Is there an existing issue for this?

• I have searched the existing issues

Version

equal or higher than v1.16.5 and lower than v1.17.0

What happened?

I run cilium with geneve overlay and DSR enabled. When running a workload in host network mode and exposing it through a LoadBalancer service, I see the following cilium logs through cilium dbg-monitor (and the traffic is dropped):

xx drop (No tunnel/encapsulation endpoint (datapath BUG!)) flow 0x91b4c88a to endpoint 0, ifindex 2, file nodeport.h:2320, , identity unknown->unknown: 10.8.60.118:57126 -> 10.35.216.56:443 tcp SYN
xx drop (No tunnel/encapsulation endpoint (datapath BUG!)) flow 0x91b4c88a to endpoint 0, ifindex 2, file nodeport.h:2320, , identity unknown->unknown: 10.8.60.118:57126 -> 10.35.216.56:443 tcp SYN

If the backend workload is not in hostNetwork mode, it works as expected and if DSR is disabled it also works as expected.

How can we reproduce the issue?

1. Install cilium with geneve overlay and dsr enabled with geneve dispatch
2. Deploy a workload with hostNetwork: true and expose it through a LoadBalancer service
3. Connect to the LoadBalancer external IP

Cilium Version

1.16.5

Kernel Version

5.15.0-124-generic

Kubernetes Version

1.29.7

Regression

No response

Sysdump

No response

Relevant log output

Anything else?

This seems somewhat similar to #10789 which however was solved.

Cilium Users Document

• Are you a user of Cilium? Please add yourself to the Users doc

Code of Conduct

• I agree to follow this project's Code of Conduct