Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Pass error codes from map_update_elem (ct_create) to drop notifications #24716

Merged
merged 2 commits into from Apr 18, 2023
Merged

Pass error codes from map_update_elem (ct_create) to drop notifications #24716

merged 2 commits into from Apr 18, 2023

Conversation

gentoo-root
Copy link
Contributor

@gentoo-root gentoo-root commented Apr 3, 2023
edited 

Report the kernel error code in case of packet drops due to failures to create conntrack map entries.

@gentoo-root gentoo-root added release-note/minor This PR changes functionality that users may find relevant to operating Cilium. area/metrics Impacts statistics / metrics gathering, eg via Prometheus. labels Apr 3, 2023
@gentoo-root gentoo-root requested a review from a team as a code owner April 3, 2023 20:45
@gentoo-root gentoo-root force-pushed the ct_fill_up-ext_err branch 6 times, most recently from 2fdc5b8 to d546948 Compare April 4, 2023 10:44
@gentoo-root
Copy link
Contributor Author

/test

@gentoo-root
Copy link
Contributor Author

/test-1.26-net-next

pchaigno
pchaigno approved these changes Apr 7, 2023
View reviewed changes
bpf/bpf_host.c Show resolved Hide resolved
bpf/bpf_lxc.c Outdated Show resolved Hide resolved
@pchaigno
Copy link
Member

pchaigno commented Apr 8, 2023

I think a rebase will fix the net-next failures. Then we should be good to merge.

@jrajahalme
Copy link
Member

#24410 merged yesterday, so a rebase is needed here :-)

@gentoo-root
bpf: Add ext_err to ct_create4 and ct_create6
1bb3590 
Whenever map_update_elem fails in ct_create{4,6}, pass its return code
upwards via ext_err.

Signed-off-by: Maxim Mikityanskiy <maxim@isovalent.com>
@gentoo-root
bpf: Pass ext_err to ct_create4 and ct_create6
5918641 
Start passing the new ext_err parameter to ct_create4 and ct_create6
everywhere where possible. Expose the kernel error code returned by
map_update_elem to drop notifications.

As a side effect, ext_err set by policy_can_access_ingress in
ipv{4,6}_host_policy_egress is now also passed to the caller and the
drop notification.

Signed-off-by: Maxim Mikityanskiy <maxim@isovalent.com>
@pchaigno
Copy link
Member

/test

@pchaigno pchaigno merged commit d749a59 into cilium:master Apr 18, 2023
57 checks passed
@margamanterola margamanterola mentioned this pull request Apr 27, 2023
Closed
@julianwiedmann julianwiedmann mentioned this pull request Jun 5, 2023
Merged
julianwiedmann added a commit to julianwiedmann/cilium that referenced this pull request Aug 23, 2023
@julianwiedmann
bpf: nat: report detailed error when creating SNAT entry
31bd449 
[ upstream commit 1f6c10d ]

[ backporter's notes: as cilium#24716
  is missing, manually add the needed ext_err bits into nat.h and switch
  the callers to send_drop_notify_error_ext(). ]

snat_*_nat_handle_mapping() already takes an *ext_err parameter to pass up
detailed error information from its CT logic. Use this to also report
errors from map_update_elem() when creating the NAT entries.

Signed-off-by: Julian Wiedmann <jwi@isovalent.com>
julianwiedmann added a commit to julianwiedmann/cilium that referenced this pull request Aug 23, 2023
@julianwiedmann
bpf: dsr: report detailed error when creating RevDNAT entry
1c55c6b 
[ upstream commit 66e9579 ]

[ backporter's notes: as cilium#24716
  is missing, do the switch to send_drop_notify_error_ext() ]

tail_nodeport_dsr_ingress_ipv*() already maintains an *ext_err parameter to
report detailed error information from its CT logic. Use this to also
report errors from map_update_elem() when creating the RevDNAT entry.

Signed-off-by: Julian Wiedmann <jwi@isovalent.com>
@julianwiedmann julianwiedmann mentioned this pull request Aug 23, 2023
Merged
1 task
joestringer pushed a commit that referenced this pull request Aug 25, 2023
@julianwiedmann @joestringer
bpf: nat: report detailed error when creating SNAT entry
4475e4e 
[ upstream commit 1f6c10d ]

[ backporter's notes: as #24716
  is missing, manually add the needed ext_err bits into nat.h and switch
  the callers to send_drop_notify_error_ext(). ]

snat_*_nat_handle_mapping() already takes an *ext_err parameter to pass up
detailed error information from its CT logic. Use this to also report
errors from map_update_elem() when creating the NAT entries.

Signed-off-by: Julian Wiedmann <jwi@isovalent.com>
joestringer pushed a commit that referenced this pull request Aug 25, 2023
@julianwiedmann @joestringer
bpf: dsr: report detailed error when creating RevDNAT entry
524a06b 
[ upstream commit 66e9579 ]

[ backporter's notes: as #24716
  is missing, do the switch to send_drop_notify_error_ext() ]

tail_nodeport_dsr_ingress_ipv*() already maintains an *ext_err parameter to
report detailed error information from its CT logic. Use this to also
report errors from map_update_elem() when creating the RevDNAT entry.

Signed-off-by: Julian Wiedmann <jwi@isovalent.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@pchaigno pchaigno pchaigno approved these changes

@NikAleksandrov NikAleksandrov Awaiting requested review from NikAleksandrov NikAleksandrov was automatically assigned from cilium/sig-datapath

@jrajahalme jrajahalme Awaiting requested review from jrajahalme

Assignees
No one assigned
Labels
area/metrics Impacts statistics / metrics gathering, eg via Prometheus. release-note/minor This PR changes functionality that users may find relevant to operating Cilium.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@gentoo-root @pchaigno @jrajahalme