Skip to content
v3.13.0-felix
default avatar
casey@tigera.io
30c47af5 · Merge pull request #2227 from fasaxc/v3.13-gc-maps · 
- ef113ab99bd54fbd6cfd67de119144fde50e5bdb Experimental Semaphore v2 manifest.
- eea1430694df6b14cc800ea21213cf9aaa276e01 Add go module cache to semaphore.
- 0debe454786238d3f0d245eb16cb67cba354ba4a Restore cache on test runners.
- f752434bcbc44d5310f287c95f8ea40f57dd4403 Pin packr to v2.5.2.
- 0b2382ef62a4f27a030f81642d05de7a5db9a021 Report liveness from various loops.
- 32a6c175a57f4492f0cd7ee29cde30c9c4023dda Markups.
- bf27c8a4e8c0eaaa9ce37285a3226fe881b86d1e Semaphore Automatic Update
- 940c34b329a9329ffb41213eadc38a776eb02715 BPF dataplane prototypes.
- d197e1e9401feb5c96a0165c15cff648c35f2959 Make up XDP make target
- bfcbd360e205c8732d466dd311c5705ea3e56344 Remove dependency on clang builder docker image.
- 57b2456a62622d233f6c87107d461c1742e1c109 WiP on implementing named ports.  Passes some tests but not all.
- 8588e2bf467b3cc778a7fcc85405ffb707c94dc8 Do BPF program creation in parallel.
- cb456ec0c1754c9abcc4237f006ffcddf6f6d10e Fix up latency FV to watch BPF IP sets.
- 42205cde8a11a7f01c61114c9b2b746d61c4de4f WiP on IP set dumping tool.
- 2816ce161c44cd7a0f1c4418ca91332f3a9fdeff Fix up named port rendering: was only checking port list.
- f83c702b7e9736e7c4269544cfc238efcb35fa7a Basic FIN/RST handling.  Delete conntrack entry.
- 9f715ff7ac1c4762fda7a99f266d54761b6c28e9 WiP on calico-bpf tool.
- 9c3cf29eb548be05d520e3be546a74c18f5b8f16 Fix up program generator tests; whitelist more FV tests.
- b749d8deaa5b0fb4f6fd3e0fd22ac7cb900f20e9 Make it possible to override default env vars in FVs.
- f23b23f001585936c72264d64fbe420e9f2ca4b6 Don't do a conntrack lookup for packets that were already checked.
- 7887a9b0ee93952a54b7a5181d1de662a796a82a Clean up old prototype code.
- ee775abfa8d4a00f0d34053887d05557dda600d5 Remove unneeded protoport struct.
- 42eb992b636abe0a1bf47df838122ce4728805d1 WiP on refactoring conntrack.
- ec0941ec2a5472ab6f9788b1ea05f8e50d246f23 Update BPF mode iptables rules.
- b756e28e61fcfdb018ec6f8d4270ad3cc723c115 WiP on refactored conntrack.
- ab55dcd9e2fe7d58e8c31612dd97709485f0cc83 WiP on conntrack.
- c575518b862c983bcee7970ccfa1d0d72ae67e72 Fix race where two tc calls both created independent conntrack maps.
- ffcf31c7fa66141e7654a506757d651de0351870 Extra diags for conntrack state.
- a9f142c43893355aadf57a49b35a956fc3122575 Manually pack structs and other minor fixes.
- 5162c84a909a1ed8f1225c5bbde1a1515db2bfb0 WiP on non-TCP conntrack.
- 3dd418fd80e711e00507b2f8bce3376af1ff4ca8 Dump C program to log on failure.
- 721acf8b2f4b73864cf6bcdd5aecb9b9b3a26da1 Shorten our macro prefix.
- d43a322349d6939939c970ce02e75397a7b12ecf Disable BPF debug logging in FVs to work around program size issue.
- 9718a4ce23afd78dbda4f641786bb54b882d5e0f Get UDP conntrack working for normal flows.
- 9e4eadb5fffe1665554b94714bc861661c452906 Get UDP named ports tests working: add calico-bpf conntrack command.
- 3ec991d70f27e0e8704dbd8be0d62bbd73038703 MArk UDP named ports tests are BPF-safe
- 3339604484505ea6b372e5dc7e065adc1874b123 Tee FV log to a file.
- 18c5be7e2d8583c84a744b51b73e91a158677e1e Reduce debug logging some more, needed for ingress-egress test.
- 619ff8bc8dbea39ed5ce2443831786dc7279014f Use connectivity checker in ingress-egress tests.
- 7bfb59d9b3d093ef2eeef99ac583307844d572c1 Streamline handling of non-IPv4 packets.
- 304dcbbbd607aff2cd844f543fa043a6a85e0541 Rename map manager to bpfIPSetManager.
- 2f4cbdea4137f1740949ced1261da353f03fd1fe Add BPF NAT manager.
- e3c14cb069340bbcc838fbb20346f2c491c0dd52 NAT fixes; still not working.
- b3c2b8f8a4c8bdab1f34d01fb8e100039f516ca0 Fix NAT; track which side opened connection.
- 7ce9c26cb2bb98fdad6806fb76856cda591768b7 Fix some indentation
- bb0310f9e462950915cfc1b9babad1b260479a8f NATKey and NATBackendValue String() fix
- a65e351052bd7b7c233956e7257eada9db55926b Conntrack naming improvments and fixes.
- 26e33b2fc0a62890196039c6415c8ff9ebd8425f Rev docker base image to Debian 10 to match calico/node.
- b4f9aeeb2a6c5fbbfa1c42732b0915159626fc9c Use absolute path.
- 9800015c816852a19887991a3a0a126d65924365 bpf kube-proxy relacement internals
- 1b9c59ab9ac3f6b2788b12d56cd8c621255e981a WiP on BPF FV tests.
- 0258355282dcec08be1d6ec4c0a84ea83c79cec7 resolving version conflict of containernetworking/cni/pkg/ns
- e04aa09d807a7013caedc83dd7bde6417903e87f Disable FIB lookup if tunnel is enabled.
- 1b29215b648b4eafc16bc62e4129314dcfb4bf89 Go mod tidy
- cad0f1b2fb979da75e62d54f36e570249f6f31ee Reinstate NAT-outgoing chains in BPF mode.
- 725c1d1be64c3cc3c5ed763e8df07d2c84b98e6b Fix various BPF NAT test issues.  Still not passing...
- ff7b71769fb936791b07d51e69d6c206fe41a221 bpf NAT maps code moved to bpf/proxy/maps/maps.go
- f23dc43da7e92cc9e9ca5a9b08b0e45ab735c710 Get BPF NAT working.  Move SNAT to source workload.
- f64b8ff4db72d9ca519200468a14f03ccb463668 fix PinnedMap.Iter()'s use of bpftool
- 37d641824a07c981bb7bf83f8f867513a743e9ca Refactor BPF endpoint manager to make it easier to add non-workload interfaces.
- 373075ef4b5f849039411f95aaeaea9ea214bf07 Felix starts bpf kube-proxy
- 26afc9f712b659dd33171a8009d61987b11f7bf7 Remove old code.
- 351d75a4a1c313727d8b7321f0762ca490a1131d more logging
- 23b3d54723b9da2e0865a530e0d32d16c7627a19 fix PinnedMap.Iter()'s use of bpftool
- 8d7b3111506a47376af691ba779785ba10f694e8 XXX hackish client for kube-proxy XXX
- cc9c8ea742d6d3bae647aea95ccd1f9f7bb840fa Mark k8s-infra created pods as ready.
- dcc4e902ab69574fff644502965837b54018b59d fv test for kube-proxy and NAT
- fa37f39863fb51f52e2102a5fe675fd8b4861329 Share Kubernetes client between typha discovery and BPF.
- 0bddd373fdbed8b44a86d2e8cf28f175e6852073 remove unused portsUnique() from bpf_test.go
- 352019d30854b0f48000469a1562f1f8045932aa WiP on transit interfaces.  Not yet working.
- 4fb0e1699bd2118a5f7a6eca31c827be6943a65a Fix service endpoints creation check.
- dcb309158804ae38ea655925055ed0d7f33a35fc Add support for data transit interfaces and IPIP tunnels.
- a09696ec7875fca23e489d5a6b9bbcafebfb427e move loading NAT maps to the proxy/maps.go
- 56224978bc44967cf4e66da67d36342eadbdb0cc Decompose the NAT maps iterator for test
- 207bdd864315b6612b7a1ed56baf8dddccb7cf82 fv/bpf_test can read and compare NAT maps
- fec316181c269bfc129b05c7d1cc7bc86172735a fixed mock maps in syncer_test.go to use bpf.MapIter type
- fcfd31b7dde69627f6f94df5890497643bc6c079 bpf: Fixed svc update of a service
- 6050d5889cb683a13927837861582bda6f421d74 bpf: only write NAT map for derived svcs if the original changed
- 3f4c2fa6f12c6e2b04aac0babedbb43d846e80e8 calico-bpf uses Cobra for commands and docopt for args
- 65846872ad04e86941e522e8e7e90b1da0f5f45e cmd/calico-bpf dumps NAT maps
- 61e755c5ced3e507a8c2db6e2fe9cd7f4e03bba4 Add copied bpf directory to .gitignore.
- b3f3b76c803c20cd8be826dc73224f7a7f4debc4 Ignore Eclipse project files.
- 39be0e980167cd0c0012757bb22988af29c8f7c2 Be more permissive in redirect programs.
- 79ec176c82810bf9788739d16d08b0dd0117b453 Updte UDP conntrack to match TCP
- 06922f7876ec354e8bf6a771c57e2de9d871d5d4 Return NEW for UDP packets with singly-approved conntrack entries.
- b76457893e843c652426aa877c831a9d8bed2732 And ICMP.
- d954fcb58cca1b0bee15579c40d18a5bb7eaa52d Update BPF tests to cover UDP too.
- 9c9135dadf28f4d59ab8bec294434e8685a668e3 Pre-approve packets that pass through more than one hook.
- e17c2535694be7e4556a7bcc45e6b9aca1d1938c Remove tee of FV log since it breaks return code.
- 9a1adc35336429b3b2fc47f4a5d1cbba4c55d3b2 Fix that felix died at startup if outside k8s.
- dd1fa84db2edc093eba21883ad0aa502a119b03e Remove prototype BPF test.
- 39743663823eee54d9e72eee995b3bb98ba2f14d Update Semaphore configuration (only build for AMD64)
- dbb736bebc36ab3b7a170892b70adc4938b5297a Update semaphore v2 for building with GCO etc.
