Skip to content

cli: encryption: limit tunnel filter to dst port #39222

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Apr 29, 2025
Merged

cli: encryption: limit tunnel filter to dst port #39222

merged 2 commits into from
Apr 29, 2025

Conversation

julianwiedmann
Copy link
Member

Fine-tune the tcpdump filter for Cilium's overlay traffic, so that we only match packets which have the tunnel port as destination port. While at it also apply a small cleanup.

@julianwiedmann
cli: encryption: limit tunnel filter to dst port
80a1e6c 
Only match UDP traffic that's destined for the tunnel port. If the packet
merely *originates* from the tunnel port, then we have no idea what is
inside and therefore shouldn't process the packet any further.

Signed-off-by: Julian Wiedmann <jwi@isovalent.com>
@julianwiedmann
cli: encryption: de-dup check for whether tunneling is enabled
7b11e01 
We've already performed the identical check a bit further up.

Signed-off-by: Julian Wiedmann <jwi@isovalent.com>
@julianwiedmann julianwiedmann added the area/encryption Impacts encryption support such as IPSec, WireGuard, or kTLS. label Apr 29, 2025
@maintainer-s-little-helper maintainer-s-little-helper bot added the dont-merge/needs-release-note-label The author needs to describe the release impact of these changes. label Apr 29, 2025
@github-actions github-actions bot added cilium-cli This PR contains changes related with cilium-cli cilium-cli-exclusive This PR only impacts cilium-cli binary labels Apr 29, 2025
@julianwiedmann julianwiedmann added the release-note/misc This PR makes changes that have no direct user impact. label Apr 29, 2025
@maintainer-s-little-helper maintainer-s-little-helper bot removed the dont-merge/needs-release-note-label The author needs to describe the release impact of these changes. label Apr 29, 2025
@julianwiedmann
Copy link
Member Author

/test

@julianwiedmann julianwiedmann marked this pull request as ready for review April 29, 2025 05:38
@julianwiedmann julianwiedmann requested review from a team as code owners April 29, 2025 05:38
smagnani96
smagnani96 approved these changes Apr 29, 2025
View reviewed changes
Copy link
Contributor

@smagnani96 smagnani96 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, thanks Julian for the port improvement 🙏🏼

@julianwiedmann julianwiedmann added this pull request to the merge queue Apr 29, 2025
@maintainer-s-little-helper maintainer-s-little-helper bot added the ready-to-merge This PR has passed all tests and received consensus from code owners to merge. label Apr 29, 2025
Merged via the queue into main with commit 79ef22f Apr 29, 2025
242 of 245 checks passed
@julianwiedmann julianwiedmann deleted the pr/jwi/main/cli-encryption branch April 29, 2025 21:17
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@christarazi christarazi christarazi approved these changes

@smagnani96 smagnani96 smagnani96 approved these changes

Assignees
No one assigned
Labels
area/encryption Impacts encryption support such as IPSec, WireGuard, or kTLS. cilium-cli This PR contains changes related with cilium-cli cilium-cli-exclusive This PR only impacts cilium-cli binary ready-to-merge This PR has passed all tests and received consensus from code owners to merge. release-note/misc This PR makes changes that have no direct user impact.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@julianwiedmann @christarazi @smagnani96