feat: rename iptables block binary to azure-block-iptables (#3913)

* feat: iptables block using LSM BPF

* feat: makefile changes

* chore: cleanup

* Update bpf-prog/block-iptables/bpf/src/block_iptables.bpf.c

Co-authored-by: Copilot <[email protected]>
Signed-off-by: Santhosh  Prabhu  <[email protected]>

* chore: fix const

* fix: dockerfiles, bug

* test: add test for bpf attach/detach

* feat: add event tracking

* feat: add event counting

* chore: dockerfiles

* fix: nolint for generated code

* fix: nolint for generated code

* fix: golangci skip

* fix:skip directory with generated code

* chore:skip block iptales generated code

* chore: fix

* fix: run go generate first

* fix: use installed go

* fix: install bpf libraries

* fix: remove file

* fix: roll back linter changes

* fix: add code generation to tests

* chore: switch to dual license

* fix: run generate before lint

* fix: install libs

* fix: fix linting, address some comments

* fix: address comments, fix lint

* fix: missed change

* fix: compile only on linux

* fix: compile only on linux

* fix: address comments

* fix: address comments

* chore: dockerfiles

* fix: address comments

* chore:dockerfiles

* fix: address comments

* chore: dockerfiles

* fix: address comments

* fix: add azure- prefix to block-iptables

* fix: rename subdir

* fix: import path

* Update .github/workflows/golangci.yaml

Co-authored-by: Copilot <[email protected]>
Signed-off-by: Santhosh  Prabhu  <[email protected]>

* Update .github/workflows/golangci.yaml

Co-authored-by: Copilot <[email protected]>
Signed-off-by: Santhosh  Prabhu  <[email protected]>

* fix: remove redundant files

* fix: add code owner

* chore: dockerfiles

* chore: add more owners to bpf-prog

* chore:dockerfiles

---------

Signed-off-by: Santhosh  Prabhu  <[email protected]>
Co-authored-by: Copilot <[email protected]>

Author: santhoshmprabhu

.github/workflows/golangci.yaml

@@ -29,7 +29,7 @@ jobs:
         uses: actions/upload-artifact@v4
         with:
           name: generated-bpf-program-code
-          path: ./bpf-prog/block-iptables/pkg/blockservice
+          path: ./bpf-prog/azure-block-iptables/pkg/blockservice
   golangci:
     strategy:
       fail-fast: false
@@ -50,7 +50,7 @@ jobs:
       uses: actions/download-artifact@v4
       with:
         name: generated-bpf-program-code
-        path: ./bpf-prog/block-iptables/pkg/blockservice
+        path: ./bpf-prog/azure-block-iptables/pkg/blockservice
     - name: golangci-lint
       uses: golangci/golangci-lint-action@v6
       with:

Makefile

@@ -33,9 +33,9 @@ endif
 # Interrogate the git repo and set some variables
 REPO_ROOT							?= $(shell git rev-parse --show-toplevel)
 REVISION							?= $(shell git rev-parse --short HEAD)
-ACN_VERSION							?= $(shell git describe --exclude "azure-iptables-monitor*" --exclude "azure-ip-masq-merger*" --exclude "azure-ipam*" --exclude "dropgz*" --exclude "zapai*" --exclude "ipv6-hp-bpf*" --exclude "block-iptables*" --tags --always)
+ACN_VERSION							?= $(shell git describe --exclude "azure-iptables-monitor*" --exclude "azure-ip-masq-merger*" --exclude "azure-ipam*" --exclude "dropgz*" --exclude "zapai*" --exclude "ipv6-hp-bpf*" --exclude "azure-block-iptables*" --tags --always)
 IPV6_HP_BPF_VERSION					?= $(notdir $(shell git describe --match "ipv6-hp-bpf*" --tags --always))
-BLOCK_IPTABLES_VERSION  ?= $(notdir $(shell git describe --match "block-iptables*" --tags --always))
+AZURE_BLOCK_IPTABLES_VERSION  ?= $(notdir $(shell git describe --match "azure-block-iptables*" --tags --always))
 AZURE_IPAM_VERSION					?= $(notdir $(shell git describe --match "azure-ipam*" --tags --always))
 AZURE_IP_MASQ_MERGER_VERSION		?= $(notdir $(shell git describe --match "azure-ip-masq-merger*" --tags --always))
 AZURE_IPTABLES_MONITOR_VERSION		?= $(notdir $(shell git describe --match "azure-iptables-monitor*" --tags --always))
@@ -49,7 +49,7 @@ AZURE_IPAM_DIR = $(REPO_ROOT)/azure-ipam
 AZURE_IP_MASQ_MERGER_DIR = $(REPO_ROOT)/azure-ip-masq-merger
 AZURE_IPTABLES_MONITOR_DIR = $(REPO_ROOT)/azure-iptables-monitor
 IPV6_HP_BPF_DIR = $(REPO_ROOT)/bpf-prog/ipv6-hp-bpf
-BLOCK_IPTABLES_DIR = $(REPO_ROOT)/bpf-prog/block-iptables
+AZURE_BLOCK_IPTABLES_DIR = $(REPO_ROOT)/bpf-prog/azure-block-iptables
 
