsockopt(ctx, IPPROTO_TCP, TCP_ULP, (void *)kmesh_module_name, sizeof(kmesh_module_name));
+        ret = bpf_km_setsockopt(ctx, IPPROTO_TCP, TCP_ULP, kmesh_module_name, sizeof(kmesh_module_name));
         if (ret)
             BPF_LOG(ERR, KMESH, "bpf set sockopt failed! ret %d\n", ret);
         return 0;

bpf/kmesh/ads/include/ctx/sock_ops.h

@@ -22,16 +22,6 @@ typedef struct bpf_sock_ops ctx_buff_t;
     name.ipv4 = (ctx)->remote_ip4;                                                                                     \
     name.port = (ctx)->remote_port
 
-#if OE_23_03
-#define SET_CTX_ADDRESS(ctx, address)                                                                                  \
-    (ctx)->remote_ip4 = (address)->ipv4;                                                                               \
-    (ctx)->remote_port = (address)->port
-
-#define MARK_REJECTED(ctx)                                                                                             \
-    BPF_LOG(DEBUG, KMESH, "mark reject\n");                                                                            \
-    (ctx)->remote_ip4 = 0;                                                                                             \
-    (ctx)->remote_port = 0
-#else
 #define SET_CTX_ADDRESS(ctx, address)                                                                                  \
     (ctx)->replylong[2] = (address)->ipv4;                                                                             \
     (ctx)->replylong[3] = (address)->port
@@ -40,6 +30,5 @@ typedef struct bpf_sock_ops ctx_buff_t;
     BPF_LOG(DEBUG, KMESH, "mark reject\n");                                                                            \
     (ctx)->replylong[2] = 0;                                                                                           \
     (ctx)->replylong[3] = 0
-#endif
 
 #endif //__BPF_CTX_SOCK_OPS_H

bpf/kmesh/ads/include/kmesh_common.h

@@ -31,11 +31,6 @@
         val;                                                                                                           \
     })
 
-struct bpf_mem_ptr {
-    void *ptr;
-    __u32 size;
-};
-
 static inline int bpf__strncmp(const char *dst, int n, const char *src)
 {
     if (dst == NULL || src == NULL)