- 389fb554aa191178af1812fb8fa01ce29018c8f9 bpf-apache: filter.c should not include stdint.h - b5068b0b25adb1253ab17b71465ac5dbd5ce5111 bpf-apache: avoid including libbpf.h for BPF-prog - 379583a318f0a99896e6ee1d4a78903da5f3c0f5 bpf-apache: Makefile use clang -target bpf - 071519c6715686c3a5198d2455713e1602ec834a Fix clang target bpf compile issue/fail on Ubuntu and Debian - 3f23c5d3c3618e12e15cdd6a412d12170ebb575e bpf-apache: adjust dependency file generation - 21a0d19f65696b18ded966a958b72cdb4e2b0b0c Automatic Pin Updates - 0874f51cf5e0df7daa3cb069f5bdcacbc43e6df1 bpf: nodeport return with multiple ifaces - 0110c49518c94744d088e955d475131d27f99bd8 Turn down log level on spammy MTU log (#2577) - 5279420f782999ad9b64d9a465a6b30679bbc9ff Semaphore Automatic Update - 948db0bb337e6cdb6e0263418792cad0201c2b5d Automatic Pin Updates - abcb7a08b3042c9012c07b2fa4f3b02748c999ff bpf: from HEP benchmark - ee5ed12e06b3c43c22b22ace7e0befb9a84c00de bpf: use state from map, free up stack - 4f21232f62dcad5bb0af7f04d391d77212108afc Fix spammy log from conntrack cleanup. - 61dd9c5d0f7e24a5a265056ee8e88d879ff274fb Automatic Pin Updates - 68282d30e7abe1abc712dde2a57be9aa0dc6073e Automatic Pin Updates - 6585d65af9fac58bd8003f8d22fa7e3f56da7560 bpf/proxy: fix stale NAT entries cleanup - 2b60e6c07f1a20b40b9658a66d17818487e23ebe Mark report status as ready - a3a31695a0141c9de2c3150f6321990df97a4d2a Add TCP spoofing test, infra to monitor connections. - f92b722076dcdfe43448ac6ba1a815c11254f2e9 pin update - d416a2408bb128ce07d76f63a3297c213f7139a0 Add BPF bypass for UDP and tighten up RPF check accordingly. - 72efc81406076c64ebbb4585cbdd324ded8ac8d2 Automatic Pin Updates - af555957437c8d4af78bf2c17fe82804c036dc6d Actually retry the BPF_PROG_TEST_RUN call. - c34facd7c6e23fc5bed4939ebff169cc7d2791ba Plumb in a mangle POSTROUTING chain - f19f0ef7b4d9e8cf674eff6a5c4529a6a2da1dad Add FV test for host to local pod via a service IP - 67c21544fa45c3a5d0e6f4759d72e6874e4d9106 Skip HEP policy when ctstate DNAT - a65de863e4e9c25ada831f7ec41d943ae43b47d3 Add FV test for host to remote pod via a service IP - 4a526ad1b289347451846d1a7ec187a9909b826c Fix up UT - a446be9a61c95f6a919bff581fc4b872540c17c3 Apply HEP policy for non-forwarded and DNAT'd traffic - d76790cd7a695e7acbd3fead3dfa28d31dcd57bd Fix up UT - e3c5bd4282634fbd48bdee0636e768eaeac07ea6 Fix table.go typo - ddd508fc2b023468a77cce0361ca589909c2762d Render profile chains to mangle table - 3a79c4ef76e766d71841e4be657ea4d29b799cf1 Allow forwarded, IPIP and VXLAN traffic in mangle POSTROUTING chain - e8d5097a82586f0970fae485d4e0b7d903b6c153 Self-review - fce02e97a9c1b0724c48f8cc016e2386f3342f93 Add more FV testing - f927f92c9af314eea4ab50c73ab0dce95da763cb Add UT for mangle cali-POSTROUTING chain - 5aa617f22871f067015034e3a3231f62baf2caed Review markups - ad3a50e9e733495bb8355b3676ef827b16edc799 fv: detach StartPermanentConnection from workload - 014950b6e2e38f2b85deefad011dc6314a882e18 Complete FV testing - 50ac2e454f78f77da1a99136b3219c6b37cd8f86 Don't need IPIP and VXLAN failsafes in mangle POSTROUTING - d8fe07a985e454510cb52e673a6e567d14ba3228 Revert unnecessary churn in coding of IPIP and VXLAN failsafes - 914c6d1446ddfc11650da59594741947c79fc55c Move new FV tests to all-interfaces HEP context - 72266f34ce189ca23273d419d84bbc41b9c4f184 Review