Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

bpf: WireGuard: detect tunnel traffic in native-routing mode #31586

Merged
merged 1 commit into from
Apr 11, 2024
Merged

bpf: WireGuard: detect tunnel traffic in native-routing mode #31586

merged 1 commit into from
Apr 11, 2024

Conversation

julianwiedmann
Copy link
Member

@julianwiedmann julianwiedmann commented Mar 25, 2024
edited

Some features (EgressGW, DSR-Geneve) produce VXLAN / GENEVE traffic even when the cluster is in native-routing mode. Enable wg_maybe_redirect_to_encrypt() to detect such traffic.

@julianwiedmann julianwiedmann added sig/datapath Impacts bpf/ or low-level forwarding details, including map management and monitor messages. feature/wireguard Relates to Cilium's Wireguard feature labels Mar 25, 2024
@maintainer-s-little-helper maintainer-s-little-helper bot added dont-merge/needs-release-note-label The author needs to describe the release impact of these changes. labels Mar 25, 2024
@julianwiedmann julianwiedmann mentioned this pull request Mar 25, 2024
Merged
@julianwiedmann
Copy link
Member Author

/test

@julianwiedmann
bpf: wireguard: detect tunnel traffic in native-routing mode
f3109fd 
Some features (EgressGW, DSR-Geneve) produce VXLAN / GENEVE traffic even
when the cluster is in native-routing mode. Enable
wg_maybe_redirect_to_encrypt() to detect such traffic.

Signed-off-by: Julian Wiedmann <jwi@isovalent.com>
@julianwiedmann julianwiedmann added release-note/minor This PR changes functionality that users may find relevant to operating Cilium. and removed dont-merge/needs-release-note-label The author needs to describe the release impact of these changes. labels Apr 10, 2024
@julianwiedmann
Copy link
Member Author

/test

@julianwiedmann julianwiedmann marked this pull request as ready for review April 10, 2024 12:46
@julianwiedmann julianwiedmann requested review from a team as code owners April 10, 2024 12:46
@julianwiedmann julianwiedmann requested a review from brb April 10, 2024 12:46
@maintainer-s-little-helper maintainer-s-little-helper bot added the ready-to-merge This PR has passed all tests and received consensus from code owners to merge. label Apr 11, 2024
@julianwiedmann julianwiedmann added this pull request to the merge queue Apr 11, 2024
Merged via the queue into cilium:main with commit d2f7515 Apr 11, 2024
61 checks passed
@julianwiedmann julianwiedmann deleted the 1.16-bpf-wireguard-tunnel branch April 11, 2024 16:03
@joestringer joestringer changed the title bpf: wireguard: detect tunnel traffic in native-routing mode bpf: WireGuard: detect tunnel traffic in native-routing mode May 2, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@brb brb brb approved these changes

Assignees
No one assigned
Labels
feature/wireguard Relates to Cilium's Wireguard feature ready-to-merge This PR has passed all tests and received consensus from code owners to merge. release-note/minor This PR changes functionality that users may find relevant to operating Cilium. sig/datapath Impacts bpf/ or low-level forwarding details, including map management and monitor messages.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@julianwiedmann @brb