Use upstream hcsshim instead of fork

cni-plugin/internal/pkg/utils/hcn/hcn_windows.go

@@ -12,7 +12,7 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.
 
-// This package re-exports the HCN API as a struct sot that it can be shimmed and UTs can run on Linux.
+// This package re-exports the HCN API as a struct so that it can be shimmed and UTs can run on Linux.
 package hcn
 
 import realhcn "github.com/Microsoft/hcsshim/hcn"

felix/dataplane/windows/endpoint_mgr.go

@@ -84,7 +84,6 @@ type endpointManager struct {
 type hnsInterface interface {
 	GetHNSSupportedFeatures() hns.HNSSupportedFeatures
 	HNSListEndpointRequest() ([]hns.HNSEndpoint, error)
-	GetAttachedContainerIDs(endpoint *hns.HNSEndpoint) ([]string, error)
 }
 
 func newEndpointManager(hns hnsInterface, policysets policysets.PolicySetsDataplane) *endpointManager {
@@ -192,15 +191,7 @@ func (m *endpointManager) RefreshHnsEndpointCache(forceRefresh bool) error {
 		// Some CNI plugins do not clear endpoint properly when a pod has been torn down.
 		// In that case, it is possible Felix sees multiple endpoints with the same IP.
 		// We need to filter out inactive endpoints that do not attach to any container.
-		containers, err := m.hns.GetAttachedContainerIDs(&endpoint)
-		if err != nil {
-			log.WithFields(log.Fields{
-				"id":   endpoint.Id,
-				"name": endpoint.Name,
-			}).Warn("Failed to get attached containers")
-			continue
-		}
-		if len(containers) == 0 {
+		if len(endpoint.SharedContainers) == 0 {
 			log.WithFields(log.Fields{
 				"id":   endpoint.Id,
 				"name": endpoint.Name,

felix/dataplane/windows/hns/hns_linux.go

@@ -46,18 +46,19 @@ type PolicyType string
 
 // RequestType const
 const (
-	Nat                  PolicyType = "Nat"
+	Nat                  PolicyType = "NAT"
 	ACL                  PolicyType = "ACL"
 	PA                   PolicyType = "PA"
 	VLAN                 PolicyType = "VLAN"
 	VSID                 PolicyType = "VSID"
-	VNet                 PolicyType = "VNet"
+	VNet                 PolicyType = "VNET"
 	L2Driver             PolicyType = "L2Driver"
 	Isolation            PolicyType = "Isolation"
 	QOS                  PolicyType = "QOS"
-	OutboundNat          PolicyType = "OutboundNat"
-	ExternalLoadBalancer PolicyType = "ExternalLoadBalancer"
-	Route                PolicyType = "Route"
+	OutboundNat          PolicyType = "OutBoundNAT"
+	ExternalLoadBalancer PolicyType = "ELB"
+	Route                PolicyType = "ROUTE"
+	Proxy                PolicyType = "PROXY"
 )
 
 // Not currently used on Linux...
@@ -75,6 +76,8 @@ const (
 //type PaPolicy = hcsshim.PaPolicy
 //
 //type OutboundNatPolicy = hcsshim.OutboundNatPolicy
+//
+//type ProxyPolicy = hcsshim.ProxyPolicy
 
 type ActionType string
 type DirectionType string
@@ -111,27 +114,35 @@ type ACLPolicy struct {
 }
 
 type Policy struct {
+	Type PolicyType `json:"Type"`
 }
 
 // Types from hnsendpoint.go.
 
