New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
bpf: SRv6 fib on encap #26136
bpf: SRv6 fib on encap #26136
Conversation
/test Job 'Cilium-PR-K8s-1.26-kernel-net-next' failed: Click to show.Test Name
Failure Output
Jenkins URL: https://jenkins.cilium.io/job/Cilium-PR-K8s-1.26-kernel-net-next/721/ If it is a flake and a GitHub issue doesn't already exist to track it, comment Then please upload the Jenkins artifacts to that issue. |
/test-1.26-net-next |
Is it worth considering a unit test? |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please apply one small change to the error reporting (and maybe pick up the cosmetic change while at it 😁). Otherwise all good, thanks!
4f87263
to
567c2b6
Compare
@julianwiedmann handled your feedback. @nickolaev working on a test now, feel free to block until this test commit is present. |
010c7fa
to
48174e4
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
lgtm, thank you!
Two small clarifying questions, but no blocker unless you realize that something is amiss :)
48174e4
to
7588f88
Compare
@jibi latest push moves the fib_lookup functions to take src/dst addresses instead of the full header |
d1da55f
to
2f1d6f4
Compare
This commit adds a new function, 'fib_do_redirect', to 'lib/fib.h'. This function decouples the 'bpf_redirect' functionality from the 'bpf_fib_lookup' functionality while keeping the existing 'fib_redirect' logic the same. In other words, this function can pickup right after the 'fib_lookup' is performed in 'fib_redirect' and carry out the same exact operations as 'fib_redirect'. This will be used in a subsequent commit to decouple the `bpf_fib_lookup` from the `bpf_redirect`, such that each can be performed independently. This is an addition-only change and amounts to no functional changes in the data path. Signed-off-by: Louis DeLosSantos <louis.delos@isovalent.com>
Introduce functions for performing fib_lookups independent of any other actions. Signed-off-by: Louis DeLosSantos <louis.delos@isovalent.com>
2f1d6f4
to
4bce021
Compare
@nickolaev added tests: 4bce021 |
/test |
4bce021
to
fb3f639
Compare
I believe there's no plan to backport this into |
This is the first PR in a set of two.
In this PR we introduce new functions in lib/fib.h to fix the issue described below
A follow up PR will be opened once this is merged which carries the non-backported refactor of fib/lib.h, removing the duplicate code introduced in this PR.
see #26048 (comment) for an explanation of why this occurs in two PRs.
Original SRv6 encapsulation flow:
This results in the egress packet always choosing the output interface, source, and destination mac from the FIB lookup that occurred on the inner packet.
SRv6 encapsulation flow corrected:
Now, we perform an additional fib lookup once the egress packet has been encapsulated, ensuring the encapsulated packet is forwarded correctly based on the host namespace's FIB.
Performing these actions independently is currently necessary for this SRv6 datapath fix.
This is because we perform the
fib_lookup
already at a egress interface and we may or may not need to redirect to a new interface for tx.It is obvious to see that two fib lookups are occurring here.
It does seem to me that this can be reduced to one, however this involves changing where encapsulation occurs and will be a larger refactor, however I will also look into this.