cilium, connector: Wire up IPv4 GRO/GSO max size configuration

Extend the veth setup to also configure IPv4 GRO/GSO max size
configuration for every new veth for a given Pod.

Signed-off-by: Daniel Borkmann <[email protected]>

cilium-health/launch/endpoint.go

@@ -274,7 +274,8 @@ func LaunchAsEndpoint(baseCtx context.Context,
 	switch option.Config.DatapathMode {
 	case datapathOption.DatapathModeVeth:
 		_, epLink, err := connector.SetupVethWithNames(vethName, epIfaceName, mtuConfig.GetDeviceMTU(),
-			bigTCPConfig.GetGROIPv6MaxSize(), bigTCPConfig.GetGSOIPv6MaxSize(), info)
+			bigTCPConfig.GetGROIPv6MaxSize(), bigTCPConfig.GetGSOIPv6MaxSize(),
+			bigTCPConfig.GetGROIPv4MaxSize(), bigTCPConfig.GetGSOIPv4MaxSize(), info)
 		if err != nil {
 			return nil, fmt.Errorf("Error while creating veth: %s", err)
 		}

pkg/datapath/connector/veth.go

@@ -32,23 +32,24 @@ func SetupVethRemoteNs(netNs ns.NetNS, srcIfName, dstIfName string) (int, int, e
 // fields such as mac, NodeMac, ifIndex and ifName. Returns a pointer for the created
 // veth, a pointer for the temporary link, the name of the temporary link and error if
 // something fails.
-func SetupVeth(id string, mtu, groMaxSize, gsoMaxSize int, ep *models.EndpointChangeRequest) (*netlink.Veth, netlink.Link, string, error) {
+func SetupVeth(id string, mtu, groIPv6MaxSize, gsoIPv6MaxSize, groIPv4MaxSize, gsoIPv4MaxSize int, ep *models.EndpointChangeRequest) (*netlink.Veth, netlink.Link, string, error) {
 	if id == "" {
 		return nil, nil, "", fmt.Errorf("invalid: empty ID")
 	}
 
 	lxcIfName := Endpoint2IfName(id)
 	tmpIfName := Endpoint2TempIfName(id)
 
-	veth, link, err := SetupVethWithNames(lxcIfName, tmpIfName, mtu, groMaxSize, gsoMaxSize, ep)
+	veth, link, err := SetupVethWithNames(lxcIfName, tmpIfName, mtu,
+		groIPv6MaxSize, gsoIPv6MaxSize, groIPv4MaxSize, gsoIPv4MaxSize, ep)
 	return veth, link, tmpIfName, err
 }
 
 // SetupVethWithNames sets up the net interface, the temporary interface and fills up some endpoint
 // fields such as mac, NodeMac, ifIndex and ifName. Returns a pointer for the created
 // veth, a pointer for the temporary link, the name of the temporary link and error if
 // something fails.
-func SetupVethWithNames(lxcIfName, tmpIfName string, mtu, groMaxSize, gsoMaxSize int, ep *models.EndpointChangeRequest) (*netlink.Veth, netlink.Link, error) {
+func SetupVethWithNames(lxcIfName, tmpIfName string, mtu, groIPv6MaxSize, gsoIPv6MaxSize, groIPv4MaxSize, gsoIPv4MaxSize int, ep *models.EndpointChangeRequest) (*netlink.Veth, netlink.Link, error) {
 	var (
 		epHostMAC, epLXCMAC mac.MAC
 		err                 error
@@ -123,23 +124,45 @@ func SetupVethWithNames(lxcIfName, tmpIfName string, mtu, groMaxSize, gsoMaxSize
 		return nil, nil, fmt.Errorf("unable to bring up veth pair: %s", err)
 	}
 
