https://github.com/cilium/cilium
- HEAD
- refs/heads/1.2.7-hotfix1-fqdn-regen
- refs/heads/EndpointPolicyEnformcement
- refs/heads/all-scalability-improvements
- refs/heads/beta/service-mesh
- refs/heads/bpf-metrics
- refs/heads/brb/brb-patch-2
- refs/heads/cilium-envoy-crd-pre-beta
- refs/heads/cilium-no-gopath
- refs/heads/cli-upgrade-v1.12-ci-test
- refs/heads/clustermesh511-upgrade-test
- refs/heads/committers-codeowners
- refs/heads/debug
- refs/heads/dev/joe/v1.8-with-hostfw-fixes
- refs/heads/enable_cnp_latency
- refs/heads/encrypt-node-fixes
- refs/heads/ensure-macos-build-succeeds
- refs/heads/envoy-policy-precedence
- refs/heads/envoy-warnings-cleanup
- refs/heads/extension-mysql
- refs/heads/feature/cep-scalability
- refs/heads/feature/devices-and-addresses
- refs/heads/feature/devices-reconciliation-v1.16
- refs/heads/feature/main/svc-icmp-response
- refs/heads/feature/service-refactor
- refs/heads/feature/service-refactor-fresh
- refs/heads/feature/v1.11/beta-test
- refs/heads/feature/v1.11/k8s-ingress
- refs/heads/fix-iphealth
- refs/heads/fqdn-fixl3-wildcard
- refs/heads/fristonio/iptables-manager-fix
- refs/heads/ft/main/chancez/push-dev-charts
- refs/heads/ft/main/push_chart_stable_branches_fix
- refs/heads/ft/main/test_push_chart_updates
- refs/heads/gce-example
- refs/heads/gh-readonly-queue/main/pr-27509-78a5f177693fb443cd946441f45826bf7fa2437a
- refs/heads/ginkgo-better-timeout
- refs/heads/graduation
- refs/heads/hf/main/ipam-pools-build-230605
- refs/heads/hf/master/v1.12-rc2-health-dbg-v1
- refs/heads/hf/master/wg-fix-ipam-k8s-v2
- refs/heads/hf/v1.10/cls-prio2
- refs/heads/hf/v1.10/debug-taint-removal
- refs/heads/hf/v1.10/v1.10.10-with-19452
- refs/heads/hf/v1.10/v1.10.2-fix-ipsec-ep-routes
- refs/heads/hf/v1.10/v1.10.5-with-identity-leak-fix
- refs/heads/hf/v1.10/v1.10.7-additional-logs
- refs/heads/hf/v1.10/v1.10.7-exclude-local
- refs/heads/hf/v1.10/v1.10.7-exclude-loopback
- refs/heads/hf/v1.10/v1.10.7-extra-logs
- refs/heads/hf/v1.10/v1.10.7-more-logs
- refs/heads/hf/v1.10/v1.10.8-deadlock-and-complexity-fix
- refs/heads/hf/v1.10/v1.10.8-deadlock-fix
- refs/heads/hf/v1.10/xdp-multidev-with-bpf-multihoming-and-egress-gw-fixes-v3
- refs/heads/hf/v1.10/xdp-multidev-with-bpf-multihoming-and-egress-gw-fixes-v4
- refs/heads/hf/v1.10/xdp-multidev-with-bpf-multihoming-and-egress-gw-fixes-v5
- refs/heads/hf/v1.10/xdp-multidev-with-bpf-multihoming-and-egress-gw-fixes-v6
- refs/heads/hf/v1.10/xdp-multidev-with-bpf-multihoming-and-egress-gw-fixes-v7
- refs/heads/hf/v1.11/1.11.4-custom-taint
- refs/heads/hf/v1.11/19247-custom-taint-key
- refs/heads/hf/v1.11/dbg-svc-restore
- refs/heads/hf/v1.11/v1.11.16-fix-xfrm-leak
- refs/heads/hf/v1.11/v1.11.16-fix-xfrm-leak-eni-attach-and-logging
- refs/heads/hf/v1.11/v1.11.16-fix-xfrm-leak-eni-attachment
- refs/heads/hf/v1.11/v1.11.3-with-19259
- refs/heads/hf/v1.11/v1.11.4-custom-taint
- refs/heads/hf/v1.11/v1.11.5-and-19247-eed5544
- refs/heads/hf/v1.11/xdp-multidev-v1
- refs/heads/hf/v1.11/xdp-multidev-v2-ipcache-fix
- refs/heads/hf/v1.12/next-net-v1
- refs/heads/hf/v1.12/v1.12.18-994
- refs/heads/hf/v1.12/v1.12.3-debug-k8s-heartbeat
- refs/heads/hf/v1.12/v1.12.3-debug-k8s-heartbeat-v2
- refs/heads/hf/v1.13/bpf-sock-l7-fix
- refs/heads/hf/v1.13/v1.13.12-without-deny-precedence
- refs/heads/hf/v1.13/v1.13.14-without-deny-precedence
- refs/heads/hf/v1.13/v1.13.14-without-deny-precedence-debug
- refs/heads/hf/v1.13/v1.13.14-without-deny-precedence-with-xfrm-fix
- refs/heads/hf/v1.13/v1.13.2-with-24875
- refs/heads/hf/v1.13/v1.13.3-with-26242
- refs/heads/hf/v1.14/cidr-identity-refcnt-fix
- refs/heads/hf/v1.14/v1.14-with-27327
- refs/heads/hf/v1.7/v1.7.15-with-neighbor-fix
- refs/heads/hf/v1.7/v1.7.15-with-neighbor-fix-2
- refs/heads/hf/v1.8/v1.8.13-with-19452
- refs/heads/hf/v1.8/v1.8.6-eni-cidr-fix-1
- refs/heads/hf/v1.8/v1.8.6-eni-cidr-fix-15303
- refs/heads/hf/v1.8/v1.8.7-with-fqdn-underscore-fix
- refs/heads/hf/v1.8/v1.8.8-eni-cidr-fix-1
- refs/heads/hf/v1.8/v1.8.8-with-encrypt-fixes
- refs/heads/hf/v1.9/v1.9.8-azure-ipam-fix
- refs/heads/hf/v1.9/v1.9.9-azure-pod-egress-fix
- refs/heads/images/runtime/20210830
- refs/heads/ipc-demo
- refs/heads/ktls-tx-only
- refs/heads/ktls-tx-only-v2
- refs/heads/ktls-tx-rx
- refs/heads/ktls-tx-rx-v2
- refs/heads/ktls-tx-rx-v3
- refs/heads/ktls-tx-rx-v4
- refs/heads/ktls-tx-rx-v5
- refs/heads/ldelossa/feat/bgp-control-plane
- refs/heads/ldelossa/segment-makefiles
- refs/heads/ldelossa/segment-makefiles-v2
- refs/heads/ldelossa/srv6-encap-fib
- refs/heads/lizrice/pr/cli-confusion
- refs/heads/main
- refs/heads/multi-stack-dev-vm
- refs/heads/pr/1-9-ci-test
- refs/heads/pr/aanm-update-k8s-conformance
- refs/heads/pr/aanm/bisect
- refs/heads/pr/aanm/test-31027
- refs/heads/pr/add-controller-identity
- refs/heads/pr/aditighag/lrp-skip-lb
- refs/heads/pr/asauber/link-local-as-host
- refs/heads/pr/asauber/max-ifindex-metric
- refs/heads/pr/avoid-ct-for-dsr
- refs/heads/pr/backend-state
- refs/heads/pr/bbb-cpy
- refs/heads/pr/bimmlerd/modularize-bandwidth-manager
- refs/heads/pr/bimmlerd/v1.12-backport-quay-org-from-env
- refs/heads/pr/bounded-loops
- refs/heads/pr/bpf-based-masquerading
- refs/heads/pr/bpf-edt-proxy
- refs/heads/pr/brb/arping-nexthop
- refs/heads/pr/brb/arping-via-gw
- refs/heads/pr/brb/auto-multi-dev-v2
- refs/heads/pr/brb/backport-1.8.5-nat-gc
- refs/heads/pr/brb/bpf-host-routing-wg
- refs/heads/pr/brb/bpf-lxc-no-redirect
- refs/heads/pr/brb/bpf-masq-no-socket-lb
- refs/heads/pr/brb/bpf-masq-veth
- refs/heads/pr/brb/bpf-multihoming
- refs/heads/pr/brb/cgroup-v2-test
- refs/heads/pr/brb/check-errors-in-logs
- refs/heads/pr/brb/check-wg
- refs/heads/pr/brb/ci
- refs/heads/pr/brb/ci-1111
- refs/heads/pr/brb/ci-2
- refs/heads/pr/brb/ci-4.19
- refs/heads/pr/brb/ci-arping-flake
- refs/heads/pr/brb/ci-bigtcp
- refs/heads/pr/brb/ci-bpf-netdev-without-egress
- refs/heads/pr/brb/ci-cleanup-svc
- refs/heads/pr/brb/ci-dbg-conformance-kind
- refs/heads/pr/brb/ci-dbg-external
- refs/heads/pr/brb/ci-dbg-flake-from-outside
- refs/heads/pr/brb/ci-demo
- refs/heads/pr/brb/ci-disable-ces-for-egress-gw
- refs/heads/pr/brb/ci-dp-disable-bpf-host-routing
- refs/heads/pr/brb/ci-dp-hubble-flows
- refs/heads/pr/brb/ci-dp-more-diversity
- refs/heads/pr/brb/ci-dp-v1.13
- refs/heads/pr/brb/ci-dp-v6
- refs/heads/pr/brb/ci-dp-verifier
- refs/heads/pr/brb/ci-e2e-enable-debug-ipsec
- refs/heads/pr/brb/ci-e2e-geneve-dsr
- refs/heads/pr/brb/ci-e2e-helm-mode-v1.13
- refs/heads/pr/brb/ci-e2e-lvh-retry
- refs/heads/pr/brb/ci-e2e-more-nodes
- refs/heads/pr/brb/ci-e2e-new-cli
- refs/heads/pr/brb/ci-e2e-nft
- refs/heads/pr/brb/ci-e2e-unsafe
- refs/heads/pr/brb/ci-e2e-unsafe-v2
- refs/heads/pr/brb/ci-e2e-upgrade-tests
- refs/heads/pr/brb/ci-e2e-upgrade-tests-ipsec
- refs/heads/pr/brb/ci-early-terminate-conn-disrupt
- refs/heads/pr/brb/ci-eks-ipsec-upgrade
- refs/heads/pr/brb/ci-encrypt-l7
- refs/heads/pr/brb/ci-fix-ip-masq-dry-run
- refs/heads/pr/brb/ci-ipsec-upgrade-fix
- refs/heads/pr/brb/ci-ipsec-upgrade-missed-tail-calls
- refs/heads/pr/brb/ci-ipsec-upgrade-v1.13
- refs/heads/pr/brb/ci-ipsec-upgrade-vol2
- refs/heads/pr/brb/ci-keep-missed-tail-calls
- refs/heads/pr/brb/ci-l7-nodeport
- refs/heads/pr/brb/ci-lvh-4.19
- refs/heads/pr/brb/ci-lvh-5.4
- refs/heads/pr/brb/ci-lvh-5.4-v2
- refs/heads/pr/brb/ci-lvh-bpf-next
- refs/heads/pr/brb/ci-no-self-hosted
- refs/heads/pr/brb/ci-pass-kernel-env
- refs/heads/pr/brb/ci-prepull-l4lb
- refs/heads/pr/brb/ci-refactor-svc-suite
- refs/heads/pr/brb/ci-rm-smoke-tests
- refs/heads/pr/brb/ci-sanity
- refs/heads/pr/brb/ci-test
- refs/heads/pr/brb/ci-test-2
- refs/heads/pr/brb/ci-test-k8s-vsn-swap
- refs/heads/pr/brb/ci-test-large-runners
- refs/heads/pr/brb/ci-uffff
- refs/heads/pr/brb/ci-upgrade-vol-2
- refs/heads/pr/brb/ci-upgrade-vol-3
- refs/heads/pr/brb/ci-wg-mtu
- refs/heads/pr/brb/ci-wg-mtu-vol2
- refs/heads/pr/brb/cilium-host-v6-from-ipam
- refs/heads/pr/brb/cli-bump-test
- refs/heads/pr/brb/datapath-loop-dbg
- refs/heads/pr/brb/dbg-ci
- refs/heads/pr/brb/dbg-conformance-gke
- refs/heads/pr/brb/dbg-master-np-vxlan-ipcache-ci
- refs/heads/pr/brb/debug-nodeport-bpf-flake
- refs/heads/pr/brb/do-not-derive-pod-cidrs-from-dev
- refs/heads/pr/brb/do-not-query-dev-for-arping
- refs/heads/pr/brb/docs-clarify-egress-gw-ip-addr-dp
- refs/heads/pr/brb/drop-notify
- refs/heads/pr/brb/dsr
- refs/heads/pr/brb/dsr-v2
- refs/heads/pr/brb/dualstack-ci
- refs/heads/pr/brb/enable-ipv6-per-endpoint-routes
- refs/heads/pr/brb/enable-route-mtu-cni
- refs/heads/pr/brb/fib-lookup-src
- refs/heads/pr/brb/fix-backend-id-u32
- refs/heads/pr/brb/fix-ci-dp-deprecation-warn
- refs/heads/pr/brb/fix-clang-vsn-regexp
- refs/heads/pr/brb/fix-egress-ip-16147
- refs/heads/pr/brb/fix-external-ip-dp
- refs/heads/pr/brb/fix-maglev-del
- refs/heads/pr/brb/fix-nodeport-hostnetns
- refs/heads/pr/brb/fix-stale-dsr
- refs/heads/pr/brb/fix-svc-backend-selection
- refs/heads/pr/brb/fix-third-host
- refs/heads/pr/brb/gh-action-cgr
- refs/heads/pr/brb/gh-action-lvh
- refs/heads/pr/brb/gh-install-cli-backup
- refs/heads/pr/brb/ginkgo-kpr-strict
- refs/heads/pr/brb/ginkgo-rm-update-tests
- refs/heads/pr/brb/go-crazy
- refs/heads/pr/brb/hubble-tcp-ack-seq-no
- refs/heads/pr/brb/improve-svc-restore
- refs/heads/pr/brb/istio-getsockopt
- refs/heads/pr/brb/it-cannot-be-truth
- refs/heads/pr/brb/kpr-svc-mesh
- refs/heads/pr/brb/kubeproxy-free-ci
- refs/heads/pr/brb/l7-np-bpf
- refs/heads/pr/brb/l7-rerevert
- refs/heads/pr/brb/lets-be-friends-with-ipsec
- refs/heads/pr/brb/lvh-kind-127
- refs/heads/pr/brb/lvh-kind-ipsec-upgrade
- refs/heads/pr/brb/meyskens/auth-ep-gc-locks
- refs/heads/pr/brb/multi-network
- refs/heads/pr/brb/no-cache-snat
- refs/heads/pr/brb/no-rev-nat-bpf-lxc-ingress
- refs/heads/pr/brb/node-id-per-fam
- refs/heads/pr/brb/nodeport-xlr-flag
- refs/heads/pr/brb/perf-wg
- refs/heads/pr/brb/pin-lvh
- refs/heads/pr/brb/push-ci-charts
- refs/heads/pr/brb/pwru
- refs/heads/pr/brb/rm-arping-l2-addr-check
- refs/heads/pr/brb/rm-no-redirect
- refs/heads/pr/brb/rm-np-deadcode
- refs/heads/pr/brb/rm-partial-host-svc
- refs/heads/pr/brb/rm-test-gke
- refs/heads/pr/brb/test-bpf-masq
- refs/heads/pr/brb/test-ci-e2e
- refs/heads/pr/brb/test-ci-e2e-v1.13
- refs/heads/pr/brb/test-kind
- refs/heads/pr/brb/third-host-more-pain
- refs/heads/pr/brb/timing-l4lb-gh-action
- refs/heads/pr/brb/triage-flake-v2
- refs/heads/pr/brb/triage-lb-flake
- refs/heads/pr/brb/unquarantine-svc
- refs/heads/pr/brb/v1.10-istio-snat
- refs/heads/pr/brb/v1.12-ci-e2e
- refs/heads/pr/brb/v1.12-ci-ipsec-upgrade
- refs/heads/pr/brb/v1.12-test-ipsec-upgrade
- refs/heads/pr/brb/v1.13-ci-e2e
- refs/heads/pr/brb/v1.13-remote-np
- refs/heads/pr/brb/v1.13-upgrade-fixes
- refs/heads/pr/brb/v1.14-ci-e2e-upgrade
- refs/heads/pr/brb/v1.14-drop-notify
- refs/heads/pr/brb/v1.15-enable-route-mtu-cni
- refs/heads/pr/brb/v1.6.9-iptables-W
- refs/heads/pr/brb/v1.8-fix-icmp-port-check
- refs/heads/pr/brb/wg-duplicate-node-ip
- refs/heads/pr/brb/wg-encrypt-node-test
- refs/heads/pr/brb/wg-hack
- refs/heads/pr/brb/wg-ipam-fix
- refs/heads/pr/brb/wg-kpr
- refs/heads/pr/brb/wg-test
- refs/heads/pr/brb/wip
- refs/heads/pr/brb/wip-ci
- refs/heads/pr/brb/wip-sync-policy-map
- refs/heads/pr/brb/xdp-egress-gw
- refs/heads/pr/brb/xdp-multidev-with-bpf-multihoming
- refs/heads/pr/brb/xdp-multidev-with-bpf-multihoming-v2
- refs/heads/pr/bruno/sleepy-pawn
- refs/heads/pr/bugtool-systemd
- refs/heads/pr/bwm-base2
- refs/heads/pr/bwm-fq
- refs/heads/pr/bwm-priority
- refs/heads/pr/chancez/add_hubble_l7_dashboard_prometheus_example
- refs/heads/pr/chancez/fix_websocket_l7_policies
- refs/heads/pr/chancez/flow_filter_namespace
- refs/heads/pr/chancez/hubble_metrics_tls_docs
- refs/heads/pr/chancez/hubble_plus_plus
- refs/heads/pr/chancez/static_peers_hubble_relay
- refs/heads/pr/christarazi/controlplane-fqdn
- refs/heads/pr/christarazi/ipcache-async-cep-pods-namedports
- refs/heads/pr/christarazi/prep-from-cidr-tests
- refs/heads/pr/ci-k8s-1.30
- refs/heads/pr/datapath-opt
- refs/heads/pr/dbkm/nodeport-lb
- refs/heads/pr/debug-dns-timeout
- refs/heads/pr/eproutes-redir
- refs/heads/pr/example/neigh-state-manager
- refs/heads/pr/fastdp
- refs/heads/pr/fastdp2
- refs/heads/pr/feroz/allow-sbom-read
- refs/heads/pr/feroz/set-container-scan-failure-flag
- refs/heads/pr/fib-consolidation
- refs/heads/pr/fix-aks-workflow
- refs/heads/pr/fix-k8s-all-sha1
- refs/heads/pr/fix-net-next-1.16
- refs/heads/pr/fix-pod-pacing
- refs/heads/pr/fix-tail-call-replace
- refs/heads/pr/fristonio/feat-19038
- refs/heads/pr/fristonio/fix-istio-k8sT
- refs/heads/pr/fristonio/ipv6-masquerading
- refs/heads/pr/fristonio/test-dual-stack
- refs/heads/pr/fristonio/test-ipv6-dualstack
- refs/heads/pr/gandro+brb/fix-monitor-aggregation-np-v2
- refs/heads/pr/gandro+brb/mv-trace-point-to-rev-nodeport
- refs/heads/pr/gandro+brb/wg-host-encryption-v3
- refs/heads/pr/gandro+brb/wg-host2host
- refs/heads/pr/gandro+brb/wg-host2host-kind
- refs/heads/pr/gandro/bump-hubble-2020-03-25
- refs/heads/pr/gandro/ci-conformance-multicluster-fix-log-gathering
- refs/heads/pr/gandro/ci-delete-crds-in-cleanupcomponents
- refs/heads/pr/gandro/ci-fix-status-if-workflows-are-skipped
- refs/heads/pr/gandro/ci-wait-for-all-relevant-images-do-not-merge-test
- refs/heads/pr/gandro/enable-hubble-by-default
- refs/heads/pr/gandro/portmap-refcount
- refs/heads/pr/gandro/re-enable-wireguard-in-multicluster-ci
- refs/heads/pr/gandro/svc-healthchecknodeport
- refs/heads/pr/gc-on-svc-update
