- 28886f0e39c9512a54ef0003431d800db8e83134 Add test for delete/add during iteration of BPF map - 6eef99f33b5a9362a55d5de4c4ba537358504939 check for failsafe ports in XDP and update the XDP parser - f4cc7fcc374d71cb44c7f22d093bb0221cbe9b14 update icmp parser - 98ca33d689b44097e974322231e89a37942df617 update structure of xdp.c - 8db3967077b68d8cacffd7c587c74ea7d176c602 update xdp.c - e130fb8942d4765a78e5e6f750dc4af552ae03ef some changes to parsing and xdp - feac817d17cc8661274fde49466d5923d220e31e renamed tc_state_fill_from_nextheader to tc_state_fill_from_nexthdr - c36521c6ed62a243420e1ddc836e5779240f16cd Add accepted entry to xdp prog - 5e057828b5c78e7c89284b8c6def97fef98042a5 Automatic Pin Updates - d7a70495d471806815cf376ed4106af6addeb8ea Fix some comments - d0b95d051dabd7f377e70e9c66ee775e2476695a Typo - 7eefa96be555df333c612fc96105b9cf8c6a41a2 XDP program attachment - a275d0808ad7465d450ced5f461ddf9abb2ebf46 Info logging for bpf_ep_mgr.go - 128e06ab44de0167c9d38ee19c6d609a98ac2bde Info logging for tc/attach.go - d565fa9e5ee6808dc9252ea40ae5e8b0e7027679 WIP commenting for xdp/attach.go - 09819af2a17300a03248dff50e080f2f6675d510 Log bpftool output when trouble getting program metadata - 5a949bef064b4610ccb63b78a8169b0363158b4c Suppress XDP attachment for now - 199bf25fd88f42a36f925513591d40961ad1fd68 Attachment WIP - 26ff19634233982634bb7af17afd2e544e8bef25 Revert "Suppress XDP attachment for now" - 5b7c3c4eec61245a1e26a1e0688b1a92fce86fa5 Policy program tweaks for XDP - e880467546dd0261cda4b3e153099874a6657d1c Info logging for xdp/attach.go - 73f1500669a67f47b0919278d2e37c6c3d3bf178 Build fixes - bb232820bda70ee563769265c9a91c05db7fbec9 Compile the XDP program - 346a0b36b2668935321cebef20c42bcbab7fe88a revert deleting a skb_refresh_validate_ptrs check - 0dca000df2b681833bd5a5774cf5ceea8b8fe6c3 Set CALI_XDP_PROG when compiling xdp.c - cb93f6438dbe87a39226972090ad66e1a8530ba8 fix a typo - 66d113d391231aa551bce9e81b72d227944ecb15 Make BPF mode XDP function subject to config.XDPEnabled - 171a1282264e1d4ae47721fabdf23ef857637d29 Consistent context logging for XDP attach point - 1d0a83ce34876619feaf468697d716e3f914e31a More attach point logging - aa11d1630141fb1d20530768955a4fe6b7dc4d92 Protect XDP jump maps from premature clean up - 8a7e30319b65fbcdb6dbb22ae7ec2587deeaf208 Temp: switch off BPF tracing - 6f0347b8339754e78dcca620512b30889388ffb4 Temp: suppress unhelpful XDP FV tests - 6d4382d7f8ada7482bb8d35bd6c44bc79e9a09f0 Temp: suppress bpf-log - df3ce648b1123dfc976276694872eb85a9cad34e Specify XDP program type when loading XDP policy program - 2fb41fa52bad0411f7644e7e19774a03a40bf006 XDP FV: suppress iptables-related tests, which don't apply for BPF mode - 96cd7c96b5b4d66da3a10335376507b41321bfd0 Promoted logging in bpf_syscall.go - 555943326ae9438c60de6efa993041f01d0cd5df Remove maybe existing program when attaching an XDP program - 8eb2203bd6a6b4373b410259d11f67f3bcc73a19 Jump map update logging - 90b1bf374aaeef21e9a9dc7830d804bf7f9aba20 Placate vet - 