Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

bpf: lxc: fix source sec identity in hairpin trace notification #28133

Merged
merged 1 commit into from Sep 13, 2023
Merged

bpf: lxc: fix source sec identity in hairpin trace notification #28133

merged 1 commit into from Sep 13, 2023

Conversation

julianwiedmann
Copy link
Member

CB_SRC_LABEL is cleared just a few lines above. So to get the source's actual security identity, we need to use our local variable.

Fixes: e2829a0 ("bpf: lxc: support Pod->Service->Pod hairpinning with endpoint routes")

Fix the trace notification for hairpinned reply traffic, to indicate the correct security identity for the client.

@julianwiedmann
bpf: lxc: fix source sec identity in hairpin trace notification
aeea27a 
CB_SRC_LABEL is cleared just a few lines above. So to get the source's
actual security identity, we need to use our local variable.

Fixes: e2829a0 ("bpf: lxc: support Pod->Service->Pod hairpinning with endpoint routes")
Signed-off-by: Julian Wiedmann <jwi@isovalent.com>
@julianwiedmann julianwiedmann added kind/bug This is a bug in the Cilium logic. sig/datapath Impacts bpf/ or low-level forwarding details, including map management and monitor messages. area/monitor Impacts monitoring, access logging, flow logging, visibility of datapath traffic. release-note/bug This PR fixes an issue in a previous release of Cilium. needs-backport/1.12 needs-backport/1.13 This PR / issue needs backporting to the v1.13 branch needs-backport/1.14 This PR / issue needs backporting to the v1.14 branch labels Sep 13, 2023
@julianwiedmann julianwiedmann requested a review from a team as a code owner September 13, 2023 05:57
@julianwiedmann
Copy link
Member Author

/test

qmonnet
qmonnet approved these changes Sep 13, 2023
View reviewed changes
Copy link
Member

@qmonnet qmonnet left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks!

@julianwiedmann julianwiedmann merged commit 02c17d5 into cilium:main Sep 13, 2023
62 checks passed
@julianwiedmann julianwiedmann deleted the 1.15-bpf-lxc-hairpin-sec-identity branch September 13, 2023 10:56
@doniacld doniacld mentioned this pull request Sep 22, 2023
Merged
10 tasks
@doniacld doniacld added backport-pending/1.13 The backport for Cilium 1.13.x for this PR is in progress. and removed needs-backport/1.13 This PR / issue needs backporting to the v1.13 branch labels Sep 22, 2023
@giorio94 giorio94 mentioned this pull request Sep 26, 2023
Merged
22 tasks
@giorio94 giorio94 added backport-pending/1.14 The backport for Cilium 1.14.x for this PR is in progress. and removed needs-backport/1.14 This PR / issue needs backporting to the v1.14 branch labels Sep 26, 2023
@giorio94 giorio94 mentioned this pull request Sep 26, 2023
Merged
12 tasks
@aanm aanm added backport-done/1.14 The backport for Cilium 1.14.x for this PR is done. backport-done/1.13 The backport for Cilium 1.13.x for this PR is done. backport-done/1.12 The backport for Cilium 1.12.x for this PR is done. and removed backport-pending/1.14 The backport for Cilium 1.14.x for this PR is in progress. backport-pending/1.13 The backport for Cilium 1.13.x for this PR is in progress. backport-pending/1.12 labels Sep 29, 2023
This was referenced Oct 17, 2023
Merged
Merged
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@qmonnet qmonnet qmonnet approved these changes

@ti-mo ti-mo Awaiting requested review from ti-mo

Assignees
No one assigned
Labels
area/monitor Impacts monitoring, access logging, flow logging, visibility of datapath traffic. backport-done/1.12 The backport for Cilium 1.12.x for this PR is done. backport-done/1.13 The backport for Cilium 1.13.x for this PR is done. backport-done/1.14 The backport for Cilium 1.14.x for this PR is done. kind/bug This is a bug in the Cilium logic. release-note/bug This PR fixes an issue in a previous release of Cilium. sig/datapath Impacts bpf/ or low-level forwarding details, including map management and monitor messages.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
5 participants
@julianwiedmann @qmonnet @aanm @doniacld @giorio94