Skip to content

bpf: host: don't force PACKET_HOST when IPSec is enabled#43342

Merged
julianwiedmann merged 1 commit intomainfrom
pr/jwi/main/bpf-ipsec-packet-host
Jan 30, 2026
Merged

bpf: host: don't force PACKET_HOST when IPSec is enabled#43342
julianwiedmann merged 1 commit intomainfrom
pr/jwi/main/bpf-ipsec-packet-host

Conversation

@julianwiedmann
Copy link
Copy Markdown
Member

@julianwiedmann julianwiedmann commented Dec 15, 2025

In the past this part was needed for encrypted packets without valid L2 headers, which got diverted through the cilium_{host,net} veth pair.

But as #41699 removed this diversion, there shouldn't be any further need for this code. It won't even see any of the targeted IPsec traffic.

@julianwiedmann julianwiedmann added area/datapath Impacts bpf/ or low-level forwarding details, including map management and monitor messages. feature/ipsec Relates to Cilium's IPsec feature labels Dec 15, 2025
@maintainer-s-little-helper maintainer-s-little-helper bot added dont-merge/needs-release-note-label The author needs to describe the release impact of these changes. labels Dec 15, 2025
@julianwiedmann julianwiedmann added the release-note/misc This PR makes changes that have no direct user impact. label Dec 15, 2025
@maintainer-s-little-helper maintainer-s-little-helper bot removed the dont-merge/needs-release-note-label The author needs to describe the release impact of these changes. label Dec 15, 2025
@julianwiedmann julianwiedmann mentioned this pull request Dec 15, 2025
Closed
@julianwiedmann julianwiedmann added this to the 1.20 milestone Dec 15, 2025
@julianwiedmann julianwiedmann added dont-merge/preview-only Only for preview or testing, don't merge it. pinned These issues are not marked stale by our issue bot. labels Dec 15, 2025
@julianwiedmann
Copy link
Copy Markdown
Member Author

julianwiedmann commented Dec 15, 2025

/test

@julianwiedmann julianwiedmann force-pushed the pr/jwi/main/bpf-ipsec-packet-host branch from 4f2a6e6 to 233c0ec Compare January 22, 2026 06:30
@julianwiedmann
Copy link
Copy Markdown
Member Author

julianwiedmann commented Jan 22, 2026

/test

@julianwiedmann julianwiedmann force-pushed the pr/jwi/main/bpf-ipsec-packet-host branch from 233c0ec to 70f25f1 Compare January 22, 2026 10:29
@julianwiedmann
Copy link
Copy Markdown
Member Author

julianwiedmann commented Jan 22, 2026

/test

@julianwiedmann
bpf: host: don't force PACKET_HOST when IPSec is enabled
b47c5c1 
In the past this part was needed for encrypted packets without valid L2
headers, which got diverted through the cilium_{host,net} veth pair.

But as #41699 removed this diversion,
there shouldn't be any further need for this code. It won't even see any of
the targeted IPsec traffic.

Signed-off-by: Julian Wiedmann <jwi@isovalent.com>
@julianwiedmann julianwiedmann force-pushed the pr/jwi/main/bpf-ipsec-packet-host branch from 70f25f1 to b47c5c1 Compare January 30, 2026 07:05
@julianwiedmann
Copy link
Copy Markdown
Member Author

julianwiedmann commented Jan 30, 2026

/test

@julianwiedmann julianwiedmann removed the dont-merge/preview-only Only for preview or testing, don't merge it. label Jan 30, 2026
@julianwiedmann julianwiedmann marked this pull request as ready for review January 30, 2026 10:49
@julianwiedmann julianwiedmann requested a review from a team as a code owner January 30, 2026 10:49
@julianwiedmann julianwiedmann added this pull request to the merge queue Jan 30, 2026
Merged via the queue into main with commit 711d1f6 Jan 30, 2026
852 of 856 checks passed
@julianwiedmann julianwiedmann deleted the pr/jwi/main/bpf-ipsec-packet-host branch January 30, 2026 11:31
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@smagnani96 smagnani96 smagnani96 approved these changes

@ldelossa ldelossa Awaiting requested review from ldelossa

Assignees

No one assigned

Labels

area/datapath Impacts bpf/ or low-level forwarding details, including map management and monitor messages. feature/ipsec Relates to Cilium's IPsec feature pinned These issues are not marked stale by our issue bot. release-note/misc This PR makes changes that have no direct user impact.

Projects

None yet

Milestone

1.20-feature-freeze

Development

Successfully merging this pull request may close these issues.

3 participants

@julianwiedmann @smagnani96 @msune