markups - 983d682b8ccc00e9717c8baea3ec2ec12ec049af Use RETURN as Allow action in mangle cali-POSTROUTING chain - d509e9e8b84337b464d598966bab1395bb6b2001 Delete superfluous IPIP and VXLAN FV tests - 55bc58930878d0f28822cd0041d3f40589801c74 FV: Deduplicate iptables DNAT programming - f8bdd49ec90b61e45710d64221252029941e3d6a bpf/fv: test if connections can survive stale NAT cleanup - 9fabc0b57ef6a255c3b2491e5c907b1981a72298 Add summarisation to the logs from the main dataplane loop. - 4dcace1a1ce6e0763647da60580c18c809e406e2 Add FV test for node's base forwarding behaviour - c409e9d313d87a48e8cbae833a8c6ec3f7f50023 Fix placing of Accept bit for signaling to mangle-POSTROUTING chain - b851d1c79d43158118986ec5df419287aa6c5933 Fix up UT - 385846719b4708ea2e42f5cde6d51b06f14349bc Clean ups. - f066321061871a20375647ad8a043650d5d7c786 Squashed 'bpf-gpl/include/libbpf/' content from commit d1fd50d47 - 13f41a87159ba17d0558e8f27b1152c4b0c5318e bpf/polprog: structured rules allow expansion - 72096d004743869b43c8f815401a04a88c5f753b bpf/ut: TestPolicyPrograms refactor - dad445b04bd3af8864e941f43c783b689251ba4c bpf/state: define PolicyResult for consistency - 7a11977fef87cab1f1c1f2381d2a4e342ab7440f Remove verification of BPF tag in XDP UTs. - f4691b352e2b287dde783c56533c884903f8f272 Compile with -target bpf - c3acce2af1586c36564624a0b90757517304ae5b Markups. - 09df26a087611ade770abe41eda0d273c89d1537 Fix lint. - 94209f924dfd3be0b0dcc544a5c3e82d0ef1c475 Markups. - 008227cb57893e2e6ebb8ee506a98f39e442d06d Markups: remove unused kernel version checks. - 196310d0c2a5a1136d48cf264c6a60bc61126763 Pin to Typha brnach with discovery. - 82d17c81362aa1b76ca694d35ecfabda4cdf893e Use Typha's discovery library. - 4577d748d0be178367bf8a050e86688718e5615a Automatic Pin Updates - 1c010172050b079c3b2714784306712534800a95 Automatic Pin Updates - 3a0248a27e72c3fb0384e06fe62152a47f5b6a85 Refactor BPF ipsets code as an "ipsetsDataplane" - 8848180caff87637abcecb977845c21eab173540 Placate govet - e4d9eb20055b121a260019d84dee8592b535ad21 Ensure ipsets BPF map exists before endpoint mgr uses it - 2bbc3242d6c55a1039437b1a1fd5784964c991b1 Filter out IPv6 addresses from BPF ipsets implementation - 12e8acafb9fad97bc1f0e17ebfb53846e5d439c0 bpf: encap nodeport return from host networked pods - 5edc106f257d2d0140b7845b36769f7c7791e8dc bpf/ut: test return from a host-networked pod - bb202ca551070f6a72af2f9fbe3a426ce2e642c5 Automatic Pin Updates - f20e0c9b183f75f1430913fe2e4203f1aecf3f83 Automatic Pin Updates - 63351c0bc16aab251270edfc6b79cd80b7f4a879 bpf: fixup dst MAC for host networked nodeport backends - f1eabe85a493932d713686ce0547a191b89e4869 bpf/proxy: conntrack cleaner put outside - 35a646ba2e11e4a48acaa2463f5afbb70986794d bpf/conntrack: EntryExpired is a method of timeouts. - ba8ab45c8e14cbdd9e2214fd68e4def4eb68f4d0 Automatic Pin Updates - f9e75d0b7a10837349904c9a0ccb90c0a737efea Automatic Pin Updates - 27c6f7c2d2b89277732dc3fe454fd6b6620bb161 Factor out tc.c functions into headers. - e7bfd7b7e42630809ea00fb87e9c0ede798ff050 Automatic Pin Updates - 6ca2e31c0766e2c57f5061153ea67b3a3dc7d8a5 Automatic Pin Updates - befac0aed7bdb4dd45976889641b02b55fbc1f03 Run BPF logger as part of FV infrastructure whenever BPF is enabled - 6584b09ba3e05f09880b65bd49cd6f7b273a8761 Exit with success at end of collect-artifacts