Skip to content

[v1.18] bpf: Fix marker to skip nodeport when punting to proxy#43886

Merged
borkmann merged 3 commits intov1.18from
pr/v1.18-l7-punt-xfer
Jan 20, 2026
Merged

[v1.18] bpf: Fix marker to skip nodeport when punting to proxy#43886
borkmann merged 3 commits intov1.18from
pr/v1.18-l7-punt-xfer

Conversation

@borkmann
Copy link
Copy Markdown
Member

@borkmann borkmann commented Jan 20, 2026

Manual backport of:

Once this PR is merged, a GitHub action will update the labels of these PRs:

 43069

@borkmann
bpf: Fix marker to skip nodeport when punting to proxy
42d0c45 
[ upstream commit 640e955 ]
[ manual backport due to upstream nodeport code refacors ]

Julian spotted that setting ctx_skip_nodeport_set(ctx) is not having
the desired effect for the case when there is XDP used on the node.

The ctx_skip_nodeport_set() marker is not transferred to the skb and
as a result the service lookup would happen twice instead of just in
the XDP layer resulting in higher per-packet cost. The latter lookup
in the tcx layer for such packets is unnecessary.

Therefore, use the correct ctx_set_xfer(ctx, XFER_PKT_NO_SVC).

Reported-by: Julian Wiedmann <jwi@isovalent.com>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
@borkmann borkmann requested a review from a team as a code owner January 20, 2026 13:48
@borkmann borkmann added kind/backports This PR provides functionality previously merged into master. backport/1.18 This PR represents a backport for Cilium 1.18.x of a PR that was merged to main. labels Jan 20, 2026
@borkmann
tests/bpf: Add L7 proxy delegate test with local backend
36236d2 
[ upstream commit 7f95906 ]
[ manually fixing up unit test for 1.18 infra ]

Add a test where the backend is local with the service L7 proxy delegate.
We expect the service to be passed up the stack unmodified. XFER_PKT_NO_SVC
is set to skip tcx service handling a second time.

Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
@borkmann
tests/bpf: Add L7 proxy delegate test with remote backend
327f657 
[ upstream commit 4fe778b ]
[ manually fixing up unit test for 1.18 infra ]

Add a test where the backend is remote with the service L7 proxy delegate.
We expect the service to be NATed and sent out the node. XFER_PKT_NO_SVC
is /not/ set in this case given the backend is not part of the local
endpoint map.

Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
@borkmann borkmann force-pushed the pr/v1.18-l7-punt-xfer branch from facbbe3 to 327f657 Compare January 20, 2026 14:21
@borkmann
Copy link
Copy Markdown
Member Author

borkmann commented Jan 20, 2026

/test

@borkmann borkmann requested a review from giorio94 January 20, 2026 16:29
@borkmann borkmann enabled auto-merge January 20, 2026 16:29
giorio94
giorio94 approved these changes Jan 20, 2026
View reviewed changes
Copy link
Copy Markdown
Member

@giorio94 giorio94 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks, looks good to me from a backport point of view.

@borkmann borkmann added this pull request to the merge queue Jan 20, 2026
@maintainer-s-little-helper maintainer-s-little-helper bot added the ready-to-merge This PR has passed all tests and received consensus from code owners to merge. label Jan 20, 2026
Merged via the queue into v1.18 with commit bf4f816 Jan 20, 2026
305 checks passed
@borkmann borkmann deleted the pr/v1.18-l7-punt-xfer branch January 20, 2026 17:57
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@giorio94 giorio94 giorio94 approved these changes

Assignees

No one assigned

Labels

backport/1.18 This PR represents a backport for Cilium 1.18.x of a PR that was merged to main. kind/backports This PR provides functionality previously merged into master. ready-to-merge This PR has passed all tests and received consensus from code owners to merge.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@borkmann @giorio94 @msune