- 74a9b2c66a058524ba912b8df460fd884f171003 Rework semaphore job.
- a501560cf505912edd90382ae4670ca42ae0ed51 Fix UTs.
- 5e499a77d91571620262fd3b32a924b091a6dc89 conntrack logs CT-<ip_proto> instead of CT-TCP
- 246d49b0d4f33aec410b4ace5d911c8514adb323 Fix up lint.
- be57f1d58c7d4a65c9dda22cb744c0418f732240 bpf: skb_shorter() and few more handy macros
- 431e1e213035715c026d5a08a687b87899fbfb8c Add remote FV runs on newer kernel for BPF tests.
- 22509c6fdc8e93f07745cdd88997e963c72d6933 Refactor BPF codegen to make parts of it reusable for dev/test
- e3d52ed8d30054e06db8afaecfa84d76c7734a64 fix endpoint_mgr_test.go compilation
- 920265dd3445cf90827ae3ea4250963515e84931 BPF code unittesting
- e38a1e0c57c5e81b2832c1cd30c63a2662aca326 bpf-ut Makefile target
- 6aa054b0158777867c140868e0ea4a49d624f258 Fix up tests.
- e672058c24223187d2fb91747e6b9867eeee555e Use larger instance to run k8sfv.
- e0d079ba71310021a897107c97d8b719301735cb Run BPF UTs in semaphore.
- 9b6151f4b4c81037190a11a71b044a94b3eb3ea8 fix nat inline
- 69f78b37c97ac5ad9930c73c85cdbbfee4b6f23b Move BPF UTs to remote VM
- 8c43dc12dd3e2e165498d1d0779a29e0c9fc0b9a disable check in bpf fv test
- 9bb16e4c7a4b2679e92284fc52b038e804b7b904 Move VM set-up to bash file with retries.
- f66977a398c18f37a314943eb4ef6c131bce8da6 Make ConntrackEntry printable
- 17e419977635e52cd8afcc966b1325c3eec9edd1 bpf conntrack code reshuffle
- ac630ac89956b60412698263f0bdad135c6976bc bpf CALI_CT_NEW less proto dependent
- 8c7e8381c2a911fc2625349bda7782473ab60aba fix make clean bpf-ut
- ee7cb87267818f8a3d675254ffacac8333c1c4df bpf plumb the ct_ctx all the way down
- 5d80595758d0b29ef099491ea99693e9ba372fde kube-proxy: dont leak derived svc on change
- 7f3124cb2f0496dc97cde864d87a7b175239d3b0 make the first { of func on new line in conntack.h
- 591919789e74ab6c1e22870b580bfd42e5f9f3a8 Revert "disable check in bpf fv test"
- 3e588b0fb740333b1ad23cefbf786b1942354f33 bpf ct lookup proto independent
- 625a3038a8e1eb075a250da348d675e98c3a0083 kube-proy more debug logging
- c804559e6d1c5b2374f61eb42f79fea05ad2eab8 SEmaphore v2 updates: change GCE key, remove unused SSH key.
- 0aed67108a1d2dd9c0658f0ce5e09070303637c5 Work around lack of init daemon in CGO build container.
- 18793da9d65359b944e4cb3f3d2fdbc7688773c1 Move conntrack function to own package, get access to kernel timestamps.
- e5a4a04720d93f8c32926fc1e8a33d71f23a8e74 More WiP on conntrack cleanup.
- 425b9760ae8304527ddbe3483cc7730ebe56e255 CI fixes.
- d26a5407a6211ec736819b40f6fb1e2785681b5a WiP on Conntrack expiry: implement expiry calculation.
- b2a8500da292a188664c03ee2a6c8904e9e05687 Unit test Scan() method too.
- ce4ecc6a5119206a72444cde5af5dba6054ee897 Wire up conntrack clean up.
- 717e27caa9c08a14a8e9e6cb5b1f800f2cf7fc19 Add FV test of conntrack deletions.
- 38d8f70b690d61e2913fead7804586b2bd7dfdbf Review markups.
- ced641475605ecf38d6a552c1f80820ae386ad2e Add auto-cleanup to semaphore v2.
- fb26b238c6d210f6e16eda148016f175a75d544a bpf/proxy bug triggered by race if svc exist but no backend
- a3fa237156340f4c54f7d78b908dafbc96e0b2a7 CALI_DEBUG_ALLOW_ALL for standalone compile for allow
- 484b9875e665e9a0f66ed1224eef074eec14ecef connect load balancer init commit
- e3f2fa71329ac4b2f70b433dff2afbb68665b11e Rebase connect load-balancer onto existing NAT functions.
- c14a0098caff9935eaa1b23ab60d524d6faf8ec7 Get felix compiling and installing connect-time lb.
- dae917df12f805518173ba0455b9037517b53edd Don't wait for test containers to gracefully stop.
- eaef31a84e78bbd425fe0f6efb63a491ef062a11 Extra logs in k8s test infra.
- d5095e4bb335601874bf09c80279899bd31433c6 Add test that relies on connect-time load balancing.
- 755d24a7cfd61ce9d7e93a229ceb84409eb47a53 Do stateful IP set ID allocation.
- 3192d92fc8948e0d2238c09ff9d4bd4234d92324 Fix incremental builds.
