Skip to content

bpf: convert IPV4_LOOPBACK to runtime variable, pass IPv4 addresses using union v4addr #38818

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 4 commits into from
May 28, 2025
Merged

bpf: convert IPV4_LOOPBACK to runtime variable, pass IPv4 addresses using union v4addr #38818

merged 4 commits into from
May 28, 2025

Conversation

jrife
Copy link
Contributor

@jrife jrife commented Apr 8, 2025

Since support for NODE_CONFIG was merged, revive the part of my older PR, #38022, that moved IPV4_LOOPBACK out of node_config.h. I wanted to start small for now to make sure I'm on the right track before migrating more config. This is part of #38370.

@maintainer-s-little-helper maintainer-s-little-helper bot added the dont-merge/needs-release-note-label The author needs to describe the release impact of these changes. label Apr 8, 2025
@jrife jrife force-pushed the jrife/clang-free-non-rt-macros branch from 24cbc83 to 7623d30 Compare April 8, 2025 18:04
@jrife jrife marked this pull request as ready for review April 8, 2025 18:36
@jrife jrife requested review from a team as code owners April 8, 2025 18:36
@jrife jrife requested review from thorn3r, ti-mo and aspsk April 8, 2025 18:36
@jrife
Copy link
Contributor Author

jrife commented Apr 8, 2025

cc @ti-mo

@thorn3r thorn3r added the release-note/minor This PR changes functionality that users may find relevant to operating Cilium. label Apr 15, 2025
@maintainer-s-little-helper maintainer-s-little-helper bot removed the dont-merge/needs-release-note-label The author needs to describe the release impact of these changes. label Apr 15, 2025
thorn3r
thorn3r approved these changes Apr 15, 2025
View reviewed changes
Copy link
Contributor

@thorn3r thorn3r left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM for agent changes

@thorn3r
Copy link
Contributor

thorn3r commented Apr 15, 2025

/test

1 similar comment
@jrife
Copy link
Contributor Author

jrife commented Apr 17, 2025

/test

@jrife
Copy link
Contributor Author

jrife commented Apr 21, 2025

/ci-eks

@jrife
Copy link
Contributor Author

jrife commented Apr 21, 2025

/ci-e2e-upgrade

@ti-mo ti-mo mentioned this pull request Apr 24, 2025
Open
36 tasks
ti-mo
ti-mo requested changes Apr 24, 2025
View reviewed changes
Copy link
Contributor

@ti-mo ti-mo left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for pushing this forward! Left a few comments. This is great to get our feet wet so we can figure out some conventions.

@jrife jrife force-pushed the jrife/clang-free-non-rt-macros branch from 7623d30 to b2b54ed Compare May 5, 2025 21:14
@jrife
Copy link
Contributor Author

jrife commented May 6, 2025

@ti-mo I gave this another pass. I had to introduce the ugly union v4addr to get dpgen to map this to a [4]byte in go. We could perhaps take this a bit further and teach dpgen to handle btf.Array directly, but I wasn't sure how far you wanted to take things here.

@ti-mo ti-mo force-pushed the jrife/clang-free-non-rt-macros branch from b2b54ed to 2a89191 Compare May 21, 2025 12:30
@ti-mo ti-mo requested a review from a team as a code owner May 21, 2025 12:30
@ti-mo ti-mo requested a review from derailed May 21, 2025 12:30
@ti-mo ti-mo changed the title bpf, datapath: Migrate IPV4_LOOPBACK into runtime config bpf: declare IPV4_LOOPBACK as service_loopback_ipv4 runtime variable May 21, 2025
@ti-mo ti-mo force-pushed the jrife/clang-free-non-rt-macros branch from 2a89191 to 8dc77a9 Compare May 21, 2025 12:32
@ti-mo
Copy link
Contributor

ti-mo commented May 21, 2025

/test

@ti-mo
Copy link
Contributor

ti-mo commented May 21, 2025

@ti-mo I gave this another pass. I had to introduce the ugly union v4addr to get dpgen to map this to a [4]byte in go.

That's totally fine! Most kernel headers I've seen encode ipv4 addrs as be32 types, so we'll always need a union to bridge them. From the user space perspective, we def want to provide bytes, not u32.

I've added some extra commits to make v4 config plumbing consistent across the datapath, as well as changed the name of the config. I've always found IPV4_LOOPBACK really confusing as it isn't a loopback address in the traditional sense. It's an internal address used for SNAT for hairpin traffic through a Service.

