Skip to content

bpf: minor svc wildcard followups/fixes #41470

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 4 commits into from
Sep 2, 2025
Merged

bpf: minor svc wildcard followups/fixes #41470

merged 4 commits into from
Sep 2, 2025

Conversation

borkmann
Copy link
Member

@borkmann borkmann commented Sep 2, 2025

(see commit)

Fixes: #40684

@borkmann
bpf: Rename scope_switch into east_west
b48e7da 
Rename into east_west to have a more appropriate name for the bool
given we also only set this to true from socket LB.

Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
@borkmann
bpf: Refactor the wildcard handling a bit
978b462 
Small refactor and cleanup into helper functions. Also when we test
whether the key is a wildcard key, really test for port and proto to
make sure we otherwise never can hit this.

Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
@borkmann
bpf: Fix wildcard lookup for E/W case
5e4273c 
For the case of E/W, do not perform a wildcarded/fallback lookup. This
seems to break a couple of cases:

- socket LB's bind detection could break if an application binds
  to the same VIP, and we return with a svc in __sock{4,6}_post_bind().

- In the sendto/connect case when a service lookup fails, we perform
  sock{4,6}_wildcard_lookup() with a 0.0.0.0 wildcard address as VIP
  (not the same "wildcard" concept as the former). This fallback lookup
  is mainly for NodePort to access a service under loopback or any
  local address. We don't know a-priori whether we are going to need
  this lookup. It could happen that we never end up doing the 0.0.0.0
  lookup if we return a service via lb{4,6}_key_is_wildcard().

Given this incompatibility, disable it when east_west is true and just
return NULL as we did before.

Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
@borkmann borkmann added area/datapath Impacts bpf/ or low-level forwarding details, including map management and monitor messages. release-note/misc This PR makes changes that have no direct user impact. labels Sep 2, 2025
@borkmann borkmann changed the title bpf: wildcard followups bpf: svc wildcard followups Sep 2, 2025
@borkmann borkmann changed the title bpf: svc wildcard followups bpf: minor svc wildcard followups/fixes Sep 2, 2025
@borkmann
bpf: Adjust unit tests for lb4_proto_mismatch_wild_{single,dual}_scope
24dc5c9 
Adjust and extend the test cases to address the new behavior.

Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
@borkmann borkmann force-pushed the pr/svc-wcard-followup branch from 562fd07 to 24dc5c9 Compare September 2, 2025 12:59
@borkmann
Copy link
Member Author

borkmann commented Sep 2, 2025

/test

@borkmann borkmann marked this pull request as ready for review September 2, 2025 13:13
@borkmann borkmann requested a review from a team as a code owner September 2, 2025 13:13
@borkmann borkmann requested a review from ysksuzuki September 2, 2025 13:13
@borkmann borkmann merged commit 89b2df0 into main Sep 2, 2025
370 of 372 checks passed
@borkmann borkmann deleted the pr/svc-wcard-followup branch September 2, 2025 14:46
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@aspsk aspsk aspsk approved these changes

@mhofstetter mhofstetter mhofstetter approved these changes

@ysksuzuki ysksuzuki Awaiting requested review from ysksuzuki ysksuzuki is a code owner automatically assigned from cilium/sig-datapath

+1 more reviewer

@ajmmm ajmmm ajmmm approved these changes

Reviewers whose approvals may not affect merge requirements
Assignees
No one assigned
Labels
area/datapath Impacts bpf/ or low-level forwarding details, including map management and monitor messages. release-note/misc This PR makes changes that have no direct user impact.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@borkmann @aspsk @mhofstetter @ajmmm