-
Notifications
You must be signed in to change notification settings - Fork 2.7k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
bpf: Split handle_ipv6 in bpf_host.c after ct_lookup6
In order to reduce verifier complexity, split handle_ipv6 into two functions chained by a tailcall. The first part will stop after doing ct_lookup6 of the host firewall, and the second part will pick up the results from a BPF map and go on. The tailcall is saved, and the map is not used if host firewall is disabled, so the overhead is minimal in this case. Signed-off-by: Maxim Mikityanskiy <maxim@isovalent.com>
- Loading branch information
1 parent
259d3ce
commit dc000df
Showing
3 changed files
with
174 additions
and
51 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters