8000 bpf: nodeport: fix-up error check in rev_nodeport_lb*() for XDP by julianwiedmann · Pull Request #23119 · cilium/cilium · GitHub
[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to content

bpf: nodeport: fix-up error check in rev_nodeport_lb*() for XDP #23119

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Jan 17, 2023
Merged

bpf: nodeport: fix-up error check in rev_nodeport_lb*() for XDP #23119

merged 1 commit into from
Jan 17, 2023

Conversation

julianwiedmann
Copy link
Member

lb4_extract_tuple() calls ipv4_ct_extract_l4_ports(), which returns CTX_ACT_OK on success. This is 0 in TC, but 2 in XDP. This caused us to erronously bail out from the RevDNAT check in the XDP NAT reply path.

Fix up the error check accordingly. Also adjust lb6_extract_tuple() for consistency.

Fixes: fd52b2f ("bpf: nodeport: skip CT lookup for non-NodePort replies in RevDNAT path")

@julianwiedmann
bpf: nodeport: fix-up error check in rev_nodeport_lb*() for XDP
f7a3873 
lb4_extract_tuple() calls ipv4_ct_extract_l4_ports(), which returns
CTX_ACT_OK on success. This is 0 in TC, but 2 in XDP. This caused us to
erronously bail out from the RevDNAT check in the XDP NAT reply path.

Fix up the error check accordingly. Also adjust lb6_extract_tuple() for
consistency.

Fixes: fd52b2f ("bpf: nodeport: skip CT lookup for non-NodePort replies in RevDNAT path")
Signed-off-by: Julian Wiedmann <jwi@isovalent.com>
@julianwiedmann julianwiedmann added kind/bug This is a bug in the Cilium logic. area/datapath Impacts bpf/ or low-level forwarding details, including map management and monitor messages. release-note/misc This PR makes changes that have no direct user impact. release-blocker/1.13 labels Jan 16, 2023
@julianwiedmann
Copy link
Member Author

Brown-bag time :/. Unit tests will land via #22756...

@julianwiedmann
Copy link
Member Author

/test

@julianwiedmann julianwiedmann marked this pull request as ready for review January 16, 2023 15:39
@julianwiedmann julianwiedmann requested a review from a team as a code owner January 16, 2023 15:39
@julianwiedmann julianwiedmann requested a review from aspsk January 16, 2023 15:39
@julianwiedmann julianwiedmann mentioned this pull request Jan 16, 2023
Merged
@joestringer joestringer self-assigned this Jan 16, 2023
@joestringer
Copy link
Member

Overall this LGTM. I'll give it another day for a chance for additional reviews, then tomorrow either I can merge it or tophat can. I've assigned myself so I know who to follow up with 😅

aspsk
aspsk approved these changes Jan 17, 2023
View reviewed changes
Copy link
Contributor
@aspsk aspsk left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👍

@maintainer-s-little-helper maintainer-s-little-helper bot added the ready-to-merge This PR has passed all tests and received consensus from code owners to merge. label Jan 17, 2023
sahid
sahid approved these changes Jan 17, 2023
View reviewed changes
bpf/lib/nodeport.h
@@ -1001,7 +1001,7 @@ static __always_inline int rev_nodeport_lb6(struct __ctx_buff *ctx, __u32 *ifind
#endif

ret = lb6_extract_tuple(ctx, ip6, &l4_off, &tuple);
if (ret) {
if (ret < 0) {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
if (ret < 0) {
if (IS_ERR(ret)) {

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I agree we should be using this style in general, but there are several other places in this file that are not yet using this. @julianwiedmann , would you mind following up on this separately to update these and other remaining if (ret < 0) cases in this file?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@joestringer yeah I plan to spend a few cycles on the wider error handling scheme.

Think with a bit of effort we should be able to banish CTX_ACT_DROP from all/most our own code (just return a proper negative DROP_* everywhere), and translate all helper calls (eg. for ctx_redirect(), don't we want some DROP_MISSED_BPF_REDIRECT visibility anyway?). At which point IS_ERR() might just turn into a simple ret < 0 check.

bpf/lib/nodeport.h
@@ -2006,7 +2006,7 @@ static __always_inline int rev_nodeport_lb4(struct __ctx_buff *ctx, __u32 *ifind
#endif /* ENABLE_EGRESS_GATEWAY */

ret = lb4_extract_tuple(ctx, ip4, &l4_off, &tuple);
if (ret) {
if (ret < 0) {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
if (ret < 0) {
if (IS_ERR(ret)) {

@joestringer joestringer merged commit d01d4b5 into cilium:master Jan 17, 2023
@aanm aanm mentioned this pull request Jan 18, 2023
Merged
30 tasks
@julianwiedmann julianwiedmann deleted the nodeport-revnat-fixup branch January 18, 2023 06:23
@julianwiedmann julianwiedmann added the backport/author The backport will be carried out by the author of the PR. label Jan 18, 2023
@ldelossa ldelossa added backport-done/1.13 The backport for Cilium 1.13.x for this PR is done. and removed backport-pending/1.13 labels Jan 18, 2023
@joestringer joestringer mentioned this pull request Jan 24, 2023
Merged
@tklauser tklauser added the affects/v1.12 This issue affects v1.12 branch label May 22, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@joestringer joestringer joestringer approved these changes

@sahid sahid sahid approved these changes

@aspsk aspsk aspsk approved these changes

Assignees

@joestringer joestringer

Labels
affects/v1.12 This issue affects v1.12 branch area/datapath Impacts bpf/ or low-level forwarding details, including map management and monitor messages. backport/author The backport will be carried out by the author of the PR. backport-done/1.13 The backport for Cilium 1.13.x for this PR is done. kind/bug This is a bug in the Cilium logic. ready-to-merge This PR has passed all tests and received consensus from code owners to merge. release-note/misc This PR makes changes that have no direct user impact.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
7 participants
@julianwiedmann @joestringer @sahid @aspsk @tklauser @ldelossa @aanm
0