From e66072ca5cee5e092fced852bc45118e090eba36 Mon Sep 17 00:00:00 2001 From: Sunny Wu Date: Tue, 10 Dec 2024 17:16:26 +1100 Subject: [PATCH 01/11] Use correct raw UID version for UID2 UIDOperatorVerticleTest and rename identityV3Enabled to rawUidV3Enabled (#1190) * Use correct raw UID version for UID2's UIDOperatorVerticleTest * renamed the variable/method useIdentityV3/identityV3Enabled to useRawUidV3/rawUidV3Enabled to be up to date with latest terminlogies * Improved TokenEncodingTest#testAdvertisingTokenEncodings to tests all combo's of raw UID and ad token versions --- .../operator/service/UIDOperatorService.java | 7 +++--- .../operator/EUIDOperatorVerticleTest.java | 2 ++ .../com/uid2/operator/TokenEncodingTest.java | 23 ++++++++++++------ .../operator/UIDOperatorVerticleTest.java | 24 +++++++++---------- 4 files changed, 34 insertions(+), 22 deletions(-) diff --git a/src/main/java/com/uid2/operator/service/UIDOperatorService.java b/src/main/java/com/uid2/operator/service/UIDOperatorService.java index 6d4ff86d0..5e66dd70c 100644 --- a/src/main/java/com/uid2/operator/service/UIDOperatorService.java +++ b/src/main/java/com/uid2/operator/service/UIDOperatorService.java @@ -47,7 +47,8 @@ public class UIDOperatorService implements IUIDOperatorService { private final OperatorIdentity operatorIdentity; private final TokenVersion refreshTokenVersion; - private final boolean identityV3Enabled; + // if we use Raw UID v3 format for the raw UID2/EUIDs generated in this operator + private final boolean rawUidV3Enabled; private final Handler saltRetrievalResponseHandler; @@ -90,7 +91,7 @@ public UIDOperatorService(JsonObject config, IOptOutStore optOutStore, ISaltProv } this.refreshTokenVersion = TokenVersion.V3; - this.identityV3Enabled = config.getBoolean("identity_v3", false); + this.rawUidV3Enabled = config.getBoolean("identity_v3", false); } @Override @@ -230,7 +231,7 @@ private MappedIdentity getAdvertisingId(UserIdentity firstLevelHashIdentity, Ins final SaltEntry rotatingSalt = getSaltProviderSnapshot(asOf).getRotatingSalt(firstLevelHashIdentity.id); return new MappedIdentity( - this.identityV3Enabled + this.rawUidV3Enabled ? TokenUtils.getAdvertisingIdV3(firstLevelHashIdentity.identityScope, firstLevelHashIdentity.identityType, firstLevelHashIdentity.id, rotatingSalt.getSalt()) : TokenUtils.getAdvertisingIdV2(firstLevelHashIdentity.id, rotatingSalt.getSalt()), rotatingSalt.getHashedId()); diff --git a/src/test/java/com/uid2/operator/EUIDOperatorVerticleTest.java b/src/test/java/com/uid2/operator/EUIDOperatorVerticleTest.java index 138e17777..7c894fba6 100644 --- a/src/test/java/com/uid2/operator/EUIDOperatorVerticleTest.java +++ b/src/test/java/com/uid2/operator/EUIDOperatorVerticleTest.java @@ -21,6 +21,8 @@ public EUIDOperatorVerticleTest() throws IOException { @Override protected IdentityScope getIdentityScope() { return IdentityScope.EUID; } @Override + protected boolean useRawUidV3() { return true; } + @Override protected void addAdditionalTokenGenerateParams(JsonObject