script - 404d194692969e05c97b6fa0f0f74a10a6fdd188 Allow reserving well-known BPF ipset IDs - d5fff9fa38771ca16e07c18ac2522544ec760206 Automatic Pin Updates - e28122a505b2bdae090ec23488a5715fc2f3817c Introduce context in main function. - 48eef5d2b3c38b4301ff54577212b14810185524 Move headers into context. - 22e1071da05d8e7842d59bc97f6b000e13610aaf Tweaks: move arpk into ctx. - 4e18be4e2498ef2a8eef743621943521ad08b069 Split out types to avoid curcular imports. WiP on context. - 779d6bd4359f6d79cef9605bb4efb06c2e5b2793 Get code compiling (but not verifying) with context. - 5dddb2103a55c7ce58db31840bdb957f1bb851d3 Get some programs past the verifier. - 0fda6fe3d67a844ab19e4166b38f827c3cc97cc3 Disable VXLAN on wireguard interface. - 5af4c8007c3ad6f9e69f7d17d993525de3aab266 WiP on ICMP related fix-up - dff7dff6a8c5f98305c9bc07290ddb05665fa2aa Remove bpf_exit from wrong branch. - 0cc6d8723de36877c2e8f4e098c70633cb30a845 Move bpf_exit to bpf.h. - b127c16e443565bf7a0554914ba84a98c208418d Fix up ICMP next header skip. - b1698482f4223d80b79669ef6f2e92ef96a181d9 Post-refactor cleanups. - c42e82d2e30b5ce5b2e6f1dd0495f4ba40cf71b1 Fix ICMP reply program. - 261daead623f88ccc54a140e097f3d606e62b9cc Clean ups - 4ff94e4e186fc67643330085ee044d9f0e36bc2b Fix endianess in VXLAN log. - ea710473b5aa528d06d95b184712b8067f4f74cb Fix typo. - 03987494956559bc86424caf10f9c35835a9fba4 Rename skb_is_icmp_err_unpack. - cdfe314efce89d86f09cb118056cbf62efce3e64 Fix ICMP error packet parsing; check the inner IP header. - f0c339459b85dd2eb9787ea44069419d095e32ec Clean ups. - 1d60142f1480f92472eb5a4006666df0b13439fa Clean ups. - 5676f5b72c82719e50b0bcdb5ae676e216923857 Rename conntrack contexts to use ct_ctx prefix. - d9a101c71041b178bec657d112e974bcc6679cd1 Automatic Pin Updates - 014a3363a39ac3d455cf47d0d6280af0c78e8905 Initialise tcp header in conntrack lookup. - a09ce2deeb196fb248da4527f3962494807ba296 Markups. - d48bc0e3644b4ee32fedcd812cc5ade120e55e4b bpf: updated skb_seen() - used everywhere - ef3ef7edfb8dd962fb949090c06836b67489c50b Update ext dataplane with recent proto messages - 1fa19415608f89622e38955524684de19ce4eaee Automatic Pin Updates - 09647dd0cee29745a836d55d3d2f1ea5924363f6 Ensure that node IP is set for tests involving a BPF data if program - 104de8044d46acfb0ea5d75351f54e4544a94a4e Add assert to k8s FV infra to catch test leakage. - 0f76cebe09f589ae89d5f187f47106fa22da6db8 [bpf-heps] Cooperate between Linux and BPF conntrack - 92122b0e1cafea358686c907c426693c07b0133b Enablement work for BPF HEPs - d888a10ee7e3ab4f1a252f2a5ace9f91a6818ffb Upstream renaming of PROG_INDEX enum. - 91cab996645398ee256ee6a5e7907d8db5264622 BPF support for failsafe ports - 5270f7d808ab3ae178b9d5523936501f9eb3aa67 BPF IPIP bypass fixes - 7c7b7dda134aac52826877c803ecf0473d025dad Semaphore Automatic Update - 91b8698441890c32e9b2fc529f8d36ad61d7c0e2 Semaphore Automatic Update - b0bd59b54b3f2adc4f67c2a9e18573485123d5ce BPF mode implementation of host endpoint policy - 57838658761f4e497ba968eb9d162654889c13cc Keep .d files so that we don't always do a complete rebuild - 8ceef1e42361d42158f3bb707cbfbb272af3975b Summarise logs from more places - 55a464e98cc15fb918b9fd466381bae06cad46ee Upstream minor rework of FV infra to avoid OS->private conflicts later. - 0e9bca5f45a89d376ab21030bafb0bb0a90e0683 BPF VXLAN