Merge pull request #889 from TrekkieCoder/main

#675 Initial support for proxy protocol v2
loxilb-io · Nov 27, 2024 · 9b6d66c · 9b6d66c
2 parents 35b5e0e + a99bcb3
commit 9b6d66c
Show file tree

Hide file tree

Showing 9 changed files with 36 additions and 2 deletions.
diff --git a/api/models/loadbalance_entry.go b/api/models/loadbalance_entry.go
diff --git a/api/restapi/embedded_spec.go b/api/restapi/embedded_spec.go
diff --git a/api/restapi/handler/loadbalancer.go b/api/restapi/handler/loadbalancer.go
@@ -49,6 +49,7 @@ func ConfigPostLoadbalancer(params operations.PostConfigLoadbalancerParams) midd
 	lbRules.Serv.Name = params.Attr.ServiceArguments.Name
 	lbRules.Serv.Oper = cmn.LBOp(params.Attr.ServiceArguments.Oper)
 	lbRules.Serv.HostUrl = params.Attr.ServiceArguments.Host
+	lbRules.Serv.ProxyProtocolV2 = params.Attr.ServiceArguments.Proxyprotocolv2
 
 	if lbRules.Serv.Proto == "sctp" {
 		for _, data := range params.Attr.SecondaryIPs {
@@ -173,6 +174,7 @@ func ConfigGetLoadbalancer(params operations.GetConfigLoadbalancerAllParams) mid
 		tmpSvc.Name = lb.Serv.Name
 		tmpSvc.Snat = lb.Serv.Snat
 		tmpSvc.Host = lb.Serv.HostUrl
+		tmpSvc.Proxyprotocolv2 = lb.Serv.ProxyProtocolV2
 
 		tmpLB.ServiceArguments = &tmpSvc
 

diff --git a/api/swagger.yml b/api/swagger.yml
@@ -3038,6 +3038,9 @@ definitions:
           host:
             type: string
             description: Ingress specific host URL path
+          proxyprotocolv2:
+            type: boolean
+            description: flag to enable proxy protocol v2
 
       endpoints:
         type: array

diff --git a/common/common.go b/common/common.go
@@ -581,6 +581,8 @@ type LbServiceArg struct {
 	Snat bool `json:"snat"`
 	// HostUrl - Ingress Specific URL path
 	HostUrl string `json:"path"`
+	// ProxyProtocolV2 - Enable proxy protocol v2
+	ProxyProtocolV2 bool `json:"proxyprotocolv2"`
 }
 
 // LbEndPointArg - Information related to load-balancer end-point

diff --git a/loxilb-ebpf b/loxilb-ebpf
diff --git a/pkg/loxinet/dpbroker.go b/pkg/loxinet/dpbroker.go
@@ -297,6 +297,7 @@ type LBDpWorkQ struct {
 	DsrMode   bool
 	CsumDis   bool
 	SrcCheck  bool
+	Ppv2En    bool
 	SecMode   SecT
 	HostURL   string
 	Proto     uint8

diff --git a/pkg/loxinet/dpebpf_linux.go b/pkg/loxinet/dpebpf_linux.go
@@ -1022,7 +1022,10 @@ func DpLBRuleMod(w *LBDpWorkQ) int {
 		dat.ca.oaux = 1
 	}
 	if w.SrcCheck {
-		dat.chksrc = 1
+		dat.opflags = C.NAT_LB_OP_CHKSRC
+	}
+	if w.Ppv2En {
+		dat.ppv2 = 1
 	}
 
 	nxfa := (*nxfrmAct)(unsafe.Pointer(&dat.nxfrms[0]))
@@ -1265,6 +1268,8 @@ func (ct *DpCtInfo) convDPCt2GoObjFixup(ctKey *C.struct_dp_ct_key, ctDat *C.stru
 			ct.CState = "sync-ack"
 		case t.state == C.CT_TCP_EST:
 			ct.CState = "est"
+		case t.state == C.CT_TCP_PEST:
+			ct.CState = "est"
 		case t.state == C.CT_TCP_ERR:
 			ct.CState = "h/e"
 		case t.state == C.CT_TCP_CW:

diff --git a/pkg/loxinet/rules.go b/pkg/loxinet/rules.go
@@ -292,6 +292,7 @@ type ruleEnt struct {
 	name     string
 	inst     string
 	secMode  cmn.LBSec
+	ppv2En   bool
 	srcList  []*allowedSrcElem
 	locIPs   map[string]struct{}
 }
@@ -819,6 +820,7 @@ func (R *RuleH) GetLBRule() ([]cmn.LbRuleMod, error) {
 		ret.Serv.ProbeResp = data.hChk.prbResp
 		ret.Serv.Name = data.name
 		ret.Serv.HostUrl = data.tuples.path
+		ret.Serv.ProxyProtocolV2 = data.ppv2En
 		if data.act.actType == RtActSnat {
 			ret.Serv.Snat = true
 		}
@@ -1661,6 +1663,7 @@ func (R *RuleH) AddLbRule(serv cmn.LbServiceArg, servSecIPs []cmn.LbSecIPArg, al
 			eRule.hChk.prbReq != serv.ProbeReq || eRule.hChk.prbResp != serv.ProbeResp ||
 			eRule.pTO != serv.PersistTimeout || eRule.act.action.(*ruleLBActs).sel != lBActs.sel ||
 			eRule.act.action.(*ruleLBActs).mode != lBActs.mode ||
+			eRule.ppv2En != serv.ProxyProtocolV2 ||
 			len(allowedSources) != len(eRule.srcList) {
 			ruleChg = true
 		}
@@ -1736,6 +1739,7 @@ func (R *RuleH) AddLbRule(serv cmn.LbServiceArg, servSecIPs []cmn.LbSecIPArg, al
 		eRule.hChk.prbRetries = serv.ProbeRetries
 		eRule.hChk.prbTimeo = serv.ProbeTimeout
 		eRule.pTO = serv.PersistTimeout
+		eRule.ppv2En = serv.ProxyProtocolV2
 		eRule.act.action.(*ruleLBActs).sel = lBActs.sel
 		eRule.act.action.(*ruleLBActs).endPoints = retEps
 		eRule.act.action.(*ruleLBActs).mode = lBActs.mode
@@ -1781,6 +1785,7 @@ func (R *RuleH) AddLbRule(serv cmn.LbServiceArg, servSecIPs []cmn.LbSecIPArg, al
 	r.managed = serv.Managed
 	r.secIP = nSecIP
 	r.secMode = serv.Security
+	r.ppv2En = serv.ProxyProtocolV2
 
 	// Per LB end-point health-check is supposed to be handled at kube-loxilb/CCM,
 	// but it certain cases like stand-alone mode, loxilb can do its own
@@ -2795,6 +2800,7 @@ func (r *ruleEnt) LB2DP(work DpWorkT) int {
 	nWork.InActTo = uint64(r.iTO)
 	nWork.PersistTo = uint64(r.pTO)
 	nWork.HostURL = r.tuples.path
+	nWork.Ppv2En = r.ppv2En
 	if len(r.srcList) > 0 {
 		nWork.SrcCheck = true
 	}
+6 −2		common/llb_dp_mdi.h
+9 −3		common/llb_dpapi.h
+32 −1		common/parsing_helpers.h
+283 −22		kernel/llb_kern_cdefs.h
+1 −1		kernel/llb_kern_compose.c
+33 −1		kernel/llb_kern_ct.c
+6 −0		kernel/llb_kern_devif.c
+1 −0		kernel/llb_kern_l3fwd.c
+2 −1		kernel/llb_kern_natlbfwd.c
+1 −1		kernel/llb_kern_sum.c
+2 −1		kernel/loxilb_libdp.c