Nikita V. Shirokov
Nikita V. Shirokov
Yes. How to do this? I actually have a repro in dev environment so can take any debug info required
Oh nvm. Missed that this is a link (on mobile). Will try to do today
haven't run pwru yet; but i've confirmed that the drop is indeed in https://github.com/cilium/cilium/blob/v1.15.1/bpf/lib/conntrack.h#L761 i've added printk there: ``` default: printk("drop ct unknown proto\n"); /* Can't handle extension headers yet...
@squeed pwru output: ``` Ctehnerd:~/gh/cilium$ sudo ../pwru/pwru 'proto 4' 2024/05/14 17:13:29 Attaching kprobes (via kprobe-multi)... 1554 / 1554 [-----------------------------------------------------------------------------------] 100.00% ? p/s 2024/05/14 17:13:29 Attached (ignored 0) 2024/05/14 17:13:29 Listening...
and sending ipip4 packet from the dev server to the the k8s pod which is running w/ kind on the same devserver (and cilium is installed on that cluster; with...
[pwru.txt](https://github.com/cilium/cilium/files/15311864/pwru.txt) pwru w/ more flags: ``` sudo ../pwru/pwru 'proto 4' --output-tuple --output-stack --output-skb --output-meta --output-file /tmp/pwru.txt ```
generated packet was: ``` outer destination of ipip: 10.244.1.205 inner destination of ipip: 10.244.1.205 inner source of ipip: 192.168.14.14 outer soruce of ipip: 10.11.12.13 sport 31337 dport 80 ```
so w/ patch like ``` if (ct_buffer.ret < 0) \ - return drop_for_direction(ctx, DIR, ct_buffer.ret, ext_err); \ + return drop_for_direction(ctx, DIR, -ct_buffer.ret, ext_err); \ if (map_update_elem(&CT_TAIL_CALL_BUFFER4, &zero, &ct_buffer, 0) <...
So I made this work by calculating offsets so it is looking into inner ipv4 header and transport ports. But i have no idea what could this possible break. So...
changes which made this work (for ipv4; this is just to continue the discussion on what to do w/ ipip. mb there is a config option which allows to do...