New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
ICMP errors generated by tracked flows treated as related traffic #2247
Commits on Apr 15, 2020
-
Configuration menu - View commit details
-
Copy full SHA for b63ddac - Browse repository at this point
Copy the full SHA b63ddacView commit details -
Configuration menu - View commit details
-
Copy full SHA for ee18268 - Browse repository at this point
Copy the full SHA ee18268View commit details -
bpf: icmp_skb_get_hdr() returns the icmp header
Can be reused in other locations.
Configuration menu - View commit details
-
Copy full SHA for a684d88 - Browse repository at this point
Copy the full SHA a684d88View commit details -
Configuration menu - View commit details
-
Copy full SHA for 1c8652b - Browse repository at this point
Copy the full SHA 1c8652bView commit details -
bpf: ut for NAT related from the host
This is a prerequisite for letting host to handle TTL exceeded.
Configuration menu - View commit details
-
Copy full SHA for c49f205 - Browse repository at this point
Copy the full SHA c49f205View commit details -
fv: allow creating inactive workloads
Sets up endpoints, routes etc, but does not run
Configuration menu - View commit details
-
Copy full SHA for 290081d - Browse repository at this point
Copy the full SHA 290081dView commit details -
fv: allow to start inactive workload
to complement the fact that we can create an inactive workload
Configuration menu - View commit details
-
Copy full SHA for 57cf27a - Browse repository at this point
Copy the full SHA 57cf27aView commit details -
Configuration menu - View commit details
-
Copy full SHA for 910c0f6 - Browse repository at this point
Copy the full SHA 910c0f6View commit details -
bpf/fv: fix the IP size in makeICMPError() and test ports
Check that the ports are fixed up after NATing the ICMP related back
Configuration menu - View commit details
-
Copy full SHA for 7fc04a8 - Browse repository at this point
Copy the full SHA 7fc04a8View commit details -
Configuration menu - View commit details
-
Copy full SHA for b483d5e - Browse repository at this point
Copy the full SHA b483d5eView commit details -
bpf: tunneling from host and csum of icmp related
Needs to update csum in the inner IP header instead of the outer. When icmp generated by the next hop node, it needs to be placed in the tunnel.
Configuration menu - View commit details
-
Copy full SHA for cbf1998 - Browse repository at this point
Copy the full SHA cbf1998View commit details
Commits on Apr 16, 2020
-
fv: tcpdump fails test if it never listened
This is triggered by missing tcpdump or bad filter
Configuration menu - View commit details
-
Copy full SHA for 8739e6f - Browse repository at this point
Copy the full SHA 8739e6fView commit details -
fv: tcpdump for containers without tcpdump installed
only felix-test image has tcpdump installed, extrnal client has not
Configuration menu - View commit details
-
Copy full SHA for 43c8738 - Browse repository at this point
Copy the full SHA 43c8738View commit details -
bpf: nodeports and icmp related
if SNAT, we also need to fix up the source in the outer IP FV tests when ICMP is returned from host and from the backing workload
Configuration menu - View commit details
-
Copy full SHA for 5dc2d48 - Browse repository at this point
Copy the full SHA 5dc2d48View commit details -
Configuration menu - View commit details
-
Copy full SHA for 65314c5 - Browse repository at this point
Copy the full SHA 65314c5View commit details -
bpf: SNAT of outer IP only if returning to outer client
When we generate an ICMP in a workload or at a host in response to traffic that originated through a NP tunnel ammend the outer source IP as if the reponse was from the original node as all the rest is internal to the cluster.
Configuration menu - View commit details
-
Copy full SHA for e4759c1 - Browse repository at this point
Copy the full SHA e4759c1View commit details -
Configuration menu - View commit details
-
Copy full SHA for 14b7721 - Browse repository at this point
Copy the full SHA 14b7721View commit details -
Configuration menu - View commit details
-
Copy full SHA for 5c6a24e - Browse repository at this point
Copy the full SHA 5c6a24eView commit details
Commits on Apr 17, 2020
-
Configuration menu - View commit details
-
Copy full SHA for 7cbe463 - Browse repository at this point
Copy the full SHA 7cbe463View commit details -
bpf: icmp related retunign from tunnel is fwd approved
We need to treat related ICMP from tunnel the same way as we do the original traffic, otherwise it would go through the conntrack on the way out and would create ICMP tracking record.
Configuration menu - View commit details
-
Copy full SHA for aa28d96 - Browse repository at this point
Copy the full SHA aa28d96View commit details
Commits on Apr 20, 2020
-
Configuration menu - View commit details
-
Copy full SHA for 0364cf6 - Browse repository at this point
Copy the full SHA 0364cf6View commit details