New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
bpf: host: restore HostFW for overlay traffic in to-netdev #31818
bpf: host: restore HostFW for overlay traffic in to-netdev #31818
Conversation
Note that I'm not 100% sure whether we want this behaviour - there's an argument to be made that the HostFW should disregard pod-originating traffic, even if the traffic is encapsulated. We have that opportunity now. But if we want to make that change, let's do it intentionally and not just slip it in. |
/test |
Prior to 2860ded ("datapath: mark to-overlay traffic"), overlay traffic would reach the HostFW egress path in to-netdev with MARK_MAGIC_HOST set. Restore this behaviour by also assigning HOST_ID for traffic that has MARK_MAGIC_OVERLAY set. Signed-off-by: Julian Wiedmann <jwi@isovalent.com>
As we now have a mark-derived src_sec_identity available, we might as well share this bit of information with the user. Signed-off-by: Julian Wiedmann <jwi@isovalent.com>
ac99092
to
1ce886d
Compare
/test |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
#31082 missed one detail in how the HostFW was relying on the packet mark. Restore the old behaviour.