-
Notifications
You must be signed in to change notification settings - Fork 2.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
bpf: add missing drop notifications #25183
Conversation
We're returning a DROP reason, but nothing outside do_netdev() creates the corresponding drop notification from it. Signed-off-by: Julian Wiedmann <jwi@isovalent.com>
do_netdev_encrypt_encap() can return various errors, but its caller doesn't raise the corresponding drop notification. Also clean up the one case in do_netdev_encrypt_encap() where we currently *do* raise a drop notification. Signed-off-by: Julian Wiedmann <jwi@isovalent.com>
__encap_and_redirect_with_nodeid() expects the caller to handle this check. Otherwise we end up encapsulating with an OuterDstIP of 0.0.0.0. I looked at all the other users, looks like this was the only one missing. Signed-off-by: Julian Wiedmann <jwi@isovalent.com>
Align with all the other error paths in tail_handle_arp() and raise a drop notification on error. This function is executed as a tail-call, so there's no surrounding code that would do this for us otherwise. Signed-off-by: Julian Wiedmann <jwi@isovalent.com>
Add an error path for the from-netdev program that handles the missing drop notification. Signed-off-by: Julian Wiedmann <jwi@isovalent.com>
Fix one more missing drop notification in the from-netdev program. Signed-off-by: Julian Wiedmann <jwi@isovalent.com>
/test |
99cf420
to
f39c436
Compare
All direct and indirect callers are now properly handling errors from this path, and raising the drop notification. So remove it from the low-level helper code. Signed-off-by: Julian Wiedmann <jwi@isovalent.com>
f39c436
to
06626ae
Compare
/test |
BPF checkpatch complains about
which was already bad before. And fixing it means triggering checkpatch again, because we're then exceeding max line width 🤷. Think I'm good leaving it as is, we're planning to remove this code during the current release cycle anyway. |
@ldelossa 👋 how can I help with making your review easier? |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
One static checker complaint (#25183 (comment)) that is ok to ignore imo. The So |
End goal was to get rid of the stray drop notification that's currently buried in
__encap_and_redirect_with_nodeid()
. Getting there took quite a few additional drive-by fixes :).The last two patches can be dropped from the backport (
encap_and_redirect_with_nodeid_opt()
didn't exist in v1.13).