New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
bpf: nat: small Masquerading improvements #26848
Merged
julianwiedmann
merged 3 commits into
cilium:main
from
julianwiedmann:1.15-bpf-nat-masq-tuple
Jul 18, 2023
Merged
bpf: nat: small Masquerading improvements #26848
julianwiedmann
merged 3 commits into
cilium:main
from
julianwiedmann:1.15-bpf-nat-masq-tuple
Jul 18, 2023
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
julianwiedmann
added
sig/datapath
Impacts bpf/ or low-level forwarding details, including map management and monitor messages.
release-note/misc
This PR makes changes that have no direct user impact.
labels
Jul 15, 2023
/test |
julianwiedmann
force-pushed
the
1.15-bpf-nat-masq-tuple
branch
from
July 15, 2023 14:11
402d8ed
to
34855d8
Compare
/test |
aspsk
requested changes
Jul 17, 2023
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
looks great, a few minor comments
julianwiedmann
force-pushed
the
1.15-bpf-nat-masq-tuple
branch
from
July 18, 2023 06:12
34855d8
to
392e827
Compare
/test |
julianwiedmann
force-pushed
the
1.15-bpf-nat-masq-tuple
branch
from
July 18, 2023 06:16
392e827
to
7b6afab
Compare
/test |
julianwiedmann
force-pushed
the
1.15-bpf-nat-masq-tuple
branch
from
July 18, 2023 06:51
7b6afab
to
2e20db5
Compare
/test |
aspsk
reviewed
Jul 18, 2023
aspsk
approved these changes
Jul 18, 2023
Let the high-level SNAT routine provide its CT tuple to the masquerading helper, so that we can remove the duplicated extraction logic (and error handling). This requires us to consider the side-effects that ct_is_reply*() currently has on the tuple. Signed-off-by: Julian Wiedmann <jwi@isovalent.com>
Clean up all the small parts that currently access the L3 header, and get the same information from the CT tuple instead. Signed-off-by: Julian Wiedmann <jwi@isovalent.com>
For now this just makes the error handling a bit more visible. But it should also enable us to consolidate the SNAT port extraction logic at a later point, so that ct_is_reply*() and snat_v*_nat() work with the same ports. Signed-off-by: Julian Wiedmann <jwi@isovalent.com>
julianwiedmann
force-pushed
the
1.15-bpf-nat-masq-tuple
branch
from
July 18, 2023 07:34
2e20db5
to
b043811
Compare
/test |
maintainer-s-little-helper
bot
added
the
ready-to-merge
This PR has passed all tests and received consensus from code owners to merge.
label
Jul 18, 2023
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Labels
ready-to-merge
This PR has passed all tests and received consensus from code owners to merge.
release-note/misc
This PR makes changes that have no direct user impact.
sig/datapath
Impacts bpf/ or low-level forwarding details, including map management and monitor messages.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
More chipping away at the SNAT / Masquerading code. Trying to get to a point where we can pass a fully populated CT tuple to
snat_v*_nat()
, and not repeat the same work there.