- 913d5763f288675a03f1148bad72d2f541885889 Allow host to workload traffic by default.
- 8136571ccf9f2e5d31891b88f15a6bd0ee8c885a Add support for running Felix and test binaries in non-default cgroup.
- 3f37e9dbee9b5b6d4cffc19b9479d9b003aad837 Improve detection of host-created traffic.
- f2021741bf803c3a0c5c1ad8119137042fa2e1ce Fix BPF test to allow traffic from tunnel IPs too.
- a35c9343e3825ced107dd566bf55b9a756c23246 Fix incremental builds.
- 26f8c99c4622cbddad449c8284b9bf2038ac4b31 Improve BPF UT diags.
- 2c8be9a3b32e01814590746aeb62a2f0a7e7083b Remove spammy log when interface not found.
- 1b53ee58c16cd329e0290220f4e4068d096578d6 goto allow_bypass if skb->mark == CALI_SKB_MARK_BYPASS
- 0b1d0c2699cfc579c975620bb6ee54296992eb5e Add missing inline directive.
- f88f60ef14b110b1e4739d076da9139ea56ea530 skb_iphdr to get the ip header
- 6d84ba18e90971cb0a0ea81ed228779419c36626 Fix incorrect IP set IP pass-through.
- 7e1e073ac056b18b2dda034a18ffba8e31860a72 Self-review markups.
- 700f7931c3667c18422e56771c74d1f7a055df0e WiP on factoring out route calculation.
- 2ce1a1c973d2ecc346d80a27ab246eb667bd6639 Fix up host->svc->workload FV test.
- e495f49c2414b60cd90c7d3bf19fd4fab4f49897 Plumb through route updates.
- c4a27f81cb48ca5c51cadf5e8c97f542d3c07625 Implement DefaultEndpointToHostAction.
- 216b8044e161ab893ee6a3ee803a924d4b44144e Plumb routes into BPF map.
- 142a5ffc002071dd5b50897dda56a0c2a983bdf7 Switch from IP set lookup to route lookup.
- 0ce4e1b70ec5c96b4073f2f7e8f01994a9cd421e calico-bpf can set/delete NAT table entries
- 8d7b7e0c8d5410a504969c8f6d1e160e0ae72892 bpf_ep_mgr sets the HOST_IP for each program
- 2a09f3ac3408b1d9fa8568cba342dbb2d4f00f33 Remove hosts IP set, now using the route table.
- d5e182a5a637a3127e5ce7c2038976f6da20777f updated go.mod/go.sum
- 9eb42dd2bfb699552f1f31f7fd472a601850b297 bpf_ep_mgr sets accept_local=1 for host ep
- b0df3bbfa2eb4171a62eed87802ba7cc9d778275 Add remote hosts and workloads to the route map.
- 1fb2f67d1cdd2050420bdbd86dcd75e048663d9d Add flag to disable connect-time load balancer and clean it up after tests.
- 5ed2edc342ed76a92061a2a7d79efc17fdd09c82 runBpfTest & co. to simplify unittesting
- 2459ba42863717012bdf31f211d71c2e7a92d0eb Smarter algorithm for finding process PID, avoiding forks.
- a2009dd30e53cca291f74fdc2ab15c2729157ef7 kube-proxy get the host ip from eth0
- 4b34bec1d6e149aabc8cba9a405ff8a4aa5cc21d Remove non-global IPs from route map and fix up tests.
- ddaff2237fefbb33889c326f1bdbb44458eeb05e RemoveConnectTimeLoadBalancer uses json
- 49fc842f8956c1eb404e213e120d3340ae26eb27 bpf-ut for pod-pod NAT
- fc611a97762203a41c536788692e42f79c0238a0 Markups.
- 9dc94ec8e669e586a28c49811b8572b0629aa3b8 fv-bpf tests for both tcp & udp
- 7b9fbb6cfff7230a3cd77cd906149d8423708090 Whitelist the latency FVs for BPF.
- 668033486fa49b59d6521cd30d81c635d5f8cdbd bpf vxlan_v4_encap/decap()
- f3eab4789123094b6bc09f4b72872f82ce02de0a Longer timeout for BPF connectivity checks.
- 043a8f1fb493d433b225b6aa690d3b209644014f Fix BPF IP set manager IP set removal handling.
- 0d35a668b3c6cfbbc52b313c3455aad9b3e7b090 VXLAN encap for NAT on host endpoint
- 0473be9db3e52a42530667f833911787da497d0b bpf final log - shorter line
- 218528826bd7fa641c598e4474007aa07503647c bpf_l3_csum_replace returns int
- e73a0f783d86f5fd9f617cf78d43c65aaf24b46f Avoid encap when sending traffic to local workloads.
- ef6e6f97c8f1b20030dcda03454961431a977606 bpf NAT encap in one place
- 504c66cca0db1b9b4328467b76feca749fc592e1 update go.mod
- 22288940b0235dae63eae6f352e2eea37b73880c ICMP Too big reply when encap would fragment
- f11015253f7f4fb80408e2ae2596e94adc16fa95 bpf kube-proxy test should not block
- 64082ad58e42997ffa036de3add8fe2d1aff0a0c Clean up connect-time load balancer error handling.
- cc6afc09a5bdbb4a4ac032ab2dbbefd68b7d5114 bpf-ut testPacketUDPDefault() for simpler testing
- 62e406db542b51d1f0305d6e9344a705cfcdb86a ICMP too big integrated with NAT encap code
- b3f5b169681e4d55ee4820680cae382d7c20df51 bpf k8s proxy tests follow ginkgo patterns
- 688ea5d57ce31e85a509a404a383687eed7f4773 config.VXLANMTU sets CALI_NAT_TUNNEL_MTU
- 44ddd47e275cb96b434fa9d12a254b6766315ef7 Clean up kube-proxy's rules.
- f6d46fa63b724b0311077a6cb28c6776e710f271 Reduce length of BPF map names and make prefixes consistent.
- c5178b984b2fe1a0a980af8bba94f2aa1950cc3d bpf-ut unify common compile opts
- d816a3166338e0fc1d6b61e589e852e5ec71082f Add configuration to control kube-proxy rules cleanup.
- fb3df925c7317f8e62189a6ed08da08766715d19 Repin maps at startup by default.  Disable in FVs.
- f23839748f8bd1f62264498857641fc42813f526 bpf ip_is_dnf() helper
- f6b4a25f287d150466bd6e00c0b99ed3fc2f1a5d FV tests for iptables cleanup.
- e75410916f265b3431c9e689cfcfd63cc13293ff Revert "kube-proxy get the host ip from eth0"
- b16b4a47a0bf2a13183a980d6d7f5e9c1bc1b4a8 Beef up node port tests to make failures consistent.
- 6c74a38e02ab7a9535bec2842277ea8407380666 bpf kube-proxy restarts to apply hostIP changes
- 97e044d11b3548b90c51ce0fbe27252934f8d9c2 Fix incorect update.
- c7332287960082d5c1607b5127aa63e80a7c32a9 kube-proxy tests stops proxy when it ends
- d6f5cb347d2dfa1ef603a58c36ed6acffa3f6c5b Split BPF program up using tail calls.
- 0b32e8533ca51c76675f8a3c9ccd5769c7942627 fix icmp_v4_too_big compilation for 5.2+
- 493eff09bc0e687a50545f68030698a7ab3a0740 Fix lack of error message after compile failure.
- e3c315d24f2c0868e13e37cf6fa5e035f446eff2 KubeProxy.OnHostIPsUpdate() keeps the logic within KubeProxy
- 2032744c7e891b3d9ff28ff6dade528523603538 Pre-compile TC and connect-time programs phase 1.
- f7ccf0951afded45ad95a9d43c3799f29cbdaeae bpf-ut skb->mark
- a4a751ebf6053ee1419013bdb90207aa9bbdb2c8 Remove direct access to flags.
- 9bc35f3360a7e77956d6a47c4bcfd3f7671320c5 bpf kube-proxy fix typo
- b160b0a990394404f8c74917898922d32c60363a Get policy program injection working.
- a4adad82515e188acf3d94903044c8b57de14092 bpf/xdp/bpf_maps.h -> bpf/include/reasons.h
- f3142db6ebc5c7670ad431d6ed0603486f7dcd58 Remove flags variables, replace with define.
- 032c86d5a08b910c156ccc323de58326407e1881 bpf proxy - flaky test
- bf8a6beba6f5eaf37bebd178c0d61b90c9a4ef3b Fix up BPF UTs
- 1f7716bf2295254f90fecf90a20db90fb1e9965f NAT encap makes sure that there is a route
- c1fcb86fae48a3f3c5387f511c8bde0eecb8a475 Markups
- b1575c5cea79331862c2e950a4cc30e720cf5613 Speed up builds by tightening dependencies for test binaries.
- 7be922a94632fd89d8635b7dc028d623bc531191 routes.Value.String()
- 5e658fbd14ab50de201713f16d81aa29d8c49168 Fix BPF route calculation.
- 7cdc5715876b2639fad1f9a5472517001e9905ac Fix up BPF UTs and policy program.
- de5f66b54303e5dce5bea79b9ca1c3a34b813f7b bpf-ut dumpRTMap
- a64e756dd2d0ebaf0784b18c26229c505ba3e7ba Fix up makefile on clean system.
- 8db137657343c41c96430a615bbb646f7a8d3644 pods can access nodeports
- b16a873284ff31a5a50ba7ec8f14e6191555613c bpf nodeports encap node-ip -> node-ip
- e37d14f5e40364ce0ea36e60c8c846f903d36d99 .d files need CFLAGS instead of CPPFLAGS
- a73fad5ad4480d40087a4b01085253884593a0aa Fix incorrect temp dir usage.
- 1cfb0647cf9270757108764f58560993b5235535 bpf-fv test with 3 nodes
- 415208b719edec077f9cbf8d768b5e3f9ba0e8e6 Mark NAT tunnel forwarded traffic to bypass igress
- 6ae620eb89e1ddb2db861f4efa5fb6bec51790fb fix govat issue with passing lock as value
- acf30b5c03abdddb73057f38e5249fd52f4e2ace Fix incorrect program name calculation.
- a25caa81aac4224684de6985f826886e3a2adfab bpf NAT: do a nodeport lookup only for local traffic
- 6d8efde9e4a158f52203aaf1bc68cf8ec8c41e86 bpf: less sbk->marks and iptable rules
- acc6985bf24992b493140bffb8215dcd6923c9c5 Stabilize bpf kube-proxy fv test
- 76d4d9baf94dc0c8646780a5cdfe465016999ef3 Handle log prefix when loading pre-compoiled binary.
