Skip to content

bpf: nat: support egressing ICMPV6_PKT_TOOBIG / ICMPV6_TIME_EXCEED #39505

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
May 19, 2025
Merged

bpf: nat: support egressing ICMPV6_PKT_TOOBIG / ICMPV6_TIME_EXCEED #39505

merged 1 commit into from
May 19, 2025

Conversation

julianwiedmann
Copy link
Member

SNAT is applied similar to other types of ICMP error messages: We identify the inner packet, match it against an SNAT session, and use the NAT entry to rewrite both the outer and inner headers.

@julianwiedmann julianwiedmann added area/datapath Impacts bpf/ or low-level forwarding details, including map management and monitor messages. release-note/misc This PR makes changes that have no direct user impact. feature/snat Relates to SNAT or Masquerading of traffic labels May 13, 2025
@julianwiedmann
Copy link
Member Author

/test

@julianwiedmann julianwiedmann marked this pull request as ready for review May 14, 2025 05:25
@julianwiedmann julianwiedmann requested a review from a team as a code owner May 14, 2025 05:25
@julianwiedmann julianwiedmann requested a review from ldelossa May 14, 2025 05:25
@julianwiedmann julianwiedmann enabled auto-merge May 14, 2025 06:28
@julianwiedmann
bpf: nat: support egressing ICMPV6_PKT_TOOBIG / ICMPV6_TIME_EXCEED
2dc8782 
SNAT is applied similar to other types of ICMP error messages:
We identify the inner packet, match it against an SNAT session, and use
the NAT entry to rewrite both the outer and inner headers.

Signed-off-by: Julian Wiedmann <jwi@isovalent.com>
@julianwiedmann
Copy link
Member Author

/test

@julianwiedmann julianwiedmann added this pull request to the merge queue May 19, 2025
@maintainer-s-little-helper maintainer-s-little-helper bot added the ready-to-merge This PR has passed all tests and received consensus from code owners to merge. label May 19, 2025
Merged via the queue into cilium:main with commit 2546b81 May 19, 2025
66 checks passed
@julianwiedmann julianwiedmann deleted the 1.18-bpf-icmpv6-ttl branch May 19, 2025 14:27
@julianwiedmann julianwiedmann added backport/author The backport will be carried out by the author of the PR. needs-backport/1.17 This PR / issue needs backporting to the v1.17 branch labels May 22, 2025
@julianwiedmann julianwiedmann mentioned this pull request May 22, 2025
Open
2 tasks
@julianwiedmann julianwiedmann mentioned this pull request May 29, 2025
Closed
4 tasks
@julianwiedmann julianwiedmann added backport-pending/1.17 The backport for Cilium 1.17.x for this PR is in progress. and removed needs-backport/1.17 This PR / issue needs backporting to the v1.17 branch labels May 29, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ldelossa ldelossa ldelossa approved these changes

Assignees
No one assigned
Labels
area/datapath Impacts bpf/ or low-level forwarding details, including map management and monitor messages. backport/author The backport will be carried out by the author of the PR. backport-pending/1.17 The backport for Cilium 1.17.x for this PR is in progress. feature/snat Relates to SNAT or Masquerading of traffic ready-to-merge This PR has passed all tests and received consensus from code owners to merge. release-note/misc This PR makes changes that have no direct user impact.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@julianwiedmann @ldelossa