 // HNSEndpoint represents a network endpoint in HNS
 type HNSEndpoint struct {
-	Id                 string
-	Name               string
-	VirtualNetwork     string
-	VirtualNetworkName string
-	Policies           []json.RawMessage
-	MacAddress         string
-	IPAddress          net.IP
-	DNSSuffix          string
-	DNSServerList      string
-	GatewayAddress     string
-	EnableInternalDNS  bool
-	DisableICC         bool
-	PrefixLength       uint8
-	IsRemoteEndpoint   bool
-	// Namespace          *Namespace
+	Id                 string            `json:"ID,omitempty"`
+	Name               string            `json:",omitempty"`
+	VirtualNetwork     string            `json:",omitempty"`
+	VirtualNetworkName string            `json:",omitempty"`
+	Policies           []json.RawMessage `json:",omitempty"`
+	MacAddress         string            `json:",omitempty"`
+	IPAddress          net.IP            `json:",omitempty"`
+	IPv6Address        net.IP            `json:",omitempty"`
+	DNSSuffix          string            `json:",omitempty"`
+	DNSServerList      string            `json:",omitempty"`
+	DNSDomain          string            `json:",omitempty"`
+	GatewayAddress     string            `json:",omitempty"`
+	GatewayAddressV6   string            `json:",omitempty"`
+	EnableInternalDNS  bool              `json:",omitempty"`
+	DisableICC         bool              `json:",omitempty"`
+	PrefixLength       uint8             `json:",omitempty"`
+	IPv6PrefixLength   uint8             `json:",omitempty"`
+	IsRemoteEndpoint   bool              `json:",omitempty"`
+	EnableLowMetric    bool              `json:",omitempty"`
+	//Namespace          *Namespace        `json:",omitempty"`
+	EncapOverhead    uint16   `json:",omitempty"`
+	SharedContainers []string `json:",omitempty"`
 }
 
 // ApplyACLPolicy applies a set of ACL Policies on the Endpoint
@@ -148,7 +159,3 @@ func (a API) GetHNSSupportedFeatures() HNSSupportedFeatures {
 func (a API) HNSListEndpointRequest() ([]HNSEndpoint, error) {
 	return nil, nil
 }
-
-func (_ API) GetAttachedContainerIDs(endpoint *HNSEndpoint) ([]string, error) {
-	return nil, nil
-}

felix/dataplane/windows/hns/hns_windows.go

@@ -104,7 +104,3 @@ func (_ API) GetHNSSupportedFeatures() HNSSupportedFeatures {
 func (_ API) HNSListEndpointRequest() ([]HNSEndpoint, error) {
 	return hcsshim.HNSListEndpointRequest()
 }
-
-func (_ API) GetAttachedContainerIDs(endpoint *HNSEndpoint) ([]string, error) {
-	return endpoint.GetAttachedContainerIDs()
-}

