|
|
|
|
@ -4979,6 +4979,12 @@ static int send_proxy_packet4(struct sk_buff *skb, const struct re_address *src,
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
skb->protocol = htons(ETH_P_IP);
|
|
|
|
|
/* Clear any mark inherited from the received packet. On Cilium/GKE
|
|
|
|
|
* DPv2 nodes, ingress BPF stamps identity/decrypt marks on incoming
|
|
|
|
|
* skbs; leaving them in place can match an ip rule (e.g.
|
|
|
|
|
* "fwmark 0x200/0xf00 → table 2004") and send forwarded packets into
|
|
|
|
|
* a Cilium-internal routing table that has no default gateway. */
|
|
|
|
|
skb->mark = 0;
|
|
|
|
|
|
|
|
|
|
#if (LINUX_VERSION_CODE >= KERNEL_VERSION(6,10,0)) || \
|
|
|
|
|
(defined(RHEL_RELEASE_CODE) && LINUX_VERSION_CODE >= KERNEL_VERSION(5,14,0) && \
|
|
|
|
|
@ -5066,6 +5072,9 @@ static int send_proxy_packet6(struct sk_buff *skb, const struct re_address *src,
|
|
|
|
|
memcpy(&ih->daddr, dst->u.ipv6, sizeof(ih->daddr));
|
|
|
|
|
|
|
|
|
|
skb->protocol = htons(ETH_P_IPV6);
|
|
|
|
|
/* Same reasoning as send_proxy_packet4: clear inherited Cilium ingress
|
|
|
|
|
* marks to avoid misrouting via Cilium-internal tables. */
|
|
|
|
|
skb->mark = 0;
|
|
|
|
|
|
|
|
|
|
memset(&fl6, 0, sizeof(fl6));
|
|
|
|
|
memcpy(&fl6.saddr, src->u.ipv6, sizeof(fl6.saddr));
|
|
|
|
|
|
Federico Cabiddu
4 weeks ago
committed by
Richard Fuchs