- b5ce0cde508b4b44c2b8ab5e8fb0b7cbe80a9fe1 Make sure CALI_COMPILE_FLAGS are set consistently
- c12b1888451820fee6c82283df0173306c3c35b5 Add UT that loads all the TC programs.
- 65f905e39961e263031fa3af05f3542739ffe428 Do not NAT if externalTrafficPolicy is local
- 332c5355b7af9201144da19a5a8c7d091a39f042 Fixed connect time lb connecting to self
- cf3c56939cf8b6ac3ea8bf5ffd5bdc5a457eba80 update go.mod/sum and proto/felixbackend.pb.go
- 7a7d830fd5ab8ad73dc7e7fbd617f5fdba86cf1b Fix verifier errors caused by packet offset subtraction.
- 6c2cad52e42aadc941b58b4a5976ea33a9aeb1a3 fix bpf NAT debug print and code indent
- cca9785a8995b612cadb1eae9718d625f246e4f7 Review markups.
- ad758d855caff6a8535832fa315c3a03b3d78d34 Implement BPF bytecode generator.
- 60f228700154a8f2fb130a7041dccff35bd3c82d Make host IP substitution robust.
- d00ec13b88e637465bd1bdbc96349b7eddd3c666 fix bin/compile-bpf after make clean
- cd4299f03178ab313e7b2ff6a7bfdea56b0fa063 bpf NAT: affinity timeout as part of NAT frontend
- 16859df53780e0635159e8408fa8b15dbb15987a Fix for pod-np with ext policy local
- fad8ebd2c4ba4601fc32de0ff7e621df7b58aa4b bpf NAT: affinity table cleanup after reprogramming tables
- b649a94c18103b2a8c8d86fb22813cf5ff2720ca ip/trie longest prefix match (LPM)
- 7a9fd1006ff0ae811f6ac95e09b8aee338b2ab0e bpf NAT session affinity fv test
- 1e55f54e40eab37840f9be4998debfa159f66a65 bpf/proxy/syncer clean up
- 6ec7c1656d9227d6f1ddba2048f3fb5489b6293c bpf NAT make lookup only if affinity miss
- 047d67d1a3ff287fa80ab8f24d135ce1bf93f2b8 kube-proxy nodeport expansion to avoid outgoing SNAT
- 9aedf6646f79c9d415e29abf55f64b281df52b33 bpf kube-proxy uses KTimeNanos()
- e734d0f154f5f5561000616f48b103f19ccb94ad kube-proxy nodeport expansion fixer
- cc842a0a9c1320dd61f444e7ff54ad7b879bb42c Remove obsolete test files.
- 365f9695a036afe139bb7f2b96ea501e8112914a bpf affinity sessions use src_ip hash instead of random
- 00255570ef8434552e1e317aeccaaaac97ac27e9 bpf code lines length trimmed
- 0c5c0d3428b433537f892502e7b682b5cfeb6738 Remove packr, check in all BPF programs.
- a3336c517e019e0d5df273726071d0112503cbb5 bpf set fib_params just before bpf_fib_lookup
- 3dafabe1213d838468cade0722a0dea3bc8e8f61 Add BPF syscall stub to allow non-amd64 compilation.
- 965b17f036c2ef688553db4faa8f248de42cc353 bpf_fib_lookup done in one place
- b2be3fab02a8065fb961d2fe8ed1cd35bac0d2d3 Tweak semaphore v1/2 split.
- ef4f8672623f59032993d00ffe8c183a21f87ed0 bpf_fib_lookup is a compile time option
- 8767ca13bebf8256d2504e4167ea9d2656df195d Implement workload anti-spoofing.
- aa7336d84143771316a91d899b1a8c070eb65ec7 Tune TC failure logs.
- 689e0c6a3aa3de9a205129efc9280992872a8514 bpf RTCache.Lookup() does not wait
- 1b64391c1d2e9a4abf7f5513bb9a98c6755b37d5 bpf a generic icmp_v4_reply()
- f91cadcad283bd3b25c12fbbeaacff205abfef7a Fix up BPF UTs.
- 31fd2920cfc3f14540d852293e5d63b58bf76647 bpf ICMP should have source address of the host
- b31d0b3cb9bbfe509f4514b4d53bed86ca2cdf02 Add anti-spoofing tests.
- 189353021e9f0113a6a363a5182c234168d8e853 Bypass policy program on data interfaces.
- 1d52b419ee0ae14643646c6912b676d0b9c9ae60 kube-proxy fix double read lock
- 3ef943e65f77a52dad53e0774af730cdb8c26382 bpf/include/skb.h for skb_* helpers
- c19eedf53ed62ef657ceed55c0249cf25d709189 Update interface monitor tests.
- fdf61d4107ba5b7a63aa4a069af525bc64248672 bpf NAT encap should not be done on a tunnel
- bec5d44f2354710067757a9574aae703f0539f32 bpf fix L4 csums after DNAT
- 6e0079bb74edf7ac2cf523bede16d5c4f9659fde Implement NAT outgoing for NGDP.
