New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Revert "daemon: Forbid IPv6 BPF masquerading with the host firewall" #31511
Conversation
/test |
From what I remember in #23165, we were concerned about HostFW and IPv6 BPF Masq interacting. But turns out the problematic interaction was for HostFW and iptables Masquerading (ie. when BPF Masq is disabled). This is what #28813 fixed. So afaik there were no actual problems for HostFW and IPv6 BPF Masq, and 👍 on allowing this combo. We could even backport, but at this point I don't see the need. |
This reverts commit 934e1f2.
Since commit 9c1031e ("bpf: fix missing ipv6 ct entry for snated traffic"), IPv6 BPF masquerading and the host firewall are compatible in the datapath. Let's allow them to be used together, and use the combination in tests.
CC: @oblazek
Supersedes: #26323