Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
bpf: nodeport: SNAT before adding tunnel info in NAT egress path
When forwarding to a remote backend via tunnel, we currently first add the encap info and only then apply SNAT to the packet. Meaning that the TRACE_TO_OVERLAY in __encap_with_nodeid() doesn't report the final header content. This is in contrast to the non-tunnel path (where the TRACE_TO_NETWORK in to-netdev will report the post-SNAT header content), and the reply path (where from-overlay raises the TRACE_FROM_OVERLAY long before checking for revSNAT). So re-order the NAT egress path to first apply SNAT, and then add the encap info afterwards. For now this just helps to make the TRACE_TO_OVERLAY entry consistent. In the future it's also needed to enable in-XDP encap (as we want to SNAT the inner packet, before adding the encap headers). Signed-off-by: Julian Wiedmann <jwi@isovalent.com>
- Loading branch information
1 parent
daa85a0
commit 096ca44
Showing
1 changed file
with
35 additions
and
33 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters