Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

v1.31 Backports 2024-12-19 #1070

Merged
merged 2 commits into from
Dec 19, 2024
Merged

v1.31 Backports 2024-12-19 #1070

merged 2 commits into from
Dec 19, 2024

Conversation

mhofstetter
Copy link
Member

@mhofstetter mhofstetter commented Dec 19, 2024
edited
Loading

Once this PR is merged, a GitHub action will update the labels of these PRs:

 1066

@mhofstetter
extensions: enable udp proxy
51b19ea 
[ upstream commit 4b7b1b1 ]

This commit enables the UDP proxy related envoy extensions.

* `UDPProxy` UDP listener filter
* `HTTPCapsule` UDP session filter
* `DynamicForwardProxy` UDP session filter

Signed-off-by: Marco Hofstetter <[email protected]>
@mhofstetter
bpf_metadata: introduce udp bpf_metadata factory & instance
96d5392 
[ upstream commit b2e1bb5 ]

Currently, configuring a UDP listener (Envoy listener with socket
address protocol set to `udp`) with a UDPProxy in Envoy may
fail due to Envoy failing to missing privileges to bind the listener
address.

The reason is that the Cilium Proxy uses a "starter" that drops all
privileged capabilities before forking the actual Envoy process
(See #315 for more details.) Setting up the necessary socket options
is part of the Cilium `BPFMetadata` listener filter.

The current `BPFMetadata` listener filter can't be used as UDP listener
filter (different factory). Therefore, this commit introduces a UDP
capable version of the `BPFMetadata` listener filter. It's only purpose
is to setup the UDP listener socket correctly (IP_TRANSPARENT, SO_REUSEADDR,
...). It's currently NOT adding any BPF metadata related information to the
socket. This is not necessary as the Cilium network filters aren't yet available
for UDP either.

Signed-off-by: Marco Hofstetter <[email protected]>
@mhofstetter mhofstetter requested a review from sayboras December 19, 2024 11:28
@mhofstetter mhofstetter marked this pull request as ready for review December 19, 2024 11:28
@mhofstetter mhofstetter requested a review from a team as a code owner December 19, 2024 11:28
@mhofstetter mhofstetter mentioned this pull request Dec 19, 2024
Merged
@mhofstetter mhofstetter merged commit 1a5af7f into v1.31 Dec 19, 2024
5 checks passed
@mhofstetter mhofstetter deleted the pr/v1.31-backport-2024-12-19-12-25 branch December 19, 2024 12:17
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@sayboras sayboras sayboras approved these changes

Assignees
No one assigned
Labels
backport/1.31 kind/backports
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@mhofstetter @sayboras