Perfect, thank you for the super-clear answer! --- Thomas H. Ptacek On Fri, Sep 18, 2020 at 3:27 PM David Ahern <dsahern@xxxxxxxxx> wrote: > > On 9/18/20 12:42 PM, Thomas Ptacek wrote: > > The setup is pretty simple. There's an eno1 (igb driver), to which our > > default route points. On the same box are several VMs. There's a tap > > interface (for each VM, call it tapX). Traffic for a VM flows in from > > the Internet on eno1 and is directed to tapX; the response traffic > > flows in the other direction. > > > > I'm deliberately simplifying here: > > > > eno1 runs an XDP program that does some lightweight IP rewriting from > > anycast addresses to internal VM addresses on ingress. eno1's XDP > > program currently XDP_PASS's rewritten packets to the IP stack, where > > they're routed to the VM's tap. This works fine. > > > > tapX runs an XDP program that does the same rewriting in reverse. > > Right now, it also XDP_PASS's packets to the stack, which also works > > --- the stack routes response traffic out eno1. > > > > I'm playing with XDP_REDIRECT'ing instead of XDP_PASS'ing. > > > > I have the ifindexes and MAC addresses (and those of IP neighbors) in > > a map --- a normal HASH map, not a DEVMAP. Using that map, I can > > successfully redirect traffic from tapX to arbitrary other tap > > interfaces. What I can't do is redirect packets from tapX to eno1, > > which is what the system actually needs to do. > > > > XDP_REDIRECT sends the packet to a devices ndo_xdp_xmit function. tap > implements it hence eno1 -> tap works; igb does not meaning tap -> eno1 > fails. > > xdpgeneric does not work in the Tx path. -- --- Thomas H. Ptacek 312-231-7805
|