 CNI_NET_DIR = $(REPO_ROOT)/cni/network/plugin
 CNI_IPAM_DIR = $(REPO_ROOT)/cni/ipam/plugin
@@ -65,7 +65,7 @@ AZURE_IPAM_BUILD_DIR = $(BUILD_DIR)/azure-ipam
 AZURE_IP_MASQ_MERGER_BUILD_DIR = $(BUILD_DIR)/azure-ip-masq-merger
 AZURE_IPTABLES_MONITOR_BUILD_DIR = $(BUILD_DIR)/azure-iptables-monitor
 IPV6_HP_BPF_BUILD_DIR = $(BUILD_DIR)/bpf-prog/ipv6-hp-bpf
-BLOCK_IPTABLES_BUILD_DIR = $(BUILD_DIR)/bpf-prog/block-iptables
+AZURE_BLOCK_IPTABLES_BUILD_DIR = $(BUILD_DIR)/bpf-prog/azure-block-iptables
 IMAGE_DIR  = $(OUTPUT_DIR)/images
 
 CNI_BUILD_DIR = $(BUILD_DIR)/cni
@@ -115,7 +115,7 @@ AZURE_IPAM_ARCHIVE_NAME = azure-ipam-$(GOOS)-$(GOARCH)-$(AZURE_IPAM_VERSION).$(A
 AZURE_IP_MASQ_MERGER_ARCHIVE_NAME = azure-ip-masq-merger-$(GOOS)-$(GOARCH)-$(AZURE_IP_MASQ_MERGER_VERSION).$(ARCHIVE_EXT)
 AZURE_IPTABLES_MONITOR_ARCHIVE_NAME = azure-iptables-monitor-$(GOOS)-$(GOARCH)-$(AZURE_IPTABLES_MONITOR_VERSION).$(ARCHIVE_EXT)
 IPV6_HP_BPF_ARCHIVE_NAME = ipv6-hp-bpf-$(GOOS)-$(GOARCH)-$(IPV6_HP_BPF_VERSION).$(ARCHIVE_EXT)
-BLOCK_IPTABLES_ARCHIVE_NAME = block-iptables-$(GOOS)-$(GOARCH)-$(BLOCK_IPTABLES_VERSION).$(ARCHIVE_EXT)
+AZURE_BLOCK_IPTABLES_ARCHIVE_NAME = azure-block-iptables-$(GOOS)-$(GOARCH)-$(AZURE_BLOCK_IPTABLES_VERSION).$(ARCHIVE_EXT)
 
 # Image info file names.
 CNI_IMAGE_INFO_FILE			= azure-cni-$(CNI_VERSION).txt
@@ -132,7 +132,7 @@ all-binaries-platforms: ## Make all platform binaries
 
 # OS specific binaries/images
 ifeq ($(GOOS),linux)
-all-binaries: acncli azure-cni-plugin azure-cns azure-npm azure-ipam azure-ip-masq-merger azure-iptables-monitor ipv6-hp-bpf block-iptables
+all-binaries: acncli azure-cni-plugin azure-cns azure-npm azure-ipam azure-ip-masq-merger azure-iptables-monitor ipv6-hp-bpf azure-block-iptables
 all-images: npm-image cns-image cni-manager-image azure-ip-masq-merger-image azure-iptables-monitor-image ipv6-hp-bpf-image
 else
 all-binaries: azure-cni-plugin azure-cns azure-npm
@@ -147,7 +147,7 @@ acncli: acncli-binary acncli-archive
 azure-npm: azure-npm-binary npm-archive
 azure-ipam: azure-ipam-binary azure-ipam-archive
 ipv6-hp-bpf: ipv6-hp-bpf-binary ipv6-hp-bpf-archive
-block-iptables: block-iptables-binary block-iptables-archive
+azure-block-iptables: azure-block-iptables-binary azure-block-iptables-archive
 azure-ip-masq-merger: azure-ip-masq-merger-binary azure-ip-masq-merger-archive
 azure-iptables-monitor: azure-iptables-monitor-binary azure-iptables-monitor-archive
 
@@ -174,8 +174,8 @@ azure-iptables-monitor-version: ## prints the azure-iptables-monitor version
 ipv6-hp-bpf-version: ## prints the ipv6-hp-bpf version
 	@echo $(IPV6_HP_BPF_VERSION)
 
