Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Issue #22527 - bpf_lxc.c: do drop notifications at drop source #25426

Merged
merged 1 commit into from
May 17, 2023
Merged

Issue #22527 - bpf_lxc.c: do drop notifications at drop source #25426

merged 1 commit into from
May 17, 2023

Conversation

bleggett
Copy link
Contributor

@bleggett bleggett commented May 12, 2023
edited

Fixes: #22527

#22527 points out that there may be some corner cases where packet drops are not properly logged.

This is largely possible because a macro-defined func is reused in several places, and send_drop_notify is assumed to be deferred up the chain - but not all parents would actually invoke it, and by definition it seems clearer/less error prone to always explicitly issue drop notification at the source, where the drop is decided.

This is a smidge more verbose, but it avoids the problem of bad assumptions or hard-to-catch mistakes causing missing drop notifications.

Additionally - I might be missing something - but I couldn't see that the macro expansions of tail_ipv4_ct_ingress/tail_ipv6_ct_ingress actually ever get invoked? Am I missing something there? was missing something

(I couldn't find any formal C style guidelines declared for this repo, so if I'm violating some understood assumption or doing something very dumb, please comment)

Fix missing drop notifications on conntrack lookup failures when IPv4 and IPv6 are both enabled or socket-level load balancing is disabled.

@bleggett bleggett requested a review from a team as a code owner May 12, 2023 16:49
@maintainer-s-little-helper maintainer-s-little-helper bot added the dont-merge/needs-release-note-label The author needs to describe the release impact of these changes. label May 12, 2023
@github-actions github-actions bot added the kind/community-contribution This was a contribution made by a community member. label May 12, 2023
@bleggett bleggett force-pushed the bleggett/22527-notify-drop-src branch from d67df8a to 9803ee0 Compare May 12, 2023 16:51
@bleggett bleggett changed the title Issue #22527 - do drop notifications at drop source WIP: Issue #22527 - do drop notifications at drop source May 12, 2023
@bleggett bleggett force-pushed the bleggett/22527-notify-drop-src branch 2 times, most recently from ced942a to 9cf0d0d Compare May 12, 2023 20:02
@bleggett bleggett changed the title WIP: Issue #22527 - do drop notifications at drop source WIP: Issue #22527 - bpf_lxc.c: do drop notifications at drop source May 12, 2023
@bleggett bleggett force-pushed the bleggett/22527-notify-drop-src branch 2 times, most recently from f6bc34a to fedc8fe Compare May 12, 2023 21:14
@bleggett bleggett changed the title WIP: Issue #22527 - bpf_lxc.c: do drop notifications at drop source Issue #22527 - bpf_lxc.c: do drop notifications at drop source May 12, 2023
@bleggett bleggett force-pushed the bleggett/22527-notify-drop-src branch from fedc8fe to a5c311c Compare May 12, 2023 21:18
@pchaigno pchaigno added sig/datapath Impacts bpf/ or low-level forwarding details, including map management and monitor messages. release-note/bug This PR fixes an issue in a previous release of Cilium. needs-backport/1.13 This PR / issue needs backporting to the v1.13 branch labels May 15, 2023
@maintainer-s-little-helper maintainer-s-little-helper bot removed dont-merge/needs-release-note-label The author needs to describe the release impact of these changes. labels May 15, 2023
@maintainer-s-little-helper maintainer-s-little-helper bot added this to Needs backport from main in 1.13.3 May 15, 2023
@pchaigno pchaigno added the area/monitor Impacts monitoring, access logging, flow logging, visibility of datapath traffic. label May 15, 2023
pchaigno
pchaigno requested changes May 15, 2023
View reviewed changes
Copy link
Member

@pchaigno pchaigno left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for tackling this! 🚀

I've left a few inline comments below. I also have a few global comments:

  • The context that you gave in the pull request description should be in the commit message.
  • For the commit title, we usually follow the format of bpf: [Description]. I think a good title would be bpf: Fix missing drop notifications on ct lookup failures.
  • I usually try to avoid referencing GitHub issues in git commits because it creates a lot of noise on the target issue. Not everyone does the same though, so I'm fine either way 🙂
  • I've added a release note given this is a bug and will appear as such in the release notes.

bpf/bpf_lxc.c Outdated Show resolved Hide resolved
bpf/bpf_lxc.c Outdated Show resolved Hide resolved
bpf/bpf_lxc.c Outdated Show resolved Hide resolved
bpf/bpf_lxc.c Outdated Show resolved Hide resolved
@dylandreimerink dylandreimerink removed their request for review May 15, 2023 15:27
@bleggett bleggett force-pushed the bleggett/22527-notify-drop-src branch 6 times, most recently from 26999a4 to 062c4ef Compare May 15, 2023 21:01
@bleggett bleggett requested a review from pchaigno May 15, 2023 21:26
@pchaigno
Copy link
Member

Thx - I resynced with main just now as well.

