kmesh-net
support xdp auth with tail call
What type of PR is this?
What this PR does / why we need it:
Which issue(s) this PR fixes: Fixes #
Special notes for your reviewer:
Does this PR introduce a user-facing change?:
[APPROVALNOTIFIER] This PR is NOT APPROVED
This pull-request has been approved by: Once this PR has been reviewed and has the lgtm label, please assign kevin-wangzefeng for approval. For more information see the Kubernetes Code Review Process.
The full list of commands accepted by this bot can be found here.
Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment
Codecov Report
Attention: Patch coverage is 60.00000% with 4 lines in your changes missing coverage. Please review.
Project coverage is 54.43%. Comparing base (
0a7735d) to head (aa98335). Report is 281 commits behind head on main.
| Files with missing lines | Patch % | Lines |
|---|---|---|
| pkg/bpf/workload/xdp.go | 60.00% | 2 Missing and 2 partials :warning: |
| Files with missing lines | Coverage Δ | |
|---|---|---|
| pkg/bpf/workload/xdp.go | 55.38% <60.00%> (ø) |
... and 8 files with indirect coverage changes
Continue to review full report in Codecov by Sentry.
Legend - Click here to learn more
Δ = absolute <relative> (impact),ø = not affected,? = missing dataPowered by Codecov. Last update 99e0c0c...aa98335. Read the comment docs.
🚨 Try these New Features:
- Flaky Tests Detection - Detect and resolve failed and flaky tests
![codecov[bot] avatar](https://avatars.githubusercontent.com/in/254?v=4 "Published by a pub.dev verified publisher"){kind=small}
Wanna to know why do we need tailcall here
Because the subsequent authentication rules will support srcip, dstip, namespce, etc., but if tailcall is not used, the bytes of the ebpf program will be too large (up to 1000000 bytes), and it will not pass the verification of the verifier.
It is recommended that this modification be merged after version 0.5 is released.
