diff --git a/felix/dataplane/linux/bpf_ep_mgr.go b/felix/dataplane/linux/bpf_ep_mgr.go index 36e3857e61b..4d6bdf436da 100644 --- a/felix/dataplane/linux/bpf_ep_mgr.go +++ b/felix/dataplane/linux/bpf_ep_mgr.go @@ -369,8 +369,9 @@ type bpfEndpointManager struct { polNameToMatchIDs map[string]set.Set[polprog.RuleMatchID] dirtyRules set.Set[polprog.RuleMatchID] - natInIdx int - natOutIdx int + natInIdx int + natOutIdx int + bpfIfaceMTU int v4 *bpfEndpointManagerDataplane v6 *bpfEndpointManagerDataplane @@ -437,6 +438,7 @@ func NewTestEpMgr( new(environment.FakeFeatureDetector), nil, nil, + 1500, ) } @@ -456,6 +458,7 @@ func newBPFEndpointManager( featureDetector environment.FeatureDetectorIface, healthAggregator *health.HealthAggregator, dataplanefeatures *environment.Features, + bpfIfaceMTU int, ) (*bpfEndpointManager, error) { if livenessCallback == nil { livenessCallback = func() {} @@ -623,6 +626,7 @@ func newBPFEndpointManager( } } + m.bpfIfaceMTU = bpfIfaceMTU if err := m.dp.ensureBPFDevices(); err != nil { return nil, fmt.Errorf("ensure BPF devices: %w", err) } else { @@ -3192,6 +3196,7 @@ func (m *bpfEndpointManager) ensureBPFDevices() error { if err != nil { la := netlink.NewLinkAttrs() la.Name = bpfInDev + la.MTU = m.bpfIfaceMTU nat := &netlink.Veth{ LinkAttrs: la, PeerName: bpfOutDev, @@ -3204,6 +3209,7 @@ func (m *bpfEndpointManager) ensureBPFDevices() error { return fmt.Errorf("missing %s after add: %w", bpfInDev, err) } } + if state := bpfin.Attrs().OperState; state != netlink.OperUp { log.WithField("state", state).Info(bpfInDev) if err := netlink.LinkSetUp(bpfin); err != nil { @@ -3221,6 +3227,15 @@ func (m *bpfEndpointManager) ensureBPFDevices() error { } } + err = netlink.LinkSetMTU(bpfin, m.bpfIfaceMTU) + if err != nil { + return fmt.Errorf("failed to set MTU to %d on %s: %w", m.bpfIfaceMTU, bpfInDev, err) + } + err = netlink.LinkSetMTU(bpfout, m.bpfIfaceMTU) + if err != nil { + return fmt.Errorf("failed to set MTU to %d on %s: %w", m.bpfIfaceMTU, bpfOutDev, err) + } + m.natInIdx = bpfin.Attrs().Index m.natOutIdx = bpfout.Attrs().Index diff --git a/felix/dataplane/linux/bpf_ep_mgr_test.go b/felix/dataplane/linux/bpf_ep_mgr_test.go index 6fb55c8ddef..d93db3f11cf 100644 --- a/felix/dataplane/linux/bpf_ep_mgr_test.go +++ b/felix/dataplane/linux/bpf_ep_mgr_test.go @@ -455,6 +455,7 @@ var _ = Describe("BPF Endpoint Manager", func() { &environment.FakeFeatureDetector{}, nil, environment.NewFeatureDetector(nil).GetFeatures(), + 1250, ) Expect(err).NotTo(HaveOccurred()) bpfEpMgr.v4.hostIP = net.ParseIP("1.2.3.4") diff --git a/felix/dataplane/linux/int_dataplane.go b/felix/dataplane/linux/int_dataplane.go index 622efc78890..789dbe0b38d 100644 --- a/felix/dataplane/linux/int_dataplane.go +++ b/felix/dataplane/linux/int_dataplane.go @@ -716,6 +716,7 @@ func NewIntDataplaneDriver(config Config) *InternalDataplane { featureDetector, config.HealthAggregator, dataplaneFeatures, + podMTU, ) if err != nil { diff --git a/felix/fv/bpf_test.go b/felix/fv/bpf_test.go index 8d730932a6a..d673831ee04 100644 --- a/felix/fv/bpf_test.go +++ b/felix/fv/bpf_test.go @@ -5165,9 +5165,9 @@ func dumpIfStateMap(felix *infrastructure.Felix) ifstate.MapMem { return m } -func ensureAllNodesBPFProgramsAttached(felixes []*infrastructure.Felix) { +func ensureAllNodesBPFProgramsAttached(felixes []*infrastructure.Felix, ifacesExtra ...string) { for _, felix := range felixes { - ensureBPFProgramsAttachedOffset(2, felix) + ensureBPFProgramsAttachedOffset(2, felix, ifacesExtra...) } } diff --git a/felix/fv/mtu_test.go b/felix/fv/mtu_test.go index 64945833c01..7eb9de3b55c 100644 --- a/felix/fv/mtu_test.go +++ b/felix/fv/mtu_test.go @@ -32,7 +32,7 @@ import ( "github.com/projectcalico/calico/libcalico-go/lib/options" ) -var _ = infrastructure.DatastoreDescribe("VXLAN topology before adding host IPs to IP sets", []apiconfig.DatastoreType{apiconfig.EtcdV3, apiconfig.Kubernetes}, func(getInfra infrastructure.InfraFactory) { +var _ = infrastructure.DatastoreDescribe("_BPF-SAFE_ VXLAN topology before adding host IPs to IP sets", []apiconfig.DatastoreType{apiconfig.EtcdV3, apiconfig.Kubernetes}, func(getInfra infrastructure.InfraFactory) { var ( infra infrastructure.DatastoreInfra tc infrastructure.TopologyContainers @@ -46,6 +46,17 @@ var _ = infrastructure.DatastoreDescribe("VXLAN topology before adding host IPs return strings.TrimSpace(out) }, "60s", "500ms").Should(Equal(fmt.Sprint(mtu))) } + if BPFMode() { + felix := tc.Felixes[0] + EventuallyWithOffset(1, func() string { + out, _ := felix.ExecOutput("ip", "link", "show", "dev", "bpfin.cali") + return out + }, "5s", "500ms").Should(ContainSubstring(fmt.Sprintf("mtu %d", mtu))) + EventuallyWithOffset(1, func() string { + out, _ := felix.ExecOutput("ip", "link", "show", "dev", "bpfout.cali") + return out + }, "5s", "500ms").Should(ContainSubstring(fmt.Sprintf("mtu %d", mtu))) + } } vxlanOverhead := func(ipv6 bool) int { @@ -59,6 +70,9 @@ var _ = infrastructure.DatastoreDescribe("VXLAN topology before adding host IPs if CurrentGinkgoTestDescription().Failed { for _, felix := range tc.Felixes { felix.Exec("ip", "link") + if BPFMode() { + felix.Exec("calico-bpf", "ifstate", "dump") + } } infra.DumpErrorData() }