On 5/24/24 16:01, Daniel Borkmann wrote:
> When running Cilium connectivity test suite with netkit in L2 mode, we
> found that compared to tcx a few tests were failing which pushed traffic
> into an L7 proxy sitting in host namespace. The problem in particular is
> around the invocation of eth_type_trans() in netkit.
>
> In case of tcx, this is run before the tcx ingress is triggered inside
> host namespace and thus if the BPF program uses the bpf_skb_change_type()
> helper the newly set type is retained. However, in case of netkit, the
> late eth_type_trans() invocation overrides the earlier decision from the
> BPF program which eventually leads to the test failure.
>
> Instead of eth_type_trans(), split out the relevant parts, meaning, reset
> of mac header and call to eth_skb_pkt_type() before the BPF program is run
> in order to have the same behavior as with tcx, and refactor a small helper
> called eth_skb_pull_mac() which is run in case it's passed up the stack
> where the mac header must be pulled. With this all connectivity tests pass.
>
> Fixes: 35dfaad7188c ("netkit, bpf: Add bpf programmable net device")
> Signed-off-by: Daniel Borkmann <daniel@xxxxxxxxxxxxx>
> ---
> drivers/net/netkit.c | 4 +++-
> include/linux/etherdevice.h | 8 ++++++++
> net/ethernet/eth.c | 4 +---
> 3 files changed, 12 insertions(+), 4 deletions(-)
>
Interesting find, looks good to me. :)
Acked-by: Nikolay Aleksandrov <razor@xxxxxxxxxxxxx>
