daemon: Deprecate --prefilter-{device,mode}

Replace the enablement by the dedicated flag "--enable-xdp-prefilter", and the mode with the existing "--bpf-lb-acceleration". Ideally, we should deprecated the filter, but we cannot do it until the host-fw is supported by the XDP prog. Signed-off-by: Martynas Pumputis <m@lambda.lt>
cilium · Oct 22, 2021 · 961217f · 961217f
1 parent 76d3ead
commit 961217f
Show file tree

Hide file tree

Showing 7 changed files with 25 additions and 5 deletions.
diff --git a/Documentation/cmdref/cilium-agent.md b/Documentation/cmdref/cilium-agent.md
diff --git a/Documentation/operations/upgrade.rst b/Documentation/operations/upgrade.rst
@@ -314,6 +314,8 @@ Annotations:
   when device wildcard expansion (``--devices=eth+``) yields no devices.
 * Device auto-detection now discovers devices through the routing table and
   only considers devices that have a global unicast route in some routing table.
+* The XDP-based prefilter is going to be enabled for all devices specified
+  by ``--devices`` if ``--prefilter-device`` is set.
 
 Removed Options
 ~~~~~~~~~~~~~~~
@@ -340,6 +342,9 @@ Deprecated Options
 
 * ``native-routing-cidr``: This option has been deprecated in favor of
   ``ipv4-native-routing-cidr`` and will be removed in 1.12.
+* ``prefilter-device`` and ``prefilter-mode``: These options have been
+  deprecated in favor of ``enable-xdp-prefilter`` and ``bpf-lb-acceleration``,
+  and will be removed in 1.12.
 
 New Options
 ~~~~~~~~~~~

diff --git a/daemon/cmd/daemon_main.go b/daemon/cmd/daemon_main.go
@@ -761,11 +761,21 @@ func init() {
 	flags.Int(option.PProfPort, 6060, "Port that the pprof listens on")
 	option.BindEnv(option.PProfPort)
 
+	flags.Bool(option.EnableXDPPrefilter, false, "Enable XDP prefiltering")
+	option.BindEnv(option.EnableXDPPrefilter)
+
 	flags.String(option.PrefilterDevice, "undefined", "Device facing external network for XDP prefiltering")
 	option.BindEnv(option.PrefilterDevice)
+	flags.MarkHidden(option.PrefilterDevice)
+	flags.MarkDeprecated(option.PrefilterDevice,
+		fmt.Sprintf("This option will be removed in v1.12. Use --%s and --%s instead.",
+			option.EnableXDPPrefilter, option.Devices))
 
 	flags.String(option.PrefilterMode, option.ModePreFilterNative, "Prefilter mode via XDP (\"native\", \"generic\")")
 	option.BindEnv(option.PrefilterMode)
+	flags.MarkHidden(option.PrefilterMode)
+	flags.MarkDeprecated(option.PrefilterMode,
+		fmt.Sprintf("This option will be removed in v1.12. Use --%s instead.", option.LoadBalancerAcceleration))
 
 	flags.Bool(option.PreAllocateMapsName, defaults.PreAllocateMaps, "Enable BPF map pre-allocation")
 	option.BindEnv(option.PreAllocateMapsName)
@@ -1192,6 +1202,7 @@ func initEnv(cmd *cobra.Command) {
 	}
 
 	if option.Config.DevicePreFilter != "undefined" {
+		option.Config.EnableXDPPrefilter = true
 		found := false
 		for _, dev := range option.Config.Devices {
 			if dev == option.Config.DevicePreFilter {

diff --git a/pkg/datapath/linux/config/config.go b/pkg/datapath/linux/config/config.go
@@ -223,7 +223,7 @@ func (h *HeaderfileWriter) WriteNodeConfig(w io.Writer, cfg *datapath.LocalNodeC
 		cDefinesMap["ENCRYPT_NODE"] = "1"
 	}
 
-	if option.Config.DevicePreFilter != "undefined" {
+	if option.Config.EnableXDPPrefilter {
 		cDefinesMap["ENABLE_PREFILTER"] = "1"
 	}
 

diff --git a/pkg/datapath/loader/base.go b/pkg/datapath/loader/base.go
@@ -258,7 +258,7 @@ func (l *Loader) Reinitialize(ctx context.Context, o datapath.BaseProgramOwner,
 		return err
 	}
 
-	if option.Config.DevicePreFilter != "undefined" {
+	if option.Config.EnableXDPPrefilter {
 		scopedLog := log.WithField(logfields.Devices, option.Config.Devices)
 
 		preFilter, err := prefilter.NewPreFilter()

diff --git a/pkg/datapath/maps/map.go b/pkg/datapath/maps/map.go
@@ -210,7 +210,7 @@ func (ms *MapSweeper) RemoveDisabledMaps() {
 		maps = append(maps, ipmasq.MapName)
 	}
 
-	if option.Config.DevicePreFilter == "undefined" {
+	if !option.Config.EnableXDPPrefilter {
 		maps = append(maps, []string{
 			cidrmap.MapName + "v4_dyn",
 			cidrmap.MapName + "v4_fix",

diff --git a/pkg/option/config.go b/pkg/option/config.go
@@ -396,6 +396,9 @@ const (
 	// PProfPort is the port that the pprof listens on
 	PProfPort = "pprof-port"
 
+	// EnableXDPPrefilter enables XDP-based prefiltering
+	EnableXDPPrefilter = "enable-xdp-prefilter"
+
 	// PrefilterDevice is the device facing external network for XDP prefiltering
 	PrefilterDevice = "prefilter-device"
 
@@ -1187,6 +1190,7 @@ type DaemonConfig struct {
 	Devices             []string   // bpf_host device
 	DirectRoutingDevice string     // Direct routing device (used only by NodePort BPF)
 	LBDevInheritIPAddr  string     // Device which IP addr used by bpf_host devices
+	EnableXDPPrefilter  bool       // Enable XDP-based prefiltering
 	DevicePreFilter     string     // Prefilter device
 	ModePreFilter       string     // Prefilter mode
 	XDPMode             string     // XDP mode, values: { xdpdrv | xdpgeneric | none }
@@ -2432,6 +2436,7 @@ func (c *DaemonConfig) Populate() {
 	c.EnableWireguard = viper.GetBool(EnableWireguard)
 	c.EnableWellKnownIdentities = viper.GetBool(EnableWellKnownIdentities)
 	c.EndpointInterfaceNamePrefix = viper.GetString(EndpointInterfaceNamePrefix)
+	c.EnableXDPPrefilter = viper.GetBool(EnableXDPPrefilter)
 	c.DevicePreFilter = viper.GetString(PrefilterDevice)
 	c.DisableCiliumEndpointCRD = viper.GetBool(DisableCiliumEndpointCRDName)
 	c.EgressMasqueradeInterfaces = viper.GetString(EgressMasqueradeInterfaces)