Tags: projectcalico/felix
Tags
- 7103ffc Use correct release branch version of Typha - e31ba36 Wireguard FV: allow time for node.Status.WireguardPublicKey to be set - 05e343d PolicySync FV: allow time for profile update for second mock workload - 0f0b13a Only collect WireGuard prom stats when enabled (#3058) - b3a3fb0 Automatic Pin Updates - 993158a Update pins
- 28886f0 Add test for delete/add during iteration of BPF map - 6eef99f check for failsafe ports in XDP and update the XDP parser - f4cc7fc update icmp parser - 98ca33d update structure of xdp.c - 8db3967 update xdp.c - e130fb8 some changes to parsing and xdp - feac817 renamed tc_state_fill_from_nextheader to tc_state_fill_from_nexthdr - c36521c Add accepted entry to xdp prog - 5e05782 Automatic Pin Updates - d7a7049 Fix some comments - d0b95d0 Typo - 7eefa96 XDP program attachment - a275d08 Info logging for bpf_ep_mgr.go - 128e06a Info logging for tc/attach.go - d565fa9 WIP commenting for xdp/attach.go - 09819af Log bpftool output when trouble getting program metadata - 5a949be Suppress XDP attachment for now - 199bf25 Attachment WIP - 26ff196 Revert "Suppress XDP attachment for now" - 5b7c3c4 Policy program tweaks for XDP - e880467 Info logging for xdp/attach.go - 73f1500 Build fixes - bb23282 Compile the XDP program - 346a0b3 revert deleting a skb_refresh_validate_ptrs check - 0dca000 Set CALI_XDP_PROG when compiling xdp.c - cb93f64 fix a typo - 66d113d Make BPF mode XDP function subject to config.XDPEnabled - 171a128 Consistent context logging for XDP attach point - 1d0a83c More attach point logging - aa11d16 Protect XDP jump maps from premature clean up - 8a7e303 Temp: switch off BPF tracing - 6f0347b Temp: suppress unhelpful XDP FV tests - 6d4382d Temp: suppress bpf-log - df3ce64 Specify XDP program type when loading XDP policy program - 2fb41fa XDP FV: suppress iptables-related tests, which don't apply for BPF mode - 96cd7c9 Promoted logging in bpf_syscall.go - 5559433 Remove maybe existing program when attaching an XDP program - 8eb2203 Jump map update logging - 90b1bf3 Placate vet - 529eda1 Placate vet some more - f304d62 FV: Fix expected number of jump maps - becf8d0 Revert "Placate vet some more" - 8b31e3a Revert "Promoted logging in bpf_syscall.go" - 13fbcbb Reinstate all XDP FV tests and run in BPF mode as well - f37363d Revert FV logging changes - 390160a bpf/proxy: Increase timeouts and log the last error - 6394c60 XDP to TC metadata - d4052f7 testing metadata - a77d978 revert testing metadata xdp2tc - 92234d1 change struct name - ea32cf9 Patch interface name into XDP program log prefix - 8d1390e Make XDP tracing prefix end with "-X" instead of "-I" - 4bfbc8e finalize metadata - 9fbe280 XDP program for untracked policies (#2888) - 6836baf Revert temporary logging promotions - 24a916f Adjust logging level of new code - 8ef6f60 Revert more temporary logging promotions - 3c3834d In BPF mode, always behave as though GenericXDPEnabled is true - 4af7eae XDP: generate only the policy code that we really need - 452b474 Use label "xdp_pass" for XDP pass case - c553c4c Use "calico-xdp" in temp dir name for patching XDP program - c4a9dc5 Demote most attachment logs to Debug - c1bec02 XDP attach: use -force and make sure always to clean up - 5d49ec4 Revert "Protect XDP jump maps from premature clean up" - c5017a5 Revert "Revert "Protect XDP jump maps from premature clean up"" - 5266a0e Log path of map still in use - 389a045 fix typos - 8862125 Only attach our XDP program when untracked policy is configured - 18efe69 Ignore XDPEnabled when in BPF mode - 9b219f7 Placate CI - 44e694c Add FV tests for whether XDP program is attached - 40c7893 Revert "FV: Fix expected number of jump maps" - 4abed71 Typo fix - e1a1849 