Skip to content

Add preliminary support for SCTP#20033

Merged
nebril merged 8 commits intocilium:masterfrom
DolceTriade:sctp-v2
Sep 13, 2022
Merged

Add preliminary support for SCTP#20033
nebril merged 8 commits intocilium:masterfrom
DolceTriade:sctp-v2

Conversation

@DolceTriade
Copy link
Copy Markdown

@DolceTriade DolceTriade commented May 31, 2022
edited by joestringer
Loading

Please ensure your pull request adheres to the following guidelines:

  • For first time contributors, read Submitting a pull request
  • All code is covered by unit and/or runtime tests where feasible.
  • All commits contain a well written commit description including a title,
    description and a Fixes: #XXX line if the commit addresses a particular
    GitHub issue.
  • All commits are signed off. See the section Developer’s Certificate of Origin
  • Provide a title or release-note blurb suitable for the release notes.
  • Thanks for contributing!

Partially implements #5719 and implements M1 for #20490

Add partial support for SCTP

@DolceTriade DolceTriade requested a review from a team as a code owner May 31, 2022 23:26
@DolceTriade DolceTriade requested review from a team May 31, 2022 23:26
@DolceTriade DolceTriade requested review from a team as code owners May 31, 2022 23:26
@maintainer-s-little-helper maintainer-s-little-helper bot added the dont-merge/needs-release-note-label The author needs to describe the release impact of these changes. label May 31, 2022
@DolceTriade DolceTriade changed the title Add preliminary support SCTP Add preliminary support for SCTP May 31, 2022
@DolceTriade DolceTriade requested a review from a team as a code owner June 6, 2022 20:32
@joestringer joestringer added the release-note/major This PR introduces major new functionality to Cilium. label Jun 6, 2022
@maintainer-s-little-helper maintainer-s-little-helper bot removed the dont-merge/needs-release-note-label The author needs to describe the release impact of these changes. label Jun 6, 2022
@DolceTriade DolceTriade force-pushed the sctp-v2 branch 5 times, most recently from 08d2dde to eecf2c3 Compare June 6, 2022 22:08
@joestringer

This comment was marked as outdated.

Sign in to view
@pchaigno pchaigno self-requested a review June 9, 2022 20:05
pchaigno
pchaigno requested changes Jun 12, 2022
View reviewed changes
Copy link
Copy Markdown
Member

@pchaigno pchaigno left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for tackling this feature request! It would be nice to finally have SCTP support 😃

My main concern with the current changes is the many limitations. They need to be documented, but I think it would also be best to put the feature behind a flag rather than introduce many runtime checks. (I'm actually surprised you didn't hit any complexity issues because of that.)

The commit history also needs some work. Each commit should contain changes that logically belong together, in a way that facilitates review of the different aspects of this new feature.

@DolceTriade
Copy link
Copy Markdown
Author

DolceTriade commented Jun 13, 2022
edited
Loading

Thanks for the feedback!

For a feature flag, is the is goal that everywhere IPPROTO_SCTP is a condition, we need to #ifdef ENABLE_SCTP or something? Is it sufficient to include the #ifdef in https://github.com/cilium/cilium/blob/master/bpf/lib/lb.h#L340? Is it sufficient to feature guard SCTP support only in the BPF side of the code? I worry this will make things more convoluted in the Go side if we have to do a runtime check for SCTP enabled everywhere...

So, my takeaways from the review are:

  • Rebase commit history to be more clear
  • Feature guard SCTP support
  • Add tests

In general, does the approach here work or will the code itself need to be reworked?

@DolceTriade DolceTriade force-pushed the sctp-v2 branch 2 times, most recently from b4196a3 to d72dd0a Compare June 15, 2022 05:56
@DolceTriade DolceTriade requested a review from a team June 15, 2022 05:56
@DolceTriade DolceTriade requested a review from a team as a code owner June 15, 2022 05:56
@joestringer

This comment was marked as outdated.

Sign in to view
@aanm
Copy link
Copy Markdown
Member

aanm commented Sep 1, 2022

@DolceTriade it looks the test failure in https://jenkins.cilium.io/job/Cilium-PR-Runtime-net-next/3250/ is legitimate.

@DolceTriade
Copy link
Copy Markdown
Author

DolceTriade commented Sep 1, 2022

Will debug and push fixes. Thanks for flagging. It would be nice to get all the reviews in first so I don't have to keep debugging test breakages though...

@DolceTriade
Copy link
Copy Markdown
Author

DolceTriade commented Sep 2, 2022

I ran the runtime tests locally and they all passed. PTAL.

@tklauser

This comment was marked as outdated.

Sign in to view
@DolceTriade
Copy link
Copy Markdown
Author

DolceTriade commented Sep 3, 2022

I cannot reproduce these failures. Also they are failing in parts unrelated to my changes :-/

@joestringer
Copy link
Copy Markdown
Member

joestringer commented Sep 5, 2022

@DolceTriade multicluster is not required to pass currently, and the 4.9 job only failed on one specific test which looks like it was broken recently by #20956 . This PR LGTM from a testing perspective now. Unless @pchaigno / @jrajahalme / @cilium/sig-hubble have further feedback in the short term, I will be OK with merging this.

pchaigno
pchaigno requested changes Sep 9, 2022
View reviewed changes
Copy link
Copy Markdown
Member

@pchaigno pchaigno left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

A couple changes needed below but they should all be trivial to implement.

pchaigno
pchaigno requested changes Sep 12, 2022
View reviewed changes
pchaigno
pchaigno requested changes Sep 12, 2022
View reviewed changes
Copy link
Copy Markdown
Member

@pchaigno pchaigno left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think there was a small mishaps while addressing the changes above.

Harsh Modi and others added 8 commits September 12, 2022 06:37
api: Add support for SCTP.
09ed964 
Allow specifying SCTP as a protocol for policy tracing.

Signed-off-by: Harsh Modi <harshmodi@google.com>
policy: Add support for SCTP policies.
b2f44ee 
This adds support L4 SCTP policies. Note that L7 policies on top of SCTP
are unsupported.

One behavior change is that policymap will no longer panic on unknown
protos. Previously, it used to explicitly ignore UDP and panic on
unknown protocols. Now it ignores all unknown protocols.

Signed-off-by: Harsh Modi <harshmodi@google.com>
hubble: Add SCTP support.
12ce8a9 
Allow tracing SCTP packets.

Signed-off-by: Harsh Modi <harshmodi@google.com>
@nathanjsweet
bpf: Add partial SCTP support.
1a23b83 
Signed-off-by: Harsh Modi <harshmodi@google.com>
Co-authored-by: Nathan Sweet <nathanjsweet@users.noreply.github.com>
helm: Add sctp.enabled and use it to set ENABLE_SCTP.
582dc06 
Signed-off-by: Harsh Modi <harshmodi@google.com>
docs: Add basic docs on SCTP.
1d89310 
Add docs on how to enable and the limitations of SCTP support.

Signed-off-by: Harsh Modi <harshmodi@google.com>
sctp: Error out if SCTP is enabled on older kernels.
1c9032a 
SCTP requires many more branches and paths which will cause the programs
to exceed the instruction limit on older kernels.

Signed-off-by: Harsh Modi <harshmodi@google.com>
test: Add a BPF test to exercise SCTP.
551d471 
This test is a clone of hairpin_flow, but for SCTP packets.

Signed-off-by: Harsh Modi <harshmodi@google.com>
@DolceTriade
Copy link
Copy Markdown
Author

DolceTriade commented Sep 12, 2022

Fixed for real :-/ idk what I did last night...

@pchaigno
Copy link
Copy Markdown
Member

pchaigno commented Sep 12, 2022

Fixed for real :-/ idk what I did last night...

No worries. You wouldn't believe of many times these sort of things happened to me 😅

I'll trigger the end-to-end tests now and will keep an eye on them.

@pchaigno
Copy link
Copy Markdown
Member

pchaigno commented Sep 12, 2022

/test

@pchaigno
Copy link
Copy Markdown
Member

pchaigno commented Sep 13, 2022

CI passes and we've had a good number of reviews on the code despite a couple team reviews missing (Hubble and proxy which should be minor here given lack of L7 support). Marking ready to merge.

gandro
gandro approved these changes Sep 13, 2022
View reviewed changes
Copy link
Copy Markdown
Member

@gandro gandro left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

FWIW, Hubble still looks good

@rolinh rolinh mentioned this pull request Jan 25, 2023
Closed
@joestringer joestringer mentioned this pull request Mar 2, 2023
Merged
@aojea aojea mentioned this pull request May 29, 2023
Merged
@julianwiedmann julianwiedmann mentioned this pull request Oct 4, 2024
Merged
@kaworu kaworu mentioned this pull request Sep 24, 2025
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@qmonnet qmonnet qmonnet left review comments

@gandro gandro gandro approved these changes

@nathanjsweet nathanjsweet nathanjsweet approved these changes

@joamaki joamaki joamaki approved these changes

@joestringer joestringer joestringer approved these changes

@pchaigno pchaigno pchaigno approved these changes

@jrajahalme jrajahalme Awaiting requested review from jrajahalme

Assignees

No one assigned

Labels

area/datapath Impacts bpf/ or low-level forwarding details, including map management and monitor messages. ready-to-merge This PR has passed all tests and received consensus from code owners to merge. release-note/major This PR introduces major new functionality to Cilium. sig/policy Impacts whether traffic is allowed or denied based on user-defined policies.

Projects

None yet

Milestone

v1.13.0-rc1

Development

Successfully merging this pull request may close these issues.