cilium, encryption: for tunnel'ed packets push encryption packets to …

…stack Avoid adding extra marks and labels to ip6 packets which can result in dropped packets in ip6 case. Signed-off-by: John Fastabend <john.fastabend@gmail.com>
cilium · Jun 10, 2020 · 6feeef8 · 6feeef8
1 parent fbee567
commit 6feeef8
Showing 1 changed file with 2 additions and 2 deletions.
diff --git a/bpf/bpf_lxc.c b/bpf/bpf_lxc.c
@@ -305,7 +305,7 @@ static __always_inline int ipv6_l3_from_lxc(struct __ctx_buff *ctx,
 		 */
 		ret = encap_and_redirect_lxc(ctx, tunnel_endpoint, encrypt_key, &key, SECLABEL, monitor);
 		if (ret == IPSEC_ENDPOINT)
-			goto pass_to_stack;
+			return CTX_ACT_OK;
 		else if (ret != DROP_NO_TUNNEL_ENDPOINT)
 			return ret;
 	}
@@ -663,7 +663,7 @@ static __always_inline int handle_ipv4_from_lxc(struct __ctx_buff *ctx,
 		 * for further processing.
 		 */
 		else if (ret == IPSEC_ENDPOINT)
-			goto pass_to_stack;
+			return CTX_ACT_OK;
 		/* This is either redirect by encap code or an error has occured
 		 * either way return and stack will consume ctx.
 		 */