On 9/18/20 12:42 PM, Thomas Ptacek wrote: > The setup is pretty simple. There's an eno1 (igb driver), to which our > default route points. On the same box are several VMs. There's a tap > interface (for each VM, call it tapX). Traffic for a VM flows in from > the Internet on eno1 and is directed to tapX; the response traffic > flows in the other direction. > > I'm deliberately simplifying here: > > eno1 runs an XDP program that does some lightweight IP rewriting from > anycast addresses to internal VM addresses on ingress. eno1's XDP > program currently XDP_PASS's rewritten packets to the IP stack, where > they're routed to the VM's tap. This works fine. > > tapX runs an XDP program that does the same rewriting in reverse. > Right now, it also XDP_PASS's packets to the stack, which also works > --- the stack routes response traffic out eno1. > > I'm playing with XDP_REDIRECT'ing instead of XDP_PASS'ing. > > I have the ifindexes and MAC addresses (and those of IP neighbors) in > a map --- a normal HASH map, not a DEVMAP. Using that map, I can > successfully redirect traffic from tapX to arbitrary other tap > interfaces. What I can't do is redirect packets from tapX to eno1, > which is what the system actually needs to do. > XDP_REDIRECT sends the packet to a devices ndo_xdp_xmit function. tap implements it hence eno1 -> tap works; igb does not meaning tap -> eno1 fails. xdpgeneric does not work in the Tx path.
|