Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Consolidate per-endpoint routes macros in the datapath #15656

Closed
wants to merge 1 commit into from
Closed

Consolidate per-endpoint routes macros in the datapath #15656

wants to merge 1 commit into from

Conversation

CBVenkataReddy
Copy link

In the datapath,
we currently have several macros that all indicate whether per-endpoint routes are enabled or not.
ENABLE_ENDPOINT_ROUTES
!ENABLE_ROUTING
Now consolidated the first two, by keeping the first one ENABLE_ENDPOINT_ROUTES.
Also userspace necessary changes done by removing ENABLE_ROUTING.

Fixes: #15449

Signed-off-by: Venkata Reddy venkata.reddy@accuknox.com

Please ensure your pull request adheres to the following guidelines:

  • For first time contributors, read Submitting a pull request
  • All code is covered by unit and/or runtime tests where feasible.
  • All commits contain a well written commit description including a title,
    description and a Fixes: #XXX line if the commit addresses a particular
    GitHub issue.
  • All commits are signed off. See the section Developer’s Certificate of Origin
  • Provide a title or release-note blurb suitable for the release notes.
  • Thanks for contributing!

Fixes: #issue-number

<!-- Enter the release note text here if needed or remove this section! -->

@CBVenkataReddy CBVenkataReddy requested a review from a team April 12, 2021 16:56
@CBVenkataReddy CBVenkataReddy requested review from a team as code owners April 12, 2021 16:56
@maintainer-s-little-helper maintainer-s-little-helper bot added the dont-merge/needs-release-note-label The author needs to describe the release impact of these changes. label Apr 12, 2021
@maintainer-s-little-helper maintainer-s-little-helper bot added this to In progress in 1.10.0 Apr 12, 2021
ti-mo
ti-mo requested changes Apr 13, 2021
View reviewed changes
Copy link
Contributor

@ti-mo ti-mo left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

There are 2 dangling references to ENABLE_ROUTING in bpf_host.c:

bpf/bpf_host.c:1135:#if defined(ENABLE_HOST_FIREWALL) && !defined(ENABLE_ROUTING)
bpf/bpf_host.c:1167:#endif /* ENABLE_HOST_FIREWALL && !ENABLE_ROUTING */

@CBVenkataReddy CBVenkataReddy mentioned this pull request Apr 13, 2021
Closed
6 tasks
@pchaigno pchaigno added area/misc Impacts miscellaneous areas of the code not otherwise owned by another area. kind/cleanup This includes no functional changes. sig/loader Impacts the loading of BPF programs into the kernel. release-note/misc This PR makes changes that have no direct user impact. and removed area/misc Impacts miscellaneous areas of the code not otherwise owned by another area. labels Apr 13, 2021
@maintainer-s-little-helper maintainer-s-little-helper bot removed the dont-merge/needs-release-note-label The author needs to describe the release impact of these changes. label Apr 13, 2021
@pchaigno pchaigno self-requested a review April 13, 2021 12:17
@qmonnet
Copy link
Member

qmonnet commented Apr 13, 2021

What's the logic behind the replacement? It looks like all conditions on ENABLE_ROUTING being defined OR undefined have been indistinctively replaced with a condition on ENABLE_ENDPOINT_ROUTING being defined. I'm also unsure where the change of conditions in the middle of bpf/bpf_host.c is coming from. Can you please elaborate?

@CBVenkataReddy
Copy link
Author

In this PR we have consolidated "ENABLE_ENDPOINT_ROUTES" and "ENABLE_ROUTING"
to "ENABLE_ENDPOINT_ROUTES" also removed unnecessary references to ENABLE_ROUTING in user space.

In bpf/bpf_host.c file it handles packets to and from a local endpoints entering/leaving the host namespace and applies
ingress and egress host policies based on per-endpoint routes are disabled/enabled.

@qmonnet
Copy link
Member

qmonnet commented Apr 14, 2021

Thanks, but it does not answer my question. Seeing that with your PR we have ENABLE_ENDPOINT_ROUTES used for both routing and per-endoint routes:

	if e.RequireEndpointRoute() || e.RequireRouting() {
		fmt.Fprintf(fw, "#define ENABLE_ENDPOINT_ROUTES 1\n")
	}

... Then ENABLE_ENDPOINT_ROUTES will be defined where ENABLE_ROUTING previously was. So in my understanding, conditions like the one below:

-#if defined(ENABLE_HOST_FIREWALL) && !defined(ENABLE_ROUTING)
+#if defined(ENABLE_HOST_FIREWALL) && defined(ENABLE_ENDPOINT_ROUTES)

... are reversing the previous check. Why would they do that?

@CBVenkataReddy
Copy link
Author

code commit changes are done considering ENABLE_ENDPOINT_ROUTES and ENABLE_ROUTING are same meaning.

I still have some doubts regarding these two macro's,

  1. does these two 'ENABLE_ENDPOINT_ROUTES 'and 'ENABLE_ROUTING' macros same meaning? or
  2. does these two 'ENABLE_ENDPOINT_ROUTES' and '!ENABLE_ROUTING' macros same meaning?
    ENDPOINT_ROUTE.txt

@qmonnet
Copy link
Member

qmonnet commented Apr 14, 2021

My understanding is that 2. is correct. ENABLE_ENDPOINT_ROUTES and !ENABLE_ROUTING should be treated the same. This is also what you have for all occurrences in your text file?

@CBVenkataReddy
Copy link
Author

CBVenkataReddy commented Apr 19, 2021
edited by qmonnet

My understanding is that 2. is correct. ENABLE_ENDPOINT_ROUTES and !ENABLE_ROUTING should be treated the same. This is also what you have for all occurrences in your text file?

