Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

XDP has been enabled in enableKmeshManage. Do we need to enable XDP in the CNI? #1152

Open
bitcoffeeiux opened this issue Dec 30, 2024 · 2 comments
Open

XDP has been enabled in enableKmeshManage. Do we need to enable XDP in the CNI? #1152

bitcoffeeiux opened this issue Dec 30, 2024 · 2 comments

Comments

@bitcoffeeiux
Copy link
Contributor

The XDP program is added for each new pod in the podAdd logic. When the Kmesh restarts, the XDP program is also mounted to the existing pods.
The logic for inserting xdp into the cni is executed before the pod is started. If you switch to enableKmeshManage to mount the xdp process, the process is after the pod is completely started. There's a window in the middle, but does it have a more obvious impact on our business?
If no, delete the xdp processing in the cni.
If yes, it is recommended to add relevant description in the document or code.
@hzxuzhonghu
Copy link
Member

Link xdp in cni provide a capture all application capability. By this, the authz does not miss any tcp packet

@bitcoffeeiux
Copy link
Contributor Author

bitcoffeeiux commented Dec 30, 2024
edited
Loading

Link xdp in cni provide a capture all application capability. By this, the authz does not miss any tcp packet

Theoretically, the link xdp function can be implemented during a new startup or restart in enable enableKmeshManage.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@hzxuzhonghu @bitcoffeeiux