-block-iptables-version: ## prints the block-iptables version
-	@echo $(BLOCK_IPTABLES_VERSION)
+azure-block-iptables-version: ## prints the azure-block-iptables version
+	@echo $(AZURE_BLOCK_IPTABLES_VERSION)
 
 cni-version: ## prints the cni version
 	@echo $(CNI_VERSION)
@@ -210,10 +210,10 @@ else ifeq ($(GOARCH),arm64)
 	for dir in /usr/include/aarch64-linux-gnu/*; do sudo ln -sfn "$$dir" /usr/include/$$(basename "$$dir"); done
 endif
 
-# Build the block-iptables binary.
-block-iptables-binary:
-	cd $(BLOCK_IPTABLES_DIR) && CGO_ENABLED=0 go generate ./...
-	cd $(BLOCK_IPTABLES_DIR)/cmd/block-iptables && CGO_ENABLED=0 go build -v -o $(BLOCK_IPTABLES_BUILD_DIR)/block-iptables$(EXE_EXT) -ldflags "-X main.version=$(BLOCK_IPTABLES_VERSION)" -gcflags="-dwarflocationlists=true"
+# Build the azure-block-iptables binary.
+azure-block-iptables-binary:
+	cd $(AZURE_BLOCK_IPTABLES_DIR) && CGO_ENABLED=0 go generate ./...
+	cd $(AZURE_BLOCK_IPTABLES_DIR)/cmd/azure-block-iptables && CGO_ENABLED=0 go build -v -o $(AZURE_BLOCK_IPTABLES_BUILD_DIR)/azure-block-iptables$(EXE_EXT) -ldflags "-X main.version=$(AZURE_BLOCK_IPTABLES_VERSION)" -gcflags="-dwarflocationlists=true"
 
 # Build the Azure CNI network binary.
 azure-vnet-binary:
@@ -861,12 +861,12 @@ ifeq ($(GOOS),linux)
 	cd $(IPV6_HP_BPF_BUILD_DIR) && $(ARCHIVE_CMD) $(IPV6_HP_BPF_ARCHIVE_NAME) ipv6-hp-bpf$(EXE_EXT)
 endif
 
-# Create a block-iptables archive for the target platform.
-.PHONY: block-iptables-archive
-block-iptables-archive: block-iptables-binary
+# Create a azure-block-iptables archive for the target platform.
+.PHONY: azure-block-iptables-archive
+azure-block-iptables-archive: azure-block-iptables-binary
 ifeq ($(GOOS),linux)
-	$(MKDIR) $(BLOCK_IPTABLES_BUILD_DIR)
-	cd $(BLOCK_IPTABLES_BUILD_DIR) && $(ARCHIVE_CMD) $(BLOCK_IPTABLES_ARCHIVE_NAME) block-iptables$(EXE_EXT)
+	$(MKDIR) $(AZURE_BLOCK_IPTABLES_BUILD_DIR)
+	cd $(AZURE_BLOCK_IPTABLES_BUILD_DIR) && $(ARCHIVE_CMD) $(AZURE_BLOCK_IPTABLES_ARCHIVE_NAME) azure-block-iptables$(EXE_EXT)
 endif
 
 ##@ Utils

bpf-prog/block-iptables/bpf/include/vmlinux.h renamed to bpf-prog/azure-block-iptables/bpf/include/vmlinux.h

@@ -13,7 +13,7 @@ import (
 	"syscall"
 	"time"
 
-	"github.com/Azure/azure-container-networking/bpf-prog/block-iptables/pkg/bpfprogram"
+	"github.com/Azure/azure-container-networking/bpf-prog/azure-block-iptables/pkg/bpfprogram"
 	"github.com/cilium/ebpf/rlimit"
 	"github.com/fsnotify/fsnotify"
 )

bpf-prog/block-iptables/bpf/src/block_iptables.bpf.c renamed to bpf-prog/azure-block-iptables/bpf/src/block_iptables.bpf.c

@@ -7,7 +7,7 @@ import (
 	"os"
 	"testing"
 
-	"github.com/Azure/azure-container-networking/bpf-prog/block-iptables/pkg/bpfprogram"
+	"github.com/Azure/azure-container-networking/bpf-prog/azure-block-iptables/pkg/bpfprogram"
 	"github.com/fsnotify/fsnotify"
 	"github.com/pkg/errors"
 )

bpf-prog/block-iptables/cmd/block-iptables/main.go renamed to bpf-prog/azure-block-iptables/cmd/azure-block-iptables/main.go

@@ -9,7 +9,7 @@ import (
 	"path/filepath"
 	"syscall"
 
-	blockservice "github.com/Azure/azure-container-networking/bpf-prog/block-iptables/pkg/blockservice"
+	blockservice "github.com/Azure/azure-container-networking/bpf-prog/azure-block-iptables/pkg/blockservice"
 	"github.com/cilium/ebpf"
 	"github.com/cilium/ebpf/link"
 	"github.com/pkg/errors"