Done the changes w.r.to 2

@CBVenkataReddy
Copy link
Author

Pls review PR

@CBVenkataReddy
Copy link
Author

CBVenkataReddy commented Apr 30, 2021
edited

with "sudo make -C bpf go_prog_test" we see compilation issues.

Ok, thanks for checking. Just like Paul said, let's drop the option from the Makefile. Please make sure you completely remove the line in the LXC_OPTIONS in the Makefile, to avoid creating a duplicate line.

Yes taken care

qmonnet
qmonnet requested changes Apr 30, 2021
View reviewed changes
bpf/Makefile Outdated Show resolved Hide resolved
qmonnet
qmonnet requested changes Apr 30, 2021
View reviewed changes
daemon/cmd/endpoint.go Outdated Show resolved Hide resolved
bpf/bpf_lxc.c Outdated Show resolved Hide resolved
bpf/bpf_lxc.c Outdated Show resolved Hide resolved
qmonnet
qmonnet approved these changes Apr 30, 2021
View reviewed changes
Copy link
Member

@qmonnet qmonnet left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

All right, looks good to me this time, thanks!

@qmonnet
Copy link
Member

qmonnet commented Apr 30, 2021

test-me-please

@qmonnet
Copy link
Member

qmonnet commented Apr 30, 2021
edited

Some CI flakes.

Couldn't find a documented flake for the Wireguard failure on k8s-1.16-kernel-netnext, giving it another try to see if it's consistently failing for the PR.

@qmonnet
Copy link
Member

qmonnet commented Apr 30, 2021

test-1.16-netnext

@qmonnet qmonnet mentioned this pull request May 1, 2021
Closed
@qmonnet qmonnet removed their assignment May 4, 2021
@CBVenkataReddy
Copy link
Author

Should we wait #15974 issue to be fixed for this PR get merged?

pchaigno
pchaigno reviewed May 6, 2021
View reviewed changes
daemon/cmd/endpoint.go
epTemplate.DatapathConfiguration.RequireEgressProg = false
epTemplate.DatapathConfiguration.RequireRouting = nil
}

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nit: extra newline can be removed.

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sure I will remove extra newline

api/v1/openapi.yaml
Endpoint requires BPF routing to be enabled, when disabled, routing
is delegated to Linux routing.
type: boolean
default: true
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm not sure we can just remove from the API. We might need to deprecate instead. @cilium/maintainers WDYT?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Correct, removing this is an API-breaking change.

I don't understand why we're removing this from the API at all. The CNI component specifies this to the agent based on certain environment factors. Is there some description of why that logic is no longer necessary or what the motivation is here? It seems unrelated to the datapath-specific piece that this effort started out trying to address.

@qmonnet qmonnet added the dont-merge/needs-rebase This PR needs to be rebased because it has merge conflicts. label May 20, 2021
@nathanjsweet nathanjsweet marked this pull request as draft May 25, 2021 17:27
@nathanjsweet
Copy link
Member

nathanjsweet commented May 25, 2021
edited

I'm converting this to a draft until the high-level comments are addressed.

@maintainer-s-little-helper

This comment has been minimized.

Sign in to view
@maintainer-s-little-helper maintainer-s-little-helper bot added the dont-merge/needs-sign-off The author needs to add signoff to their commits before merge. label May 26, 2021
@maintainer-s-little-helper maintainer-s-little-helper bot removed the dont-merge/needs-sign-off The author needs to add signoff to their commits before merge. label May 26, 2021
@CBVenkataReddy
Consolidate per-endpoint routes macros in the datapath
9b5e8c7 
In the datapath,
we currently have several macros that all indicate whether per-endpoint routes are enabled or not.
ENABLE_ENDPOINT_ROUTES
!ENABLE_ROUTING
Now consolidated the first two, by keeping the first one ENABLE_ENDPOINT_ROUTES.
Also userspace necessary changes done by removing ENABLE_ROUTING and removed all references to RequireRouting.

Fixes: cilium#15449

Signed-off-by: Venkata Reddy <venkata.reddy@accuknox.com>
@stale
Copy link

stale bot commented Jun 26, 2021

This pull request has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

@stale stale bot added the stale The stale bot thinks this issue is old. Add "pinned" label to prevent this from becoming stale. label Jun 26, 2021
@stale
Copy link

stale bot commented Jul 11, 2021

This issue has not seen any activity since it was marked stale. Closing.

@stale stale bot closed this Jul 11, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@joestringer joestringer joestringer left review comments

@pchaigno pchaigno pchaigno requested changes

@ti-mo ti-mo ti-mo requested changes

@qmonnet qmonnet qmonnet approved these changes

@jrfastab jrfastab Awaiting requested review from jrfastab

@rolinh rolinh Awaiting requested review from rolinh

@nathanjsweet nathanjsweet Awaiting requested review from nathanjsweet

Assignees

@nathanjsweet nathanjsweet

@jrfastab jrfastab

@rolinh rolinh

@pchaigno pchaigno

@ti-mo ti-mo

Labels
dont-merge/needs-rebase This PR needs to be rebased because it has merge conflicts. kind/cleanup This includes no functional changes. release-note/misc This PR makes changes that have no direct user impact. sig/loader Impacts the loading of BPF programs into the kernel. stale The stale bot thinks this issue is old. Add "pinned" label to prevent this from becoming stale.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Consolidate per-endpoint routes macros in the datapath
8 participants
@CBVenkataReddy @qmonnet @pchaigno @nathanjsweet @joestringer @ti-mo @jrfastab @rolinh