Tags: misi/felix
Tags
- 251a82e BPF: Change data interface regex to avoid EKS workloads - 08988ab Add knobs to disable adding encap drop rules from workloads (projectcalico#2484) (projectcalico#2486)
- 90fa8f4 Add knobs to disable adding encap drop rules from workloads (… …projectcalico#2484) (projectcalico#2487)
- 1f85a16 Changes to send ICMP port unreachable if there is a service… … without backend 1) Modified the ICMP replies to a new BPF section 2) When there is no NAT backend, send a port unreachable similar to kube-proxy - abb430a UT cases for ICMP port unreachable - b803537 Alignment changes - 018a997 Alignment changes - 94bc53d Code reorganization - deecd64 bpf: Map.Iter() uses bpf.GetMapNextKey syscall - d4a0eac bpf_route_mgr needs to call ensureDataplaneInitialised() earlier - 6b39238 bpf: LivenessScanner only deletes the current key - d8fbce0 bpf: bpf.Map.Open() opens map without creating it - 781f683 Adding more WireGuard FVs (projectcalico#2362) - c30baf5 Semaphore Automatic Update - a8e2186 Added a new FV test to verify icmp port unreachable - a891eaa Fix flake in config FV test. - e96a90b Make race detector optional. Enable by default. - fc70e02 Free up space on the build machine as recommended by Semaphore support. - f14d58b bpf: update a comment in conntrack cleaner - 726f58d fv: AutoHEPsEnabled mimics AutoHEPs in fv infra - 7569e6f Semaphore Automatic Update - 8c73359 Changes to FV test to test for error message(connection refused) when trying to make a connection to service without backend. - d77dd14 Keep qdisc between program updates. - 134fc20 Fix up UTs. - 37175de sending error as a response from test-connection - b3798eb bpf/proxy: ServicePort deep equal - f9863a5 Minor changes to fv tests - 6ada537 bpf/proxy: calculate active endpoints for conntrack cleaning - 4428d7f bpf: functions for creating various conntrack values - 3132d80 bpf/proxy/tests: _ vars into camel - b28407e bpf/proxy: nat.BlackHoleCount is uint32 - 657d18f bpf/proxy: syncer cleans up conntrack - a923e74 bpf/fv: test nodeport connectivity from host networked pods - 8c84d56 bpf: generic conntrack Scanner - 9bc613a bpf: move conntrack cleaning from proxy to conntrack pkg - c4c437c Semaphore Automatic Update - 143a158 Review comments on FV tests - e46e192 Added ExpectNoConnectivity method - e3a1788 Update policy program without replacing whole program. - f696cf0 Markups. - 9f23b45 Fix collision of ingress/egress FDs. - 3390b96 Markups. - a54de01 bpf: conntrack cleaning only in kube-proxy - 19f0aaa bpf/proxy: Avoid mangling []string by sort in ServicePortEqual - cb156b1 bpf/conntrack: typos and minor fixes - a48a8bd Fix up formatting and make sure protobuf file gets formatted. - 1e94213 Markups. - 4cd77b3 fv: ExpectConnectivity takes ports as an option - 5c63e4e fv: ExpectConnectivity is a universal expectation - d265d41 Remove FORCE_WIREGUARD_FV - d2373d5 Update semaphore job name - 896994f Fix typo - 4cc28d7 bpf/proxy: remove StaleUDPSvcs from state - 96e9f5a bpf/proxy: checkState checks "eventually" - 7c8777e Make --random-fully configurable for MASQUERADE - bdb508c New FV tests to test service type changes - a9f5dfd Remove compiler logic that is now unused - 20ede0f Updated fv tests - bd61e08 Add BPF dataplane support for Wireguard - d4c9592 bpf: reduced allocations in map related syscalls - 85d3b11 FeatureDetectOverrides structure added - cb4d1e6 Handle FeatureDetectOverride and added some unit-tests - 7bb5fe7 FV: Print container log lines without additional log header - 128ec59 UT for service type changes - 3666b14 Error handling when updating service - 331f8e4 Add a IptablesFeatureDetectOverride config parameter - fdb823b Clean up of UT - 1364845 Param IptablesFeatureDetectOerride -> FeatureDetectOerride - ea6e48c Revert "Make --random-fully configurable for MASQUERADE" - c7ff860 Removed the feature-override pre-check - 5ff9d1d bpf/proxy: syncer startup benchmark - 914c69d bpf/proxy: pushing startup resync from O(n^2) towards O(n) - 4856963 benchamark build tag - ee2def1 bpf/proxy: add some startupSync() related comments - 1e90aec bpf/proxy: rename vars in matchBpfSvc() for clarity - 7612872 bpf/proxy: startupBuildPrev preallocs eps arrays - 7cf318a fv: dumpNATmaps executes in parallel - 2692b08 Adding support to detect RHEL with kernel version 4.18.0 - 7181db6 Removing unused variable - f3b1095 Run the FV tests for TCP as this test is not impacted by the protocol - 1e60fc1 Code restructuring and some UT - 4601698 Allow tc to run in parallel again. - 9254a43 Quieten skipped tests. - b67c21e Fix race to upadte ifaces map. - 4f968f6 Instrument FV cleanup. - 1385b0c Try k8s cleanup in parallel. - bdefdb5 Tweak API server/controller manager flags. - 68ab2e4 Increase QPS for test's clients. - e9d4066 Handle cluster role being auto-created. - b028a96 Start felix nodes in parallel. - 33d1b70 Improve diabs when a command fails. - b113014 Markups. - 4743b60 Added support to compare version strings with a suffix - bbb8ea1 Add FV tests for WireGuard host to workload - 31b3fb6 Review markups - c250a10 Add a KeyValue list parse function - 98ee419 Replace the FeatureDetectOverrides scruct with a map[string]string - 5e6bb27 make fix - 641f2df Add benchmarks for named port index. - ab6b8e7 Accept empty items, e.g tailing "," - 111f5b7 Added a KeyValueListParam type with validation - a8d96b8 Switch from Skip to conditional test definitions. - e268234 Removing hasi-corp library and using our own Versionparse library - 0dc7a78 Changes to remove hashi-corp library - e568428 Remove unnecessary pointer to map[string]string - d5cd2b3 Allow empty values - 04c4c54 Back out parallel cleanup. - 6042e56 Run a stripe of BPF tests with Wireguard as well - 5b36706 Fix IPAM -> BGP typo/misunderstanding - e6ffc32 Addressed review comments - 1b1a084 Move regex parse outside the function - d7b95bc Integrate Wireguard FVs into main FV runs, including BPF - 5c35c74 Restore running Wireguard FV tests without BPF - 640b6bf Check that Wireguard is NOT available on the normal Semaphore VM - 4a25224 Review markup: comment for wireguard check - a6a6ad4 Corrected issues found by "make static-checks" - 7bebfec Simplify FIB lookup logic. - 33dbb55 Support for appending and inserting chains in iptables dataplane - 93aaaf4 Markups. - 1c0b834 Add more jobs to new-kernel FVs and reduce normal FVs. - d1fa4fa Squash spammy wireguard log. - 51f015a Removed the "local" flag for FeatureDetectOverride - 5f2a3c9 Updated go.mod, go.sum - 9df492d Move policy acceptance to end of the filter table forward chain - 8cb9975 Semaphore Automatic Update - 47bc54b Add AWS source-destination-check handling (projectcalico#2381) - 540c456 Semaphore Automatic Update - 32d96f9 Rename time shim; avoid name clash with real time package. - aac1aaa Rename netlink shim to avoid name clashes. - 5905808 Markups - c728a72 Rate-limit jump map cleanups. - c006b91 Add FV for jump map cleanup. - 192450d Markups - d959a12 Only enable verifier log for post-failure retry - b8309ff Update Dockerfile.s390x - 51bfa0e Markups. - e52916c Add (currently failing) FV test for pre-datastore connectivity. - 1046210 Add constants for mark bits. - 90d71be Adjust mark bits to give clean seen/bypass bits. - 50e49b9 Block traffic to unknown workloads. - 7e1057a Format code. - 944e498 Markups. - dc3bb62 Make nat outgoing a "bypass" mark. - 0f188b7 Catch background goroutine assert. - a3e3bb3 Fix logic for removing happy WEPs. - 3763aca Test fix: wait longer for jump map cleanup. - 7e751aa Add config param to control the interface monitor's resync interval. - 57ca7aa Semaphore Automatic Update - 4da5282 Remove inconsistency in map presence checks. - c30cee1 Refactor BPF endpoint manager to handle workload cleanup. - 7f68f3b Clean up struct naming, fix lint. - 63122e1 Check that BPF program is still valid on each policy update. - 0cb08d9 Add FV test for recreating interface. - 864ec2c bpf: CALI_F_L3 unifies WG nad IPIP egress - cf3ccc7 bpf/ut: test compile/load wireguard prog versions - 05ca05e bpf/fv: do not test 2 tunnels at the same time - ffcbd31 bpf: skb_iphdr() also prints IP id - 506d8ef bpf/fv: fix AutoHEPs for wireguard tests - 97ec8d7 bpf/fv: fix expected host IP with wireguard - 4e48dce BPF syncer changes for LoadBalancer - e3f723b Changes to handle LoadBalancerIPStrings as a derived service - fd555a5 Semaphore Automatic Update - e524812 Updated the UT for external Ip and LB IP strings - d5351fd Removing comments - c9107ea Changes to fix wireguard ci failure - 6c1944e Update .semaphore/semaphore.yml - 6f6dcbf Addressed review comments - d53db57 Upgrade to golang 1.14 - 1906fae Changing the LB src range UT to test with extIP and lbIP - 6ada670 Remove vendor dir if it exists on clean - 6944e18 bpf/proxy: benchmark proxy golang part - f0cd537 bpf: BenchmarkServiceUpdate for single service update - 34b16ac bpf/proxy: less evaluations/allocs for debug prints - 50f9087 bpf/proxy: remove unused code in benchmark - f2ef9b3 Semaphore Automatic Update - ebe17e9 Add map iterator - ae1816d PRe-alloc attrs. - 7cbd8c6 Use return code from map iterator to control deletion. - 8f6db39 Fix bpf syscall stub. - 321a19c Fix a couple of missed refactoring updates. - 5113e26 more proxy tests - 89772e7 bpf/proxy: start with preallocated newSvc/EpsMap - f9ed481 Semaphore Automatic Update - 4ae0951 Fiux shadowing of variable, and add test for iterator action return value. - 697c80e Cleanups. - a8d39c9 Fix up mock maps. - 8456d32 Cache kernel time lookups. Was spending a lot of time in ClockGettime. - 933bf65 Avoid more debug allocations. - 6517200 Batch iteration in cgo function. - cd41c59 Remove unused map iteration variants. - b9ce9e8 bpf/proxy: remove the build benchmark tag - a4bf4bb bpf/proxy: check errors in Benchmarks - 7abe6ef Semaphore Automatic Update - ca3e53b Fix up conntrack UTs; move to timeshim. - 417c731 More UT fixes. - b56a54b Fix race between interface deletion and cleanup. - 09177c3 Fix missing return. - 9484584 Add silent retry for loading BPF program. - d580283 Improve tc error handling to handle non-existent interfaces gracefully. - 1f3a325 Avoid race between attaching qdiscs. - 9c2472f bpf/proxy: syncer tests with maps and service types - aefd38b bpf/proxy: preallocate slices if we know their size - 0abce35 bpf/proxy: do not update unchanged services - a685332 bpf/proxy: do not overwrite derived if unchanged - 364e976 bpf/proxy test remove benchSyncer from syncer tests - 4b3f165 bpf/prox: benchmak Fix nodeport allocation - c79ea20 Semaphore Automatic Update - cb49d31 Added windows code and fix copyright. - 5f26748 Markups. - cd6ee8a Remove !windows build tag for bpf files - f3cb36b Reduce log spam from missing interfaces. - 5c95883 Fix slow retries in route_table and finesse logging. - 677e238 Fix that profile refs weren't cleaned up when removing endpoint. - 2eaef06 Avoid spammy VXLAN-configured log. - 7e25327 Downgrade route table "not out route" log. - ffc8522 Suppress conntrack cleanup errors when no flows are found. - 32fc92f Avoid error logs when interface is deleted while searching for its jump map. - 36551ef Downgrade error log within BPF prog load retry loop. - 353f749 Markups. - 56a4178 REmove duplicate check, log out conntrack's actual error. - c168b4b Only log final conntrack dleetion attempt above Debug. - ce9e422 Optimise conntrack command execution. - fd30908 Reduce severity and improve active rule calc's missing profile log. - 67bc167 Restrict parallelism when applying BPF programs. - 4af1b3c Beef up bpf syscall retry. - 973c7e4 Downgrade status combiner log; spammy when interface is removed. - 5020ef1 Detect another possible tc error output. - 6d5caa7 Fix that async calc graph could fail its watchdog if dataplane stalled - e8dc0dc bpf/ut: fix TestMapIterWithDelete* - d5029f3 add MapIteratorNumKeys to !cgo to pass linter - 7999714 applySvc - make error always the last return val - ea91da0 serviceEpsEqual in O(n) with O(n^2) fallback. - e9ceea6 Semaphore Automatic Update - dd0adc7 Fix leaks of BPF map and program FDs. - 06482d8 Fix that state of interface wasn't written back if info didn't change. - 363e197 bpf/conntrack: fix assumed ordering in NewStaleNATScanner - 1a40784 bpf/proxy: Conntrack cleaner runns immediately after sync up - 5c97f34 bpf/proxy: run liveness scanner immediately - 9a60ba2 Semaphore Automatic Update - 949833c Merge pull request projectcalico#2457 from fasaxc/fix-cleanup-race - 3710cbc Merge pull request projectcalico#2456 from tomastigera/tomas-allow-to-host - a7ab3b8 Merge pull request projectcalico#2458 from fasaxc/fix-cleanup-race - c68a6e1 Merge pull request projectcalico#2459 from fasaxc/fix-cleanup-race - ae74655 Pin back to release-v3.6 typha and libcalico-go. - 62d29bc Do a bpf_skb_pull_data is skb is too short. - d8393ca Try to pull enough data for TCP. - c81c43a Markups. - 138b607 bpf/proxy: stopExpandNPFixup only if runExpandNPFixup - 562990a bpf/proxy: ignore bpf deletes ENOENT errors - 09b99aa Actually check bpf map deletion result. - 08ffabd Merge pull request projectcalico#2463 from song-jiang/song-fix-ep - 4fd7f7f Update pins (projectcalico#2474) - 99825c3 Fix policy updates for Windows dataplane. - 739e50a Log out k8s connection params, used in BPF mode. - dafee87 Update pins (projectcalico#2478)
PreviousNext