- ff8dffcbc5f2eb1e49e9b16b1d6040b69235e2bb bpf TTL checks and decrement
- d2fb03ed63bf10aba0a2446a735953e9c0a664cc bpf udp csum - do not mangle zero csum
- 4dbd3e095f6e185a115ba2b7a6dccbe4b1546e8d Speed up BPF UTs; run inside go-build instead of felix image.
- 65d8ec1639008ba307e2f10f296d2329564c89cf bpf initialize csum_offset=0
- ff6cfb86bf69b56dcdfdded5abbfe041ffecb507 Update connection tracking infrastructure to detect SNAT.
- 4c67ebb1c27272dcce3a057035b13ba43154982e bpf responds icmp TTL exceeded only just before NAT
- b86ebd7619241f8a0d47bfdb35fa5f4386ae6a7b bpf SNAT csum ut coverage
- bf1f2a1ec3c8a7f87927b26e9f27e36df39a6439 Update tests for NAT outgoing.
- c09d98a75318bbbecde7050fabbf0341b39b871b Review markups.
- a6d61c2123d65d4e6863e06f52e80b2d3a35e6a3 bpf kube-proxy upgrade to use k8s 1.16
- 95f78bf26497eac6f45b49543b9ef8cb01c0d6bc bpf code indentation fix
- 24fb7f85e0a8f717fd603860c710bf3f8561c52b Factor out connection checker into own package.
- 9e3c641c2a62db0786ad8754a0a8ed151da5ce70 Add tool to extract strings from verifier output.
- 7ee73b5dbf6facc73761eca4d290364e3e09ee03 Separate build system for GPL binaries.
- 1db5e0451fd96ebf6b288cf6ff7f1156233e98cc Add GPL license information.
- d5f6a3a2c369a3356c6ab5c906fe045d9968d400 Move Apache-licensed BPF programs to own directory.
- 906c8e52c2ad4857c0e54e0bde6ba242e5fd1d5e WiP on removing old builds and switching to new.
- aadcdd47eda0c52a0e1726da5751e91bf4c695b2 Fix up paths in tests.
- d19b41bde0dcffe3595262e5b99374765b4116e5 Fix up BPF tests after file moves
- 3957d0fccc07483aa1aed7313ed4c97664f799a5 Remove go-based BPF compile script.
- 590944accc38aa721a4634ff1d314f7af3cb6a46 Pre-compile UT binaries.
- 540d7540a939d2115f336141258194dc4c278b97 Move remaining UTs over to pre-compilation
- e1fb72fdb4e2756caea23a90762fb2c9efe0c48b Remove clang from docker image.
- 1dd714dfa2680d3b2746714a425462e471565df3 Remove program generator.
- 9210cdc74284c925755d6d9aabb0aa8a405c8ce8 Get image-all working.
- ea43cde790bd329ad90894b49d227fbce8ed063b Fix clean target
- 6512f0428edb71cf5fed366ca9da97c96ae45ec5 Split all and ut targets.
- b435d0ae64d4fdeee74aa1ecbfca2134df3825da Fix-ups.
- 7431896c60398ac66bdc65aefceead7337bc7487 Add ServerAliveInterval to make sure GCE connection doesn't drop.
- baca2e235e246eda09c99e8bf51779496f6ad705 Whitelist spoofing tests for BPF FV runs.
- c29a0a25e538074e51de68dbc32fb183ca4e6b1d bpf fix broken #if FIB_ENABLED
- cbb9abcfa555fa4b941790d00a9d92a99f575876 Fix up test binary builds.
- 488d67fa97fc54a0f97248c916f2709af08964ac Markups.
- 4675404e192e9cd6030548589ea9c0d64d733a61 fv test-connection --protoco=udp-noconn
- 8280b71adf28256617c645bda161c537a88a70d5 bpf fix endianess in fib lookup
- 63b23badf84bc278afb131f98ae3a2b7a4937304 bpf sendmsg/recvmsg cgroup hooks
- ae65578ea6cf729f60c45b9490fcba3e73933681 bpf recvmsg_v6 hook and FV tests
- 931a5482714493102cf98beeda59b2190d999826 Update bpf/bin/*.o
- 1b248a79a0e599e7807d4e2223f7e2ba5f4b55ac Post-merge fix-ups.
- 1093a9ee79be935bce74d127264947207e736c95 Ship BPF prgrams in debs/rpms.
- 1a0525626184c8740834ca017fb34a2d22e1e426 Update package licenses.
- 6e1485d94799c1bd0a0d99aa9a6e730dbc11a6ce Add option to control kube-proxy minum sync period.
- 7c83981c407fa6a52a6f8db76b17aaeb83fa41d9 Update package licenses.
- 7250b3612c0d55a65793fd51f170478a5527463b bpf: kube-proxy runner must be created first
- 140f759c00f0885abd3cff7856549408489f7dc7 Post-merge build fix-ups.
- fa26fcc835f871f36a604ef381ae7eba444099a4 Fix tests.
- 040dcf6504bbd7114b138b3e3a75752b55080fda bpf: start kube-proxy threads after creating objects
- e994f44253cdefd67d741923cd79be558dc5a485 bpf fix mtu too big test in CALI_CT_ESTABLISHED
- 503137cf4614e6475555c6fd0bb515a34798800f Implement cleanup of BPF programs and state when in iptables mode.
