cilium: encryption cleanup encryption and fix table assignment of nexthop route#8322
Merged
cilium: encryption cleanup encryption and fix table assignment of nexthop route#8322
Conversation
Contributor
Author
|
test-me-please |
This was referenced Jun 18, 2019
Merged
Contributor
Author
|
test-me-please |
Contributor
Author
|
test-me-please |
Remove encryptNode rules from generic EnableIPsec path its already setup through a call to encryptNode(). This is just duplicate code that did not get removed. Signed-off-by: John Fastabend <john.fastabend@gmail.com>
Remove this comment that is actually old code that is no longer needed. Signed-off-by: John Fastabend <john.fastabend@gmail.com>
hostRules() is already called above for both ipv4 and ipv6 no need to call it again. Signed-off-by: John Fastabend <john.fastabend@gmail.com>
While reading and IPv4 and IPv6 code its helpful if we use the same variable names in both versions. Convert IPv6 code to use 'exactMask' name to align with IPv4. Signed-off-by: John Fastabend <john.fastabend@gmail.com>
We don't require a nexthop entry here. In fact if we add a nexthop entry it will be an exact match entry with a more specific route than the local route that should be taken. To date this didn't matter because the entry was added to the default table due to a bug in the route logic that did not specify the table for nexthop entries. This way it did not conflict with the local rule in the encrypt table. However, this patch is needed so we can fixup the route entry to specify table for the nexthop. Signed-off-by: John Fastabend <john.fastabend@gmail.com>
The nexthop route was injected into the default table instead of the table specified. This code path was not used so far, this is a fix for a potential future usage. Fixes: fec5499 ("route: Fix route replacement logic for IPv6") Signed-off-by: Thomas Graf <thomas@cilium.io>
Contributor
Author
|
test-me-please |
tgraf
approved these changes
Jun 24, 2019
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Series of cleanup to encryption code and removes nexthop specifier from out encryption route. Its not needed and will break encryption after PR #8312 by forcing ingress esp traffic to cilium_host when we expect to decrypt it first.
@tgraf says, "The nexthop route was injected into the default table instead of the table
specified. This code path was not used so far, this is a fix for a potential
future usage."
This change is