Skip to content

Commit

Permalink
bpf: nodeport: update hop-limit in IPv6 RevDNAT reply path
Browse files Browse the repository at this point in the history 
[ upstream commit 9e29ea6 ]

When forwarding replies from the LB back to the client, rev_nodeport_lb6()
uses fib_redirect() to pick the egress interface (we can't use
fib_redirect_v6() as the packet might have been converted to IPv4, or
tunnel-encapsulated in XDP). Thus the hop-limit currently doesn't get
updated.

Do so manually.

Signed-off-by: Julian Wiedmann <jwi@isovalent.com>
  • Loading branch information
@julianwiedmann @lmb
julianwiedmann authored and lmb committed Aug 16, 2023
1 parent 92a9052 commit fbd4e54
Showing 1 changed file with 4 additions and 0 deletions.
4 changes: 4 additions & 0 deletions bpf/lib/nodeport.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1259,6 +1259,10 @@ static __always_inline int rev_nodeport_lb6(struct __ctx_buff *ctx, __s8 *ext_er
ret = ct_lazy_lookup6(get_ct_map6(&tuple), &tuple, ctx, l4_off, ACTION_CREATE,
CT_INGRESS, SCOPE_REVERSE, &ct_state, &monitor);
if (ret == CT_REPLY && ct_state.node_port == 1 && ct_state.rev_nat_index != 0) {
ret = ipv6_l3(ctx, ETH_HLEN, NULL, NULL, METRIC_EGRESS);
if (unlikely(ret != CTX_ACT_OK))
return ret;

ret = lb6_rev_nat(ctx, l4_off, ct_state.rev_nat_index,
&tuple, REV_NAT_F_TUPLE_SADDR);
if (IS_ERR(ret))
Expand Down

0 comments on commit fbd4e54

Please sign in to comment.