Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

WG: Improve L7 checks #31299

Merged
merged 1 commit into from Mar 12, 2024
Merged

WG: Improve L7 checks #31299

merged 1 commit into from Mar 12, 2024

Conversation

brb
Copy link
Member

@brb brb commented Mar 11, 2024
edited

See commit msgs.

ci-e2e with the advanced test case (to be upstreamed) has passed - https://github.com/cilium/cilium/actions/runs/8246356069.

@maintainer-s-little-helper maintainer-s-little-helper bot added the dont-merge/needs-release-note-label The author needs to describe the release impact of these changes. label Mar 11, 2024
@brb
Copy link
Member Author

brb commented Mar 11, 2024

/test

@brb
Copy link
Member Author

brb commented Mar 11, 2024

/test

1 similar comment
@brb
Copy link
Member Author

brb commented Mar 11, 2024

/test

@brb
Copy link
Member Author

brb commented Mar 11, 2024

/test

@brb
Copy link
Member Author

brb commented Mar 11, 2024

/ci-e2e

@brb
Copy link
Member Author

brb commented Mar 11, 2024

/test

1 similar comment
@brb
Copy link
Member Author

brb commented Mar 12, 2024

/test

@brb brb changed the title WIP: CI WG: Improve L7 checks Mar 12, 2024
jschwinger233
jschwinger233 approved these changes Mar 12, 2024
View reviewed changes
Copy link
Member

@jschwinger233 jschwinger233 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, let's see what CI would say.

@brb
Copy link
Member Author

brb commented Mar 12, 2024

/test

giorio94
giorio94 reviewed Mar 12, 2024
View reviewed changes
bpf/lib/wireguard.h Outdated Show resolved Hide resolved
bpf/lib/wireguard.h Show resolved Hide resolved
@brb
wireguard: Improve L7 proxy traffic detection
3fa75ab 
Use marks set by the proxy instead of assuming that each pkt from
HOST_ID w/o MARK_MAGIC_HOST belongs to the proxy.

In addition, in the tunneling mode the mark might get reset before
entering wg_maybe_redirect_to_encrypt(), as the proxy packets are
instead routed to from_host@cilium_host. The latter calls
inherit_identity_from_host() which resets the mark. In this case, rely
on the TC index.

Suggested-by: Gray Lian <gray.liang@isovalent.com>
Signed-off-by: Martynas Pumputis <m@lambda.lt>
@brb brb requested a review from giorio94 March 12, 2024 09:19
@brb
Copy link
Member Author

brb commented Mar 12, 2024

/test

@brb
Copy link
Member Author

brb commented Mar 12, 2024

/test

@brb brb added release-note/minor This PR changes functionality that users may find relevant to operating Cilium. backport/author The backport will be carried out by the author of the PR. needs-backport/1.14 This PR / issue needs backporting to the v1.14 branch needs-backport/1.15 This PR / issue needs backporting to the v1.15 branch labels Mar 12, 2024
@maintainer-s-little-helper maintainer-s-little-helper bot added this to Needs backport from main in 1.14.8 Mar 12, 2024
@maintainer-s-little-helper maintainer-s-little-helper bot added this to Needs backport from main in 1.15.2 Mar 12, 2024
@brb brb added area/encryption Impacts encryption support such as IPSec, WireGuard, or kTLS. dont-merge/needs-release-note-label The author needs to describe the release impact of these changes. labels Mar 12, 2024
@maintainer-s-little-helper maintainer-s-little-helper bot removed the dont-merge/needs-release-note-label The author needs to describe the release impact of these changes. label Mar 12, 2024
@brb brb added the release-note/misc This PR makes changes that have no direct user impact. label Mar 12, 2024
@brb brb marked this pull request as ready for review March 12, 2024 09:56
@brb brb requested review from a team as code owners March 12, 2024 09:56
@brb brb requested review from gandro and gentoo-root March 12, 2024 09:56
@brb
Copy link
Member Author

brb commented Mar 12, 2024

/test

@jrajahalme jrajahalme added release-blocker/1.14 This issue will prevent the release of the next version of Cilium. release-blocker/1.15 This issue will prevent the release of the next version of Cilium. labels Mar 12, 2024
gentoo-root
gentoo-root approved these changes Mar 12, 2024
View reviewed changes
bpf/lib/wireguard.h Show resolved Hide resolved
@brb brb added this pull request to the merge queue Mar 12, 2024
Merged via the queue into main with commit 96e01ad Mar 12, 2024
261 of 313 checks passed
@brb brb deleted the pr/brb/improve-wg-check branch March 12, 2024 11:48
@maintainer-s-little-helper maintainer-s-little-helper bot added the ready-to-merge This PR has passed all tests and received consensus from code owners to merge. label Mar 12, 2024
@jrajahalme
Copy link
Member

Since #31267 and #31266 have merged, will label the backports done here.

@jrajahalme jrajahalme added backport-done/1.14 The backport for Cilium 1.14.x for this PR is done. backport-done/1.15 The backport for Cilium 1.15.x for this PR is done. and removed needs-backport/1.14 This PR / issue needs backporting to the v1.14 branch needs-backport/1.15 This PR / issue needs backporting to the v1.15 branch labels Mar 13, 2024
@maintainer-s-little-helper maintainer-s-little-helper bot moved this from Needs backport from main to Backport done to v1.15 in 1.15.2 Mar 13, 2024
@maintainer-s-little-helper maintainer-s-little-helper bot moved this from Needs backport from main to Backport done to v1.15 in 1.15.2 Mar 13, 2024
@maintainer-s-little-helper maintainer-s-little-helper bot moved this from Needs backport from main to Backport done to v1.14 in 1.14.8 Mar 13, 2024
@maintainer-s-little-helper maintainer-s-little-helper bot moved this from Needs backport from main to Backport done to v1.14 in 1.14.8 Mar 13, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jschwinger233 jschwinger233 jschwinger233 approved these changes

@gandro gandro gandro approved these changes

@gentoo-root gentoo-root gentoo-root approved these changes

@giorio94 giorio94 giorio94 approved these changes

Assignees
No one assigned
Labels
area/encryption Impacts encryption support such as IPSec, WireGuard, or kTLS. backport/author The backport will be carried out by the author of the PR. backport-done/1.14 The backport for Cilium 1.14.x for this PR is done. backport-done/1.15 The backport for Cilium 1.15.x for this PR is done. ready-to-merge This PR has passed all tests and received consensus from code owners to merge. release-blocker/1.14 This issue will prevent the release of the next version of Cilium. release-blocker/1.15 This issue will prevent the release of the next version of Cilium. release-note/minor This PR changes functionality that users may find relevant to operating Cilium. release-note/misc This PR makes changes that have no direct user impact.
Projects
No open projects
1.14.8
Backport done to v1.14
1.15.2
Backport done to v1.15
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
6 participants
@brb @jrajahalme @gandro @gentoo-root @jschwinger233 @giorio94