529eda1a46baca5bc545f88c97f39c06f67f7f26 Placate vet some more - f304d623d54444a455c4d4bdded90fed7e1f3102 FV: Fix expected number of jump maps - becf8d0969f68866fbdfdafff5360784f7663c3a Revert "Placate vet some more" - 8b31e3a397485e6c10f3e2d7390db97639d12829 Revert "Promoted logging in bpf_syscall.go" - 13fbcbb59de0938c92527066961f7054284f4967 Reinstate all XDP FV tests and run in BPF mode as well - f37363d082f9d57444104d1721c63a0da87454fa Revert FV logging changes - 390160a5a3e4e74e86d925a8049b164dcff71e69 bpf/proxy: Increase timeouts and log the last error - 6394c600690d3c40c17bee40a98bd507b3bea9bc XDP to TC metadata - d4052f78baf4554f7f42daa625aa337bd53ca25d testing metadata - a77d978867493a9db818b9964a755de431a0de02 revert testing metadata xdp2tc - 92234d1f37595dbdfd5dd3d8ca93523349c5ea1b change struct name - ea32cf9a298b434c9a5682420df34c416e1d20b4 Patch interface name into XDP program log prefix - 8d1390e6bf501c4be95b5c9c78c7f0c5252a8e4a Make XDP tracing prefix end with "-X" instead of "-I" - 4bfbc8e4024d18a7bc04b49580f356eeedf0f97b finalize metadata - 9fbe280e269dab56363e07d96a240c3bbd24bf79 XDP program for untracked policies (#2888) - 6836baf97db18e8348b1264cab99455b674b235c Revert temporary logging promotions - 24a916faf145c7004ed0b8ee36401c2dda6860d8 Adjust logging level of new code - 8ef6f60faccd8ca738c78470babcf4bfbcefefe4 Revert more temporary logging promotions - 3c3834d4cd40173ecab24a6518b08110f1ba012a In BPF mode, always behave as though GenericXDPEnabled is true - 4af7eaee7a458ccc8fd191611b93c73db95603fa XDP: generate only the policy code that we really need - 452b4740bb66604073407cd22ce4384bdbb8c90a Use label "xdp_pass" for XDP pass case - c553c4c48e693e56ef1deacf3bfddbb6d3b1a7ec Use "calico-xdp" in temp dir name for patching XDP program - c4a9dc511f3dd4bc407c38561e9505c69bdf4664 Demote most attachment logs to Debug - c1bec028b0c4ee94d9262fc63c1940b36b90e347 XDP attach: use -force and make sure always to clean up - 5d49ec4e4afb050127e97ddd2e30dd21d2ca19a9 Revert "Protect XDP jump maps from premature clean up" - c5017a5348dbb87868c635787c2fcd696a3e5184 Revert "Revert "Protect XDP jump maps from premature clean up"" - 5266a0e1b02772cb59b3a964df2127a8f625d0bb Log path of map still in use - 389a045ef59c7836ecf5c9e90b597e33f8fc1121 fix typos - 88621253627a84b81ab6fc39423e46a8828f599a Only attach our XDP program when untracked policy is configured - 18efe6959b61dbea685ce75c97be165b1c7951ea Ignore XDPEnabled when in BPF mode - 9b219f79dd5a927be87624bc30e3e087c3b0c082 Placate CI - 44e694c104cf711aabe41863e807f7d18be24fb7 Add FV tests for whether XDP program is attached - 40c789373593beb44ad6c8eea253ff00cd6a970d Revert "FV: Fix expected number of jump maps" - 4abed71708593b236c23f83dda8013f4f52436ad Typo fix - e1a1849a4bf3cfd36cfc1dda1f79ad4dffc14840 Use %w to wrap errors when using fmt.Errorf - c1075b8ef6261d51578eb458d42562f09aac2e2f Revert one case where we can't use %w - bbef5c1e4939369bdb93055b5331f93ebed0dac6 Rename BPF "epilogue" program to "allowed" - 625b2a471cb402b521a8386244a1032f738c9c8b