Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

bpf: avoid encrypt_key map lookup if IPsec is disabled #17840

Merged
merged 2 commits into from
Nov 12, 2021
Merged

bpf: avoid encrypt_key map lookup if IPsec is disabled #17840

merged 2 commits into from
Nov 12, 2021

Commits on Nov 11, 2021

  1. bpf: fix -Wunused-but-set-variable errors when building with LLVM 14 

    Building the BPF datapath with LLVM 14 leads to the following errors:

    bpf_lxc.c:101:16: error: variable 'daddr' set but not used [-Werror,-Wunused-but-set-variable]
            union v6addr *daddr, orig_dip;
                          ^
    bpf_lxc.c:103:7: error: variable 'encrypt_key' set but not used [-Werror,-Wunused-but-set-variable]
            __u8 encrypt_key = 0;
                 ^
    bpf_lxc.c:102:8: error: variable 'tunnel_endpoint' set but not used [-Werror,-Wunused-but-set-variable]
            __u32 tunnel_endpoint = 0;
                  ^
    bpf_lxc.c:526:7: error: variable 'encrypt_key' set but not used [-Werror,-Wunused-but-set-variable]
            __u8 encrypt_key = 0;
                 ^
    bpf_lxc.c:525:8: error: variable 'tunnel_endpoint' set but not used [-Werror,-Wunused-but-set-variable]
            __u32 tunnel_endpoint = 0;
                  ^

These are normally warnings, but errors in this case due to the use of
-Werror when compiling Cilium's bpf programs. Fix these by marking the
affected variables as __maybe_unused.

Signed-off-by: Tobias Klauser <tobias@cilium.io>
    @tklauser
    tklauser committed Nov 11, 2021
    Configuration menu
    Copy the full SHA
    cdc51f9 View commit details
    Browse the repository at this point in the history

  2. bpf: avoid encrypt_key map lookup if IPsec is disabled 

    In the bpf_lxc program's functions ipv6_l3_from_lxc and
handle_ipv4_from_lxc, currently encrypt_key is always looked up in the
encrypt map, regardless of whether IPsec is enabled or not. However, its
value is only actually used when IPsec is enabled. Thus, the call can
be avoid when IPsec is disabled.

This also slightly reduces program size if !defined(ENABLE_IPSEC).

Signed-off-by: Tobias Klauser <tobias@cilium.io>
    @tklauser
    tklauser committed Nov 11, 2021
    Configuration menu
    Copy the full SHA
    fb2510f View commit details
    Browse the repository at this point in the history