New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
v1.13 Backports 2023-05-16 #25503
v1.13 Backports 2023-05-16 #25503
Conversation
[ upstream commit 6878133 ] In the K8sDatapathConfig tests "echo-svc" deployment Pods are failing to terminate while waiting to terminate all Pods. These come from a deployment, that shouldn't be applied in this suite. Presumably failure to delete is being cause by the Deployment controller restarting the Pods as they're deleted. To try to fix this, going to wait for applied yamls in K8sServices to be fully deleted, including finalizers. Addresses: #25255 Signed-off-by: Tom Hadlaw <tom.hadlaw@isovalent.com> Signed-off-by: Gilberto Bertin <jibi@cilium.io>
[ upstream commit 0112ddb ] Add missing 'sudo' commands so that this can be run from a shell in a dev VM to launch a local cilium agent in docker. Only install the bpf mount unit to systemd if not already mounted. This avoids error message like this: Unit sys-fs-bpf.mount has a bad unit file setting With these changes Cilium agent can be compiled and launced in docker, assuming the VM hostname does NOT include "k8s", like so: $ SKIP_TEST_IMAGE_DOWNLOAD=1 VMUSER=${USER} PROVISIONSRC=test/provision test/provision/compile.sh After this 'docker ps' should show a "cilium" container. This can be used, for example to quickly run Cilium agent locally to observer agent startup and exit logs via 'docker logs cilium -f' when stopping cilium with 'docker stop cilium'. Signed-off-by: Jarno Rajahalme <jarno@isovalent.com> Signed-off-by: Gilberto Bertin <jibi@cilium.io>
[ upstream commit f601b4c ] We're returning a DROP reason, but nothing outside do_netdev() creates the corresponding drop notification from it. Signed-off-by: Julian Wiedmann <jwi@isovalent.com> Signed-off-by: Gilberto Bertin <jibi@cilium.io>
098daa1
to
c4c4725
Compare
[ upstream commit 9788f53 ] do_netdev_encrypt_encap() can return various errors, but its caller doesn't raise the corresponding drop notification. Also clean up the one case in do_netdev_encrypt_encap() where we currently *do* raise a drop notification. Signed-off-by: Julian Wiedmann <jwi@isovalent.com> Signed-off-by: Gilberto Bertin <jibi@cilium.io>
[ upstream commit e92863c ] __encap_and_redirect_with_nodeid() expects the caller to handle this check. Otherwise we end up encapsulating with an OuterDstIP of 0.0.0.0. I looked at all the other users, looks like this was the only one missing. Signed-off-by: Julian Wiedmann <jwi@isovalent.com> Signed-off-by: Gilberto Bertin <jibi@cilium.io>
[ upstream commit c058e9b ] Align with all the other error paths in tail_handle_arp() and raise a drop notification on error. This function is executed as a tail-call, so there's no surrounding code that would do this for us otherwise. Signed-off-by: Julian Wiedmann <jwi@isovalent.com> Signed-off-by: Gilberto Bertin <jibi@cilium.io>
[ upstream commit b96624d ] Add an error path for the from-netdev program that handles the missing drop notification. backporting conflicts: * bpf/bpf_host.c: some conflicts in cil_from_netdev as that function differs quite a bit in v1.13 Signed-off-by: Julian Wiedmann <jwi@isovalent.com> Signed-off-by: Gilberto Bertin <jibi@cilium.io>
c4c4725
to
4387482
Compare
[ upstream commit 800c7ef ] Signed-off-by: Akhil Velagapudi <4@4khil.com> Signed-off-by: Gilberto Bertin <jibi@cilium.io>
4387482
to
59d5b90
Compare
/test-backport-1.13 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
My changes look good
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
bpf: add missing drop notifications #25183 (@julianwiedmann)
* warning quite some conflicts here in `bpf/bpf_host.c`, documented in the individual commits, review it carefully
I found only one commit that mentioned a conflict, and the resolution there looks good. The other commits look good too :). Thank you!
sorry, realized only afterwards that the other 2 conflicting commits ended up being empty :disappear: |
bpf/bpf_host.c
, documented in the individual commits, review it carefullyPRs skipped due to conflicts:
Once this PR is merged, you can update the PR labels via:
or with