TPROXY support with eBPF

* [x] Linux kernel support to work around `skb_orphan()`
  * [x] Add tests
  * [x] Validate against Cilium
  * [x] Submit upstream
    * v1: [lore](https://lore.kernel.org/netdev/20200312233648.1767-1-joe@wand.net.nz/T/#m4028efa9381856049ae5633986ec562d6b94a146), [git tree](https://github.com/joestringer/linux/tree/submit/bpf-sk-assign-v1)
    * v2: [lore](https://lore.kernel.org/netdev/20200325055745.10710-1-joe@wand.net.nz/T/#mabfde72eb02651519182a3cc504eb2a134af3637), [git tree](https://github.com/joestringer/linux/tree/submit/bpf-sk-assign-v2)
    * v3: [lore](https://lore.kernel.org/bpf/20200327042556.11560-1-joe@wand.net.nz/T/#m3856e61e78121697bd756c011a6cc29345c3ae4f), [git tree](https://github.com/joestringer/linux/tree/submit/bpf-sk-assign-v3)
    * v4: [lore](https://lore.kernel.org/netdev/20200328185509.20892-1-joe@wand.net.nz/), [git tree](https://github.com/joestringer/linux/tree/submit/bpf-sk-assign-v4)
    * v5: [lore](https://lore.kernel.org/netdev/20200329225342.16317-1-joe@wand.net.nz/), [git tree](https://github.com/joestringer/linux/tree/submit/bpf-sk-assign-v5)
  * [x] Work through upstream feedback
    * Will be part of Linux 5.7 release
* [x] Linux support for UDP listen socket lookup
  * [x] Add tests
  * [x] Validate against Cilium
  * [x] Submit upstream (part of complete set above)
* [x] Debug pod->proxy->proxy->pod connectivity issue
  * RCA'd: Socket assign fails for traffic from the host (including egress proxy) towards ingress proxy due to restriction on sk_assign that it must execute on TC ingress.
* [x] Cilium feature detection
* [x] Cilium datapath support
* [x] Extend connectivity test to validate proxy paths
* [ ] Integrate connectivity tests into regular CI runs
* [x] Fix endpoint routes mode
* [ ] Replace `xt_socket` rule with eBPF implementation
* [ ] Validate with host firewall enabled (+policy)
* [x] Support `SO_REUSEPORT` sockets
   * Additional kernel work required
   * v1: [lore](https://lore.kernel.org/bpf/20230525081923.8596-1-lmb@isovalent.com/)
   * v2: [lore](https://lore.kernel.org/bpf/20230613-so-reuseport-v2-0-b7c69a342613@isovalent.com/)
   * Merged: [lore](https://lore.kernel.org/bpf/169032002180.5361.5393311754104928741.git-patchwork-notify@kernel.org/), [bpf-next git](https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf-next.git/commit/?id=36397a189513c8bf9736d07360238a09a4694b90)
   * [ ] Add userspace feature detection for `SO_REUSEPORT` bpf socket lookup to enable the feature

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

TPROXY support with eBPF #9921

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

TPROXY support with eBPF #9921

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions