bpf: remove redundant IPcache lookup in from-host path

[ upstream commit 99786be ] [ backporter's notes: needed to resolve complexity issues in subsequent patches ] We first look up the destination endpoint to check for tunnel redirection, and then look it up a second time to access its sec_label and IPSec key. Make the first look-up unconditional, so that we can remove the second. Signed-off-by: Julian Wiedmann <jwi@isovalent.com>
julianwiedmann · Mar 5, 2024 · 18c6d92 · 18c6d92
1 parent 1a6200e
commit 18c6d92
Showing 1 changed file with 4 additions and 6 deletions.
diff --git a/bpf/bpf_host.c b/bpf/bpf_host.c
@@ -280,9 +280,10 @@ handle_ipv6(struct __ctx_buff *ctx, __u32 secctx, const bool from_host,
 	if (!from_host)
 		return CTX_ACT_OK;
 
-#ifdef TUNNEL_MODE
 	dst = (union v6addr *) &ip6->daddr;
 	info = ipcache_lookup6(&IPCACHE_MAP, dst, V6_CACHE_KEY_LEN);
+
+#ifdef TUNNEL_MODE
 	if (info != NULL && info->tunnel_endpoint != 0) {
 		return encap_and_redirect_with_nodeid(ctx, info->tunnel_endpoint,
 						      secctx, info->sec_label,
@@ -291,7 +292,6 @@ handle_ipv6(struct __ctx_buff *ctx, __u32 secctx, const bool from_host,
 		struct tunnel_key key = {};
 
 		/* IPv6 lookup key: daddr/96 */
-		dst = (union v6addr *) &ip6->daddr;
 		key.ip6.p1 = dst->p1;
 		key.ip6.p2 = dst->p2;
 		key.ip6.p3 = dst->p3;
@@ -304,8 +304,6 @@ handle_ipv6(struct __ctx_buff *ctx, __u32 secctx, const bool from_host,
 	}
 #endif
 
-	dst = (union v6addr *) &ip6->daddr;
-	info = ipcache_lookup6(&IPCACHE_MAP, dst, V6_CACHE_KEY_LEN);
 	if (info == NULL || info->sec_label == WORLD_ID) {
 		/* See IPv4 comment. */
 		return DROP_UNROUTABLE;
@@ -559,8 +557,9 @@ handle_ipv4(struct __ctx_buff *ctx, __u32 secctx,
 skip_vtep:
 #endif
 
-#ifdef TUNNEL_MODE
 	info = ipcache_lookup4(&IPCACHE_MAP, ip4->daddr, V4_CACHE_KEY_LEN);
+
+#ifdef TUNNEL_MODE
 	if (info != NULL && info->tunnel_endpoint != 0) {
 		return encap_and_redirect_with_nodeid(ctx, info->tunnel_endpoint,
 						      secctx, info->sec_label,
@@ -579,7 +578,6 @@ handle_ipv4(struct __ctx_buff *ctx, __u32 secctx,
 	}
 #endif
 
-	info = ipcache_lookup4(&IPCACHE_MAP, ip4->daddr, V4_CACHE_KEY_LEN);
 	if (info == NULL || info->sec_label == WORLD_ID) {
 		/* We have received a packet for which no ipcache entry exists,
 		 * we do not know what to do with this packet, drop it.