Revision 3a93b00269b1fb762b2c9f98ab67a6ed3a333dda authored by Gray Liang on 23 October 2023, 03:13:25 UTC, committed by Julian Wiedmann on 01 December 2023, 16:20:14 UTC
Previously we set skb->mark in from_host@cilium_host, expect the mark to remain unchanged after kernel transmits skb from cilium_host to cilium_net. The skb->mark is for instance used to transport IPsec-related information. However, as of 2023-10-19, kernel 5.10 still misses the backport patch[1] to fix a bug in skb_scrub_packet() which clears skb->mark for veth_xmit even if the veth pair is under the same netns: https://elixir.bootlin.com/linux/v5.10.198/source/include/linux/netdevice.h#L3975 To avoid hitting this issue, this patch sets metadata in skb->cb to survive skb_scrub_packet(), then to_host@cilium_net can retrieve this info and set proper mark. Only from_host bpf is setting cb, while from_lxc bpf is still using mark. [1]: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ff70202b2d1a ("dev_forward_skb: do not scrub skb mark within the same name space") Signed-off-by: Zhichuan Liang <gray.liang@isovalent.com>
1 parent e78ff16
.authors.aux
The following additional people are mentioned in commit logs as having provided
helpful bug reports, suggestions or have otherwise provided value to the
project:
Brenden Blanco bblanco@plumgrid.com
Jakub Kicinski jakub.kicinski@netronome.com
Salvatore Orlando salv.orlando@gmail.com
Tomás Senart tsenart@gmail.com
Computing file changes ...