v1.13 Backports 2023-05-16 #25503
Merged
v1.13 Backports 2023-05-16 #25503
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
jibi
added
kind/backports
[ upstream commit 6878133 ] In the K8sDatapathConfig tests "echo-svc" deployment Pods are failing to terminate while waiting to terminate all Pods. These come from a deployment, that shouldn't be applied in this suite. Presumably failure to delete is being cause by the Deployment controller restarting the Pods as they're deleted. To try to fix this, going to wait for applied yamls in K8sServices to be fully deleted, including finalizers. Addresses: #25255 Signed-off-by: Tom Hadlaw <tom.hadlaw@isovalent.com> Signed-off-by: Gilberto Bertin <jibi@cilium.io>
[ upstream commit 0112ddb ] Add missing 'sudo' commands so that this can be run from a shell in a dev VM to launch a local cilium agent in docker. Only install the bpf mount unit to systemd if not already mounted. This avoids error message like this: Unit sys-fs-bpf.mount has a bad unit file setting With these changes Cilium agent can be compiled and launced in docker, assuming the VM hostname does NOT include "k8s", like so: $ SKIP_TEST_IMAGE_DOWNLOAD=1 VMUSER=${USER} PROVISIONSRC=test/provision test/provision/compile.sh After this 'docker ps' should show a "cilium" container. This can be used, for example to quickly run Cilium agent locally to observer agent startup and exit logs via 'docker logs cilium -f' when stopping cilium with 'docker stop cilium'. Signed-off-by: Jarno Rajahalme <jarno@isovalent.com> Signed-off-by: Gilberto Bertin <jibi@cilium.io>
[ upstream commit f601b4c ] We're returning a DROP reason, but nothing outside do_netdev() creates the corresponding drop notification from it. Signed-off-by: Julian Wiedmann <jwi@isovalent.com> Signed-off-by: Gilberto Bertin <jibi@cilium.io>
jibi
force-pushed
the
pr/v1.13-backport-2023-05-16
branch
from
098daa1
to
c4c4725
Compare
[ upstream commit 9788f53 ] do_netdev_encrypt_encap() can return various errors, but its caller doesn't raise the corresponding drop notification. Also clean up the one case in do_netdev_encrypt_encap() where we currently *do* raise a drop notification. Signed-off-by: Julian Wiedmann <jwi@isovalent.com> Signed-off-by: Gilberto Bertin <jibi@cilium.io>
[ upstream commit e92863c ] __encap_and_redirect_with_nodeid() expects the caller to handle this check. Otherwise we end up encapsulating with an OuterDstIP of 0.0.0.0. I looked at all the other users, looks like this was the only one missing. Signed-off-by: Julian Wiedmann <jwi@isovalent.com> Signed-off-by: Gilberto Bertin <jibi@cilium.io>
[ upstream commit c058e9b ] Align with all the other error paths in tail_handle_arp() and raise a drop notification on error. This function is executed as a tail-call, so there's no surrounding code that would do this for us otherwise. Signed-off-by: Julian Wiedmann <jwi@isovalent.com> Signed-off-by: Gilberto Bertin <jibi@cilium.io>
[ upstream commit b96624d ] Add an error path for the from-netdev program that handles the missing drop notification. backporting conflicts: * bpf/bpf_host.c: some conflicts in cil_from_netdev as that function differs quite a bit in v1.13 Signed-off-by: Julian Wiedmann <jwi@isovalent.com> Signed-off-by: Gilberto Bertin <jibi@cilium.io>
jibi
force-pushed
the
pr/v1.13-backport-2023-05-16
branch
from
c4c4725
to
4387482
Compare
[ upstream commit 800c7ef ] Signed-off-by: Akhil Velagapudi <4@4khil.com> Signed-off-by: Gilberto Bertin <jibi@cilium.io>
jibi
force-pushed
the
pr/v1.13-backport-2023-05-16
branch
from
4387482
to
59d5b90
Compare
|
/test-backport-1.13 |
julianwiedmann
approved these changes
May 17, 2023
There was a problem hiding this comment.
bpf: add missing drop notifications #25183 (@julianwiedmann)
* warning quite some conflicts here in `bpf/bpf_host.c`, documented in the individual commits, review it carefully
I found only one commit that mentioned a conflict, and the resolution there looks good. The other commits look good too :). Thank you!
sorry, realized only afterwards that the other 2 conflicting commits ended up being empty :disappear: |
tommyp1ckles
approved these changes
May 18, 2023
This was referenced Jun 9, 2023
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
bpf/bpf_host.c, documented in the individual commits, review it carefullyPRs skipped due to conflicts:
Once this PR is merged, you can update the PR labels via:
or with