Bpf iface auto detection #8803
Bpf iface auto detection #8803
Conversation
marvin-tigera
added
release-note-required
There was a problem hiding this comment.
As discussed offline, it would be good/possible not to introduce the new option, deprecate the l3 regexp and just see of ia device is l3 or l2 and or slave/master in a bond. That would let us exclude device using the pattern that we do not care and we woul dnot need to include bondX inthe patter to include bonds.
felix/config/config_params.go
Outdated
| @@ -204,6 +204,7 @@ type Config struct { | |||
| BPFForceTrackPacketsFromIfaces []string `config:"iface-filter-slice;docker+"` | |||
| BPFDisableGROForIfaces *regexp.Regexp `config:"regexp;"` | |||
| BPFExcludeCIDRsFromNAT []string `config:"cidr-list;;"` | |||
| BPFInterfaceAutoDetection string `config:"oneof(TCP,Enabled,Disabled);Enabled;non-zero"` | |||
There was a problem hiding this comment.
| BPFInterfaceAutoDetection string `config:"oneof(TCP,Enabled,Disabled);Enabled;non-zero"` | |
| BPFInterfaceAutoDetection string `config:"oneof(Enabled,Disabled);Enabled;non-zero"` |
felix/fv/bpf_attach_test.go
Outdated
| tc.Felixes[0].Exec("ip", "link", "add", "dummy0", "type", "dummy") | ||
| tc.Felixes[0].Exec("ip", "link", "add", "dummy1", "type", "dummy") |
There was a problem hiding this comment.
what if you named these devices eth3 and eth4 or somethign else that could interfere with the regexp?
felix/dataplane/linux/bpf_ep_mgr.go
Outdated
| // Check if the interface is bond. If so, update the interface type for | ||
| // slaves, master. |
There was a problem hiding this comment.
what does this comment relates to?
felix/dataplane/linux/bpf_ep_mgr.go
Outdated
|
|
||
| func (m *bpfEndpointManager) autoDetectInterfaceType(intf *net.Interface) IfaceType { | ||
| name := intf.Name | ||
| if name == "tunl0" { |
There was a problem hiding this comment.
what if ipip tunnel has a different name?
felix/dataplane/linux/bpf_ep_mgr.go
Outdated
| } | ||
|
|
||
| func isBondIface(name string) bool { | ||
| bonding := fmt.Sprintf("/sys/class/net/%s/bonding", name) |
There was a problem hiding this comment.
could this be queried via netlink?
felix/dataplane/linux/bpf_ep_mgr.go
Outdated
| log.Debugf("Failed to get master interface details for '%s'", update.Name) | ||
| } | ||
| if !m.isDataIface(masterIfa.Name) { | ||
| log.Warnf("Master interface '%s' ignored. Add it to the config", masterIfa.Name) |
There was a problem hiding this comment.
I think the better behaviour would be to say "ok, master is not in the regexp but the slave is, seems like the user wants us to attach to the slave and not to the bond. User may know better, why not, lets to it. Attach to slave and ignore the master" WDYT? 🤔
| @@ -92,4 +93,71 @@ var _ = infrastructure.DatastoreDescribe("_BPF-SAFE_ Felix bpf reattach object", | |||
| return out | |||
| }, "15s", "1s").ShouldNot(ContainSubstring("eth0")) | |||
| }) | |||
|
|
|||
| It("should attach programs to the bond interfaces", func() { | |||
There was a problem hiding this comment.
btw can this be tested in the unit test in bpf_ep_mgr_test.go? Woudn't that be a better place? Perhaps those cases with slave in regexp and master not in addition to this test? There is a mock for netlink.
felix/bpf/ifstate/map.go
Outdated
| @@ -42,13 +42,27 @@ const ( | |||
| FlgWEP = uint32(0x1) | |||
| FlgIPv4Ready = uint32(0x2) | |||
| FlgIPv6Ready = uint32(0x4) | |||
| FlgMax = uint32(0x7) | |||
| FlgHost = uint32(0x8) | |||
There was a problem hiding this comment.
So far, not having FlgWEP meant host. Is there any need for the new flag? We cannot have both WEP and Host. Also the name should probably we FlgHEP.
There was a problem hiding this comment.