Use %w to wrap errors when using fmt.Errorf - c1075b8 Revert one case where we can't use %w - bbef5c1 Rename BPF "epilogue" program to "allowed" - 625b2a4 Add policy and icmp reply programs to XDP (#2911) - b3b570a Add ServiceIndex component (#2874) - 94c7a7f Avoid race + panic when unnecessarily cleaning up the Kubernetes API service - 4c840e8 Align LoadBPFProgramFromInsns progType support with Enterprise code - 76dea4e Add missing Makefile dependency on include deps for xdp.c - af02e95 Misc simple BPF code alignments from the Enterprise code - 6a0e939 List FV tests that will be run, before actually running them - f5ea429 Update pins - 39d51f0 Automatic Pin Updates - 67a22ee Automatic Pin Updates - bd0257b Propagate WireguardHostEncryptionEnabled config_param (#2897) - f356e06 Update pins - 20ddc18 Automatic Pin Updates - a2d8177 Add UT for XDP policy programs - 5cea4f8 Add UT for XDP program attachment - 9dd8e73 Update release targets - 5c481ef Automatic Pin Updates - 4731f6e XDP UT framework (#2918) - 0b18bad Automatic Pin Updates - f744adc Move generated files above where they are used (#2939) - c11d818 Automatic Pin Updates - c84d96a Update to AWS API v2. - cb01ca9 ease up wireguard metrics log levels (#2945) - e4ee56f XDP UT and fixes to the XDP program (#2944) - 8a3ee62 Update naming and comment for golang State struct to match C code - 868611e Align setting of BPF policy result with Enterprise code - 536c318 Correction to polprog building for XDP - 270e507 UT: See error and all args when bpftool call fails - f0c7d80 UT: See command output when bpftool call fails - 7d2ed3b Set up BPF mode iptables for untracked egress policy - 224f92f Define mark bits needed for raw ingress policy, even in BPF mode - 0e3bad2 BPF: Use iptables policy manager for raw egress policy - 598cd18 Create and use iptables ipsets manager - df703e4 In BPF mode, only generate v4 iptables for raw egress policy - 1730a67 When raw iptables allows a packet, set TC bypass mark so TC skips it - fd8aae7 Allow IP sets manager to have multiple backend dataplanes - cabb7c1 Use BYPASS mark to tell raw ingress iptables to mark packet as NOTRACK - a9dfbda Apply host egress policy to a untracked mid-flow TCP flow - 7f967ab Mark DoNotTrack FV tests to run in BPF mode - fe0c0f4 Add another bit to IptablesMarkMask, for FV tests with wireguard enabled - ace154c Allow both inbound and outbound failsafes for untracked policy - 0d72291 Failsafes in XDP do not generate NOTRACK action - 20d5a5b Skip bogus XDP FV test when in BPF mode - 5760cb9 Suppress new CT state creation when allowing untracked mid-flow to continue - 8aede77 BPF mode: Only emit Linux IP sets that we need for untracked egress - 7f3ae0d Automatic Pin Updates - db4f6f7 Rev netlink and fix incompatibility with new netlink library. - 09ae86a Automatic Pin Updates - 520dae4 Automatic Pin Updates - a332155 Merge needed IP set IDs from multiple policies - 9299c82 Comment checking against failsafes - 6e31ead Remove highest fixed bit from BPF mode's Calico mark and mask - d746790 Other code review markups - 75ab367 Fix UT for top bit removal - 189b72e Delete IP sets when they become non-needed - 018f254 In BPF mode, only emit untracked policies to raw iptables table - a697017 Fix slow performance of updating a namespace. - bd33d3b UT + fix for IP sets becoming non-needed and re-needed - 59ddc8f Automatic Pin Updates - 73b6cc2 Automatic Pin Updates - 60ffbf3 Automatic Pin Updates - 5fa2585 Upgrade libbpf to v0.4.0 - 1afa359 remove unions in cali_tc_ctx/state structure (#2966) - 5d916f4 revert union in cali_tc_state (#2976) - 4547b2b Automatic Pin Updates - 995a19e Automatic Pin Updates - 00be823 Abolish BPF mode's fixed Calico mark pattern - b5ce2f5 Move