Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

bpf: exclude EgressGW logic in bpf_overlay #26611

Merged
merged 3 commits into from Jul 6, 2023
Merged

bpf: exclude EgressGW logic in bpf_overlay #26611

merged 3 commits into from Jul 6, 2023

Conversation

julianwiedmann
Copy link
Member

@julianwiedmann julianwiedmann commented Jul 4, 2023
edited

Explicitly exclude the EgressGW-specific paths when the nodeport.h and nat.h code is pulled into bpf_overlay. They are not needed, all relevant EgressGW functionality lives in bpf_host (and bpf_xdp).

Motivation is mostly about better self-documentation ("where does this code run"), there's no pressing BPF complexity concerns for bpf_overlay.

@julianwiedmann
bpf: nat: clean up ENABLE_MASQUERADE_* section in snat_v*_prepare_sta…
f21cdb8 
…te()

We only want to apply the MASQUERADE logic when snat_v*_prepare_state() is
called from bpf_host (ie to-netdev). Make this a bit clearer in the code.

No functional change, except that we avoid the local_ep / remote_ep
handling when MASQUERADE is disabled.

Signed-off-by: Julian Wiedmann <jwi@isovalent.com>
@julianwiedmann julianwiedmann added sig/datapath Impacts bpf/ or low-level forwarding details, including map management and monitor messages. release-note/misc This PR makes changes that have no direct user impact. feature/egress-gateway Impacts the egress IP gateway feature. labels Jul 4, 2023
@julianwiedmann
Copy link
Member Author

/test

@julianwiedmann
bpf: nat: exclude EgressGW logic from bpf_overlay
40bbf17 
EgressGW uses the masquerading logic in to-netdev. Avoid including these
code sections in bpf_overlay.

Also don't consider EgressGW in bpf_overlay when deciding whether
handle_nat_fwd_ipv4() can be inlined.

Signed-off-by: Julian Wiedmann <jwi@isovalent.com>
@julianwiedmann
bpf: nodeport: exclude EgressGW reply logic from bpf_overlay
c262dd7 
The nodeport ingress path contains a special path that immediately
redirects replies for EgressGW connections into the tunnel (bypassing the
stack). This path is only required for bpf_xdp and bpf_host, exclude it
from bpf_overlay.

Signed-off-by: Julian Wiedmann <jwi@isovalent.com>
@julianwiedmann
Copy link
Member Author

/test

@julianwiedmann julianwiedmann changed the title 1.15 bpf egressgw overlay bpf: exclude EgressGW logic in bpf_overlay Jul 4, 2023
@julianwiedmann julianwiedmann marked this pull request as ready for review July 4, 2023 10:41
@julianwiedmann julianwiedmann requested a review from a team as a code owner July 4, 2023 10:41
@maintainer-s-little-helper maintainer-s-little-helper bot added the ready-to-merge This PR has passed all tests and received consensus from code owners to merge. label Jul 6, 2023
@julianwiedmann julianwiedmann merged commit cb66aef into cilium:main Jul 6, 2023
65 checks passed
@julianwiedmann julianwiedmann deleted the 1.15-bpf-egressgw-overlay branch July 6, 2023 08:39
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jibi jibi jibi approved these changes

@dylandreimerink dylandreimerink dylandreimerink approved these changes

Assignees
No one assigned
Labels
feature/egress-gateway Impacts the egress IP gateway feature. ready-to-merge This PR has passed all tests and received consensus from code owners to merge. release-note/misc This PR makes changes that have no direct user impact. sig/datapath Impacts bpf/ or low-level forwarding details, including map management and monitor messages.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@julianwiedmann @jibi @dylandreimerink