@ti-mo
Copy link
Contributor

ti-mo commented May 21, 2025

/test

@ti-mo ti-mo force-pushed the jrife/clang-free-non-rt-macros branch from 5f2d945 to d9d5033 Compare May 21, 2025 15:33
@ti-mo
Copy link
Contributor

ti-mo commented May 21, 2025

/test

@ti-mo ti-mo changed the title bpf: declare IPV4_LOOPBACK as service_loopback_ipv4 runtime variable bpf: convert IPV4_LOOPBACK to runtime variable, pass IPv4 addresses using union v4addr May 21, 2025
@ti-mo
Copy link
Contributor

ti-mo commented May 22, 2025

The CI failures are real; Pods don't manage to talk to themselves over Services. I either made a silly mistake somewhere, or LocalNodeConfig.ServiceLoopbackIPv4 is always nil nodeConfig(). We always get ServiceLoopbackIPv4:[4]uint8{0x0, 0x0, 0x0, 0x0} when loading Collections. Needs some more investigating.

@julianwiedmann julianwiedmann mentioned this pull request May 26, 2025
Open
ti-mo and others added 4 commits May 27, 2025 13:29
@ti-mo
*: rename LoopbackIPv4 to ServiceLoopbackIPv4
36bb279 
Naming things is hard. LoopbackIPv4 is one of those variables I've always
been confused by. Its use and meaning was documented in some places, but
the name was always somewhat of a misnomer.

It's not an address bound to a loopback interface. It's not a valid
destination address for a packet. It's an internal implementation detail
that sometimes needs to be overridden when it overlaps with an in-use
address range.

This commit replaces all occurrences of LoopbackIPv4 with ServiceLoopbackIPv4
and extends docstrings wherever the existing doc was too terse.

Signed-off-by: Timo Beckers <timo@isovalent.com>
@jrife @ti-mo
bpf: declare IPV4_LOOPBACK as service_loopback_ipv4 runtime variable
3d05712 
Revive my older PR, cilium#38022, since support for NODE_CONFIG was merged and
move IPV4_LOOPBACK out of node_config.h.

Signed-off-by: Jordan Rife <jrife@google.com>
Signed-off-by: Timo Beckers <timo@isovalent.com>
@ti-mo
bpf: remove LXC_IPV4 macro, convert to union v4addr
99168d5 
From the agent's side, we want to avoid endianness conversions since they make
the end result hard to reason about. Convert endpoint_ipv4 to union v4addr to
allow the agent to provide netip.Addr bytes.

Substitute the LXC_IPV4 macro with CONFIG(endpoint_ipv4).

Signed-off-by: Timo Beckers <timo@isovalent.com>
@ti-mo
bpf: remove IPV4_MASQUERADE macro, convert to union v4addr
909e344 
Like the previous commit, this converts nat_ipv4_masquerade to union v4addr
and removes the backwards-compat macro.

Signed-off-by: Timo Beckers <timo@isovalent.com>
@ti-mo ti-mo force-pushed the jrife/clang-free-non-rt-macros branch from d9d5033 to 909e344 Compare May 27, 2025 11:29
@ti-mo
Copy link
Contributor

ti-mo commented May 27, 2025

/test

@ti-mo ti-mo enabled auto-merge May 27, 2025 15:47
@ti-mo ti-mo added this pull request to the merge queue May 28, 2025
@julianwiedmann julianwiedmann added area/loader Impacts the loading of BPF programs into the kernel. area/datapath Impacts bpf/ or low-level forwarding details, including map management and monitor messages. release-note/misc This PR makes changes that have no direct user impact. area/loadbalancing Impacts load-balancing and Kubernetes service implementations and removed release-note/minor This PR changes functionality that users may find relevant to operating Cilium. labels May 28, 2025
@julianwiedmann
Copy link
Member

julianwiedmann commented May 28, 2025
edited
Loading

lgtm, thanks! I downgraded to release-note/misc, hopefully this is not a user-visible change :).

Merged via the queue into cilium:main with commit 966cf90 May 28, 2025
66 of 67 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@derailed derailed derailed approved these changes

@ti-mo ti-mo ti-mo approved these changes

@thorn3r thorn3r thorn3r approved these changes

@julianwiedmann julianwiedmann julianwiedmann approved these changes

@aspsk aspsk Awaiting requested review from aspsk aspsk is a code owner automatically assigned from cilium/sig-datapath

Assignees
No one assigned
Labels
area/datapath Impacts bpf/ or low-level forwarding details, including map management and monitor messages. area/loadbalancing Impacts load-balancing and Kubernetes service implementations area/loader Impacts the loading of BPF programs into the kernel. release-note/misc This PR makes changes that have no direct user impact.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@jrife @thorn3r @ti-mo @julianwiedmann @derailed