- refs/heads/pr/getname-hooks
- refs/heads/pr/giorio94/1.14/test-cilium-cli-2184
- refs/heads/pr/giorio94/main/cluster-name-validation-strict
- refs/heads/pr/giorio94/main/clustermesh-deprecated-cleanup
- refs/heads/pr/giorio94/main/gha-cl2-agents-pprof
- refs/heads/pr/giorio94/main/gha-cl2-compress-agent-pprofs
- refs/heads/pr/giorio94/main/gha-cluster-name
- refs/heads/pr/giorio94/main/gha-conformance-clustermesh-lb
- refs/heads/pr/giorio94/main/test-cilium-cli-2184
- refs/heads/pr/giorio94/main/tests-clustermesh-upgrade-interrupted
- refs/heads/pr/gray/30837-with-pwru
- refs/heads/pr/gray/main/connectivity-wg-proxy-nodeport
- refs/heads/pr/gray/main/decouple-ipsec-gh-actions
- refs/heads/pr/gray/main/egress-proxy-ipsec-fix2
- refs/heads/pr/gray/main/fix-leak-detection-race
- refs/heads/pr/gray/main/xfrm-delete-flake
- refs/heads/pr/gray/main/xfrm-delete-flake2
- refs/heads/pr/gray/pwru-action
- refs/heads/pr/gray/v1.15/decouple-ipsec-gh-actions
- refs/heads/pr/health
- refs/heads/pr/health-data-path
- refs/heads/pr/hubble-tls-cert-gen-via-k8s-job
- refs/heads/pr/ianvernon/kvstore-client-type
- refs/heads/pr/ianvernon/kvstore-context
- refs/heads/pr/ianvernon/more-endpoint-cleanup
- refs/heads/pr/ianvernon/resolve-cidr-policy-perf-improvement
- refs/heads/pr/increase-verifier-test-build-timeout
- refs/heads/pr/ipip
- refs/heads/pr/ipip-encap
- refs/heads/pr/ipip-encap2
- refs/heads/pr/ipip2
- refs/heads/pr/ipip4
- refs/heads/pr/ipip6
- refs/heads/pr/jibi/differentiate-udp-tcp-svcs-take-4
- refs/heads/pr/jibi/fix-differentiate-udp-tcp-svc-upgrade
- refs/heads/pr/jibi/ip-list-contains-addr
- refs/heads/pr/joamaki/gather-network-info
- refs/heads/pr/joamaki/idless-service-restapi
- refs/heads/pr/joe/ariane-scheduled-cilium-only
- refs/heads/pr/joe/backport-28007-1.11
- refs/heads/pr/joe/bump-ginkgo-seed
- refs/heads/pr/joe/docker-build-log-tracing
- refs/heads/pr/joe/ipcache-cidr-policy
- refs/heads/pr/joe/lost-identity
- refs/heads/pr/joe/policymap-format-test
- refs/heads/pr/joe/ready-to-merge
- refs/heads/pr/joe/release-codeowners
- refs/heads/pr/joe/sw-quay
- refs/heads/pr/joe/test-labeler
- refs/heads/pr/joe/test-lvh-fix
- refs/heads/pr/joe/v1.13-stability-check
- refs/heads/pr/joe/v1.7-dev-env
- refs/heads/pr/jrajahalme/gh-filter-test-files
- refs/heads/pr/jrfastab/backport-ooo-ipsec-fixes
- refs/heads/pr/jrfastab/backport-v111-loopback
- refs/heads/pr/jrfastab/backport-v115
- refs/heads/pr/jrfastab/dbgNodeId
- refs/heads/pr/jrfastab/dbgNodeId111
- refs/heads/pr/jrfastab/dbgNodeId111v2
- refs/heads/pr/jrfastab/dbgv114
- refs/heads/pr/jrfastab/eks-encrypt-ipamupdate
- refs/heads/pr/jrfastab/fix-encrypt-subnets
- refs/heads/pr/jrfastab/fix-ixsec-vxlan-remoteIP
- refs/heads/pr/jrfastab/fixes-ipsec-init
- refs/heads/pr/jrfastab/v1.8-fix-ipsec-vxlan-remoteIP
- refs/heads/pr/jrfastab/v1.9-fix-ipsec-vxlan-remoteIP
- refs/heads/pr/jrfastab/v111-debug-ooo
- refs/heads/pr/jrfastab/v111-debug-ooo-v2
- refs/heads/pr/jwi/main/ipsec-rhel8
- refs/heads/pr/jwi/v1.14/ci-ipsec
- refs/heads/pr/jwi/v1.15/bpf-complexity
- refs/heads/pr/jwi/v1.15/ci-ipsec
- refs/heads/pr/k8s-nat46x64
- refs/heads/pr/k8s-nat46x64-2
- refs/heads/pr/kaworu/helm-hubble-cli.yaml
- refs/heads/pr/kkourt/azure-ipam-test-race
- refs/heads/pr/kkourt/bpftool-update
- refs/heads/pr/kkourt/ct-rst-timeout-wip
- refs/heads/pr/kkourt/v1.11-backport-2022-01-26
- refs/heads/pr/kkourt/v1.9-lxc-complexity
- refs/heads/pr/l4lb-improvements-tmp
- refs/heads/pr/learnitall/ginkgo-race-workflow
- refs/heads/pr/learnitall/test-startup-script-changes
- refs/heads/pr/lmb/1.14-cni
- refs/heads/pr/lmb/1.15-cni
- refs/heads/pr/lmb/update-cni-plugin
- refs/heads/pr/marga/v1.11-without-deny-precedence
- refs/heads/pr/marseel/scale_test_1_15
- refs/heads/pr/max/upgrade-llvm-18-1-6
- refs/heads/pr/mhofstetter/guestbook-registry
- refs/heads/pr/mhofstetter/junit-fetch-nullglob
- refs/heads/pr/mhofstetter/ssh-store-consolelog
- refs/heads/pr/mhofstetter/test-ingress
- refs/heads/pr/michi/circular-struggle
- refs/heads/pr/michi/clustermesh
- refs/heads/pr/michi/crdregister
- refs/heads/pr/michi/debug
- refs/heads/pr/michi/description
- refs/heads/pr/michi/dns-refactor12
- refs/heads/pr/michi/ipsec-workflows
- refs/heads/pr/michi/l7drop
- refs/heads/pr/michi/majestic-ketchup
- refs/heads/pr/michi/mega-ketchup
- refs/heads/pr/michi/peerapi
- refs/heads/pr/michi/rest
- refs/heads/pr/michi/scaletest
- refs/heads/pr/michi/sleep-on-it
- refs/heads/pr/michi/test
- refs/heads/pr/michi/weekly-bot
- refs/heads/pr/monitor-wait-ci
- refs/heads/pr/move-image-to-one-repo
- refs/heads/pr/nat-gw-tests
- refs/heads/pr/nathanjsweet/add-complex-allow-test-to-policy-map-tests
- refs/heads/pr/nathanjsweet/add-lockdown-mode-for-policy-map-overflows
- refs/heads/pr/nathanjsweet/differentiate-protocol-in-services
- refs/heads/pr/nathanjsweet/node-port-addresses
- refs/heads/pr/nathanjsweet/refactor-mapstate
- refs/heads/pr/nathanjsweet/update-k8s-control-plane-tests-to-1-27
- refs/heads/pr/nebril/add-dns-concurrency-limit
- refs/heads/pr/nebril/fix-precheck
- refs/heads/pr/nebril/fqdn-proxy-ha
- refs/heads/pr/nebril/fqdn-proxy-interface
- refs/heads/pr/nebril/gke-workflow-migrate-from-cli
- refs/heads/pr/nebril/quarantine-1.14-nodeport
- refs/heads/pr/nebril/test-bottlerocket
- refs/heads/pr/nebril/test-helm-gke-fix
- refs/heads/pr/nebril/test-our-ghaction-shenanigans
- refs/heads/pr/nebril/test-rebase-helm
- refs/heads/pr/nebril/trololo
- refs/heads/pr/nebril/update-cli-9.1-test
- refs/heads/pr/netkit
- refs/heads/pr/netkit3
- refs/heads/pr/netns-switch
- refs/heads/pr/netns-switch-no-peer
- refs/heads/pr/nodeport-fix
- refs/heads/pr/nodeport-improvements2
- refs/heads/pr/nodeport-nat-improvements
- refs/heads/pr/nodeport-nat-improvements2
- refs/heads/pr/nodeport-retry-sport
- refs/heads/pr/pchaigno/deprecate-bpf_network-f
- refs/heads/pr/pchaigno/fix-4.19-bpf-program-size
- refs/heads/pr/pchaigno/hotfix1-ipsec-fix
- refs/heads/pr/pchaigno/hotfix1-ipsec-fix-brb-v0
- refs/heads/pr/pchaigno/optim-complexity-ipcache-lookup
- refs/heads/pr/pchaigno/rework-config-probes
- refs/heads/pr/pchaigno/tmp-base-branch
- refs/heads/pr/pin-1.10-workflows-k8s-version
- refs/heads/pr/pin-1.11-workflows-k8s-version
- refs/heads/pr/pin-1.12-workflows-k8s-version
- refs/heads/pr/pin-1.13-workflows-k8s-version
- refs/heads/pr/pin-cloud-provider-master-workflows
- refs/heads/pr/pr/fix-ipam-node-manager-semaphore-error-handling
- refs/heads/pr/publish-test-images
- refs/heads/pr/qmonnet/docs-20230224
- refs/heads/pr/qmonnet/docs-bump
- refs/heads/pr/qmonnet/ipsec/no-missed-tail-call-1.13
- refs/heads/pr/qmonnet/standalone-lb-docs
- refs/heads/pr/qmonnet/sync-joblists
- refs/heads/pr/rastislavs/bgp-e2e-test
- refs/heads/pr/ray/late-dns-proxy