I changed it to FlgHEP. Want these flags to make sure iface detection is working fine.
| JustAfterEach(func() { | ||
| err := dp.deleteIface("bond0") | ||
| Expect(err).NotTo(HaveOccurred()) | ||
| err = dp.deleteIface("eth10") | ||
| Expect(err).NotTo(HaveOccurred()) | ||
| err = dp.deleteIface("eth20") | ||
| Expect(err).NotTo(HaveOccurred()) | ||
| }) |
There was a problem hiding this comment.
why do you this clean up? Isn't dp recreated?
| err = dp.deleteIface("eth11") | ||
| Expect(err).NotTo(HaveOccurred()) | ||
| err = dp.deleteIface("foo0") | ||
| Expect(err).NotTo(HaveOccurred()) | ||
| genIfaceUpdate("eth11", ifacemonitor.StateNotPresent, 21)() | ||
| genIfaceUpdate("foo0", ifacemonitor.StateNotPresent, 11)() |
There was a problem hiding this comment.
what does this test? Would it make sense to add this to where bond matches the when bond is deleted slaves get the attachment?
There was a problem hiding this comment.
Just want to make sure things are fine when interface is deleted.
felix/dataplane/linux/bpf_ep_mgr.go
Outdated
| // update the ifaceType, master ifindex if bond slave. | ||
| link, err := m.dp.getIfaceLink(update.Name) | ||
| if err != nil { | ||
| log.Panicf("Failed to get interface information via netlink '%s'", update.Name) |
There was a problem hiding this comment.
Panic does not seem right? What if we just ignore the iface and log an error?
| if err != nil { | ||
| log.WithError(err).Warn("Failed to list attached programs") | ||
| } else { | ||
| if err := m.cleanupOldAttach(update.Name, ai[update.Name]); err != nil { |
There was a problem hiding this comment.
could there be no error and ai[] to be empty as if the programs were not attached before?
There was a problem hiding this comment.
yes. cleanupAttached handles that by checking if ai.xdp, ai.ingress, ai.egress != nil
felix/dataplane/linux/bpf_ep_mgr.go
Outdated
| // throw a warning and continue to attach to slave. | ||
| masterIfa, err := m.dp.interfaceByIndex(val.info.masterIfIndex) | ||
| if err != nil { | ||
| log.Debugf("Failed to get master interface details for '%s'. Continuing to attach program", iface) |
There was a problem hiding this comment.
| log.Debugf("Failed to get master interface details for '%s'. Continuing to attach program", iface) | |
| log.Warnf("Failed to get master interface details for '%s'. Continuing to attach program", iface) |
feels like this should be reported
felix/dataplane/linux/bpf_ep_mgr.go
Outdated
| if err != nil { | ||
| log.Debugf("Failed to get master interface details for '%s'. Continuing to attach program", iface) | ||
| } else if !m.isDataIface(masterIfa.Name) { | ||
| log.Warnf("Master interface '%s' ignored. Add it to the config", masterIfa.Name) |
There was a problem hiding this comment.
| log.Warnf("Master interface '%s' ignored. Add it to the config", masterIfa.Name) | |
| log.Warnf("Master interface '%s' ignored. Add it to the <config name> in config", masterIfa.Name) |
sridhartigera
force-pushed
the
bpf-iface-detect
branch
from
06e7edb to
d6c2cbf
Compare
…am-release-v3.28 [release-v3.28] Auto pick #8803: Interface autodetection - ebpf
coutinhop
added
cherry-pick-completed
Description
This PR adds the following
This PR does not handle attaching xdp programs to the bond slaves. Will be done subsequently.
Related issues/PRs
Todos
Release Note
Reminder for the reviewer
Make sure that this PR has the correct labels and milestone set.
Every PR needs one
docs-*label.docs-pr-required: This change requires a change to the documentation that has not been completed yet.docs-completed: This change has all necessary documentation completed.docs-not-required: This change has no user-facing impact and requires no docs.Every PR needs one
release-note-*label.release-note-required: This PR has user-facing changes. Most PRs should have this label.release-note-not-required: This PR has no user-facing changes.Other optional labels:
cherry-pick-candidate: This PR should be cherry-picked to an earlier release. For bug fixes only.needs-operator-pr: This PR is related to install and requires a corresponding change to the operator.