payload) { if (payload != null && !payload.containsKey("tcf_consent_string")) { payload.put("tcf_consent_string", "CPehNtWPehNtWABAMBFRACBoALAAAEJAAIYgAKwAQAKgArABAAqAAA"); diff --git a/src/test/java/com/uid2/operator/TokenEncodingTest.java b/src/test/java/com/uid2/operator/TokenEncodingTest.java index c77c81b78..73e11309c 100644 --- a/src/test/java/com/uid2/operator/TokenEncodingTest.java +++ b/src/test/java/com/uid2/operator/TokenEncodingTest.java @@ -16,6 +16,7 @@ import io.vertx.core.json.JsonObject; import org.junit.Assert; import org.junit.jupiter.params.ParameterizedTest; +import org.junit.jupiter.params.provider.CsvSource; import org.junit.jupiter.params.provider.EnumSource; import java.time.Instant; @@ -86,15 +87,23 @@ public void testRefreshTokenEncoding(TokenVersion tokenVersion) { } @ParameterizedTest - @EnumSource(TokenVersion.class) - public void testAdvertisingTokenEncodings(TokenVersion tokenVersion) { + @CsvSource({"false, V4", //same as current UID2 prod (as at 2024-12-10) + "true, V4", //same as current EUID prod (as at 2024-12-10) + //the following combinations aren't used in any UID2/EUID environments but just testing them regardless + "false, V3", + "true, V3", + "false, V2", + "true, V2", + } + ) + public void testAdvertisingTokenEncodings(boolean useRawUIDv3, TokenVersion adTokenVersion) { final EncryptedTokenEncoder encoder = new EncryptedTokenEncoder(this.keyManager); final Instant now = EncodingUtils.NowUTCMillis(); - final byte[] rawUid = UIDOperatorVerticleTest.getRawUid(IdentityType.Email, "test@example.com", IdentityScope.UID2, tokenVersion != TokenVersion.V2); + final byte[] rawUid = UIDOperatorVerticleTest.getRawUid(IdentityType.Email, "test@example.com", IdentityScope.UID2, useRawUIDv3); final AdvertisingToken token = new AdvertisingToken( - tokenVersion, + adTokenVersion, now, now.plusSeconds(60), new OperatorIdentity(101, OperatorType.Service, 102, 103), @@ -103,9 +112,9 @@ public void testAdvertisingTokenEncodings(TokenVersion tokenVersion) { ); final byte[] encodedBytes = encoder.encode(token, now); - final AdvertisingToken decoded = encoder.decodeAdvertisingToken(EncryptedTokenEncoder.bytesToBase64Token(encodedBytes, tokenVersion)); + final AdvertisingToken decoded = encoder.decodeAdvertisingToken(EncryptedTokenEncoder.bytesToBase64Token(encodedBytes, adTokenVersion)); - assertEquals(tokenVersion, decoded.version); + assertEquals(adTokenVersion, decoded.version); assertEquals(token.createdAt, decoded.createdAt); assertEquals(token.expiresAt, decoded.expiresAt); assertTrue(token.userIdentity.matches(decoded.userIdentity)); @@ -114,7 +123,7 @@ public void testAdvertisingTokenEncodings(TokenVersion tokenVersion) { assertEquals(token.publisherIdentity.siteId, decoded.publisherIdentity.siteId); Buffer b = Buffer.buffer(encodedBytes); - int keyId = b.getInt(tokenVersion == TokenVersion.V2 ? 1 : 2); //TODO - extract master key from token should be a helper function + int keyId = b.getInt(adTokenVersion == TokenVersion.V2 ? 