datapath tracing: report pre/post NAT address #31064
Labels
area/monitor
Impacts monitoring, access logging, flow logging, visibility of datapath traffic.
feature/egress-gateway
Impacts the egress IP gateway feature.
feature/snat
Relates to SNAT or Masquerading of traffic
kind/enhancement
This would improve or streamline existing functionality.
pinned
These issues are not marked stale by our issue bot.
sig/datapath
Impacts bpf/ or low-level forwarding details, including map management and monitor messages.
sig/hubble
Impacts hubble server or relay
Background
#9321 introduced the notion of an
OrigIP
into datapath trace events. Initially this was intended to report the originalSourceIP
of a service reply, after it has been RevDNATed.With #28723 we now also use the
OrigIP
in the outbound SNAT path, to report the packet's originalSourceIP
(eg. the pod's IP), after it has been SNATed.Proposal
What's still missing is to report the original
DestIP
from the inbound RevSNAT path.Open questions
OrigDestIP
) in the trace event? Or can we overloadOrigIP
, along with a flag that indicates whetherOrigIP
is the source/dest? What about trace events for packets that have been DNATed and SNATed?The text was updated successfully, but these errors were encountered: