Skip to content

bpf: Support IPsec over IPv6 underlay #39620

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
May 21, 2025
Merged

bpf: Support IPsec over IPv6 underlay #39620

merged 2 commits into from
May 21, 2025

Conversation

pchaigno
Copy link
Member

This pull request adds support in our datapath for IPsec over IPv6 underlays. Agent changes and CI coverage will come in a followup pull request.

pchaigno added 2 commits May 19, 2025 15:40
@pchaigno
bpf: Pass whole ipcache value to encrypt function
2e3c7c4 
To support IPv6 underlays in IPsec, we need set_ipsec_encrypt to be able
to take IPv6 tunnel endpoints as an argument. This information is passed
via the ipcache value.

A new helper function, lookup_node, then performs the IPv4 or IPv6
lookup in the node ID map.

Signed-off-by: Paul Chaignon <paul.chaignon@gmail.com>
@pchaigno
bpf/encrypt: Perform IPsec over IPv6
5f71024 
Support encrypted overlay for IPv6 underlays by detecting
to-be-encrypted traffic and marking it for encryption, as is done in the
IPv4 case.

Signed-off-by: Paul Chaignon <paul.chaignon@gmail.com>
@pchaigno pchaigno added area/datapath Impacts bpf/ or low-level forwarding details, including map management and monitor messages. release-note/misc This PR makes changes that have no direct user impact. feature/ipsec Relates to Cilium's IPsec feature labels May 19, 2025
@pchaigno
Copy link
Member Author

/test

@pchaigno pchaigno marked this pull request as ready for review May 19, 2025 15:03
@pchaigno pchaigno requested review from a team as code owners May 19, 2025 15:03
@pchaigno pchaigno requested review from rgo3 and ysksuzuki May 19, 2025 15:03
@pchaigno pchaigno enabled auto-merge May 19, 2025 15:04
ysksuzuki
ysksuzuki reviewed May 20, 2025
View reviewed changes
Copy link
Member

@ysksuzuki ysksuzuki left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Does our current e2e test setup already cover the IPsec over IPv6 underlay scenario?

@pchaigno
Copy link
Member Author

Does our current e2e test setup already cover the IPsec over IPv6 underlay scenario?

No. As said in the PR description, that will come in a follow up PR with the agent changes.

@ysksuzuki
Copy link
Member

Agent changes and CI coverage will come in a followup pull request.

Oh I missed it

ysksuzuki
ysksuzuki approved these changes May 20, 2025
View reviewed changes
Copy link
Member

@ysksuzuki ysksuzuki left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@smagnani96 smagnani96 mentioned this pull request May 20, 2025
Merged
@pchaigno pchaigno added this pull request to the merge queue May 21, 2025
@maintainer-s-little-helper maintainer-s-little-helper bot added the ready-to-merge This PR has passed all tests and received consensus from code owners to merge. label May 21, 2025
Merged via the queue into main with commit cb19800 May 21, 2025
351 of 355 checks passed
@pchaigno pchaigno deleted the pr/pchaigno/bpf-ipsec-ipv6-underlay branch May 21, 2025 09:30
@pchaigno pchaigno mentioned this pull request May 21, 2025
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ysksuzuki ysksuzuki ysksuzuki approved these changes

@rgo3 rgo3 rgo3 approved these changes

Assignees
No one assigned
Labels
area/datapath Impacts bpf/ or low-level forwarding details, including map management and monitor messages. feature/ipsec Relates to Cilium's IPsec feature ready-to-merge This PR has passed all tests and received consensus from code owners to merge. release-note/misc This PR makes changes that have no direct user impact.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@pchaigno @ysksuzuki @rgo3