daemon: Do not attach bpf_host to L3 dev if skb_change_head is unavailable #15343
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
borkmann
approved these changes
Mar 15, 2021
pchaigno
reviewed
Mar 15, 2021
christarazi
approved these changes
Mar 15, 2021
@pchaigno In bpf_lxc it's used for NodePort BPF rev-DNAT. |
|
test-me-please |
pchaigno
approved these changes
Mar 17, 2021
|
Provisioning error: |
|
Provisioning error: |
|
k8s-1.19-kernel-4.19 hit a complexity issue. |
|
I think 4.19 hit the following: The helper is not available in 4.19. |
|
Ah, I guess it may be easier to fix? :-S The helper was added in 4.10 but is accessible from tc BPF programs only since v5.8 with commit |
jrfastab
approved these changes
Mar 23, 2021
brb
force-pushed
the
pr/brb/inc-complexity-eth-len-zero
branch
from
5565d72
to
ef0fdbb
Compare
brb
changed the title
pchaigno
reviewed
Apr 7, 2021
brb
force-pushed
the
pr/brb/inc-complexity-eth-len-zero
branch
from
2160db7
to
ac34e44
Compare
|
test-net-next |
|
Previous net-next job had only flakes AFAICS, but even if the changes are fairly simple, I'm not comfortable merging without the full end-to-end tests. test-me-please |
|
CI 4.9 and GKE: |
|
test-4.9 |
|
test-gke |
|
CI net-next hit #15455. |
|
test-net-next |
|
Converted this to draft, as this is blocked by #15565. |
The PR "datapath: Support NodePort BPF on L2-less devices" [1] has increased the complexity of bpf_host and bpf_lxc by introducing a support for ETH_HLEN=0. Extend the base options by adding ETH_HLEN=0 to stress test the verifier complexity when running on net-next (ETH_HLEN=0 depends on the skb_change_head helper which was introduced in 5.8). [1]: #14858 Suggested-by: Paul Chaignon <paul@cilium.io> Signed-off-by: Martynas Pumputis <m@lambda.lt>
Skip devices which don't have L2 addr, if the kernel doesn't have skb_change_head helper (the case for < 5.8 kernels). Without the helper it is not possible to create the headroom for L2 hdr. Unfortunately, "skb_adjust_room(skb, 14, BPF_ADJ_ROOM_MAC, 0)" cannot be used either, as it does not set "skb->mac_header" which makes the packet to be dropped by [1] when redirecting to another device. [1]: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/net/core/filter.c?h=v5.8#n2118 Signed-off-by: Martynas Pumputis <m@lambda.lt>
brb
force-pushed
the
pr/brb/inc-complexity-eth-len-zero
branch
from
ac34e44
to
c14f323
Compare
|
test-me-please |
pchaigno
approved these changes
Apr 13, 2021
|
|
test-4.9 |
|
test-4.19 |
|
CI 4.19 hit #15455. Marking as ready-to-merge. |
brb
added
the
ready-to-merge
This was referenced Apr 28, 2021
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
See commit msgs.