policing/bypass - f8186047e8bf7dc6f23f0f5489cc8531b81e0bf2 Handle mapping host-* endpoint to new data interface state changes - 6e6b52f8b846d20c2465888357529581800771b4 Allow DeleteMapEntry to fail when entry is not present - 65e92c9ec4fc599f12066d81f4267e2ab47df4fa bpf: adding missing \n in debug prints - 3195c9783b72fb60d14b0875aeeb449fddca23a2 Fit host port tests: clean up BPF conntrack too. - 4173b7806d3fbd9c7cbb31f28a72818bc682c828 Fix lint. - 14b0099ae7df9fd658ffcd7951ff9efc2f191a61 Disable Semaphore's copy-on-write docker mount. - 8613c545ddc9a496ba2810a1d07543e9e160902a Fix typos - 4191d4cb738931d4334c7d6a7b567687c38748c1 Avoid rebuilding Felix when only FV code changes - 9539cda70f3ffb4f7c7ded771bbf84f4ce37514c Infrastructure for Exec with standard input - d10a0c3a1a86c6b7680418d93e4dc3e39d8143a9 FV test-connection feature: read + send message data from stdin - e72b5433fbcd2db545a42b84baf19c36cc736704 Make CALI_CT_FLAG values easier to read - f46224227c49227bfba001d677e96a387ea609df Log TC program's ifindex and CT state flags - a78d6cadde7bb304938acdfd0e9cb48e1eaec582 Number CALI_RES_REDIR_IFINDEX explicitly so it's easier to find when debugging - daf97c827d59b36db22df8732fd5158dfa3749d4 Add utility for getting a workload interface's ifindex - d4d4b886778ac7271d3198825ea56ea60a9df053 FV: Add utility for updating FelixConfiguration - 73565326a2a62548cd6883990c996d5d2099c9ff Unify meanings and usages of CT state ifindex field - 3c1fb1a4c42f13d622d1766e28e76d18c35a2d29 Add support for generic IP protocols. - 51ace1766b4ba446deceae0bab5570575383a3d8 UT for BPF implementation of host endpoint policy - f73369a592cee785d942fc2a506f05c5f969d9cd UT for endpoint manager calling OnHEPUpdate - 42148291b9a54fbf5fa7f43a1d5769e8fe8f5e69 nil BPF manager can be called through non-nil hepListener interface - 92ae820c0a9bbae9d317331c8a6dcf528e5aeaeb More polprog UT variations - d624a314450f954b821365c12a8bc556b4951512 UT for how BPF endpoint manager generates polprog.Rules - 2fa169bda25a0affd2d8b35653eaa3c4ed665901 Review markups - bd9d9d5e11c8c1b3ae285224f2933b3946e078c5 Add protection for asynchronous access to mock dataplane state - 72f1d6c826ea63af1112cbc13f0f0b6e134beed5 Add raw IP packet support to test-connection and test-workload. - 1962c5ff7b5ec0d2676ab9280103d6929c0d4570 Clean up inconsistent protocol handling in test-workload. - 8af3bad1fbccf915819e007285f4e835f56ddeb6 Fix that only UDP,TCP,ICMP were conntracked. - 099f0ead15dfc014a7f4e1734b827a3b24076437 Add tests of raw protocols with host endpoints. - 3b0156dfdf9e90ec92bfc578a9b5cc76c1146507 go fmt. - da8f75aee884a67c50d29653287f4bc26a509e5a Apply suggestions from code review - 2b48e82b96b7cd0470cad5e4258ba3654a0fa9de Typo. - 0c3667e45e2adc2a81c10c2f8966b7a26a4f7548 Fake a response object when testing API server and Typha conn checks. - 254e080b3a098b029011cf9d739afaae5a5e8d0c In BPF mode, enable the FIB lookup when VXLAN is enabled. - 58056669e426654e428e0103410976d34fdd937f Group dataplane code together at the end of bpf_ep_mgr.go - 5f9d843eae39e0d2dbd146130d5d0ee25b1848b5 Do not forward incoming VXLAN packets. - e7b1ea364feaa94a6ad7e31de9bb19eb80207080 Automatic Pin Updates - 14903ea2a15ac60e693b6d4b3ec208ef74106824 Automatic Pin Updates - 94a185e7f41d9fe8816baab966e9187997470ae1 Ignore log rules in BPF mode.