IP sets manager to common location - 9835195 Windows dataplane use common ipset manager - 4edfb6d More fix - 79eb0c6 Fix static-checks - cbecfb2 Drop a half-untracked flow at HEP egress - d77ab43 Automatic Pin Updates - eea29bf Revert "XDP UT framework (#2918)" - 35a3043 bpf/ut: withXDP() - b909800 Use new WorkloadEndpointPort struct - 333c239 Automatic Pin Updates - 56912e3 Automatic Pin Updates - a44377d Automatic Pin Updates - 19cc0bd Don't crash when untracked policy is applied to a host-* endpoint - c327d78 Fix service loop prevention flake - 522447c bpf: source port collision detection - f565849 bpf/ut: source collision test - a693afd fv/bpf: fix source collision FV - 1d89816 bpf: source port collision resolution - ee9cefe bpf: source port collision resolution for UDP - f763fc6 bpf/ut: static-checks fixes - 6d56b00 bpf: source port collision fix for brokem related icmp - fa5cd5b XDP tests now run on Semaphore VM - 528ae8d Skip broken sockmap FV test - 8e8b987 bpf: felix can set the pSNAT port range - 3f44f83 bpf: fix conntrack typos and dups - fb54f31 bpf: always use ct_make_key in conntrack - 02786ed bpf: fix pSNAT defaults - 4dce515 bpf: test random port collision - 6c0a9c8 bpf: fix debugs in TC - 5c02da7 bpf/ut: typos and statics checks fixes - 2eddfea bugfix: vxlan noencap blackhole contention (#2986) - 6cc07e2 bpf: fix setting conntrack nat_sport iff collision - 3eedf6a bpf: revert change due to verifier state explosion - b2a2f71 bpf/ut: fix typecast in an assertion - bab3551 Automatic Pin Updates - 784dba9 Run Windows FV tests (#2895) - 1656d37 Automatic Pin Updates - 35dfcf5 Backout previous routetable fix and change how we handle empty interface regex - 70bd8cc Automatic Pin Updates - 8f7ff67 Fix locks - 1e9eaac Do not overwrite the eps copy - 8c85f76 Windows impl for service network policy (#2917) - 3957b0a Automatic Pin Updates - d227bfb bpf/proxy: exclude local workloads from NodePortRemotes - b6ff867 bpf/proxy: add a comment - 36fd109 bpf/proxy: program only Ready endpoints in NAT - 98d0e9e Load TC programs using libbpf (#2963) - 5c041be bpf/proxy: fix conn cleaning when ExternalTrafficPolicy=Local - 5d41368 Automatic Pin Updates - 88565db Automatic Pin Updates - 8c8391a Automatic Pin Updates - 2f29dd7 Replace hyperkube, update k8s version (#3016) - d9e7448 Automatic Pin Updates - 64f16d9 Cleanup of map struct and compilation flags (#3020) - 4e75ff5 Wireguard FV: allow time for node.Status.WireguardPublicKey to be set - 5506caf PolicySync FV: allow time for profile update for second mock workload - 68cf1c2 Avoid error when bpftool returns empty JSON output at start of day - 4eb1f41 Review markup: don't use Expect inside Eventually - 1c605f1 Run Windows FV setup with bash-level tracing - 928a2df Review markup: also allow for node update conflicts - 7a59a67 Run Windows FV setup with bash-level tracing - 9188731 FV: Don't panic when cleaning up an endpoint and it has already gone - 9a3da14 Automatic Pin Updates - 93f2e74 BPFPSNATPorts config option - cdf6ae1 Kubernetes version to v0.21.0 (#3040) - 45e5397 bpf: Patch the psnat ports into the binaries - b2c551f Move tc definitions to own package. - c4bf0c5 Increase build timeout. - f5b67ee Automatic Pin Updates - 849f4a3 Automatic Pin Updates - 4ce69c4 Add support for services in ingress rules - 14b1463 Only collect WireGuard prom stats when enabled (#3052) (#3057) - 69d9bd5 Fix Windows FV test assertion - 573de65 Update member filtering to handle IP+port type IP set members - 65feb68 Use alias'd type - b3a180c Show more context on kubectl failure in windows FV tests - 06c8a04 Update test to use nginx-b - 488ea31 Revert "[release-v3.21] Semaphore Auto Pin Update" - 3874ff3 Manually update pins
PreviousNext