- refs/heads/pr/rgo3/1.12-run-no-unexpected-drops-for-patch
- refs/heads/pr/rgo3/fix-k8s-vm-provisioning-1.13
- refs/heads/pr/rgo3/fix-missing-health-endpoint
- refs/heads/pr/rolinh/better-policy-verdict
- refs/heads/pr/rolinh/hubble-dump-all
- refs/heads/pr/rolinh/hubble-fix-maxflows-rounding
- refs/heads/pr/route-test
- refs/heads/pr/run-tests-in-parallel
- refs/heads/pr/scalability-crd-only
- refs/heads/pr/squeed/make-ccache
- refs/heads/pr/squeed/per-node-config
- refs/heads/pr/squeed/remote-cluster-leak
- refs/heads/pr/stacy/docs-update
- refs/heads/pr/tammach/accesslog-envoy
- refs/heads/pr/tammach/ci-cm
- refs/heads/pr/tammach/cleanup-helm-1.16
- refs/heads/pr/tammach/envoy-1.30
- refs/heads/pr/tammach/headless-service-flake
- refs/heads/pr/tammach/ingress-controller-e2e-config6
- refs/heads/pr/tammach/more-ingress-tests
- refs/heads/pr/tammach/rennovate-statedb
- refs/heads/pr/tammach/revert/fib-lookup
- refs/heads/pr/tammach/ubuntu-24.04
- refs/heads/pr/tammach/ubuntu-24.04-no-llvm
- refs/heads/pr/tc-np-test
- refs/heads/pr/tcx
- refs/heads/pr/tcx-helm
- refs/heads/pr/tcx-misc
- refs/heads/pr/test-419-ci
- refs/heads/pr/test-increase-update-delete-timeout
- refs/heads/pr/test-k8s-all-tests
- refs/heads/pr/test-lb-super-netperf
- refs/heads/pr/test-nightly
- refs/heads/pr/test-upstream-timeout
- refs/heads/pr/tgraf/chaos-testing
- refs/heads/pr/tgraf/clustermesh-stale-state
- refs/heads/pr/tgraf/eni-ipam
- refs/heads/pr/tgraf/new-endpoint-state
- refs/heads/pr/tgraf/new-policy
- refs/heads/pr/tgraf/remove-tunnel-map
- refs/heads/pr/tgraf/scoped-ipam
- refs/heads/pr/tgraf/sctp
- refs/heads/pr/tgraf/split-lxc-prog
- refs/heads/pr/thorn3r/cesBlanketTest
- refs/heads/pr/thorn3r/clustermesh511
- refs/heads/pr/tklauser/build-push-images-env-var
- refs/heads/pr/tommyp1ckles/debugging-aks-conformance
- refs/heads/pr/tp/add-logging-for-wait-for-pods-term-condition
- refs/heads/pr/tp/backport-31380
- refs/heads/pr/tp/bump-cilium-cli
- refs/heads/pr/tp/cleanup-ipam-ips-metric-docs
- refs/heads/pr/tp/complexity-issue-verifier-case-main
- refs/heads/pr/tp/dont-terminate-on-node-config-changee
- refs/heads/pr/tp/eps-modular-health
- refs/heads/pr/tp/fix-stuck-ginko-pod-v2
- refs/heads/pr/tp/forward-hubble-for-e2e
- refs/heads/pr/tp/forward-hubble-for-e2e-v2
- refs/heads/pr/tp/switch-1.24-eks-region
- refs/heads/pr/tp/switch-1.24-eks-region-v1.13
- refs/heads/pr/tp/use-helm-default-vars-for-clustermesh-downgrade-c1
- refs/heads/pr/tweak-github-action-ref
- refs/heads/pr/twpayne/hubble-recent-events-buffer
- refs/heads/pr/twpayne/hubble-ring-buffer-benchmarks
- refs/heads/pr/update-azure
- refs/heads/pr/update-readme-for-releases
- refs/heads/pr/update-tm-network
- refs/heads/pr/v1.10-backport-2022-06-13
- refs/heads/pr/v1.10-backport-2022-10-03
- refs/heads/pr/v1.10-eni-stability-improvements-v1
- refs/heads/pr/v1.10-neigh-clean
- refs/heads/pr/v1.11-backport-2022-10-03
- refs/heads/pr/v1.11-test/issue-692
- refs/heads/pr/v1.12-backport-2023-10-10
- refs/heads/pr/v1.12-test/issue-692
- refs/heads/pr/v1.13-backport-2023-10-31
- refs/heads/pr/v1.13-backport-2024-04-22-03-42
- refs/heads/pr/v1.13-test/issue-692
- refs/heads/pr/v1.14-backport-2024-06-18-02-46
- refs/heads/pr/v1.14.1
- refs/heads/pr/v1.7-stability-test
- refs/heads/pr/v1.7.9-hf-13205
- refs/heads/pr/v3-cpu
- refs/heads/pr/v6-host-addr2
- refs/heads/pr/vk/bpf/tests/csum
- refs/heads/pr/vk/ci/test/concurrent/run
- refs/heads/pr/vk/doc/ipsec
- refs/heads/pr/vk/ipsec/key/rotate
- refs/heads/pr/vk/test/ipsec/tests/concurrent/run
- refs/heads/pr/wip/bijective-nodemap
- refs/heads/regex_improved
- refs/heads/renovate/v1.13-all-dependencies
- refs/heads/renovate/v1.14-all-dependencies
- refs/heads/renovate/v1.15-aanm-test
- refs/heads/renovate/v1.15-all-dependencies
- refs/heads/renovate/v1.16-cilium-cli
- refs/heads/renovate/v1.16-go
- refs/heads/revert-29086-2023-11-09-backport-1.14
- refs/heads/revert-33302-policy-catch-invalid-port-wildcard
- refs/heads/rib
- refs/heads/run-ci-wihout-building-cilium
- refs/heads/sh-dep-test-l4lb
- refs/heads/sidecar-http-proxy
- refs/heads/sockmap-v5
- refs/heads/sockops-build-fix
- refs/heads/tam/integration-tests
- refs/heads/tam/more-ingress-tests
- refs/heads/tb/bpf-remove-bear
- refs/heads/test-branch
- refs/heads/test-ipsec
- refs/heads/test-sig-bgp-notifs
- refs/heads/test/brlbil/upload
- refs/heads/test/skip-workflows
- refs/heads/tgraf/process-policy
- refs/heads/thorn3r/cesScaleTest
- refs/heads/thorn3rCES
- refs/heads/tinker/learnitall/scale-test-1
- refs/heads/tinker/learnitall/scale-test-2
- refs/heads/tklauser+brb/wip/multi-homing
- refs/heads/unit-test-ipsec
- refs/heads/v0.10
- refs/heads/v0.11
- refs/heads/v0.12
- refs/heads/v0.13
- refs/heads/v0.8
- refs/heads/v0.9
- refs/heads/v1.0
- refs/heads/v1.0.0-rc2
- refs/heads/v1.0.0-rc3
- refs/heads/v1.1
- refs/heads/v1.10
- refs/heads/v1.11
- refs/heads/v1.12
- refs/heads/v1.12.11-base
- refs/heads/v1.13
- refs/heads/v1.14
- refs/heads/v1.15
- refs/heads/v1.16
- refs/heads/v1.2
- refs/heads/v1.3
- refs/heads/v1.3.1
- refs/heads/v1.3.1-release
- refs/heads/v1.3.7-release
- refs/heads/v1.4
- refs/heads/v1.4.5-release
- refs/heads/v1.5
- refs/heads/v1.5.2-rc1-with-clusterip-fix
- refs/heads/v1.5.4-release
- refs/heads/v1.6
- refs/heads/v1.7
- refs/heads/v1.7.9-1
- refs/heads/v1.7.9.1
- refs/heads/v1.8
- refs/heads/v1.9
- refs/heads/verify-external-workload-dns-setup-redux
- refs/heads/vladu/identity-type-metrics
- refs/heads/weavescope
- refs/heads/wip-ktls-tx-rx
- refs/heads/wip-sockmap
- refs/heads/wip-sockmap-v2
- refs/heads/wip-sockmap-v3
- refs/heads/wip-sockmap-v4
- refs/heads/xfrm-subnet-test
- refs/heads/yutaro/bgp-cplane-etp-local/doc
- refs/heads/yutaro/oss/eni-overlapping-mark
- refs/remotes/bruno/hf/v1.10/v1.10.3-bpf-snat-and-masq-fixes
- refs/remotes/joe/submit/quarantine-etcd
- refs/remotes/origin/1.2-backports-18-09-12
- refs/remotes/origin/ipvlan3
- refs/remotes/origin/pr/add-reserved-health
- refs/remotes/origin/pr/brb/nodeport-lb
- refs/remotes/origin/pr/ianvernon/5859
- refs/remotes/origin/pr/ianvernon/dynamic-ep-cfg
- refs/remotes/origin/pr/tgraf/kube-dns-fixed-identity
- refs/semaphoreci/6384f501b324813e55cfbe818c04a40f2a923765
- refs/semaphoreci/7f69b285bac8a1be414e8769799962ae1408d9e1
- refs/semaphoreci/b5eb6622da121ad36b8f375a084392f7feeec64a
- refs/semaphoreci/d9e7e28f39d34a7050a9c1cad2a26d84f5f4eff1
- refs/semaphoreci/f55ec535d85f387ef981265967fabb3c1b5f1ec6
- refs/tags/0.10.1
- refs/tags/1.1.1
- refs/tags/1.9.0-rc0
- refs/tags/v0.11
- refs/tags/v0.12.0
- refs/tags/v0.13.1
- refs/tags/v0.8.0
- refs/tags/v0.8.1
- refs/tags/v0.8.2
- refs/tags/v0.9.0
- refs/tags/v0.9.0-rc1
- refs/tags/v1.0.0-rc2
- Branches list truncated to 687 entries, 4 were omitted.
- v1.0.0-rc14
- v1.0.0-rc13
- v1.0.0-rc11
- v1.0.0-rc10
- v1.0.0-rc1
- v1.0.0
- v0.13.9
- v0.13.8
- v0.13.7
- v0.13.6
- v0.13.5
- v0.13.4
- v0.13.3
- v0.13.28
- v0.13.25
- v0.13.24
- v0.13.23
- v0.13.22
- v0.13.21
- v0.13.20
- v0.13.2
- v0.13.19
- v0.13.18
- v0.13.17
- v0.13.16
- v0.13.15
- v0.13.14
- v0.13.13
- v0.13.12
- v0.13.11
- v0.13.10
- v0.10.0
- 1.9.9
- 1.9.8
- 1.9.7
- 1.9.6
- 1.9.5
- 1.9.4
- 1.9.3
- 1.9.2
- 1.9.18
- 1.9.17
- 1.9.16
- 1.9.15
- 1.9.14
- 1.9.13
- 1.9.12
- 1.9.11
- 1.9.10
- 1.9.1
- 1.9.0-rc3
- 1.9.0-rc2
- 1.9.0-rc1
- 1.9.0
- 1.8.9
- 1.8.8
- 1.8.7
- 1.8.6
- 1.8.5
- 1.8.4
- 1.8.3
- 1.8.2
- 1.8.13
- 1.8.12
- 1.8.11
- 1.8.10
- 1.8.1
- 1.8.0-rc4
- 1.8.0-rc3
- 1.8.0-rc2
- 1.8.0-rc1
- 1.8.0
- 1.7.9
- 1.7.8
- 1.7.7
- 1.7.6
- 1.7.5
- 1.7.4
- 1.7.3
- 1.7.2
- 1.7.16
- 1.7.15
- 1.7.14
- 1.7.13
- 1.7.12
- 1.7.11
- 1.7.10
- 1.7.1
- 1.7.0-rc4
- 1.7.0-rc3
- 1.7.0
- 1.6.9
- 1.6.8
- 1.6.7
- 1.6.6
- 1.6.5
- 1.6.4
- 1.6.3
- 1.6.2
- 1.6.12
- 1.6.11
- 1.6.10
- 1.6.1
- 1.6.0
- 1.5.9
- 1.5.8
- 1.5.7
- 1.5.6
- 1.5.5
- 1.5.4
- 1.5.3
- 1.5.2
- 1.5.13
- 1.5.12
- 1.5.11
- 1.5.10
- 1.5.1
- 1.5.0-rc6
- 1.5.0-rc5
- 1.5.0-rc4
- 1.5.0-rc3
- 1.5.0-rc2
- 1.5.0
- 1.4.9
- 1.4.8
- 1.4.7
- 1.4.6
- 1.4.5
- 1.4.4
- 1.4.3
- 1.4.2
- 1.4.10
- 1.4.1
- 1.4.0-rc9
- 1.4.0-rc8
- 1.4.0-rc7
- 1.4.0-rc6
- 1.4.0-rc5
- 1.4.0-rc2
- 1.4.0
- 1.3.8
- 1.3.7
- 1.3.6
- 1.3.5
- 1.3.4
- 1.3.3
- 1.3.2
- 1.3.1
- 1.3.0-rc5
- 1.3.0-rc4
- 1.3.0
- 1.2.8
- 1.2.7
- 1.2.6
- 1.2.5
- 1.2.4
- 1.2.3
- 1.2.2
- 1.2.1
- 1.2.0-rc3
- 1.2.0-rc2
- 1.2.0-rc1
- 1.2.0
- 1.16.0-rc.1
- 1.16.0-rc.0
- 1.16.0-pre.3
- 1.16.0-pre.2
- 1.16.0-pre.1
- 1.16.0-pre.0
- 1.15.7
- 1.15.6
- 1.15.5
- 1.15.4
- 1.15.3
- 1.15.2
- 1.15.1
- 1.15.0-rc.1
- 1.15.0-rc.0
- 1.15.0-pre.3
- 1.15.0-pre.2
- 1.15.0-pre.1
- 1.15.0-pre.0
- 1.15.0
- 1.14.9
- 1.14.8
- 1.14.7
- 1.14.6
- 1.14.5
- 1.14.4
- 1.14.3
- 1.14.2
- 1.14.13
- 1.14.12
- 1.14.11
- 1.14.10
- 1.14.1
- 1.14.0-snapshot.4
- 1.14.0-snapshot.3
- 1.14.0-snapshot.2
- 1.14.0-snapshot.1
- 1.14.0-snapshot.0
- 1.14.0-rc.1
- 1.14.0-rc.0
- 1.14.0-pre.2
- 1.14.0
- 1.13.9
- 1.13.8
- 1.13.7
- 1.13.6
- 1.13.5
- 1.13.4
- 1.13.3
- 1.13.2
- 1.13.18
- 1.13.17
- 1.13.16
- 1.13.15
- 1.13.14
- 1.13.13
- 1.13.12
- 1.13.11
- 1.13.10
- 1.13.1
- 1.13.0-rc5
- 1.13.0-rc4
- 1.13.0-rc3
- 1.13.0-rc2
- 1.13.0-rc1
- 1.13.0-rc0
- 1.13.0
- 1.12.9
- 1.12.8
- 1.12.7
- 1.12.6
- 1.12.5
- 1.12.4
- 1.12.3
- 1.12.2
- 1.12.19
- 1.12.18
- 1.12.17
- 1.12.16
- 1.12.15
- 1.12.14
- 1.12.13
- 1.12.12
- 1.12.11
- 1.12.10
- 1.12.1
- 1.12.0-rc3
- 1.12.0-rc2
- 1.12.0-rc1
- 1.12.0-rc0
- 1.12.0
- 1.11.9
- 1.11.8
- 1.11.7
- 1.11.6
- 1.11.5
- 1.11.4
- 1.11.3
- 1.11.20
- 1.11.2
- 1.11.19
- 1.11.18
- 1.11.17
- 1.11.16
- 1.11.15
- 1.11.14
- 1.11.13
- 1.11.12
- 1.11.11
- 1.11.10
- 1.11.1
- 1.11.0-rc3
- 1.11.0-rc2
- 1.11.0-rc1
- 1.11.0-rc0
- 1.11.0
- 1.10.9
- 1.10.8
- 1.10.7
- 1.10.6
- 1.10.5
- 1.10.4
- 1.10.3
- 1.10.20
- 1.10.2
- 1.10.19
- 1.10.18
- 1.10.17
- 1.10.16
- 1.10.15
- 1.10.14
- 1.10.13
- 1.10.12
- 1.10.11
- 1.10.10
- 1.10.1
- 1.10.0-rc2
- 1.10.0-rc1
- 1.10.0-rc0
- 1.10.0
- 1.1.6
- 1.1.5
- 1.1.4
- 1.1.3
- 1.1.2
- 1.1.0
- 1.0.7
- 1.0.6
- 1.0.5
- 1.0.4
- Releases list truncated to 313 entries, 325 were omitted.
Take a new snapshot of a software origin
If the archived software origin currently browsed is not synchronized with its upstream version (for instance when new commits have been issued), you can explicitly request Software Heritage to take a new snapshot of it.
Use the form below to proceed. Once a request has been submitted and accepted, it will be processed as soon as possible. You can then check its processing state by visiting this dedicated page.![swh spinner](/static/img/swh-spinner.gif)
Processing "take a new snapshot" request ...
Permalinks
To reference or cite the objects present in the Software Heritage archive, permalinks based on SoftWare Hash IDentifiers (SWHIDs) must be used.
Select below a type of object currently browsed in order to display its associated SWHID and permalink.
Revision | Author | Date | Message | Commit Date |
---|---|---|---|---|
abd683d | André Martins | 17 April 2017, 22:47:12 UTC | daemon: fix k8s GetLabels if response is nil Backports a355c3b Signed-off-by: André Martins <andre@cilium.io> | 18 April 2017, 11:48:57 UTC |
0eb34e5 | Thomas Graf | 13 April 2017, 06:24:57 UTC | Vagrantfile: Point client binary to 0.8.2 release Signed-off-by: Thomas Graf <thomas@cilium.io> | 14 April 2017, 14:23:08 UTC |
33acff4 | Thomas Graf | 13 April 2017, 05:58:44 UTC | 0.8.2 release Signed-off-by: Thomas Graf <thomas@cilium.io> | 14 April 2017, 14:02:43 UTC |
328c5b5 | Thomas Graf | 14 April 2017, 10:09:21 UTC | Vagrant: Simplified Vagrantfile to get started This new Vagrantfile is based on bento/ubuntu and uses the stock Linux kernel as provided by Ubuntu. It install a Docker runtime and then runs the Cilium agent and Cilium Docker plugin using the released container images. The client binary is installed natively for easy use. Backports: 6c6f4c7125a1dd3d82e0199a9307d61d9939b05d Signed-off-by: Thomas Graf <thomas@cilium.io> | 14 April 2017, 13:45:57 UTC |
18860fd | Thomas Graf | 13 April 2017, 01:27:14 UTC | Dockerfile: Add a group cilium This will cause the cilium.sock to be owned by group cilium Backports: 3d5043ca84beebdf2505f80761ed833e5ff55fff Signed-off-by: Thomas Graf <thomas@cilium.io> | 14 April 2017, 09:28:18 UTC |
229602b | Thomas Graf | 13 April 2017, 01:08:44 UTC | daemon: Always enable net.ipv6.conf.all.disable_ipv6=0 for now Docker <17.05 has an issue which causes IPv6 to be disabled in the initns for all interface (https://github.com/docker/libnetwork/issues/1720) Backports: 19e0ed1e8e5ba92d9732fcea6366d465e61ce50a Signed-off-by: Thomas Graf <thomas@cilium.io> | 14 April 2017, 09:28:18 UTC |
a6794ab | Thomas Graf | 12 April 2017, 21:06:48 UTC | policy: Fix policy Lookup() function A bug in the tree.Lookup() function caused path dependencies to not be correctly created. Fixes this bug and adds several additional unit tests to cover this better. Backports: 3697d305e3a055c6ff858086d197ca04a92b39f8 Signed-off-by: Thomas Graf <thomas@cilium.io> | 14 April 2017, 09:28:18 UTC |
c88a952 | Thomas Graf | 10 April 2017, 14:07:43 UTC | policy: Support carrying part of the path in the name Support adding policy construct like this: name: foo.bar path: root will add node "bar" to path "root.foo" Backports: bcaa09e580fd227ab2173608f654dd6fa3abea12 Signed-off-by: Thomas Graf <thomas@cilium.io> | 12 April 2017, 09:10:26 UTC |
84f9b81 | André Martins | 11 April 2017, 18:49:26 UTC | tests: adding benchmark flag for 06-lb.sh benchmark tests Backports: 04b7f65fbbd0e56efc1428a437dac0fef38d6f4a Signed-off-by: André Martins <andre@cilium.io> | 12 April 2017, 09:10:26 UTC |
1d7e1f8 | André Martins | 11 April 2017, 20:19:21 UTC | tests: enabling NAT46 config for 08-nat46.sh Backports: 1733621302d5798372ec4289e2ba537cfd0c7f4a Signed-off-by: André Martins <andre@cilium.io> | 12 April 2017, 09:10:26 UTC |
0ab8cda | André Martins | 10 April 2017, 21:52:31 UTC | tests: removing `-t` docker flag from tests The use of `-t` was creating errors in jenkins tests with the message: "the input device is not a TTY". Thus, removing this unecessary flag solves the problem. Backports: bdd944a4af5d44a57bdd0c624dcd4aab680936bc Signed-off-by: André Martins <andre@cilium.io> | 12 April 2017, 09:10:26 UTC |
6816f37 | André Martins | 10 April 2017, 21:38:08 UTC | tests: enforcing tag v0.5.2 for cni tests Backports: dec0aa284c9cc23547e225fb399beccfb1618528 Signed-off-by: André Martins <andre@cilium.io> | 12 April 2017, 09:10:26 UTC |
2dcafff | André Martins | 05 April 2017, 08:34:55 UTC | tests: typo fix in 06-lb.sh Backports: 2c584b4f059b18f7be5e3dfc3466eb3200a50160 Signed-off-by: André Martins <andre@cilium.io> | 12 April 2017, 09:10:26 UTC |
9ac8f54 | André Martins | 04 April 2017, 23:23:24 UTC | tests: set -e on run-tests to exit on failure Backports: c480a2edddc0c4c5fb3e614b8129ec77c3bc124b Signed-off-by: André Martins <andre@cilium.io> | 12 April 2017, 09:10:26 UTC |
fb3de40 | André Martins | 04 April 2017, 23:22:58 UTC | tests: changed nettools docker image Backports: d79344b1b2af1c11d09bfc29f79c9d13d9346b08 Signed-off-by: André Martins <andre@cilium.io> | 12 April 2017, 09:10:26 UTC |
d73a70d | Thomas Graf | 11 April 2017, 19:33:54 UTC | daemon: Read bpf_features.log from state directory Also fixes 06-lb.sh to use correct state directory Fixes: 880f9cc41 ("daemon: Separate state directory inside runtime directory") Backports: 2b916c7dd512bd40985d17dcf9ea205aa00b0083 Signed-off-by: Thomas Graf <thomas@cilium.io> | 12 April 2017, 09:10:26 UTC |
3485679 | Thomas Graf | 11 April 2017, 14:28:39 UTC | daemon: Separate state directory inside runtime directory Moves all endpoint state into the state/ subdirectory inside the existing runtime directory. This allows to establish different permissions for the default runtime directory which can be mounted into container images and the actual state which must be protected. Allows moving cilium.sock back into the runtime directory for easy sharing in and out of containers. Backports: 880f9cc4159198206678ee628254f2e9579108ca Signed-off-by: Thomas Graf <thomas@cilium.io> | 12 April 2017, 09:10:26 UTC |
fda3c03 | Thomas Graf | 01 April 2017, 01:35:37 UTC | 0.8.1 release Signed-off-by: Thomas Graf <thomas@cilium.io> | 06 April 2017, 11:45:06 UTC |
b3d4a76 | Thomas Graf | 31 March 2017, 19:07:39 UTC | Fix getting started guide by using the correct field names Reported-by: Raghu G <r.grizzly@gmail.com> Fixes: #511 Backports: #515 Backports: cc3f43447aac810786ed88e18dfd61be4e250d58 Signed-off-by: Thomas Graf <thomas@cilium.io> | 05 April 2017, 17:16:43 UTC |
7c419a6 | André Martins | 04 April 2017, 23:30:03 UTC | Dockerfile: adding required libraries for checkers clang needs 2 more files, `ld` which is provided by binutils and `crtbegin.o` which is provided by libgcc-5-dev. Backports: #514 Backports: 1a7858247377701656c97027f94f688a552f91bd Signed-off-by: André Martins <andre@cilium.io> | 05 April 2017, 17:16:43 UTC |
24a854c | Raghu Gyambavantha | 04 April 2017, 21:30:02 UTC | L7 HTTP Policy does not work The commit for "proxy: Rename L7 fields in L4 policy" (sha: 30c0a6a6521fe0873fca26d07b50e342ba099f9a) updated the policy fields. The json field 'redirect' was updated to 'l7-parser'. The corresponding golang variable L7Parser was not being set causing the HTTP L7 policies, for example the specified on the Getting Started Guide, to not function properly. The fix simply sets the L7Parser variable correctly Backports: #512 Backports: 43fe31e0941067fbe5217ee39fb3a00352e8db99 Signed-off-by: Raghu G <r.grizzly@gmail.com> | 05 April 2017, 17:16:43 UTC |
860c20a | Thomas Graf | 30 March 2017, 20:49:45 UTC | proxy: Rename L7 fields in L4 policy golang: Redirect => L7Parser RedirectPort => L7RedirectPort Rules => L7Rules json: redirect => l7-parser redirect-port => l7-redirect-port rules => l7-rules Backports: #500 Backports: 30c0a6a6521fe0873fca26d07b50e342ba099f9a Signed-off-by: Thomas Graf <thomas@cilium.io> | 05 April 2017, 17:16:43 UTC |
6f5d0c7 | Thomas Graf | 30 March 2017, 12:56:12 UTC | daemon: Reduce logging metadata to improve readability Backports: #499 Signed-off-by: Thomas Graf <thomas@cilium.io> | 05 April 2017, 05:40:27 UTC |
f3004e2 | André Martins | 04 April 2017, 18:18:35 UTC | cmd: file policy import bug fix While processing all files when importing from a directory, the policy was not properly imported to the daemon. This was due the incorrect assumption that a pointer's value could be assigned inside a function. By passing a pointer of the pointer's value, it is possible to assign a new value inside the function. Backports: #507 Signed-off-by: André Martins <andre@cilium.io> | 04 April 2017, 19:45:43 UTC |
9b9e138 | Thomas Graf | 27 March 2017, 19:50:32 UTC | release: 0.8.0 release \o/ Signed-off-by: Thomas Graf <thomas@cilium.io> | 28 March 2017, 10:56:08 UTC |
10cf878 | Thomas Graf | 27 March 2017, 13:23:40 UTC | doc: Intro improvements Signed-off-by: Thomas Graf <thomas@cilium.io> | 28 March 2017, 10:25:16 UTC |
b8b4c5e | Dan Wendlandt | 28 March 2017, 08:31:13 UTC | Doc: incorporate general feedback/fixes across all docs. Added table with cilium-agent command-line flags Note: many changes originally in this commit overlapped with feedback tgraf was addressing in 380214190092889653fd40f03015a0a5623a9427 . I believe I have resolved all of the resulting conflicts. Signed-off-by: Dan Wendlandt <danwent@gmail.com> | 28 March 2017, 09:16:27 UTC |
8cfe6ef | Thomas Graf | 27 March 2017, 16:39:57 UTC | bpf: Only reject IPv6 proxy redirects, not all L4 Fixes ba38a8849 ("bpf: Drop all IPv6 packets which are subject to proxy redirect") Signed-off-by: Thomas Graf <thomas@cilium.io> | 27 March 2017, 23:07:10 UTC |
9e716eb | Thomas Graf | 27 March 2017, 16:15:17 UTC | endpoint: Fix endpoint test Addition of status always being present broke the DeepCopy() test Signed-off-by: Thomas Graf <thomas@cilium.io> | 27 March 2017, 22:43:07 UTC |
ba38a88 | Thomas Graf | 27 March 2017, 14:50:58 UTC | bpf: Drop all IPv6 packets which are subject to proxy redirect IPv6 proxy redirection is not fully supported yet. Drop these packets to indicate that this is an unsupported feature. This is better than to bypass possible security rules which may be intentend to be applied to both IPv4 and IPv6. Signed-off-by: Thomas Graf <thomas@cilium.io> | 27 March 2017, 22:04:14 UTC |
629d62e | Thomas Graf | 27 March 2017, 13:24:37 UTC | daemon: Attach BPF program immediately after join The current model was to wait until the labels have been resolved and the identity has been derived before the BPF was generated and attached. This meant that the container was capable of sending a few packets into the empty veth pair which were routed by the Linux host. Instead, attach a BPF program immediately with the identity unresolved. The program will drop all packets because the policy has not been resolved yet. This is required to ensure we can drop initial connection attempts by the container and force retransmits which then go through the policy enforcement engine. Resolves long standing issue of connectivity issues when running: `docker run [...] curl [...]` Signed-off-by: Thomas Graf <thomas@cilium.io> | 27 March 2017, 22:04:14 UTC |
be5c051 | Marcin Skarbek | 23 March 2017, 05:58:14 UTC | rewrite of build-rpm make target Signed-off-by: Marcin Skarbek <git@skarbek.name> | 27 March 2017, 21:53:45 UTC |
e9100e1 | Thomas Graf | 27 March 2017, 14:17:26 UTC | doc: Remove "Cilium" prefix from main sections Signed-off-by: Thomas Graf <thomas@cilium.io> | 27 March 2017, 20:57:41 UTC |
3802141 | Thomas Graf | 27 March 2017, 12:53:29 UTC | doc: Various typo on style fixes Feedback provided by Romain Lenglet and Michi Mutsuzaki Signed-off-by: Thomas Graf <thomas@cilium.io> | 27 March 2017, 20:57:41 UTC |
c354dbf | Thomas Graf | 27 March 2017, 11:43:57 UTC | doc: Note that vagrant >= 1.8.3 is required Signed-off-by: Thomas Graf <thomas@cilium.io> | 27 March 2017, 20:57:41 UTC |
805ebac | Dan Wendlandt | 27 March 2017, 20:21:51 UTC | Doc: Fix-up the getting started guide Signed-off-by: Dan Wendlandt <danwent@gmail.com> | 27 March 2017, 20:33:02 UTC |
6be2cb1 | Thomas Graf | 27 March 2017, 10:38:30 UTC | bpf: Disable assembly debugging output by default This reduces the build time to generate programs Signed-off-by: Thomas Graf <thomas@cilium.io> | 27 March 2017, 19:25:44 UTC |
f9f2a07 | Thomas Graf | 27 March 2017, 10:33:23 UTC | policy: Drop all packets until policy has been calculated When a container is started there is a short time period until the policy has been calculated and applied, drop all ingress and egress packets in that time period to ensure we are not bypassing policy rules. Signed-off-by: Thomas Graf <thomas@cilium.io> | 27 March 2017, 19:25:44 UTC |
f2db293 | Thomas Graf | 27 March 2017, 09:19:55 UTC | bpf: Add DROP_ALL define to drop all traffic Signed-off-by: Thomas Graf <thomas@cilium.io> | 27 March 2017, 19:25:44 UTC |
e025484 | André Martins | 27 March 2017, 18:20:23 UTC | Vagrantfile: bumping minimal vagrant version required Signed-off-by: André Martins <andre@cilium.io> | 27 March 2017, 19:25:19 UTC |
ab1e785 | Thomas Graf | 27 March 2017, 15:11:34 UTC | doc: Added requirements.txt to install sphinxcontrib-httpdomain Signed-off-by: Thomas Graf <thomas@cilium.io> | 27 March 2017, 15:12:34 UTC |
82e3136 | Dan Wendlandt | 25 March 2017, 19:27:06 UTC | Docs: initial work on architecture guide and admin guide. Signed-off-by: Dan Wendlandt <danwent@gmail.com> | 27 March 2017, 15:02:13 UTC |
8efbf1e | Daniel Borkmann | 26 March 2017, 20:17:19 UTC | bpf, tests: cleanup really all server1-5 containers On cleanup, we need to remove server1 to server5, not just server1 and server2. Signed-off-by: Daniel Borkmann <daniel@cilium.io> | 26 March 2017, 21:29:07 UTC |
b31931e | Thomas Graf | 25 March 2017, 07:06:15 UTC | bpf: Omit IPv4 policy enforcement if IPv4 is disabled Signed-off-by: Thomas Graf <thomas@cilium.io> | 26 March 2017, 19:00:27 UTC |
a86beb1 | Thomas Graf | 25 March 2017, 07:05:19 UTC | daemon: Do not run IPv4 CT if IPv4 is disabled Signed-off-by: Thomas Graf <thomas@cilium.io> | 26 March 2017, 19:00:27 UTC |
d6b1322 | Thomas Graf | 25 March 2017, 06:36:52 UTC | Use -nv when using wget to download stuff Spams the vagrant log like crazy Signed-off-by: Thomas Graf <thomas@cilium.io> | 26 March 2017, 16:56:04 UTC |
4b933e6 | Thomas Graf | 25 March 2017, 06:36:52 UTC | examples: Fix policy in kubernetes example Signed-off-by: Thomas Graf <thomas@cilium.io> | 26 March 2017, 16:56:04 UTC |
072a685 | Thomas Graf | 25 March 2017, 05:20:49 UTC | daemon: Disable NAT46 by default It adds complexity to the BPF programs, require user to enable this feature specifically. Signed-off-by: Thomas Graf <thomas@cilium.io> | 26 March 2017, 16:47:01 UTC |
34ad022 | Thomas Graf | 25 March 2017, 05:19:54 UTC | daemon: Only enable NAT46 if IPv4 has been enabled Current BPF programs require IPv4 to be enabled in order for NAT46 to be effective Signed-off-by: Thomas Graf <thomas@cilium.io> | 26 March 2017, 16:47:01 UTC |
c2091c5 | Thomas Graf | 25 March 2017, 04:47:41 UTC | bpf: Protect ipv4_redirect_to_host_port() with LXC_IPV4 The caller is protected by LXC_IPV4 as well. Fixes the following error: In file included from /var/lib/cilium/bpf/bpf_lxc.c:38: /var/lib/cilium/bpf/lib/lxc.h:93:29: error: use of undeclared identifier 'LXC_IPV4' .saddr = __constant_htonl(LXC_IPV4), Fixes: 770ad9ccb2de7cb ("proxy: Initial transparent proxy support") Signed-off-by: Thomas Graf <thomas@cilium.io> | 26 March 2017, 16:47:01 UTC |
bc255c3 | Thomas Graf | 25 March 2017, 00:39:14 UTC | Add version command and flag to tools cilium version cilium-agent --version Encodes version, git sha abbrev, git commit date, and go build version Fixes: #449 Signed-off-by: Thomas Graf <thomas@cilium.io> | 26 March 2017, 16:35:17 UTC |
53be5c4 | Thomas Graf | 25 March 2017, 00:39:44 UTC | daemon: Fix bindata.go Previous generated data included bpf/go/map_ctrl binary for some reason Signed-off-by: Thomas Graf <thomas@cilium.io> | 26 March 2017, 13:59:07 UTC |
9546bf0 | Thomas Graf | 24 March 2017, 23:02:47 UTC | doc: Do not include sphinx_rtd_theme as a submodule Signed-off-by: Thomas Graf <thomas@cilium.io> | 26 March 2017, 09:58:46 UTC |
1635c32 | Daniel Borkmann | 26 March 2017, 00:31:29 UTC | cilium: update go bindata after bpf changes After changing the BPF code, we need to rebuild the bindata once again. Signed-off-by: Daniel Borkmann <daniel@cilium.io> | 26 March 2017, 00:59:02 UTC |
90c9948 | Daniel Borkmann | 26 March 2017, 00:13:53 UTC | bpf: add probe and workaround for set_hash_invalid 4.8 kernel doesn't have set_hash_invalid(), so we need to add a probe plus workaround to use BPF_F_INVALIDATE_HASH via bpf_skb_store_bytes() instead. Lets not try to be clever for just 4.8 and add this to various other locations that eventually call this, as they are subject to future change and just make it harder to review. Keeping all in lb_enforce_rehash() is much simpler (despite ugly workaround). Signed-off-by: Daniel Borkmann <daniel@cilium.io> | 26 March 2017, 00:59:02 UTC |
2fe1e16 | Daniel Borkmann | 25 March 2017, 22:37:20 UTC | cilium: update go bindata after bpf changes After changing the BPF code, we need to rebuild the bindata of course so this gets shipped properly. Signed-off-by: Daniel Borkmann <daniel@cilium.io> | 25 March 2017, 23:09:15 UTC |
61b9316 | Daniel Borkmann | 25 March 2017, 21:44:50 UTC | bpf: really enforce rehashing of skb->hash The 06-lb test case was causing connection timeouts (at least for the IPv4 lb tests, but not for IPv6 it seems) and giving really poor IPv4 performance on httpd. pcap files showed heavy retransmissions after some point in time. From kernel side, allocation failures (f.e. from map element side) have not been observed, independent of hashtable or LRU. Then, replacing httpd with nginx gave same results as well as replacing various clients. wrk tests seemed to provide consistent results although ab tests not (issuing connection timeouts), so could be related to longer-living tcp connections. Also 01-ct test was running fine for IPv6/IPv4, so it must have been lb related. Next, reducing the number of backends to 1 in IPv4 made the test working again as well as having X,X>1 backends all pointing to the same server, so it must have been in the service selection, that scarcely the selection of backends was not consistent for a flow. Turned out that get_hash_recalc() was not used correctly in this context. The helper calls skb_get_hash() in the kernel and rehashes if we don't have an l4 hash or that l4 hash is not a sw hash. Given we mangle the packets in various paths, they still keep the stale original skb->hash around, but what we want is really to calculate the hash of the current packet state at the point where we are in lb{4,6}_select_slave(), so we can make a consistent lb decision. This at least fixes the timeouts on my side and makes v4/v6 results similar/consistent. Also, hash is really __u32 and not __be16 type. Signed-off-by: Daniel Borkmann <daniel@cilium.io> | 25 March 2017, 23:09:15 UTC |
41ab53f | Alexander Alemayhu | 25 March 2017, 22:09:11 UTC | README: add Read the Docs link RtD let's you read the docs chapter by chapter. It also has some nice format offers for downloading. Having a badge makes it more visible. Signed-off-by: Alexander Alemayhu <alexander@alemayhu.com> | 25 March 2017, 22:30:19 UTC |
d1e538c | Thomas Graf | 24 March 2017, 20:32:05 UTC | doc: Refer to new vagrant box in vagrant guide Signed-off-by: Thomas Graf <thomas@cilium.io> | 25 March 2017, 21:15:30 UTC |
ec25f76 | Thomas Graf | 24 March 2017, 20:26:26 UTC | doc: Use readthedocs.io sphinx theme Signed-off-by: Thomas Graf <thomas@cilium.io> | 25 March 2017, 21:15:30 UTC |
cc5bb52 | André Martins | 25 March 2017, 04:12:21 UTC | daemon: ignore running containers If some containers were created with a cilium instance and that cilium instance is stopped those containers should be kept with their network running as best effort. If a new cilium instance is started in the same machine, cilium could potentially allocate conflicting IP addresses used by the containers started by the previous cilium instance. This could cause conflicting endpoint IDs and at worst case, it could wrongly assign security IDs to the new containers with the conflicting IP addresses. With this commit, we check for running containers and add them to the list of ignored containers plus allocate their running containers. Reported-by: Dan Wendlandt <danwent@gmail.com> Signed-off-by: André Martins <andre@cilium.io> | 25 March 2017, 21:14:47 UTC |
d76fb42 | Thomas Graf | 23 March 2017, 22:36:57 UTC | bpf: Add empty install target Silences the following build warning: ==> cilium-master: make[1]: *** No rule to make target `install'. Stop. Signed-off-by: Thomas Graf <thomas@cilium.io> | 25 March 2017, 21:14:09 UTC |
1067a95 | André Martins | 25 March 2017, 19:06:52 UTC | start.sh: always assign IPv4 NFS if IPv4=0 Signed-off-by: André Martins <andre@cilium.io> | 25 March 2017, 20:34:58 UTC |
8d33b07 | Dan Wendlandt | 24 March 2017, 19:37:09 UTC | Updated intro + gettignstarted | 25 March 2017, 20:31:55 UTC |
714dfc3 | Thomas Graf | 24 March 2017, 19:37:09 UTC | Convert documentation to use sphinx-doc Signed-off-by: Thomas Graf <thomas@cilium.io> | 25 March 2017, 20:31:55 UTC |
5675de9 | Alexander Alemayhu | 25 March 2017, 19:39:10 UTC | labels: correct comment o s/IDNameHost/IDNameWorld Related-to: #153 (Resolve golint warnings) Signed-off-by: Alexander Alemayhu <alexander@alemayhu.com> | 25 March 2017, 20:12:33 UTC |
a110ffa | Thomas Graf | 25 March 2017, 19:07:02 UTC | Example: Use new tgraf/nettools container image Signed-off-by: Thomas Graf <thomas@cilium.io> | 25 March 2017, 20:08:54 UTC |
62f2f0f | Thomas Graf | 25 March 2017, 18:33:01 UTC | Vagrantfile: Use new vagrant box cilium/ubuntu-16.10 We have been using a vagrant box which included a custom kernel build based on the net-next kernel git repository tree. Since all required changes have been merged upstream we can start using official base images and just install a recent enough kernel (4.9.17) Signed-off-by: Thomas Graf <thomas@cilium.io> | 25 March 2017, 20:08:54 UTC |
b9afa89 | Thomas Graf | 25 March 2017, 18:33:01 UTC | packer: packer scripts have been moved to separate repositories Signed-off-by: Thomas Graf <thomas@cilium.io> | 25 March 2017, 20:08:54 UTC |
8671d7f | Thomas Graf | 25 March 2017, 18:33:01 UTC | README: Update prerequisites Fixes: #310 Signed-off-by: Thomas Graf <thomas@cilium.io> | 25 March 2017, 20:08:54 UTC |
2677c96 | Alexander Alemayhu | 25 March 2017, 10:50:37 UTC | golint: fix warnings for pkg/labels/labels.go Fixes the following warnings Line 37: warning: exported const ID_NAME_ALL should have comment (or a comment on this block) or be unexported (golint) Line 42: warning: exported type LabelOpType should have comment or be unexported (golint) Line 46: warning: exported const AddLabelsOp should have comment (or a comment on this block) or be unexported (golint) Line 52: warning: exported type LabelOp should have comment or be unexported (golint) Line 54: warning: exported type OpLabels should have comment or be unexported (golint) Line 63: warning: exported method OpLabels.DeepCopy should have comment or be unexported (golint) Line 71: warning: exported method OpLabels.Enabled should have comment or be unexported (golint) Line 85: warning: exported function NewOplabelsFromModel should have comment or be unexported (golint) Line 97: warning: exported type LabelOwner should have comment or be unexported (golint) Line 198: warning: exported method Label.IsAllLabel should have comment or be unexported (golint) Line 203: warning: exported method Label.Matches should have comment or be unexported (golint) Line 314: warning: exported method Labels.DeepCopy should have comment or be unexported (golint) Line 327: warning: exported function NewLabelsFromModel should have comment or be unexported (golint) Line 337: warning: exported method Labels.GetModel should have comment or be unexported (golint) Line 455: warning: exported function ParseStringLabels should have comment or be unexported (golint) Line 465: warning: exported function LabelSliceSHA256Sum should have comment or be unexported (golint) Line 473: warning: exported function ParseStringLabelsInOrder should have comment or be unexported (golint) Related-to: #153 (Resolve golint warnings) Signed-off-by: Alexander Alemayhu <alexander@alemayhu.com> | 25 March 2017, 15:39:48 UTC |
a6330f6 | Alexander Alemayhu | 25 March 2017, 13:14:02 UTC | contrib: use label instead of MAINTAINER The field has been deprecated[0]. [0]: https://docs.docker.com/engine/reference/builder/#maintainer-deprecated Signed-off-by: Alexander Alemayhu <alexander@alemayhu.com> | 25 March 2017, 15:38:47 UTC |