-	if groMaxSize > 0 {
-		if err = netlink.LinkSetGROMaxSize(hostVeth, groMaxSize); err != nil {
+	if groIPv6MaxSize > 0 {
+		if err = netlink.LinkSetGROMaxSize(hostVeth, groIPv6MaxSize); err != nil {
 			return nil, nil, fmt.Errorf("unable to set GRO max size to %q: %w",
 				lxcIfName, err)
 		}
-		if err = netlink.LinkSetGROMaxSize(peer, groMaxSize); err != nil {
+		if err = netlink.LinkSetGROMaxSize(peer, groIPv6MaxSize); err != nil {
 			return nil, nil, fmt.Errorf("unable to set GRO max size to %q: %w",
 				tmpIfName, err)
 		}
 	}
 
-	if gsoMaxSize > 0 {
-		if err = netlink.LinkSetGSOMaxSize(hostVeth, gsoMaxSize); err != nil {
+	if gsoIPv6MaxSize > 0 {
+		if err = netlink.LinkSetGSOMaxSize(hostVeth, gsoIPv6MaxSize); err != nil {
 			return nil, nil, fmt.Errorf("unable to set GSO max size to %q: %w",
 				lxcIfName, err)
 		}
-		if err = netlink.LinkSetGSOMaxSize(peer, gsoMaxSize); err != nil {
+		if err = netlink.LinkSetGSOMaxSize(peer, gsoIPv6MaxSize); err != nil {
+			return nil, nil, fmt.Errorf("unable to set GSO max size to %q: %w",
+				tmpIfName, err)
+		}
+	}
+
+	if groIPv4MaxSize > 0 {
+		if err = netlink.LinkSetGROIPv4MaxSize(hostVeth, groIPv4MaxSize); err != nil {
+			return nil, nil, fmt.Errorf("unable to set GRO max size to %q: %w",
+				lxcIfName, err)
+		}
+		if err = netlink.LinkSetGROIPv4MaxSize(peer, groIPv4MaxSize); err != nil {
+			return nil, nil, fmt.Errorf("unable to set GRO max size to %q: %w",
+				tmpIfName, err)
+		}
+	}
+
+	if gsoIPv4MaxSize > 0 {
+		if err = netlink.LinkSetGSOIPv4MaxSize(hostVeth, gsoIPv4MaxSize); err != nil {
+			return nil, nil, fmt.Errorf("unable to set GSO max size to %q: %w",
+				lxcIfName, err)
+		}
+		if err = netlink.LinkSetGSOIPv4MaxSize(peer, gsoIPv4MaxSize); err != nil {
 			return nil, nil, fmt.Errorf("unable to set GSO max size to %q: %w",
 				tmpIfName, err)
 		}

plugins/cilium-cni/main.go

@@ -505,7 +505,9 @@ func cmdAdd(args *skel.CmdArgs) (err error) {
 			peer      netlink.Link
 			tmpIfName string
 		)
-		veth, peer, tmpIfName, err = connector.SetupVeth(ep.ContainerID, int(conf.DeviceMTU), int(conf.GROMaxSize), int(conf.GSOMaxSize), ep)
+		veth, peer, tmpIfName, err = connector.SetupVeth(ep.ContainerID, int(conf.DeviceMTU),
+			int(conf.GROMaxSize), int(conf.GSOMaxSize),
+			int(conf.GROIPV4MaxSize), int(conf.GSOIPV4MaxSize), ep)
 		if err != nil {
 			err = fmt.Errorf("unable to set up veth on host side: %s", err)
 			return err

plugins/cilium-docker/driver/driver.go

@@ -397,7 +397,9 @@ func (driver *driver) createEndpoint(w http.ResponseWriter, r *http.Request) {
 	switch driver.conf.DatapathMode {
 	case datapathOption.DatapathModeVeth:
 		var veth *netlink.Veth
-		veth, _, _, err = connector.SetupVeth(create.EndpointID, int(driver.conf.DeviceMTU), int(driver.conf.GROMaxSize), int(driver.conf.GSOMaxSize), endpoint)
+		veth, _, _, err = connector.SetupVeth(create.EndpointID, int(driver.conf.DeviceMTU),
+			int(driver.conf.GROMaxSize), int(driver.conf.GSOMaxSize),
+			int(driver.conf.GROIPV4MaxSize), int(driver.conf.GSOIPV4MaxSize), endpoint)
 		defer removeLinkOnErr(veth)
 	}
 	if err != nil {