- 08e1585daf7411115eddb6d54a552b7121b04864 bpf encap - when we do encap we know it is remote
- 6475d40e8ca3bba12ff982ec743398fbaa80772b bpf np encap source ip fix up for multihomed
- 7a17ee86636e19a963563bcfe4998dd2927202b2 bpf: nodeport NAT on dest node
- b1636ba092ef36f70e9762b0d726b2ae71307f53 Store reverse mapping for connectv4 too.
- c02806c33a231082bd2a49bac1df0ac390c547ca Add a log before calling policy program.
- b6dd246f6a8521feb23086d1b166c19a5718c1d9 Add tests for connection-based UDP with recvmsg.
- c7321d5547698910e90606cbf9765b8aa9d2cd59 bpf nodeport DSR
- ba8519827c461c2c5107c4ef04b71900cea24cc2 bpf: fix calculation od vxlan udp size
- 8a6d599e3ca93aaa04db7b250187dc877550890e bpf fix indentation
- ca0255bfea648133b831ada42a24061fd2fb92d5 bpf fix identation
- 4a401ce21a13622486d03b962db3380e60baae38 BPFExternalServiceMode enables to pick multiple modes
- 5db599840df56a8863713f3abb93f56cb269b04b Fix ICMP reply size calculation and trimming
- 0a1aaacbf1bc1928abf4c835e8891e4cddd1e411 fix ICMP size calculation and UTs
- a2761da2743d7fb280c0e73f8cc80e815a6406a6 Extra diags for checksum update offload.
- b5feb8a9cbb79d1a9c249015dfa7e58c9ed5e0ea C code clean up
- e4b8bdddebe75bc47e25373115cc8fb06b993ac1 calico-bpf: conntract dump prints age, status, etc.
- 16be1dea39e4331e2661f4ef45b61811ddeaba91 bpf: DSR tcp entries are nevere ESTABLISHED, dont clean
- d15dcf32a686f05f10e8ddbdf0111cf9cf131d4e Fix MTU calculations
- 1c499b0788ab72064664fbf475c1f0c69db86346 fix printing ct flags
- 6992c15f6dd1e00d464ffe4c7ac9cfffb442f12d Sync up policy handling with iptables-felix.
- 804ae3ee7d2ff7fe92bb29c4e934eb1b3088ecf4 bpf: ingress HEP must know about DSR
- b49b3064429ce66964864d6ef12743ad83a144f7 bpf: fix TCP connection tracking
- 779dacf2f2161fdaa5971939738058b1e1cf0546 Flip src/dst when doing output fib lookup.
- 0abefa2cf9a5977499385dfcffd7f01fd77e0b46 bpf: fixup MTU sizes for nodeport tunneling
- 71f5229facb5bcad1c0dceecdf98ad3c213f16cf fix missing new line
- 5b4ab6181c7764d7bbaa361cf7fd5fe1fedf52ba Use newer kernel headers when building BPF binaries.
- 3f709e16dc9a24e9d038d44713ec49d5f7d7ae10 fix conntrack test - missing arg
- 1e0ea03f2877960a49209d67143931439d599426 calico-bpf: conntract dump prints age, status, etc.
- 708615232b51d1ea77067d2509b69d69f1247844 Markups.
- 013ba366617145548158e242be51d85366f9f020 Remove re-import of version.h.
- 77955855e2d3230ca159e8531db79084c5ed063e Fix up copyrights.
- 96a8580c677d5632c077610f628fa5fdda9c76f6 Remove now-unused BPF code.
- bba230aa2c8425698bff5b978b6abe2a9744546c Clean up config param names.
- 72102ed8ed556a5f51d6e4db1d1614dd1a446dc8 Sync up config parameters with libcalico-go.
- 7255af260b780485f47a2787c5a0a8afa06356fc Rev libcalico-go.
- a18d09a3e4d2e17d960734ca5fb6a1460e6ece93 Fix up env var names.
- a286df35bb164495122585c409d5d0b14ec4489f Remove error log that's expected when tearing down BPF.
- aad625fcb9479df7fd00e650b9c178b66a49345e Fix IP used in ICMP responses to workloads.
- 6f8f6b9f6b4b444ee2efb102f6cd4e22b9a0db9d bpf: fix debug print SNAT
- 5a8afcf7e21f16d435a3a15734dfb79c011bccd3 bpf: move the DSR check before encap on WEP
- f2d22816958045cbef82b7c740075411e8fcef7f bpf: let the host do TCP segmentation
- 58d8961c4ad65aecbfd9ee98bd2223e92b740185 bpf: precalculate L3/4 csum offsets
- 3c2b0275fc8ef56d4b41738d9abc4c08436a0824 bpf: rename {ip_}csum_offset to l3/4_csum_off
- 2a34a69693e7c543cbe0087fb6af1401fd6cd689 bpf: send icmp back on the same iface to WEP
- b5bf1f8f5134b96803c5867683617eb36e5fecfe bpf: check wep encap MTU if !(tcp & skb_is_gso)
- b792a7c85383dcfa3cc5b3e4d172f62464c56128 bpf mtu check is for l2 only - exclude eth
- 35e5c27c899d236f491352bc9444cdb29395c494 Tweak MTU calculations.
- 7f8638041cc1c04240ee32cc08e5d2e93d201e2a Fix up tests.
- 060d0454db777cdfc2c8a1ffc4de01311a8a1fe9 Merge pull request #2226 from fasaxc/clean-up-jump-maps