-
Notifications
You must be signed in to change notification settings - Fork 2.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
datapath: report distinct drop reason for missed endpoint policy tailcall #32151
Conversation
/test |
The broader idea here is to isolate what kind of missed tailcall we're still seeing in CI, and make it possible to allow-list only Will probably have to backport for v1.15 as well to get reasonable CI feedback from the upgrade workflows. |
58ca733
to
287d399
Compare
/test |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Perfect, thank you!
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
API changes are good to go, thanks!
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hubble bits LGTM
…call Make it easier to differentiate between (1) a missed program-internal tailcall (as reported by tail_call_internal()) that indicates a bug in how the agent loads the BPF program, and (2) a missed tailcall to some endpoint's policy program, that can also occur due to inherent race conditions for packets that are in-flight while an endpoint is being terminated. Signed-off-by: Julian Wiedmann <jwi@isovalent.com>
Ensure that the callers handle errors, and specify a more fine-grained drop reason. Signed-off-by: Julian Wiedmann <jwi@isovalent.com>
287d399
to
fb8562c
Compare
(rebase to resolve conflict in generated api) |
/test |
Improve the reporting of missed tailcalls for policy programs. While any missed tailcall in the program-internal flow (ie what's driven by
tail_call_internal()
) points at a genuine loader bug, the policy tailcalls need to deal with race conditions due to eg terminating endpoints. Having distinct drop reasons makes it easier to diagnose the specific drop, and potentially allow-list them.