Thanks, but I'd actually avoid doing that unless there are conflicts or it fixes some of the CI flakes. Every time we rebase the PR, we'll have to rerun tests from scratch and one of them takes up to 3h 😬 😅

@pchaigno
Copy link
Member

/test

@thorn3r thorn3r added this to Needs backport from main in 1.13.4 May 17, 2023
@thorn3r thorn3r removed this from Needs backport from main in 1.13.3 May 17, 2023
@maintainer-s-little-helper maintainer-s-little-helper bot added the ready-to-merge This PR has passed all tests and received consensus from code owners to merge. label May 17, 2023
@maintainer-s-little-helper maintainer-s-little-helper bot added this to Needs backport from main in 1.13.3 May 17, 2023
@pchaigno pchaigno merged commit b2de07a into cilium:main May 17, 2023
57 of 58 checks passed
@pchaigno
Copy link
Member

Thanks a lot for the contribution @bleggett!

@bleggett bleggett deleted the bleggett/22527-notify-drop-src branch May 17, 2023 22:13
@tklauser tklauser mentioned this pull request May 22, 2023
Merged
4 tasks
@tklauser tklauser added backport-pending/1.13 The backport for Cilium 1.13.x for this PR is in progress. and removed needs-backport/1.13 This PR / issue needs backporting to the v1.13 branch labels May 22, 2023
@maintainer-s-little-helper maintainer-s-little-helper bot moved this from Needs backport from main to Backport pending to v1.13 in 1.13.3 May 22, 2023
@tklauser tklauser added backport-done/1.13 The backport for Cilium 1.13.x for this PR is done. and removed backport-pending/1.13 The backport for Cilium 1.13.x for this PR is in progress. labels May 26, 2023
@maintainer-s-little-helper maintainer-s-little-helper bot moved this from Backport pending to v1.13 to Backport done to v1.13 in 1.13.3 May 26, 2023
@qmonnet qmonnet moved this from Needs backport from main to Backport done to v1.13 in 1.13.4 Jun 9, 2023
@qmonnet qmonnet mentioned this pull request Jun 9, 2023
Closed
This was referenced Jun 9, 2023
Closed
Merged
@maintainer-s-little-helper maintainer-s-little-helper bot added this to Needs backport from main in 1.12.10 Sep 13, 2023
@giorio94 giorio94 mentioned this pull request Sep 26, 2023
Merged
12 tasks
@maintainer-s-little-helper maintainer-s-little-helper bot moved this from Needs backport from main to Backport pending to v1.12 in 1.12.10 Sep 26, 2023
@aanm aanm added backport-done/1.12 The backport for Cilium 1.12.x for this PR is done. and removed backport-pending/1.12 labels Oct 2, 2023
@maintainer-s-little-helper maintainer-s-little-helper bot moved this from Backport pending to v1.12 to Backport done to v1.12 in 1.12.10 Oct 2, 2023
@jrajahalme jrajahalme mentioned this pull request Oct 17, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@pchaigno pchaigno pchaigno approved these changes

Assignees
No one assigned
Labels
area/monitor Impacts monitoring, access logging, flow logging, visibility of datapath traffic. backport-done/1.12 The backport for Cilium 1.12.x for this PR is done. backport-done/1.13 The backport for Cilium 1.13.x for this PR is done. kind/community-contribution This was a contribution made by a community member. ready-to-merge This PR has passed all tests and received consensus from code owners to merge. release-note/bug This PR fixes an issue in a previous release of Cilium. sig/datapath Impacts bpf/ or low-level forwarding details, including map management and monitor messages.
Projects
No open projects
1.12.10
Backport done to v1.12
1.13.3
Backport done to v1.13
1.13.4
Backport done to v1.13
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

bpf_lxc's CT programs are missing drop notifications
6 participants
@bleggett @pchaigno @tklauser @aanm @julianwiedmann @giorio94