go.mod

@@ -4,7 +4,7 @@ go 1.21
 
 require (
 	github.com/BurntSushi/toml v1.3.2
-	github.com/Microsoft/hcsshim v0.8.25
+	github.com/Microsoft/hcsshim v0.11.4
 	github.com/apparentlymart/go-cidr v1.1.0
 	github.com/aws/aws-sdk-go-v2 v1.21.0
 	github.com/aws/aws-sdk-go-v2/config v1.18.39
@@ -118,7 +118,7 @@ require (
 	github.com/Azure/go-autorest/tracing v0.6.0 // indirect
 	github.com/GoogleCloudPlatform/k8s-cloud-provider v1.18.1-0.20220218231025-f11817397a1b // indirect
 	github.com/JeffAshton/win_pdh v0.0.0-20161109143554-76bb4ee9f0ab // indirect
-	github.com/Microsoft/go-winio v0.4.17 // indirect
+	github.com/Microsoft/go-winio v0.6.1 // indirect
 	github.com/NYTimes/gziphandler v1.1.1 // indirect
 	github.com/StackExchange/wmi v0.0.0-20181212234831-e0a55b97c705 // indirect
 	github.com/alessio/shellescape v1.4.1 // indirect
@@ -141,11 +141,12 @@ require (
 	github.com/cenkalti/backoff/v4 v4.2.1 // indirect
 	github.com/cespare/xxhash/v2 v2.2.0 // indirect
 	github.com/checkpoint-restore/go-criu/v5 v5.3.0 // indirect
-	github.com/cilium/ebpf v0.7.0 // indirect
+	github.com/cilium/ebpf v0.9.1 // indirect
 	github.com/cncf/xds/go v0.0.0-20230607035331-e9ce68804cb4 // indirect
-	github.com/containerd/cgroups v1.0.1 // indirect
+	github.com/containerd/cgroups v1.1.0 // indirect
 	github.com/containerd/console v1.0.3 // indirect
-	github.com/containerd/ttrpc v1.1.0 // indirect
+	github.com/containerd/containerd v1.6.23 // indirect
+	github.com/containerd/ttrpc v1.1.2 // indirect
 	github.com/coreos/go-iptables v0.6.0 // indirect
 	github.com/coreos/go-systemd/v22 v22.4.0 // indirect
 	github.com/cpuguy83/go-md2man/v2 v2.0.2 // indirect
@@ -187,10 +188,10 @@ require (
 	github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0 // indirect
 	github.com/grpc-ecosystem/grpc-gateway/v2 v2.16.0 // indirect
 	github.com/gruntwork-io/go-commons v0.8.0 // indirect
-	github.com/hashicorp/errwrap v1.0.0 // indirect
-	github.com/hashicorp/go-multierror v1.1.0 // indirect
+	github.com/hashicorp/errwrap v1.1.0 // indirect
+	github.com/hashicorp/go-multierror v1.1.1 // indirect
 	github.com/hashicorp/hcl v1.0.0 // indirect
-	github.com/imdario/mergo v0.3.11 // indirect
+	github.com/imdario/mergo v0.3.12 // indirect
 	github.com/inconshreveable/mousetrap v1.1.0 // indirect
 	github.com/jmespath/go-jmespath v0.4.0 // indirect
 	github.com/josharian/intern v1.0.0 // indirect
@@ -221,7 +222,7 @@ require (
 	github.com/opencontainers/go-digest v1.0.0 // indirect
 	github.com/opencontainers/runc v1.1.6 // indirect
 	github.com/opencontainers/runtime-spec v1.0.3-0.20220909204839-494a5a6aca78 // indirect
-	github.com/opencontainers/selinux v1.10.0 // indirect
+	github.com/opencontainers/selinux v1.10.1 // indirect
 	github.com/pelletier/go-toml v1.9.5 // indirect
 	github.com/pelletier/go-toml/v2 v2.1.0 // indirect
 	github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect
@@ -240,7 +241,7 @@ require (
 	github.com/stretchr/testify v1.8.4 // indirect
 	github.com/subosito/gotenv v1.6.0 // indirect
 	github.com/syndtr/gocapability v0.0.0-20200815063812-42c35b437635 // indirect
-	github.com/urfave/cli v1.22.2 // indirect
+	github.com/urfave/cli v1.22.4 // indirect
 	github.com/vishvananda/netns v0.0.2 // indirect
 	github.com/vmware/govmomi v0.30.0 // indirect
 	go.opencensus.io v0.24.0 // indirect
@@ -279,7 +280,7 @@ require (
 	k8s.io/cloud-provider v0.27.6 // indirect
 	k8s.io/component-helpers v0.27.6 // indirect
 	k8s.io/controller-manager v0.27.6 // indirect
-	k8s.io/cri-api v0.0.0 // indirect
+	k8s.io/cri-api v0.25.0 // indirect
 	k8s.io/csi-translation-lib v0.27.6 // indirect
 	k8s.io/dynamic-resource-allocation v0.27.6 // indirect
 	k8s.io/gengo v0.0.0-20220902162205-c0856e24416d // indirect
@@ -297,8 +298,6 @@ require (
 )
 
 replace (
-	github.com/Microsoft/hcsshim => github.com/projectcalico/hcsshim v0.8.9-calico
-
 	github.com/projectcalico/api => ./api
 
 	k8s.io/api => k8s.io/api v0.27.6