Skip to content

Reimplement VLAN_FILTER using global array #38721

Open
Open
Reimplement VLAN_FILTER using global array#38721
Labels
area/datapathImpacts bpf/ or low-level forwarding details, including map management and monitor messages.area/loaderImpacts the loading of BPF programs into the kernel.pinnedThese issues are not marked stale by our issue bot.
Milestone
clang-free
@ti-mo

Description

@ti-mo
ti-mo
opened on Apr 3, 2025

The VLAN filter feature is currently implemented completely using the C preprocessor, e.g.:

#define VLAN_FILTER(ifindex, vlan_id) switch (ifindex) { \
case 116: \
switch (vlan_id) { \
case 4000: \
case 4001: \
return true; \
} \
break; \
} \
break; \
} \
return false;

For a related feature, we're looking at adding proper VLAN support for Pods, where this would require a rework anyway. @borkmann Would you be able to give some input or status update?

In the interim, in order to unblock clang-free and to avoid having to turn this into a full subsystem w/ a pinned map, Cell and reconciler, I propose making this a simple [5]uint16 and passing a list of VLANs as an array. The current limit seems to be 5:

cilium/pkg/datapath/linux/config/config.go

Line 823 in 4559c00

} else if vlansCount > 5 {

Metadata

Metadata

Assignees

No one assigned

    Labels

    area/datapathImpacts bpf/ or low-level forwarding details, including map management and monitor messages.area/loaderImpacts the loading of BPF programs into the kernel.pinnedThese issues are not marked stale by our issue bot.

    Type

    No type

    Projects

    No projects

    Milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions