v1.16 Backports 2025-05-15 #39563
Merged
v1.16 Backports 2025-05-15 #39563
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
[ upstream commit d70929b ] The BPF_HAVE_NETNS_COOKIE macro doesn't exist in-tree, use the correct spelling. Looks like the PR that introduced this test conflicted with the renaming in 17a652b ("probes: remove 'BPF_' prefix from features macros"). Signed-off-by: Julian Wiedmann <jwi@isovalent.com> Signed-off-by: Nicolas Busseneau <nicolas@isovalent.com>
[ upstream commit 1276096 ] Add a section to talk about the native routing masquerading in the cloud environment based on discussion #39156 (comment) Signed-off-by: Liyi Huang <liyi.huang@isovalent.com> Signed-off-by: Nicolas Busseneau <nicolas@isovalent.com>
[ upstream commit 3fb8618 ] [ backporter's notes: some conflicts due to older test setup. ] We can no longer treat single-selector policies as wildcarding L3, as we no longer have bpf datapath always performing policy enforcement before cilium-envoy. Signed-off-by: Jarno Rajahalme <jarno@isovalent.com> Signed-off-by: Nicolas Busseneau <nicolas@isovalent.com>
[ upstream commit d9c3afc ] It's not required to validate traffic that is re-injected by the proxy i.e. the original traffic was originally redirected to proxy, and then came back. With this change, there is more flexibility on setting the upstream connection src IP from proxy. Signed-off-by: Tam Mach <tam.mach@cilium.io> Signed-off-by: Nicolas Busseneau <nicolas@isovalent.com>
[ upstream commit 9394900 ] During some other work I discovered that the whole active connection tracking feature does not compile when enabled. Adding to the complexity tests to add some compile coverage as regression test. Will fix the actual issue in a subsequent commit. Signed-off-by: Dylan Reimerink <dylan.reimerink@isovalent.com> Signed-off-by: Nicolas Busseneau <nicolas@isovalent.com>
[ upstream commit 7c27078 ] When both IPv6 and active connection tracking are enabled, we are unable to compile, resulting in the following error: ``` ./lib/lb.h:1071:21: error: use of undeclared identifier 'ct_state' ``` This is because in `lb6_local` the name of the variable is `state` not `ct_state`. This issue seems to have been here since the introduction of the feature and was never caught due to a lack of testing. Signed-off-by: Dylan Reimerink <dylan.reimerink@isovalent.com> Signed-off-by: Nicolas Busseneau <nicolas@isovalent.com>
|
/test |
sayboras
approved these changes
May 16, 2025
julianwiedmann
approved these changes
May 16, 2025
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Once this PR is merged, a GitHub action will update the labels of these PRs: