bpf: Remove unneeded orig_sip from ipv6_host_policy_ingress

There is no need to copy the IPv6 address to a local variable, because
the packet data is not going to change. Just use the address from the
packet headers directly.

Signed-off-by: Maxim Mikityanskiy <[email protected]>

Author: gentoo-root

bpf/lib/host_firewall.h

@@ -100,7 +100,6 @@ ipv6_host_policy_ingress(struct __ctx_buff *ctx, __u32 *src_id,
 	struct remote_endpoint_info *info;
 	int ret, verdict = CTX_ACT_OK, l4_off, hdrlen;
 	struct ipv6_ct_tuple tuple = {};
-	union v6addr orig_sip;
 	void *data, *data_end;
 	struct ipv6hdr *ip6;
 	__u16 proxy_port = 0;
@@ -123,7 +122,6 @@ ipv6_host_policy_ingress(struct __ctx_buff *ctx, __u32 *src_id,
 	/* Lookup connection in conntrack map. */
 	tuple.nexthdr = ip6->nexthdr;
 	ipv6_addr_copy(&tuple.saddr, (union v6addr *)&ip6->saddr);
-	ipv6_addr_copy(&orig_sip, (union v6addr *)&ip6->saddr);
 	hdrlen = ipv6_hdrlen(ctx, &tuple.nexthdr);
 	if (hdrlen < 0)
 		return hdrlen;
@@ -136,11 +134,11 @@ ipv6_host_policy_ingress(struct __ctx_buff *ctx, __u32 *src_id,
 	trace->reason = (enum trace_reason)ret;
 
 	/* Retrieve source identity. */
-	info = lookup_ip6_remote_endpoint(&orig_sip, 0);
+	info = lookup_ip6_remote_endpoint((union v6addr *)&ip6->saddr, 0);
 	if (info && info->sec_label)
 		*src_id = info->sec_label;
 	cilium_dbg(ctx, info ? DBG_IP_ID_MAP_SUCCEED6 : DBG_IP_ID_MAP_FAILED6,
-		   orig_sip.p4, *src_id);
+		   ip6->saddr.s6_addr32[3], *src_id);
 
 	/* Reply traffic and related are allowed regardless of policy verdict. */
 	if (ret == CT_REPLY || ret == CT_RELATED)