Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fragment tracking #10076

Closed
tgraf opened this issue Feb 6, 2020 · 0 comments · Fixed by #10264
Closed

Fragment tracking #10076

tgraf opened this issue Feb 6, 2020 · 0 comments · Fixed by #10264
Assignees
@borkmann @qmonnet
Labels
kind/enhancement This would improve or streamline existing functionality. sig/datapath Impacts bpf/ or low-level forwarding details, including map management and monitor messages.
Projects
1.8.0

Comments

@tgraf
Copy link
Member

tgraf commented Feb 6, 2020
edited

Summary

The datapath is not able to handle IP fragments right now.

Details

On encounter of IP fragments, L4 policy as well as load-balancing breaks as fragments can't be associated correctly. In order to fix the situation, full reassembly is not required. Instead, we can build in tracking of fragments to associate it with the existing connection tracking table.

  1. As first fragments appear, the conntrack table entry is created and the policy as well as load-balancing decision is stored.
  2. If a fragment ID is set, a fragment table entry must be created which points to the conntrack table entry via the 5-tuple or some other means.
  3. As further fragments are processed, the initial conntrack entry can be looked up via the fragment table.
  4. Expiration of fragment table entries must be performed.
@tgraf tgraf created this issue from a note in 1.8.0 (BPF Datapath) Feb 6, 2020
@tgraf tgraf added sig/datapath Impacts bpf/ or low-level forwarding details, including map management and monitor messages. kind/enhancement This would improve or streamline existing functionality. labels Feb 6, 2020
@qmonnet qmonnet mentioned this issue Feb 20, 2020
Merged
@joestringer joestringer mentioned this issue Mar 2, 2020
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@borkmann borkmann

@qmonnet qmonnet

Labels
kind/enhancement This would improve or streamline existing functionality. sig/datapath Impacts bpf/ or low-level forwarding details, including map management and monitor messages.
Projects
No open projects
1.8.0
  
BPF Datapath
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Support for IPv4 fragments cilium/cilium
3 participants
@borkmann @tgraf @qmonnet