Only process traffic impacted by network policies

[aojea]

optimize the datapath not having to send all packets to user space, only the ones that are subject of network policies

Fixes: https://github.com/kubernetes-sigs/kube-network-policies/issues/10, #31, #12

[k8s-ci-robot]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: aojea

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files: - ~~[OWNERS](https://github.com/kubernetes-sigs/kube-network-policies/blob/main/OWNERS)~~ [aojea] Approvers can indicate their approval by writing `/approve` in a comment Approvers can cancel approval by writing `/approve cancel` in a comment

[aojea]

/assign @danwinship

Dan please take a look

[aojea]

This looks like it will work (though you lose all the optimization once you add even a single ANP)...

Cluster Wide Policies are hard to implement in the dataplane

Another possibility would be to just add "local detector" options like kube-proxy (--cluster-cidr, use node podCIDRs, etc)

Since the controller already has the pod information this looks simpler, kube-proxy does not watch pods and need to depend on those heuristics

[danwinship]

It would still be better for it to be a command-line option, even if it's required. Required environment variables are terrible.

[aojea]

It would still be better for it to be a command-line option, even if it's required. Required environment variables are terrible.

I just want to fix the flake, let me open an issue to not forget and do the change