-
Notifications
You must be signed in to change notification settings - Fork 2.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Consolidate per-endpoint routes macros in the datapath #15656
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There are 2 dangling references to ENABLE_ROUTING
in bpf_host.c:
bpf/bpf_host.c:1135:#if defined(ENABLE_HOST_FIREWALL) && !defined(ENABLE_ROUTING)
bpf/bpf_host.c:1167:#endif /* ENABLE_HOST_FIREWALL && !ENABLE_ROUTING */
7e5077d
to
fcb0d85
Compare
What's the logic behind the replacement? It looks like all conditions on |
In this PR we have consolidated "ENABLE_ENDPOINT_ROUTES" and "ENABLE_ROUTING" In bpf/bpf_host.c file it handles packets to and from a local endpoints entering/leaving the host namespace and applies |
Thanks, but it does not answer my question. Seeing that with your PR we have if e.RequireEndpointRoute() || e.RequireRouting() {
fmt.Fprintf(fw, "#define ENABLE_ENDPOINT_ROUTES 1\n")
} ... Then -#if defined(ENABLE_HOST_FIREWALL) && !defined(ENABLE_ROUTING)
+#if defined(ENABLE_HOST_FIREWALL) && defined(ENABLE_ENDPOINT_ROUTES) ... are reversing the previous check. Why would they do that? |
code commit changes are done considering ENABLE_ENDPOINT_ROUTES and ENABLE_ROUTING are same meaning. I still have some doubts regarding these two macro's,
|
My understanding is that 2. is correct. |
fcb0d85
to
7293dc4
Compare
Done the changes w.r.to 2 |
Pls review PR |
Yes taken care |
bb4ea58
to
d8c37ad
Compare
d8c37ad
to
9501497
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
All right, looks good to me this time, thanks!
9501497
to
cef4ec5
Compare
test-me-please |
Some CI flakes.
Couldn't find a documented flake for the Wireguard failure on k8s-1.16-kernel-netnext, giving it another try to see if it's consistently failing for the PR. |
test-1.16-netnext |
Should we wait #15974 issue to be fixed for this PR get merged? |
epTemplate.DatapathConfiguration.RequireEgressProg = false | ||
epTemplate.DatapathConfiguration.RequireRouting = nil | ||
} | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Nit: extra newline can be removed.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Sure I will remove extra newline
Endpoint requires BPF routing to be enabled, when disabled, routing | ||
is delegated to Linux routing. | ||
type: boolean | ||
default: true |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm not sure we can just remove from the API. We might need to deprecate instead. @cilium/maintainers WDYT?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Correct, removing this is an API-breaking change.
I don't understand why we're removing this from the API at all. The CNI component specifies this to the agent based on certain environment factors. Is there some description of why that logic is no longer necessary or what the motivation is here? It seems unrelated to the datapath-specific piece that this effort started out trying to address.
I'm converting this to a draft until the high-level comments are addressed. |
cef4ec5
to
9f3c373
Compare
This comment has been minimized.
This comment has been minimized.
a46524c
to
1ceb349
Compare
In the datapath, we currently have several macros that all indicate whether per-endpoint routes are enabled or not. ENABLE_ENDPOINT_ROUTES !ENABLE_ROUTING Now consolidated the first two, by keeping the first one ENABLE_ENDPOINT_ROUTES. Also userspace necessary changes done by removing ENABLE_ROUTING and removed all references to RequireRouting. Fixes: cilium#15449 Signed-off-by: Venkata Reddy <venkata.reddy@accuknox.com>
1ceb349
to
9b5e8c7
Compare
This pull request has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions. |
This issue has not seen any activity since it was marked stale. Closing. |
In the datapath,
we currently have several macros that all indicate whether per-endpoint routes are enabled or not.
ENABLE_ENDPOINT_ROUTES
!ENABLE_ROUTING
Now consolidated the first two, by keeping the first one ENABLE_ENDPOINT_ROUTES.
Also userspace necessary changes done by removing ENABLE_ROUTING.
Fixes: #15449
Signed-off-by: Venkata Reddy venkata.reddy@accuknox.com
Please ensure your pull request adheres to the following guidelines:
description and a
Fixes: #XXX
line if the commit addresses a particularGitHub issue.
Fixes: #issue-number