From 5528b0055580c9cc27d4f9f65ed9af464f7aad4d Mon Sep 17 00:00:00 2001
From: Shaun Crampton <shaun@tigera.io>
Date: Thu, 16 Nov 2023 17:04:15 +0000
Subject: [PATCH] Fix incorrect cleanup of policy maps.

We would always clean up entries in the XDP map,
not the TC map when a device was removed.
---
 felix/dataplane/linux/bpf_ep_mgr.go | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/felix/dataplane/linux/bpf_ep_mgr.go b/felix/dataplane/linux/bpf_ep_mgr.go
index d5d582d3ef6..bb45fb383f1 100644
--- a/felix/dataplane/linux/bpf_ep_mgr.go
+++ b/felix/dataplane/linux/bpf_ep_mgr.go
@@ -1124,13 +1124,19 @@ func (m *bpfEndpointManager) syncIfStateMap() {
 				// about as we will not hear about that device again.
 				for _, fn := range []func() int{
 					v.XDPPolicy,
+				} {
+					if idx := fn(); idx != -1 {
+						_ = jumpMapDeleteEntry(m.bpfmaps.XDPJumpMap, idx)
+					}
+				}
+				for _, fn := range []func() int{
 					v.IngressPolicy,
 					v.EgressPolicy,
 					v.TcIngressFilter,
 					v.TcEgressFilter,
 				} {
 					if idx := fn(); idx != -1 {
-						_ = jumpMapDeleteEntry(m.bpfmaps.XDPJumpMap, idx)
+						_ = jumpMapDeleteEntry(m.bpfmaps.JumpMap, idx)
 					}
 				}
 			} else {