Add policy and icmp reply programs to XDP (#2911) - b3b570a17e77c9259a0eb4c395acf5d65e16186d Add ServiceIndex component (#2874) - 94c7a7f09461e9d8eeaa900756eca449dc69c869 Avoid race + panic when unnecessarily cleaning up the Kubernetes API service - 4c840e8e2ec736ae67ff27c80b0cc6c4f91295b0 Align LoadBPFProgramFromInsns progType support with Enterprise code - 76dea4e0628929859391c3734d16a4f485df8f97 Add missing Makefile dependency on include deps for xdp.c - af02e954a0115101dabdfbeddf89ac69463fb9d9 Misc simple BPF code alignments from the Enterprise code - 6a0e939561de68abf407896366647c7cca943086 List FV tests that will be run, before actually running them - f5ea42977988b696d2f7a756347ac8c5205f716d Update pins - 39d51f05fb542a59ca188ba349893bbc27573557 Automatic Pin Updates - 67a22eea5fa1f4cc47122ccbc0180c15e5826e7a Automatic Pin Updates - bd0257b3abed4828f71387ef75156688c658b314 Propagate WireguardHostEncryptionEnabled config_param (#2897) - f356e06e6feee637b6fe1207195fe8108cd3451d Update pins - 20ddc181baf79fdf1bd8c54029c46c027d37c45c Automatic Pin Updates - a2d8177f9f035af7b7a490c0d43a36fead2912ea Add UT for XDP policy programs - 5cea4f82349926f27cdfa04679e40bb439225f23 Add UT for XDP program attachment - 9dd8e73280c6fcf01312091e7d1d8f96035477bb Update release targets - 5c481ef35e638fefe114ce1b2a82775f0ac7d75a Automatic Pin Updates - 4731f6e9d60e25d057abd1f6f6d40e62b13813fb XDP UT framework (#2918) - 0b18bad06e467dcac4606bc026b401782c09c3e8 Automatic Pin Updates - f744adc11a2d3a85870e0278df35e447c46528f4 Move generated files above where they are used (#2939) - c11d8181d0888295ac46bd299c9d57e0749bfd04 Automatic Pin Updates - c84d96a45bf7c77cb5e04636cd0f6609a87377bd Update to AWS API v2. - cb01ca9ad37571591c1fd377815ffd85506347f9 ease up wireguard metrics log levels (#2945) - e4ee56fabe9884f7231f80a2afa242a061061083 XDP UT and fixes to the XDP program (#2944) - 8a3ee629b5df5a4680241c808ec113e958d4400d Update naming and comment for golang State struct to match C code - 868611e8a0af0647a7b7e2e705d9defaf1a44c28 Align setting of BPF policy result with Enterprise code - 536c31828e6fb2d2edd1d4cf18ae47518ead1b78 Correction to polprog building for XDP - 270e5070cb38beb9a568e70e154117fdeb301af7 UT: See error and all args when bpftool call fails - f0c7d80932f61275b8fea36c0ef2f8eb0e9ca368 UT: See command output when bpftool call fails - 7d2ed3b621526488be6d1faf36ea07a00e6a1c73 Set up BPF mode iptables for untracked egress policy - 224f92f02293d31324509568f696b7290f7da45f Define mark bits needed for raw ingress policy, even in BPF mode - 0e3bad28e39d295dd28f3450efb7f126a47975dd BPF: Use iptables policy manager for raw egress policy - 598cd187756861c831ace51a376978247d705bee Create and use iptables ipsets manager - df703e43337f53fd3ca1059fda707025f87f337a In BPF mode, only generate v4 iptables for raw egress policy - 1730a67bf7f9cd33ec2b88473dcf81276a8faec3 When raw iptables allows a packet, set TC bypass mark so TC skips it - fd8aae786cf7a9fd130f9665091e9df43881e68e