Skip to content

Commit

Permalink
bpf: host: skip from-proxy handling in from-netdev
Browse files Browse the repository at this point in the history 
from-proxy traffic gets redirected to cilium_host. Skip the proxy paths
when handle_ipv*_cont() is included by from-netdev.

Signed-off-by: Julian Wiedmann <jwi@isovalent.com>
  • Loading branch information
@julianwiedmann
julianwiedmann committed Dec 19, 2023
1 parent 0d35af0 commit d4b81c0
Showing 1 changed file with 14 additions and 6 deletions.
20 changes: 14 additions & 6 deletions bpf/bpf_host.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -240,9 +240,13 @@ handle_ipv6_cont(struct __ctx_buff *ctx, __u32 secctx, const bool from_host,
struct endpoint_info *ep;
int ret;
__u8 encrypt_key __maybe_unused = 0;
bool from_ingress_proxy = tc_index_from_ingress_proxy(ctx);
__u32 magic = from_ingress_proxy ? MARK_MAGIC_PROXY_INGRESS :
MARK_MAGIC_IDENTITY;
__u32 magic = MARK_MAGIC_IDENTITY;
bool from_ingress_proxy = false;

if (from_host && tc_index_from_ingress_proxy(ctx)) {
from_ingress_proxy = true;
magic = MARK_MAGIC_PROXY_INGRESS;
}

if (!revalidate_data(ctx, &data, &data_end, &ip6))
return DROP_INVALID;
Expand Down Expand Up @@ -658,9 +662,13 @@ handle_ipv4_cont(struct __ctx_buff *ctx, __u32 secctx, const bool from_host,
struct endpoint_info *ep;
int ret;
__u8 encrypt_key __maybe_unused = 0;
bool from_ingress_proxy = tc_index_from_ingress_proxy(ctx);
__u32 magic = from_ingress_proxy ? MARK_MAGIC_PROXY_INGRESS :
MARK_MAGIC_IDENTITY;
__u32 magic = MARK_MAGIC_IDENTITY;
bool from_ingress_proxy = false;

if (from_host && tc_index_from_ingress_proxy(ctx)) {
from_ingress_proxy = true;
magic = MARK_MAGIC_PROXY_INGRESS;
}

if (!revalidate_data(ctx, &data, &data_end, &ip4))
return DROP_INVALID;
Expand Down

0 comments on commit d4b81c0

Please sign in to comment.