-
Notifications
You must be signed in to change notification settings - Fork 2.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
pull skb data at the entrance of from-containter #19308
Conversation
When the skb is non-linear, revalidate_data drops the packet immediately. For example, This can happen when pods are using AF_PACKET + mmap ring buffer. calling revalidate_data_pull (bpf_skb_pull_data) helps to "Pull in non-linear data in case the skb is non-linear and not all of len are part of the linear section." Fixes cilium#18951 Signed-off-by: Yuan Liu <liuyuan@google.com>
@@ -473,7 +473,7 @@ int tail_handle_ipv6(struct __ctx_buff *ctx) | |||
struct ipv6hdr *ip6; | |||
int ret; | |||
|
|||
if (!revalidate_data(ctx, &data, &data_end, &ip6)) | |||
if (!revalidate_data_pull(ctx, &data, &data_end, &ip6)) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Would bpf_skb_pull_data error out if the skb is linear?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I don't think so. It should be no op if it's linear already. The same revalidate_data_pull is already used in bpf_host and bpf_overlay
/test |
|
/test-1.23-net-next |
/test-runtime |
/ci-nat46x64 |
ci-nat46x64 failed with (#19350), but since other L4LB tests are passing, the change only affects the header extraction, I believe it is safe to merge now. |
@YutaroHayakawa I have removed the backport label for 1.10 because the changes in this PR do not cleanly apply on top on v1.10, as they are dependent (at least) on #17758 which was not backported. If we need these changes in v1.10, then we should backport the dependent PRs first. |
Same for 1.11. |
@liuyuan10 Thanks, can you point out specifically at which lines in the following files should the patch be applied?
This way we can re-label for backport and TopHat can incorporate those in the next round (cc @tklauser). |
v1.11 bpf_lxc.c: line 547 and 477 |
It looks like the backport of this PR to v1.10 is causing BPF regeneration issues on all 4.9 jobs, see #19482 (comment) Unfortunately, the failed jobs don't seem to have agent logs for further analysis. I haven't yet had cycles to reproduce locally, thus I've dropped the backported commit for now. |
Removing 1.10 backport label as backporters are hitting issues while backporting this. |
When the skb is non-linear, revalidate_data drops the packet
immediately. For example, This can happen when pods are using AF_PACKET + mmap ring buffer.
calling revalidate_data_pull (bpf_skb_pull_data) helps to "Pull in non-linear data in case the skb is non-linear and not all of len are part of the linear section."
Fixes #18951
Signed-off-by: Yuan Liu liuyuan@google.com