Allow IP sets manager to have multiple backend dataplanes - cabb7c129bd476e9fc339bd02d285e457ed2993f Use BYPASS mark to tell raw ingress iptables to mark packet as NOTRACK - a9dfbda0bfb8a8e04fca00b1f3e9d73b53a39d73 Apply host egress policy to a untracked mid-flow TCP flow - 7f967abffd66a77abbaceaf2897fe7cf52a32626 Mark DoNotTrack FV tests to run in BPF mode - fe0c0f4752d41e4a1cf81f97da4d3560acd6de3c Add another bit to IptablesMarkMask, for FV tests with wireguard enabled - ace154c5866731afe0117aa038d2bc0f23aa6b97 Allow both inbound and outbound failsafes for untracked policy - 0d72291d9e661a0b5002ded51dadf7474df35764 Failsafes in XDP do not generate NOTRACK action - 20d5a5bcd9ba4f877a8d79097b6b5bd9d7770800 Skip bogus XDP FV test when in BPF mode - 5760cb989ec8d025a5bd4dd10864f3c9d9ff81b4 Suppress new CT state creation when allowing untracked mid-flow to continue - 8aede778c42a4b1b05fa8d6b7e2e9336a1635b3d BPF mode: Only emit Linux IP sets that we need for untracked egress - 7f3ae0d66ca547b5b9d11cc318722e27c5a13541 Automatic Pin Updates - db4f6f7a32c4b99e122243352ff1a51d21a70433 Rev netlink and fix incompatibility with new netlink library. - 09ae86a3616b4f95a9b8aa017e7dbb8479b8b7ab Automatic Pin Updates - 520dae4142e4e290f0e4c8b63c0e5fb9a2b1007b Automatic Pin Updates - a332155c5142e6f3617ba6d7d3a5bf17b01ad640 Merge needed IP set IDs from multiple policies - 9299c82a356aee9627bf45f9b2c9026a76703d57 Comment checking against failsafes - 6e31ead53993220eb7dd6d52345be1051ca111c7 Remove highest fixed bit from BPF mode's Calico mark and mask - d7467900cb442671c883d486fb2cdc441596f918 Other code review markups - 75ab3678deffb1fac8c904bd77d007a5a57d0864 Fix UT for top bit removal - 189b72e45c7394bef9869c0b7d44012ef7fcbae2 Delete IP sets when they become non-needed - 018f2542bb09c13df3c30f8fd6b26877dcff6e7a In BPF mode, only emit untracked policies to raw iptables table - a697017c98af4230d1bf9d4e6f43af4e25952d0e Fix slow performance of updating a namespace. - bd33d3bd55b37d005a6a0634b04e62c14b25f3b1 UT + fix for IP sets becoming non-needed and re-needed - 59ddc8f824792266d655832be9b92f54108fe68b Automatic Pin Updates - 73b6cc2abb15d5417433448467c9adaf96d081f3 Automatic Pin Updates - 60ffbf30a3f46cb8f25d46ea54e9557f586ae6aa Automatic Pin Updates - 5fa258585feb322dd62e244b824d83ca88da2eaa Upgrade libbpf to v0.4.0 - 1afa3594c6fe5348690e0590cf05e6f6e6b71679 remove unions in cali_tc_ctx/state structure (#2966) - 5d916f407bcba8ffb68eac53b5a5284324173ecc revert union in cali_tc_state (#2976) - 4547b2bddb8f02480f78360ec848a6a457a9b08b Automatic Pin Updates - 995a19e87f01ff6bd2ef6dec7f6f65db551600eb Automatic Pin Updates - 00be823ddb3b0f11298edc36bc5269ab829fa872 Abolish BPF mode's fixed Calico mark pattern - b5ce2f55cb672e98678e10856e13e186aecfdad2 Move IP sets manager to common location - 983519545a307258210e00304e377a6d1a26fbd5 Windows dataplane use common ipset manager - 4edfb6df70327b1373aba3e995ded4bff3d5b728 More fix - 79eb0c60f192860482c24d3fa9b8c088248fb267 Fix static-checks - cbecfb20f1d14095423815fb531fa134bf236baa Drop a half-untracked flow at HEP egress - d77ab4341b98e8cba47b766d844b7f825d818093 Automatic Pin Updates - eea29bf7ea9e2636d6da4b72f7b11e48c1519beb Revert "XDP UT framework (#2918)" - 35a3043208a76f073c7887742f0332871596abc0 bpf/ut: withXDP() - b90980056a212dc820b98277679ca733dce4b9dc Use new WorkloadEndpointPort struct - 333c2398e16eb03cfd5225d43b63be6e3d927a44 Automatic Pin Updates - 56912e3e0e982b0be94af2e6f274a9ba08111afc Automatic Pin Updates - a44377dd9f5644f3fad11c87350aa4e8654b3594 Automatic Pin Updates - 19cc0bd4749971e38bfca697d78f15d3d3ebcb27 Don't crash when untracked policy is applied to a host-* endpoint - c327d7824befe3d55b1333a5da9b1586713fb419 Fix service loop prevention flake - 522447c4f7b706ae63f5968b550008bed7c2df90 bpf: source port collision detection - f56584912427b8cebb6ad96850a51a1120d6c48f bpf/ut: source collision test - a693afdf483c0c1fa9f79d439b471e003d91d912 fv/bpf: fix source collision FV - 1d89816beec76b93995e88565533b74d1f201cb2 bpf: source port collision resolution - ee9cefe6dd93fbe41df3cf2a52470e14b6b9912c bpf: source port collision resolution for UDP - f763fc62de0dafac07a4a0007f9836c8268d5079 bpf/ut: static-checks fixes - 6d56b0094c6eed10c5b132e9134fe8b53f976aee bpf: source port collision fix for brokem related icmp - fa5cd5b871db7c2c5fbb1aafa33bc1c2dd55a35e XDP tests now run on Semaphore VM - 528ae8d56e13827167b54ce1154ad7a4d22a68e2 Skip broken sockmap FV test - 8e8b9878cd68f7a13b35365cfaaf92e0e241cc51 bpf: felix can set the pSNAT port range - 3f44f831732c413f13ba1521a5a23529fd87d02a bpf: fix conntrack typos and dups - fb54f3156c35cd57eed92b2db79228f4d963378d bpf: always use ct_make_key in conntrack - 02786ed0f4a9f4173427db2b11e97d979e9cdbba bpf: fix pSNAT defaults - 4dce515e4d84e60fe7db036b8372d3605c47e29e bpf: test random port collision - 6c0a9c832d4b446678413715196f55b839abac7b bpf: fix debugs in TC - 5c02da78d79b629b217a0dd64d1193b07a2e4284 bpf/ut: typos and statics checks fixes - 2eddfeae075eb1359f17073cfa53a74850365198 bugfix: vxlan noencap blackhole contention (#2986) - 6cc07e2d5f1e3ac7dbc76c1b579c8a4dee6d8b09 bpf: fix setting conntrack nat_sport iff collision - 3eedf6a80d0bdf61ce476239e63b6e3fc99c1ab7 bpf: revert change due to verifier state explosion - b2a2f71e412f6515d04c8c69c5fea3f4f4d80596 bpf/ut: fix typecast in an assertion - bab3551b597cff8bec2045eb3a6bff7060f36028 Automatic Pin Updates - 784dba9ae7b6a302e6aad70b019e834b03984008 Run Windows FV tests (#2895) - 1656d37e6d3f8f2c7dbada943acaa103ca447158 Automatic Pin Updates - 35dfcf5a6cf99a124002ab64ba30fd5f94fdc9e0 Backout previous routetable fix and change how we handle empty interface regex - 70bd8cc6eb0f213ca7340a969460a66e17c7b4b4 Automatic Pin Updates - 8f7ff67ebb2fbd055df16b441c4f909faddb254a Fix locks - 1e9eaac481e7d4c30c0bd408425f847c295e5121 Do not overwrite the eps copy - 8c85f76088050268f1e2180e02a56c24f94c020b Windows impl for service network policy (#2917) - 3957b0a90c5e53d9a83727b78723af7b96dd8055 Automatic Pin Updates - d227bfbbbf2a9e78751dc04f21af327d0574f326 bpf/proxy: exclude local workloads from NodePortRemotes - b6ff8673d05e3f5f4b152c7ee713435ee0143542 bpf/proxy: add a comment - 36fd109dafc4d30021c686650568985e5ade8f08 bpf/proxy: program only Ready endpoints in NAT - 98d0e9e61958d12ee5fbc2cc6944f149d6135c3e Load TC programs using libbpf (#2963) - 5c041be66be8a6178b5bdb89a1331803f4512c7e bpf/proxy: fix conn cleaning when ExternalTrafficPolicy=Local - 5d41368a12b5ac30142c871dd9b11d17e82898f3 Automatic Pin Updates - 88565db991633874f3ba8d85fe8bac2abe099c1f Automatic Pin Updates - 8c8391a584fc40187a0baace8b0b452526ef4309 Automatic Pin Updates - 2f29dd7a2041d00d7458b0869533876848498cbe Replace hyperkube, update k8s version (#3016) - d9e7448a0390a1d3cdce41364a2053b1c8e86a17 Automatic Pin Updates - 64f16d9ab9f071d16ae4e9d094615a7d03280d7b Cleanup of map struct and compilation flags (#3020) - 4e75ff5c29cae6672987a0b1a2d8f0cc194b2f91 Wireguard FV: allow time for node.Status.WireguardPublicKey to be set - 5506cafdae66a7aa155d0b51a856f9a977af0582 PolicySync FV: allow time for profile update for second mock workload - 68cf1c215bef5e3ae419192e6375570610e60404 Avoid error when bpftool returns empty JSON output at start of day - 4eb1f41e396e02cd04b6f77dce372e1b4dbb680d Review markup: don't use Expect inside Eventually - 1c605f1fdc46a7d8605fcb2ee4ff4b54df460694 Run Windows FV setup with bash-level tracing - 928a2df29ce981d882e494a2b445b798abe86942 Review markup: also allow for node update conflicts - 7a59a672ff6f5c5c9ee566a2aba27c36a5bc102c Run Windows FV setup with bash-level tracing - 91887316b29247db0f1eee14b30fe183cf3b6882 FV: Don't panic when cleaning up an endpoint and it has already gone - 9a3da14bfd9c4eb624b2e2e8323c097d0496abfd Automatic Pin Updates - 93f2e74bb25ae3c4c2334beb3477624bfb491e32 BPFPSNATPorts config option - cdf6ae1cf5993f5021fb74edd170c9ecb9f0f9c3 Kubernetes version to v0.21.0 (#3040) - 45e53972b6775fd00a93977d02a998eb3c4f8e8f bpf: Patch the psnat ports into the binaries - b2c551ffafe5567a4bdedbf38c99d6d645eb4d04 Move tc definitions to own package. - c4bf0c5193dd1e23830175a9ec35ac6710279f27 Increase build timeout. - f5b67ee83715392ebf5e743d72094332a8d6d961 Automatic Pin Updates - 849f4a32160250c35fb1469adc8431616c71259d Automatic Pin Updates - 4ce69c4b22ec6fb194101d794073b2d2b121ecb1 Add support for services in ingress rules - 14b1463550864ed93b4d2e97db55eef3f9b06a53 Only collect WireGuard prom stats when enabled (#3052) (#3057) - 69d9bd565f937556b2a37daa13a23098b84937ab Fix Windows FV test assertion - 573de65582654c2b4f52c4bd2f4ff0f8d364e274 Update member filtering to handle IP+port type IP set members - 65feb68ee08416ae05b1f0394e4dc1735aaf1ec4 Use alias'd type - b3a180cc5ccd1beab5d55698c00301b4d65a8a7c Show more context on kubectl failure in windows FV tests - 06c8a042e45e20f3c0e0ef61e008daa8ac423a8d Update test to use nginx-b - 488ea31ab8bc9c02e2ae14ec9f1c263038729552 Revert "[release-v3.21] Semaphore Auto Pin Update" - 3874ff3d38ab8897971b577ef484945aafe38f33 Manually update pins