Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

bpf: nat: small Masquerading improvements #26848

Merged
merged 3 commits into from Jul 18, 2023
Merged

bpf: nat: small Masquerading improvements #26848

merged 3 commits into from Jul 18, 2023

Conversation

julianwiedmann
Copy link
Member

More chipping away at the SNAT / Masquerading code. Trying to get to a point where we can pass a fully populated CT tuple to snat_v*_nat(), and not repeat the same work there.

@julianwiedmann julianwiedmann added sig/datapath Impacts bpf/ or low-level forwarding details, including map management and monitor messages. release-note/misc This PR makes changes that have no direct user impact. labels Jul 15, 2023
@julianwiedmann
Copy link
Member Author

/test

@julianwiedmann
Copy link
Member Author

/test

@julianwiedmann julianwiedmann marked this pull request as ready for review July 15, 2023 15:20
@julianwiedmann julianwiedmann requested a review from a team as a code owner July 15, 2023 15:20
aspsk
aspsk requested changes Jul 17, 2023
View reviewed changes
Copy link
Contributor

@aspsk aspsk left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

looks great, a few minor comments

bpf/lib/nat.h Show resolved Hide resolved
bpf/lib/conntrack.h Outdated Show resolved Hide resolved
bpf/lib/nat.h Show resolved Hide resolved
@julianwiedmann
Copy link
Member Author

/test

@julianwiedmann
Copy link
Member Author

/test

@julianwiedmann
Copy link
Member Author

/test

aspsk
aspsk reviewed Jul 18, 2023
View reviewed changes
bpf/lib/nat.h Show resolved Hide resolved
@julianwiedmann
bpf: nat: pass CT tuple to snat_v*_needs_masquerade()
bb5dcdc 
Let the high-level SNAT routine provide its CT tuple to the masquerading
helper, so that we can remove the duplicated extraction logic (and error
handling).

This requires us to consider the side-effects that ct_is_reply*()
currently has on the tuple.

Signed-off-by: Julian Wiedmann <jwi@isovalent.com>
@julianwiedmann
bpf: nat: have snat_v*_needs_masquerade() use CT tuple in all places
2495f52 
Clean up all the small parts that currently access the L3 header, and get
the same information from the CT tuple instead.

Signed-off-by: Julian Wiedmann <jwi@isovalent.com>
@julianwiedmann
bpf: nat: move port extraction from ct_is_reply*() into caller
b043811 
For now this just makes the error handling a bit more visible. But it
should also enable us to consolidate the SNAT port extraction logic at a
later point, so that ct_is_reply*() and snat_v*_nat() work with the same
ports.

Signed-off-by: Julian Wiedmann <jwi@isovalent.com>
@julianwiedmann
Copy link
Member Author

/test

@maintainer-s-little-helper maintainer-s-little-helper bot added the ready-to-merge This PR has passed all tests and received consensus from code owners to merge. label Jul 18, 2023
@julianwiedmann julianwiedmann merged commit dc2b411 into cilium:main Jul 18, 2023
65 checks passed
@julianwiedmann julianwiedmann deleted the 1.15-bpf-nat-masq-tuple branch July 18, 2023 09:22
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@aspsk aspsk aspsk approved these changes

Assignees
No one assigned
Labels
ready-to-merge This PR has passed all tests and received consensus from code owners to merge. release-note/misc This PR makes changes that have no direct user impact. sig/datapath Impacts bpf/ or low-level forwarding details, including map management and monitor messages.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@julianwiedmann @aspsk