Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

bpf: minor improvements to XDP punt with XFER_PKT_NO_SVC #23106

Merged
merged 2 commits into from
Jan 19, 2023
+22 −15
Merged

bpf: minor improvements to XDP punt with XFER_PKT_NO_SVC #23106

Changes from 1 commit
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
488f3c5
bpf: nodeport: simplify XFER_PKT_NO_SVC transfer
julianwiedmann Jan 10, 2023
75c67d5
bpf: nodeport: also set XFER_PKT_NO_SVC for packets with non-SVC prot…
julianwiedmann Jan 14, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
23 changes: 14 additions & 9 deletions bpf/bpf_host.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -210,8 +210,7 @@ handle_ipv6(struct __ctx_buff *ctx, __u32 secctx, const bool from_host,

#ifdef ENABLE_NODEPORT
if (!from_host) {
if (!(ctx_get_xfer(ctx, XFER_FLAGS) & XFER_PKT_NO_SVC) &&
!ctx_skip_nodeport(ctx)) {
if (!ctx_skip_nodeport(ctx)) {
ret = nodeport_lb6(ctx, secctx);
/* nodeport_lb6() returns with TC_ACT_REDIRECT for
* traffic to L7 LB. Policy enforcement needs to take
Expand Down Expand Up @@ -483,8 +482,7 @@ handle_ipv4(struct __ctx_buff *ctx, __u32 secctx,

#ifdef ENABLE_NODEPORT
if (!from_host) {
if (!(ctx_get_xfer(ctx, XFER_FLAGS) & XFER_PKT_NO_SVC) &&
!ctx_skip_nodeport(ctx)) {
if (!ctx_skip_nodeport(ctx)) {
ret = nodeport_lb4(ctx, secctx);
if (ret == NAT_46X64_RECIRC) {
ctx_store_meta(ctx, CB_SRC_LABEL, secctx);
Expand Down Expand Up @@ -847,7 +845,6 @@ do_netdev(struct __ctx_buff *ctx, __u16 proto, const bool from_host)
ctx->ingress_ifindex,
TRACE_REASON_UNKNOWN, TRACE_PAYLOAD_LEN);
} else {
ctx_skip_nodeport_clear(ctx);
send_trace_notify(ctx, TRACE_FROM_NETWORK, 0, 0, 0,
ctx->ingress_ifindex,
TRACE_REASON_UNKNOWN, TRACE_PAYLOAD_LEN);
Expand Down Expand Up @@ -1040,16 +1037,23 @@ handle_srv6(struct __ctx_buff *ctx)
__section("from-netdev")
int cil_from_netdev(struct __ctx_buff *ctx)
{
__u32 __maybe_unused vlan_id;
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nit: I would have done this change in a different commit right?


#ifdef ENABLE_NODEPORT_ACCELERATION
#ifdef HAVE_ENCAP
__u32 flags = ctx_get_xfer(ctx, XFER_FLAGS);
#ifdef HAVE_ENCAP
struct trace_ctx trace = {
.reason = TRACE_REASON_UNKNOWN,
.monitor = TRACE_PAYLOAD_LEN,
};
#endif
#endif

ctx_skip_nodeport_clear(ctx);

#ifdef ENABLE_NODEPORT_ACCELERATION
if (flags & XFER_PKT_NO_SVC)
ctx_skip_nodeport_set(ctx);

#ifdef HAVE_ENCAP
if (flags & XFER_PKT_SNAT_DONE)
ctx_snat_done_set(ctx);

Expand All @@ -1067,7 +1071,8 @@ int cil_from_netdev(struct __ctx_buff *ctx)
/* Filter allowed vlan id's and pass them back to kernel.
*/
if (ctx->vlan_present) {
vlan_id = ctx->vlan_tci & 0xfff;
__u32 vlan_id = ctx->vlan_tci & 0xfff;

if (vlan_id) {
if (allow_vlan(ctx->ifindex, vlan_id))
return CTX_ACT_OK;
Expand Down