Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

daemon: Fix fallback to iptables-based masquerading #12081

Merged
merged 2 commits into from Jun 16, 2020
Merged

daemon: Fix fallback to iptables-based masquerading #12081

merged 2 commits into from Jun 16, 2020

Conversation

brb
Copy link
Member

@brb brb commented Jun 15, 2020
edited

Previously, when falling back to iptables-based masquerading, if a user
had specified --egress-masquerade-interface, the agent considered it
as part of BPF masquerading options. This made it obviously to fail.

Fix: b7b962b ("daemon: Fallback to iptables if BPF masq cannot be enabled")
Reported-by: Tobias Klauser tklauser@distanz.ch

Fix #12081

/cc @tklauser

@brb
daemon: Fix fallback to iptables-based masquerading
0ed8546 
Previously, when falling back to iptables-based masquerading, if a user
had specified --egress-masquerade-interface, the agent considered it
as part of BPF masquerading options. This made it obviously to fail.

Fix: b7b962b ("daemon: Fallback to iptables if BPF masq cannot be enabled")
Reported-by: Tobias Klauser <tklauser@distanz.ch>
Signed-off-by: Martynas Pumputis <m@lambda.lt>
@brb brb added pending-review area/daemon Impacts operation of the Cilium daemon. labels Jun 15, 2020
@brb brb requested review from tklauser and a team June 15, 2020 19:52
@maintainer-s-little-helper
Copy link

Please set the appropriate release note label.

4 similar comments
@maintainer-s-little-helper
Copy link

Please set the appropriate release note label.

@maintainer-s-little-helper
Copy link

Please set the appropriate release note label.

@maintainer-s-little-helper
Copy link

Please set the appropriate release note label.

@maintainer-s-little-helper
Copy link

Please set the appropriate release note label.

@maintainer-s-little-helper maintainer-s-little-helper bot added this to In progress in 1.8.0 Jun 15, 2020
@maintainer-s-little-helper maintainer-s-little-helper bot added this to Needs backport from master in 1.8.0 Jun 15, 2020
@brb
Copy link
Member Author

brb commented Jun 15, 2020

test-me-please

@brb brb added the release-note/bug This PR fixes an issue in a previous release of Cilium. label Jun 15, 2020
tklauser
tklauser approved these changes Jun 15, 2020
View reviewed changes
Copy link
Member

@tklauser tklauser left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Tested on EKS and verified that this fixes #12078

@coveralls
Copy link

coveralls commented Jun 15, 2020
edited

Coverage Status

Coverage increased (+0.005%) to 37.035% when pulling 4c61216 on pr/brb/masq-allow-eiface into fe4e456 on master.

@brb brb requested a review from a team as a code owner June 16, 2020 04:43
@brb brb requested a review from tklauser June 16, 2020 04:43
@brb
Copy link
Member Author

brb commented Jun 16, 2020

test-me-please

@brb
daemon: Fallback to iptables-based MASQ if egress iface is specified
4c61216 
To avoid breaking existing guides, fallback to iptables-based
masquerading if --egress-masquerade-interface is set.

In v1.9, we plan to add a support for the flag which will make
the transition from BPF to iptables -based masquerading transparent
when the flag is set.

Signed-off-by: Martynas Pumputis <m@lambda.lt>
tklauser
tklauser approved these changes Jun 16, 2020
View reviewed changes
Copy link
Member

@tklauser tklauser left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, let's address the remaining connectivity check issue on EKS in a follow-up.

@maintainer-s-little-helper maintainer-s-little-helper bot added the ready-to-merge This PR has passed all tests and received consensus from code owners to merge. label Jun 16, 2020
@borkmann borkmann merged commit f5b7027 into master Jun 16, 2020
1.8.0 automation moved this from In progress to Merged Jun 16, 2020
@borkmann borkmann deleted the pr/brb/masq-allow-eiface branch June 16, 2020 11:33
@brb brb mentioned this pull request Jun 16, 2020
Closed
@maintainer-s-little-helper maintainer-s-little-helper bot moved this from Needs backport from master to Backport pending to v1.8 in 1.8.0 Jun 16, 2020
@borkmann borkmann mentioned this pull request Jun 16, 2020
Merged
@maintainer-s-little-helper maintainer-s-little-helper bot moved this from Backport pending to v1.8 to Backport done to v1.8 in 1.8.0 Jun 16, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@tklauser tklauser tklauser approved these changes

@nebril nebril nebril approved these changes

Assignees
No one assigned
Labels
area/daemon Impacts operation of the Cilium daemon. ready-to-merge This PR has passed all tests and received consensus from code owners to merge. release-note/bug This PR fixes an issue in a previous release of Cilium.
Projects
No open projects
1.8.0
  
Merged
1.8.0
Backport done to v1.8
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
5 participants
@brb @coveralls @tklauser @nebril @borkmann