bpf: egressgw: set trace reason for reply traffic

[ upstream commit f4098db ] When redirecting EgressGW replies to the tunnel interface, we don't have a CT lookup to determine the trace reason. But we still know it's a reply, so we can set the reason manually. Signed-off-by: Julian Wiedmann <jwi@isovalent.com>
cilium · Aug 21, 2023 · 8d6294f · 8d6294f
1 parent 673cc39
commit 8d6294f
Showing 1 changed file with 3 additions and 1 deletion.
diff --git a/bpf/lib/nodeport.h b/bpf/lib/nodeport.h
@@ -2682,8 +2682,10 @@ static __always_inline int rev_nodeport_lb4(struct __ctx_buff *ctx, __s8 *ext_er
 	 * any reply traffic for a remote pod into the tunnel (to avoid iptables
 	 * potentially dropping the packets).
 	 */
-	if (egress_gw_reply_needs_redirect(ip4, &tunnel_endpoint, &dst_sec_identity))
+	if (egress_gw_reply_needs_redirect(ip4, &tunnel_endpoint, &dst_sec_identity)) {
+		reason = TRACE_REASON_CT_REPLY;
 		goto redirect;
+	}
 #endif /* ENABLE_EGRESS_GATEWAY */
 
 	if (!check_revdnat)