bpf, nodeport: source port ranges converted to runtime config by viktor-kurchenko · Pull Request #43680 · cilium/cilium

viktor-kurchenko · 2026-01-11T21:38:41Z

This commit moves NodePort and NodePort NAT port ranges into the node configuration, so BPF programs consume CONFIG(nodeport_port_*) values rather than fixed macros.
The Go datapath now populates these fields from the LB config when KPR or BPF masquerade is enabled, and the old headerfile defines in the Linux config writer are dropped.

Updates included:

BPF datapath and NAT logic switched to CONFIG(nodeport_port_min/max/min_nat/max_nat), with defaults and overrides in bpf/include/bpf/config/node.h.
Tests adjusted to use config-driven ranges (including deterministic overrides) and refreshed wildcard lookup helpers.
NodePortMaxNAT constant moved to pkg/datapath/config, and NAT stats import updated accordingly.

Related: #38370

viktor-kurchenko · 2026-01-11T21:49:06Z

/test

viktor-kurchenko · 2026-01-12T10:38:32Z

/test

bpf/tests/bpf_nat_tests.c

bpf/include/bpf/config/node.h

viktor-kurchenko · 2026-01-13T20:24:01Z

/test

bpf/tests/inter_cluster_snat_clusterip_backend_overlay.c

rgo3 · 2026-01-16T13:30:08Z

Given Timo is already reviewing this, I'm taking myself of the reviewers list.

jrife

LGTM for datapath. Let's just figure out the answer to how to reuse the same default port values across test files.

viktor-kurchenko · 2026-01-25T12:05:37Z

/test

viktor-kurchenko · 2026-01-25T13:05:21Z

/test

bpf/lib/nodeport_egress.h

bpf/tests/wildcard_lookup.c

bpf/tests/nodeport_defaults.h

bpf/include/bpf/config/node.h

bpf/tests/inter_cluster_snat_clusterip_backend_overlay.c

pkg/datapath/config/config.go

viktor-kurchenko · 2026-02-01T19:10:45Z

/test

viktor-kurchenko · 2026-02-04T07:49:56Z

/test

viktor-kurchenko · 2026-02-04T09:34:38Z

/test

viktor-kurchenko · 2026-02-04T10:33:13Z

/test

bpf/include/bpf/config/node.h

pkg/maps/nat/stats/stats.go

This commit moves NodePort and NodePort NAT port ranges into the node configuration, so BPF programs consume CONFIG(nodeport_port_*) values rather than fixed macros. The Go datapath now populates these fields from the LB config when KPR or BPF masquerade is enabled, and the old headerfile defines in the Linux config writer are dropped. Updates included: - BPF datapath and NAT logic switched to CONFIG(nodeport_port_min/max/min_nat/max_nat), with defaults and overrides in bpf/include/bpf/config/node.h. - Tests adjusted to use config-driven ranges (including deterministic overrides) and refreshed wildcard lookup helpers. - NodePortMaxNAT constant moved to pkg/datapath/config, and NAT stats import updated accordingly. Signed-off-by: viktor-kurchenko <viktor.kurchenko@isovalent.com>

This change removes hardcoded NodePort port default assignments from bpf/include/bpf/config/node.h and moves test-only defaults into a shared helper used by BPF tests. The Go datapath node config now initializes port range fields to zero, letting runtime config supply values. Updates included: - New bpf/tests/test_helpers.h with ASSIGN_NODEPORT_DEFAULTS() to set NodePort/NAT port ranges for deterministic source port selection. - BPF tests now include test_helpers.h and call the helper instead of relying on node.h defaults or per-test overrides. Signed-off-by: viktor-kurchenko <viktor.kurchenko@isovalent.com>

It removes the guard that only populated node.NodeportPortMin/Max and the NAT NodePort range when kube-proxy replacement or BPF masquerade was enabled. Now those fields are always set from lnc.LBConfig, ensuring consistent initialization regardless of KPR or masquerade settings. Signed-off-by: viktor-kurchenko <viktor.kurchenko@isovalent.com>

The commit replaces nodeport_port_min_nat/max_nat config fields with BPF macros and updates all NAT target uses in BPF programs/tests to use NODEPORT_PORT_*_NAT macros. Test defaults simplified. Signed-off-by: viktor-kurchenko <viktor.kurchenko@isovalent.com>

viktor-kurchenko · 2026-02-04T12:15:09Z

/test

ti-mo

Thanks!

ysksuzuki

LGTM. Thanks!