1 : 2); //TODO - extract master key from token should be a helper function assertEquals(Data.MasterKeySiteId, keyManager.getSiteIdFromKeyId(keyId)); } } diff --git a/src/test/java/com/uid2/operator/UIDOperatorVerticleTest.java b/src/test/java/com/uid2/operator/UIDOperatorVerticleTest.java index d9a91ae01..82ab057d0 100644 --- a/src/test/java/com/uid2/operator/UIDOperatorVerticleTest.java +++ b/src/test/java/com/uid2/operator/UIDOperatorVerticleTest.java @@ -13,7 +13,6 @@ import com.uid2.operator.util.Tuple; import com.uid2.operator.vertx.OperatorShutdownHandler; import com.uid2.operator.vertx.UIDOperatorVerticle; -import com.uid2.operator.vertx.ClientInputValidationException; import com.uid2.shared.Utils; import com.uid2.shared.auth.ClientKey; import com.uid2.shared.auth.Keyset; @@ -27,9 +26,7 @@ import com.uid2.shared.secret.KeyHasher; import com.uid2.shared.store.*; import com.uid2.shared.store.reader.RotatingKeysetProvider; -import io.micrometer.core.instrument.Counter; import io.micrometer.core.instrument.Metrics; -import io.micrometer.core.instrument.search.MeterNotFoundException; import io.micrometer.core.instrument.simple.SimpleMeterRegistry; import io.vertx.core.AsyncResult; import io.vertx.core.Future; @@ -158,7 +155,7 @@ private void setupConfig(JsonObject config) { config.put(Const.Config.SharingTokenExpiryProp, 60 * 60 * 24 * 30); config.put("identity_scope", getIdentityScope().toString()); - config.put("identity_v3", useIdentityV3()); + config.put("identity_v3", useRawUidV3()); config.put("client_side_token_generate", true); config.put("key_sharing_endpoint_provide_app_names", true); config.put("client_side_token_generate_log_invalid_http_origins", true); @@ -622,23 +619,23 @@ private void assertTokenStatusMetrics(Integer siteId, TokenResponseStatsCollecto } private byte[] getAdvertisingIdFromIdentity(IdentityType identityType, String identityString, String firstLevelSalt, String rotatingSalt) { - return getRawUid(identityType, identityString, firstLevelSalt, rotatingSalt, getIdentityScope(), useIdentityV3()); + return getRawUid(identityType, identityString, firstLevelSalt, rotatingSalt, getIdentityScope(), useRawUidV3()); } - private static byte[] getRawUid(IdentityType identityType, String identityString, String firstLevelSalt, String rotatingSalt, IdentityScope identityScope, boolean useIdentityV3) { - return !useIdentityV3 + private static byte[] getRawUid(IdentityType identityType, String identityString, String firstLevelSalt, String rotatingSalt, IdentityScope identityScope, boolean useRawUidV3) { + return !useRawUidV3 ? TokenUtils.getAdvertisingIdV2FromIdentity(identityString, firstLevelSalt, rotatingSalt) : TokenUtils.getAdvertisingIdV3FromIdentity(identityScope, identityType, identityString, firstLevelSalt, rotatingSalt); } - public static byte[] getRawUid(IdentityType identityType, String identityString, IdentityScope identityScope, boolean useIdentityV3) { - return !useIdentityV3 + public static byte[] getRawUid(IdentityType identityType, String identityString, IdentityScope