Skip to content

v1.12 backports 2023-05-25 #25678

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
May 29, 2023
Merged

v1.12 backports 2023-05-25 #25678

merged 1 commit into from
May 29, 2023

Conversation

gentoo-root
Copy link
Contributor

Backport conflicts:

  • Tests dropped, because bpf/tests/tc_egressgw_snat.c doesn't exist in 1.12.

Once this PR is merged, you can update the PR labels via:

$ for pr in 24905; do contrib/backporting/set-labels.py $pr done 1.12; done

@gentoo-root
bpf: Extend the CT expiration timeout for egress gateway packets
4365df6 
[ upstream commit 07d376e ]

When the SNAT entry already exists for a connection that goes through
the egress gateway (i.e. it's not the first packet), ct_lookup4 is
skipped. That means that ct_update_timeout is not called, and the CT
entry will be garbage collected while the connection is still active.

To fix this bug, do the CT lookups for the second and further packets of
connections using egress gateway as well.

Fixes: 4532996 ("bpf: nat: always track egress gateway connections")
Signed-off-by: Maxim Mikityanskiy <maxim@isovalent.com>
@gentoo-root gentoo-root requested a review from a team as a code owner May 25, 2023 14:40
@gentoo-root gentoo-root added kind/backports This PR provides functionality previously merged into master. backport/1.12 labels May 25, 2023
@gentoo-root
Copy link
Contributor Author

/test-backport-1.12

@gentoo-root
Copy link
Contributor Author

/test-1.21-4.9

@maintainer-s-little-helper maintainer-s-little-helper bot added the ready-to-merge This PR has passed all tests and received consensus from code owners to merge. label May 29, 2023
@julianwiedmann julianwiedmann merged commit 9558cac into cilium:v1.12 May 29, 2023
This was referenced Jun 12, 2023
Closed
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@julianwiedmann julianwiedmann julianwiedmann approved these changes

Assignees
No one assigned
Labels
kind/backports This PR provides functionality previously merged into master. ready-to-merge This PR has passed all tests and received consensus from code owners to merge.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@gentoo-root @julianwiedmann