viktor-kurchenko added area/loader Impacts the loading of BPF programs into the kernel. area/datapath Impacts bpf/ or low-level forwarding details, including map management and monitor messages. release-note/misc This PR makes changes that have no direct user impact. labels Jan 11, 2026

viktor-kurchenko force-pushed the pr/vk/bpf/nodeport/cfg branch from 02d3244 to 9cd26c6 Compare January 11, 2026 21:48

viktor-kurchenko added the dont-merge/wait-until-release Freeze window for current release is blocking non-bugfix PRs label Jan 12, 2026

viktor-kurchenko force-pushed the pr/vk/bpf/nodeport/cfg branch from 9cd26c6 to c4c872a Compare January 12, 2026 10:29

viktor-kurchenko marked this pull request as ready for review January 12, 2026 10:49

viktor-kurchenko requested review from a team as code owners January 12, 2026 10:49

viktor-kurchenko requested review from jrife, rgo3 and ysksuzuki January 12, 2026 10:49

ti-mo added this to the clang-free milestone Jan 12, 2026

jrife requested changes Jan 13, 2026

View reviewed changes

bpf/tests/bpf_nat_tests.c Show resolved Hide resolved

bpf/include/bpf/config/node.h Outdated Show resolved Hide resolved

viktor-kurchenko force-pushed the pr/vk/bpf/nodeport/cfg branch from c4c872a to 33331cb Compare January 13, 2026 20:15

viktor-kurchenko requested a review from jrife January 13, 2026 20:19

ysksuzuki reviewed Jan 14, 2026

View reviewed changes

bpf/tests/inter_cluster_snat_clusterip_backend_overlay.c Outdated Show resolved Hide resolved

ti-mo mentioned this pull request Jan 14, 2026

bpf: migrate non-branching config macros to runtime configuration #38370

Open

33 tasks

aanm removed the dont-merge/wait-until-release Freeze window for current release is blocking non-bugfix PRs label Jan 14, 2026

viktor-kurchenko requested a review from ysksuzuki January 15, 2026 18:19

rgo3 removed their request for review January 16, 2026 13:30

jrife approved these changes Jan 20, 2026

View reviewed changes

viktor-kurchenko requested a review from ti-mo January 22, 2026 07:02

viktor-kurchenko force-pushed the pr/vk/bpf/nodeport/cfg branch from 33331cb to 95bf21b Compare January 25, 2026 11:56

viktor-kurchenko force-pushed the pr/vk/bpf/nodeport/cfg branch 2 times, most recently from 4067771 to 9e0588c Compare January 25, 2026 12:49

ti-mo reviewed Jan 29, 2026

View reviewed changes

viktor-kurchenko force-pushed the pr/vk/bpf/nodeport/cfg branch from 9e0588c to 5478682 Compare February 1, 2026 17:42

viktor-kurchenko force-pushed the pr/vk/bpf/nodeport/cfg branch from b98008d to 24329aa Compare February 4, 2026 07:39

viktor-kurchenko force-pushed the pr/vk/bpf/nodeport/cfg branch 2 times, most recently from 665f6f1 to 1a7d57a Compare February 4, 2026 09:34

viktor-kurchenko force-pushed the pr/vk/bpf/nodeport/cfg branch from 1a7d57a to a7b1dfb Compare February 4, 2026 10:31

viktor-kurchenko requested a review from ti-mo February 4, 2026 10:32

ti-mo reviewed Feb 4, 2026

View reviewed changes

bpf/include/bpf/config/node.h Outdated Show resolved Hide resolved

pkg/maps/nat/stats/stats.go Outdated Show resolved Hide resolved

viktor-kurchenko added 4 commits February 4, 2026 13:14

viktor-kurchenko force-pushed the pr/vk/bpf/nodeport/cfg branch from a7b1dfb to c52d29d Compare February 4, 2026 12:14

viktor-kurchenko requested a review from ti-mo February 4, 2026 13:46

ti-mo approved these changes Feb 4, 2026

View reviewed changes

ti-mo enabled auto-merge February 4, 2026 16:50

ysksuzuki approved these changes Feb 5, 2026

View reviewed changes

maintainer-s-little-helper bot added the ready-to-merge This PR has passed all tests and received consensus from code owners to merge. label Feb 5, 2026

ti-mo added this pull request to the merge queue Feb 5, 2026

Merged via the queue into main with commit 1200b35 Feb 5, 2026
467 of 470 checks passed

ti-mo deleted the pr/vk/bpf/nodeport/cfg branch February 5, 2026 08:38

Conversation

viktor-kurchenko commented Jan 11, 2026

Uh oh!

viktor-kurchenko commented Jan 11, 2026

Uh oh!

viktor-kurchenko commented Jan 12, 2026

Uh oh!

Uh oh!

Uh oh!

viktor-kurchenko commented Jan 13, 2026

Uh oh!

Uh oh!

rgo3 commented Jan 16, 2026

Uh oh!

jrife left a comment

Choose a reason for hiding this comment

Uh oh!

viktor-kurchenko commented Jan 25, 2026

Uh oh!

viktor-kurchenko commented Jan 25, 2026

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

viktor-kurchenko commented Feb 1, 2026

Uh oh!

viktor-kurchenko commented Feb 4, 2026

Uh oh!

viktor-kurchenko commented Feb 4, 2026

Uh oh!

viktor-kurchenko commented Feb 4, 2026

Uh oh!

Uh oh!

Uh oh!

viktor-kurchenko commented Feb 4, 2026

Uh oh!

ti-mo left a comment

Choose a reason for hiding this comment

Uh oh!

ysksuzuki left a comment

Choose a reason for hiding this comment

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

7 participants