identityScope, boolean useRawUidV3) { + return !useRawUidV3 ? TokenUtils.getAdvertisingIdV2FromIdentity(identityString, firstLevelSalt, rotatingSalt123.getSalt()) : TokenUtils.getAdvertisingIdV3FromIdentity(identityScope, identityType, identityString, firstLevelSalt, rotatingSalt123.getSalt()); } private byte[] getAdvertisingIdFromIdentityHash(IdentityType identityType, String identityString, String firstLevelSalt, String rotatingSalt) { - return !useIdentityV3() + return !useRawUidV3() ? TokenUtils.getAdvertisingIdV2FromIdentityHash(identityString, firstLevelSalt, rotatingSalt) : TokenUtils.getAdvertisingIdV3FromIdentityHash(getIdentityScope(), identityType, identityString, firstLevelSalt, rotatingSalt); } @@ -665,7 +662,7 @@ private JsonObject setupIdentityMapServiceLinkTest() { protected TokenVersion getTokenVersion() {return TokenVersion.V4;} - final boolean useIdentityV3() { return getTokenVersion() != TokenVersion.V2; } + protected boolean useRawUidV3() { return false; } protected IdentityScope getIdentityScope() { return IdentityScope.UID2; } protected void addAdditionalTokenGenerateParams(JsonObject payload) {} @@ -816,7 +813,10 @@ private AdvertisingToken validateAndGetToken(EncryptedTokenEncoder encoder, Json final String advertisingTokenString = body.getString("advertising_token"); validateAdvertisingToken(advertisingTokenString, getTokenVersion(), getIdentityScope(), identityType); AdvertisingToken advertisingToken = encoder.decodeAdvertisingToken(advertisingTokenString); - if (getTokenVersion() == TokenVersion.V4) { + + // without useIdentityV3() the assert will be trigger as there's no IdentityType in v4 token generated with + // a raw UID v2 as old raw UID format doesn't store the identity type (and scope) + if (useRawUidV3() && getTokenVersion() == TokenVersion.V4) { assertEquals(identityType, advertisingToken.userIdentity.identityType); } return advertisingToken; From 907a9dc6a2481ce057bd76498759166511953fec Mon Sep 17 00:00:00 2001 From: Katherine Chen Date: Mon, 9 Dec 2024 12:04:16 +1100 Subject: [PATCH 02/11] Checkout kcc-UID2-4551-change-buffer-size branch --- Dockerfile.nitro.builder | 2 +- scripts/aws/pipeline/amazonlinux.Dockerfile | 2 +- scripts/aws/pipeline/amazonlinux2023.Dockerfile | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/Dockerfile.nitro.builder b/Dockerfile.nitro.builder index 23aaba22b..12548da7f 100644 --- a/Dockerfile.nitro.builder +++ b/Dockerfile.nitro.builder @@ -27,7 +27,7 @@ RUN git clone https://github.com/IABTechLab/uid2-attestation-aws.git \ && cp uid2-attestation-aws/jnsm/target/release/libjnsm.so . # build vsockpx -RUN git clone https://github.com/IABTechLab/uid2-aws-enclave-vsockproxy.git \ +RUN git clone --branch kcc-UID2-4551-change-buffer-size https://github.com/IABTechLab/uid2-aws-enclave-vsockproxy.git \ && mkdir uid2-aws-enclave-vsockproxy/build \ && (cd uid2-aws-enclave-vsockproxy/build; cmake .. -DCMAKE_BUILD_TYPE=RelWithDebInfo; make; cd ../..) \ && cp uid2-aws-enclave-vsockproxy/build/vsock-bridge/src/vsock-bridge ./vsockpx diff --git a/scripts/aws/pipeline/amazonlinux.Dockerfile b/scripts/aws/pipeline/amazonlinux.Dockerfile index 90f6d0505..ce9c2ef28 100644 --- a/scripts/aws/pipeline/amazonlinux.Dockerfile +++ b/scripts/aws/pipeline/amazonlinux.Dockerfile @@ -42,7 +42,7 @@ RUN wget https://www.inet.no/dante/files/dante-1.4.3.tar.gz \ && cd dante-1.4.3; ./configure; make; cd .. \ && cp dante-1.4.3/sockd/sockd ./ -RUN git clone https://github.com/IABTechLab/uid2-aws-enclave-vsockproxy.git \ +RUN git clone --branch kcc-UID2-4551-change-buffer-size https://github.com/IABTechLab/uid2-aws-enclave-vsockproxy.git \ && mkdir uid2-aws-enclave-vsockproxy/build \ && cd uid2-aws-enclave-vsockproxy/build; cmake .. -DCMAKE_BUILD_TYPE=RelWithDebInfo; make; cd ../.. \ && cp uid2-aws-enclave-vsockproxy/build/vsock-bridge/src/vsock-bridge ./vsockpx diff --git a/scripts/aws/pipeline/amazonlinux2023.Dockerfile b/scripts/aws/pipeline/amazonlinux2023.Dockerfile index b2ae2dcd6..144628730 100644 --- a/scripts/aws/pipeline/amazonlinux2023.Dockerfile +++ b/scripts/aws/pipeline/amazonlinux2023.Dockerfile @@ -26,7 +26,7 @@ RUN wget https://www.inet.no/dante/files/dante-1.4.3.tar.gz \ && cp dante-1.4.3/sockd/sockd ./ \ && rm -rf dante-1.4.3 dante-1.4.3.tar.gz -RUN git clone https://github.com/IABTechLab/uid2-aws-enclave-vsockproxy.git \ +RUN git clone --branch kcc-UID2-4551-change-buffer-size https://github.com/IABTechLab/uid2-aws-enclave-vsockproxy.git \ && mkdir uid2-aws-enclave-vsockproxy/build \ && cd uid2-aws-enclave-vsockproxy/build; cmake .. -DCMAKE_BUILD_TYPE=RelWithDebInfo; make; cd ../.. \ && cp uid2-aws-enclave-vsockproxy/build/vsock-bridge/src/vsock-bridge ./vsockpx \ From 540231ccfbd89162f27851f96d1e465b81a90a76 Mon Sep 17 00:00:00 2001 From: Katherine Chen Date: Mon, 9 Dec 2024 14:29:13 +1100 Subject: [PATCH 03/11] Lower buffer size --- scripts/aws/eks-pod/proxies.host.yaml | 4 ++++ scripts/aws/proxies.nitro.yaml | 4 ++++ 2 files changed, 8 insertions(+) diff --git a/scripts/aws/eks-pod/proxies.host.yaml b/scripts/aws/eks-pod/proxies.host.yaml index 5a2ae0623..eb37f8918 100644 --- a/scripts/aws/eks-pod/proxies.host.yaml +++ b/scripts/aws/eks-pod/proxies.host.yaml @@ -9,6 +9,10 @@ operator-service: service: direct listen: tcp://0.0.0.0:80 connect: vsock://42:8080 + acceptRcvBuf: 25 + acceptSndBuf: 25 + peerRcvBuf: 25 + peerSndBuf: 25 operator-prometheus: service: direct diff --git a/scripts/aws/proxies.nitro.yaml b/scripts/aws/proxies.nitro.yaml index 0f459b150..2f284e482 100644 --- a/scripts/aws/proxies.nitro.yaml +++ b/scripts/aws/proxies.nitro.yaml @@ -4,6 +4,10 @@ uid-operator-in: service: direct listen: vsock://-1:8080 connect: tcp://127.0.0.1:8080 + acceptRcvBuf: 25 + acceptSndBuf: 25 + peerRcvBuf: 25 + peerSndBuf: 25 prometheus-server: service: direct From 008214ad4c9a9f5ad418743a65b74d03de064de0 Mon Sep 17 00:00:00 2001 From: Katherine Chen Date: Mon, 9 Dec 2024 20:30:33 +1100 Subject: [PATCH 04/11] Use bytes instead of kb --- scripts/aws/eks-pod/proxies.host.yaml | 8 ++++---- scripts/aws/proxies.nitro.yaml | 8 ++++---- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/scripts/aws/eks-pod/proxies.host.yaml b/scripts/aws/eks-pod/proxies.host.yaml index eb37f8918..a151b28fb 100644 --- a/scripts/aws/eks-pod/proxies.host.yaml +++ b/scripts/aws/eks-pod/proxies.host.yaml @@ -9,10 +9,10 @@ operator-service: service: direct listen: tcp://0.0.0.0:80 connect: vsock://42:8080 - acceptRcvBuf: 25 - acceptSndBuf: 25 - peerRcvBuf: 25 - peerSndBuf: 25 + acceptRcvBuf: 25600 + acceptSndBuf: 25600 + peerRcvBuf: 25600 + peerSndBuf: 25600 operator-prometheus: service: direct diff --git a/scripts/aws/proxies.nitro.yaml b/scripts/aws/proxies.nitro.yaml index 2f284e482..67d12ed1b 100644 --- a/scripts/aws/proxies.nitro.yaml +++ b/scripts/aws/proxies.nitro.yaml @@ -4,10 +4,10 @@ uid-operator-in: service: direct listen: vsock://-1:8080 connect: tcp://127.0.0.1:8080 - acceptRcvBuf: 25 - acceptSndBuf: 25 - peerRcvBuf: 25 - peerSndBuf: 25 + acceptRcvBuf: 25600 + acceptSndBuf: 25600 + peerRcvBuf: 25600 + peerSndBuf: 25600 prometheus-server: service: direct From b6e78dfdb424e37e4d752a6d0d8f849062d6dbad Mon Sep 17 00:00:00 2001 From: Katherine Chen Date: Tue, 10 Dec 2024 09:53:06 +1100 Subject: [PATCH 05/11] Use 0 as default vsock log level --- scripts/aws/eks-pod/entrypoint.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/aws/eks-pod/entrypoint.sh b/scripts/aws/eks-pod/entrypoint.sh index 2dc0483e2..31a327430 100644 --- a/scripts/aws/eks-pod/entrypoint.sh +++ b/scripts/aws/eks-pod/entrypoint.sh @@ -28,7 +28,7 @@ function setup_vsockproxy() { VSOCK_PROXY=${VSOCK_PROXY:-/home/vsockpx} VSOCK_CONFIG=${VSOCK_CONFIG:-/home/proxies.host.yaml} VSOCK_THREADS=${VSOCK_THREADS:-$(( ( $(nproc) + 1 ) / 2 )) } - VSOCK_LOG_LEVEL=${VSOCK_LOG_LEVEL:-3} + VSOCK_LOG_LEVEL=${VSOCK_LOG_LEVEL:-0} echo "starting vsock proxy at $VSOCK_PROXY with $VSOCK_THREADS worker threads..." $VSOCK_PROXY -c $VSOCK_CONFIG --workers $VSOCK_THREADS --log-level $VSOCK_LOG_LEVEL --daemon echo "vsock proxy now running in background." From 0568561aec8475fdbefbea19b180c2096adc2ebd Mon Sep 17 00:00:00 2001 From: Katherine Chen Date: Tue, 10 Dec 2024 14:45:58 +1100 Subject: [PATCH 06/11] Use default buffer size --- scripts/aws/eks-pod/proxies.host.yaml | 4 ---- scripts/aws/proxies.nitro.yaml | 4 ---- 2 files changed, 8 deletions(-) diff --git a/scripts/aws/eks-pod/proxies.host.yaml b/scripts/aws/eks-pod/proxies.host.yaml index a151b28fb..5a2ae0623 100644 --- a/scripts/aws/eks-pod/proxies.host.yaml +++ b/scripts/aws/eks-pod/proxies.host.yaml @@ -9,10 +9,6 @@ operator-service: service: direct listen: tcp://0.0.0.0:80 connect: vsock://42:8080 - acceptRcvBuf: 25600 - acceptSndBuf: 25600 - peerRcvBuf: 25600 - peerSndBuf: 25600 operator-prometheus: service: direct diff --git a/scripts/aws/proxies.nitro.yaml b/scripts/aws/proxies.nitro.yaml index 67d12ed1b..0f459b150 100644 --- a/scripts/aws/proxies.nitro.yaml +++ b/scripts/aws/proxies.nitro.yaml @@ -4,10 +4,6 @@ uid-operator-in: service: direct listen: vsock://-1:8080 connect: tcp://127.0.0.1:8080 - acceptRcvBuf: 25600 - acceptSndBuf: 25600 - peerRcvBuf: 25600 - peerSndBuf: 25600 prometheus-server: service: direct From 0f6a927d8f3134f59b1d0c7231578ba935d157a2 Mon Sep 17 00:00:00 2001 From: Katherine Chen Date: Wed, 11 Dec 2024 10:04:55 +1100 Subject: [PATCH 07/11] Set buffer size to be 25600 bytes --- scripts/aws/eks-pod/proxies.host.yaml | 4 ++++ scripts/aws/proxies.nitro.yaml | 4 ++++ 2 files changed, 8 insertions(+) diff --git a/scripts/aws/eks-pod/proxies.host.yaml b/scripts/aws/eks-pod/proxies.host.yaml index 5a2ae0623..a151b28fb 100644 --- a/scripts/aws/eks-pod/proxies.host.yaml +++ b/scripts/aws/eks-pod/proxies.host.yaml @@ -9,6 +9,10 @@ operator-service: service: direct listen: tcp://0.0.0.0:80 connect: vsock://42:8080 + acceptRcvBuf: 25600 + acceptSndBuf: 25600 + peerRcvBuf: 25600 + peerSndBuf: 25600 operator-prometheus: service: direct diff --git a/scripts/aws/proxies.nitro.yaml b/scripts/aws/proxies.nitro.yaml index 0f459b150..67d12ed1b 100644 --- a/scripts/aws/proxies.nitro.yaml +++ b/scripts/aws/proxies.nitro.yaml @@ -4,6 +4,10 @@ uid-operator-in: service: direct listen: vsock://-1:8080 connect: tcp://127.0.0.1:8080 + acceptRcvBuf: 25600 + acceptSndBuf: 25600 + peerRcvBuf: 25600 + peerSndBuf: 25600 prometheus-server: service: direct From 22bbc21782270f04c797f2fc8c9e016b1bfb19a4 Mon Sep 17 00:00:00 2001 From: Katherine Chen Date: Fri, 13 Dec 2024 11:16:56 +1100 Subject: [PATCH 08/11] Test 256000 bytes --- scripts/aws/eks-pod/proxies.host.yaml | 8 ++++---- scripts/aws/proxies.nitro.yaml | 8 ++++---- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/scripts/aws/eks-pod/proxies.host.yaml b/scripts/aws/eks-pod/proxies.host.yaml index a151b28fb..9b4c8acd3 100644 --- a/scripts/aws/eks-pod/proxies.host.yaml +++ b/scripts/aws/eks-pod/proxies.host.yaml @@ -9,10 +9,10 @@ operator-service: service: direct listen: tcp://0.0.0.0:80 connect: vsock://42:8080 - acceptRcvBuf: 25600 - acceptSndBuf: 25600 - peerRcvBuf: 25600 - peerSndBuf: 25600 + acceptRcvBuf: 256000 + acceptSndBuf: 256000 + peerRcvBuf: 256000 + peerSndBuf: 256000 operator-prometheus: service: direct diff --git a/scripts/aws/proxies.nitro.yaml b/scripts/aws/proxies.nitro.yaml index 67d12ed1b..2bf15764f 100644 --- a/scripts/aws/proxies.nitro.yaml +++ b/scripts/aws/proxies.nitro.yaml @@ -4,10 +4,10 @@ uid-operator-in: service: direct listen: vsock://-1:8080 connect: tcp://127.0.0.1:8080 - acceptRcvBuf: 25600 - acceptSndBuf: 25600 - peerRcvBuf: 25600 - peerSndBuf: 25600 + acceptRcvBuf: 256000 + acceptSndBuf: 256000 + peerRcvBuf: 256000 + peerSndBuf: 256000 prometheus-server: service: direct From cb79ff8d769a34fec2a7d128d4c7b640aab7ad7f Mon Sep 17 00:00:00 2001 From: Katherine Chen Date: Fri, 13 Dec 2024 11:44:02 +1100 Subject: [PATCH 09/11] Test TCP 256000 and vsock 25600 --- scripts/aws/eks-pod/proxies.host.yaml | 4 ++-- scripts/aws/proxies.nitro.yaml | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/scripts/aws/eks-pod/proxies.host.yaml b/scripts/aws/eks-pod/proxies.host.yaml index 9b4c8acd3..2006152c2 100644 --- a/scripts/aws/eks-pod/proxies.host.yaml +++ b/scripts/aws/eks-pod/proxies.host.yaml @@ -11,8 +11,8 @@ operator-service: connect: vsock://42:8080 acceptRcvBuf: 256000 acceptSndBuf: 256000 - peerRcvBuf: 256000 - peerSndBuf: 256000 + peerRcvBuf: 25600 + peerSndBuf: 25600 operator-prometheus: service: direct diff --git a/scripts/aws/proxies.nitro.yaml b/scripts/aws/proxies.nitro.yaml index 2bf15764f..3b829e488 100644 --- a/scripts/aws/proxies.nitro.yaml +++ b/scripts/aws/proxies.nitro.yaml @@ -4,8 +4,8 @@ uid-operator-in: service: direct listen: vsock://-1:8080 connect: tcp://127.0.0.1:8080 - acceptRcvBuf: 256000 - acceptSndBuf: 256000 + acceptRcvBuf: 25600 + acceptSndBuf: 25600 peerRcvBuf: 256000 peerSndBuf: 256000 From 5fab294df3255d7120c62dc400d05ed05831d4e8 Mon Sep 17 00:00:00 2001 From: Katherine Chen Date: Fri, 13 Dec 2024 12:13:28 +1100 Subject: [PATCH 10/11] Test TCP 25600 and VSock 256000 --- scripts/aws/eks-pod/proxies.host.yaml | 8 ++++---- scripts/aws/proxies.nitro.yaml | 8 ++++---- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/scripts/aws/eks-pod/proxies.host.yaml b/scripts/aws/eks-pod/proxies.host.yaml index 2006152c2..abcc74573 100644 --- a/scripts/aws/eks-pod/proxies.host.yaml +++ b/scripts/aws/eks-pod/proxies.host.yaml @@ -9,10 +9,10 @@ operator-service: service: direct listen: tcp://0.0.0.0:80 connect: vsock://42:8080 - acceptRcvBuf: 256000 - acceptSndBuf: 256000 - peerRcvBuf: 25600 - peerSndBuf: 25600 + acceptRcvBuf: 25600 + acceptSndBuf: 25600 + peerRcvBuf: 256000 + peerSndBuf: 256000 operator-prometheus: service: direct diff --git a/scripts/aws/proxies.nitro.yaml b/scripts/aws/proxies.nitro.yaml index 3b829e488..a54f940be 100644 --- a/scripts/aws/proxies.nitro.yaml +++ b/scripts/aws/proxies.nitro.yaml @@ -4,10 +4,10 @@ uid-operator-in: service: direct listen: vsock://-1:8080 connect: tcp://127.0.0.1:8080 - acceptRcvBuf: 25600 - acceptSndBuf: 25600 - peerRcvBuf: 256000 - peerSndBuf: 256000 + acceptRcvBuf: 256000 + acceptSndBuf: 256000 + peerRcvBuf: 25600 + peerSndBuf: 25600 prometheus-server: service: direct From 693117807cf2af29f3d10773780c14c6de3a8236 Mon Sep 17 00:00:00 2001 From: Katherine Chen Date: Fri, 13 Dec 2024 15:30:21 +1100 Subject: [PATCH 11/11] Change VSOCK_LOG_LEVEL back to -3 --- scripts/aws/eks-pod/entrypoint.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/aws/eks-pod/entrypoint.sh b/scripts/aws/eks-pod/entrypoint.sh index 31a327430..2dc0483e2 100644 --- a/scripts/aws/eks-pod/entrypoint.sh +++ b/scripts/aws/eks-pod/entrypoint.sh @@ -28,7 +28,7 @@ function setup_vsockproxy() { VSOCK_PROXY=${VSOCK_PROXY:-/home/vsockpx} VSOCK_CONFIG=${VSOCK_CONFIG:-/home/proxies.host.yaml} VSOCK_THREADS=${VSOCK_THREADS:-$(( ( $(nproc) + 1 ) / 2 )) } - VSOCK_LOG_LEVEL=${VSOCK_LOG_LEVEL:-0} + VSOCK_LOG_LEVEL=${VSOCK_LOG_LEVEL:-3} echo "starting vsock proxy at $VSOCK_PROXY with $VSOCK_THREADS worker threads..." $VSOCK_PROXY -c $VSOCK_CONFIG --workers $VSOCK_THREADS --log-level $VSOCK_LOG_LEVEL --daemon echo "vsock proxy now running in background."