863aa31 | Thomas Graf | 24 March 2017, 14:00:38 UTC | demo: Fix API endpoint names of sw_demo Signed-off-by: Thomas Graf <thomas@cilium.io> | 25 March 2017, 09:14:52 UTC |
b73481a | Thomas Graf | 24 March 2017, 03:38:47 UTC | Makefile: Remove dependency of go-bindata Given the check-bindata target, depending on the the source files is pointless. Diffing the generated files is more secure. Signed-off-by: Thomas Graf <thomas@cilium.io> | 25 March 2017, 00:56:53 UTC |
bb6297a | Thomas Graf | 24 March 2017, 03:37:20 UTC | Initial proxy demo Signed-off-by: Thomas Graf <thomas@cilium.io> | 25 March 2017, 00:56:53 UTC |
1a74445 | Thomas Graf | 24 March 2017, 03:37:20 UTC | labels: Removed unused const values Signed-off-by: Thomas Graf <thomas@cilium.io> | 25 March 2017, 00:56:53 UTC |
7637545 | Thomas Graf | 24 March 2017, 03:37:20 UTC | Disable policy cache for now We need an individual proxy redirect for each endpoint. Needs to be changed so we can re-add policy caching. Signed-off-by: Thomas Graf <thomas@cilium.io> | 25 March 2017, 00:56:53 UTC |
770ad9c | Thomas Graf | 24 March 2017, 03:37:20 UTC | proxy: Initial transparent proxy support Transparent redirection of packets into a proxy in either user or kernel space. The configuration occurs through the L4 policy which can now redirect to an L4 port. An initial POC implementation of a proxy runs a separate go subroutine for each endpoint which requires redirection. It can receive metadata from the datapath via BPF maps. Signed-off-by: Thomas Graf <thomas@cilium.io> | 25 March 2017, 00:56:53 UTC |
d002319 | Thomas Graf | 24 March 2017, 03:37:20 UTC | vendor: Add vulcand dependencies Signed-off-by: Thomas Graf <thomas@cilium.io> | 25 March 2017, 00:56:53 UTC |
e5413aa | Alexander Alemayhu | 24 March 2017, 13:38:11 UTC | golint: reduce cyclomatic complexity of loadPolicy Moved for loops into own functions. Fixes the following warning Line 154: warning: cyclomatic complexity 17 of function loadPolicy() is high (> 15) (gocyclo) Related-to: #153 (Resolve golint warnings) Signed-off-by: Alexander Alemayhu <alexander@alemayhu.com> | 24 March 2017, 22:32:47 UTC |
54d55ef | Alexander Alemayhu | 24 March 2017, 17:32:42 UTC | README: add GoDoc link There is still a lot missing from the documentation, but what is there might be useful for someone wanting to read the code from a browser similar to lxr. Signed-off-by: Alexander Alemayhu <alexander@alemayhu.com> | 24 March 2017, 22:32:27 UTC |
a3418f5 | Alexander Alemayhu | 24 March 2017, 11:54:33 UTC | golint: fix warnings for daemon/ct.go Fixes the following warnings daemon/ct.go:29:2: exported const GcInterval should have comment (or a comment on this block) or be unexported daemon/ct.go:61:1: exported method Daemon.EnableConntrackGC should have comment or be unexported Related-to: #153 (Resolve golint warnings) Signed-off-by: Alexander Alemayhu <alexander@alemayhu.com> | 24 March 2017, 16:42:44 UTC |
da2b031 | Daniel Borkmann | 24 March 2017, 08:50:12 UTC | cilium: update on go bindata due to change in raw_main Rerun of bindata to include the map->type fix. Signed-off-by: Daniel Borkmann <daniel@cilium.io> | 24 March 2017, 16:37:52 UTC |
6868d47 | Daniel Borkmann | 24 March 2017, 08:48:19 UTC | bpf: don't assume hash map in raw_main From initial testing I always had BPF_MAP_TYPE_HASH, but since we need to test for different map types, use map->type as it was intended. Signed-off-by: Daniel Borkmann <daniel@cilium.io> | 24 March 2017, 16:37:52 UTC |
d3d1e88 | Alexander Alemayhu | 23 March 2017, 22:21:10 UTC | ipam: remove {CNI,Libnetwork}IPAMType Only CNIIPAMType was in use at one call site. Inline a value instead. Suggested-by: André Martins <andre@cilium.io> Signed-off-by: Alexander Alemayhu <alexander@alemayhu.com> | 24 March 2017, 04:05:04 UTC |
b5c79d8 | Alexander Alemayhu | 23 March 2017, 19:45:09 UTC | golint: reduce comment warnings Fixes all the warnings with the following pattern ... comment on exported function xYZ should be of the form "xYZ ..." Related-to: #153 (Resolve golint warnings) Signed-off-by: Alexander Alemayhu <alexander@alemayhu.com> | 24 March 2017, 04:05:04 UTC |
5b1dbd7 | Daniel Borkmann | 24 March 2017, 00:47:22 UTC | cilium: regenerate go bindata due to changes in bpf code Since we've updated the probes and bpf_lxc, we had to regenerate go bindata in here. Separate commit to reduce noise. Signed-off-by: Daniel Borkmann <daniel@cilium.io> | 24 March 2017, 01:28:57 UTC |
f50d1b6 | Daniel Borkmann | 23 March 2017, 17:22:05 UTC | bpf: lb test, also use bombardier for testing http Two things: fix LIB path as otherwise we cannot compile bpf_lb.o, and add also http tests with bombardier. Right now IPv6 tests look all fine and IPv4 tests Signed-off-by: Daniel Borkmann <daniel@cilium.io> | 24 March 2017, 01:28:57 UTC |
c9325f1 | Daniel Borkmann | 23 March 2017, 10:09:25 UTC | bpf: raw_mark_map_val needs at least 4.9.17 kernel Since related commits have landed in stable now [1], we can relax the requirement of 4.10+ to 4.9.17+ kernels. [1] http://www.mail-archive.com/linux-kernel@vger.kernel.org/msg1359777.html Signed-off-by: Daniel Borkmann <daniel@cilium.io> | 24 March 2017, 01:28:57 UTC |
993b983 | Daniel Borkmann | 21 March 2017, 16:23:37 UTC | bpf: move v4/v6 ct tables to lru map Add a probe whether BPF LRU map is available and if so then use the LRU-based hash table map instead of the traditional hash table. It uses a global lru list, not the strictly per-cpu one to save memory cost. As a side-effect, when using lru, we disable the gc in the go daemon and can just reuse stale entries. Also, update bpf/bpf_features.h so we can build test locally. Signed-off-by: Daniel Borkmann <daniel@cilium.io> | 24 March 2017, 01:28:57 UTC |
97e2e0a | Daniel Borkmann | 21 March 2017, 16:23:37 UTC | bpf: various ab test tweaks in 06-lb.sh Comment out the ping6 since that doesn't work yet. Add tests with HTTP KeepAlive (-k) and without. Continue when a socket error has occured (-r) f.e. on timeout, etc. Add a fixed number of -n 1000000 requests and vary concurrency. Signed-off-by: Daniel Borkmann <daniel@cilium.io> | 24 March 2017, 01:28:57 UTC |
724c776 | Daniel Borkmann | 21 March 2017, 17:12:34 UTC | bpf: sync bpf.h uapi header with upstream kernel It's needed for the test case of LRU map, so that compilation doesn't fail for the probe and later on BPF bits. Signed-off-by: Daniel Borkmann <daniel@cilium.io> | 24 March 2017, 01:28:57 UTC |
9a68022 | Thomas Graf | 23 March 2017, 16:04:27 UTC | Vagrantfile: Bump memory to 3G I'm frequently seeing the following errors when running out of memory with vagrant: ==> cilium-master: # github.com/cilium/cilium/daemon ==> cilium-master: /usr/local/go/pkg/tool/linux_amd64/link: running gcc failed: fork/exec /usr/bin/gcc: cannot allocate memory Signed-off-by: Thomas Graf <thomas@cilium.io> | 23 March 2017, 20:34:09 UTC |
759fd15 | Thomas Graf | 23 March 2017, 15:43:57 UTC | demo: Update demos to new defaults Some commands have been renamed and policy enforcement has been turned off by default with a default on on policy load Signed-off-by: Thomas Graf <thomas@cilium.io> | 23 March 2017, 20:30:16 UTC |
52ef4ec | Thomas Graf | 23 March 2017, 14:53:48 UTC | demo2: Enable policy enforcement Given that policy enforcement is disabled by default if no policy has been loaded, we need to enable policy enforcement. Signed-off-by: Thomas Graf <thomas@cilium.io> | 23 March 2017, 20:30:16 UTC |
8e49c90 | Thomas Graf | 23 March 2017, 14:48:34 UTC | demo/tests: Update location of netperf and nettools docker images Signed-off-by: Thomas Graf <thomas@cilium.io> | 23 March 2017, 20:30:16 UTC |
a296a0e | Alexander Alemayhu | 23 March 2017, 18:41:11 UTC | golint: fix warnings for common/const.go Fixes the following warnings Line 42: warning: comment on exported const ServicesKeyPath should be of the form "ServicesKeyPath ..." (golint) Line 71: warning: comment on exported const K8sEnvNodeNameSpec should be of the form "K8sEnvNodeNameSpec ..." (golint) Line 73: warning: comment on exported const ReservedLabelSource should be of the form "ReservedLabelSource ..." (golint) Line 75: warning: comment on exported const ReservedLabelKey should be of the form "ReservedLabelKey ..." (golint) Line 88: warning: comment on exported const NetdevHeaderFileName should be of the form "NetdevHeaderFileName ..." (golint) Related-to: #153 (Resolve golint warnings) Signed-off-by: Alexander Alemayhu <alexander@alemayhu.com> | 23 March 2017, 19:26:50 UTC |
542198d | Alexander Alemayhu | 23 March 2017, 14:24:52 UTC | golint: fix warnings for common/addressing/defaults.go Fixes the following warnings Line 22: warning: comment on exported const DefaultIPv6Prefix should be of the form "DefaultIPv6Prefix ..." (golint) Line 24: warning: comment on exported const DefaultIPv6PrefixLen should be of the form "DefaultIPv6PrefixLen ..." (golint) Line 26: warning: comment on exported const DefaultIPv4Prefix should be of the form "DefaultIPv4Prefix ..." (golint) Line 29: warning: comment on exported const DefaultIPv4PrefixLen should be of the form "DefaultIPv4PrefixLen ..." (golint) Line 31: warning: comment on exported const DefaultIPv4ClusterPrefixLen should be of the form "DefaultIPv4ClusterPrefixLen ..." (golint) Line 33: warning: comment on exported const DefaultNAT46Prefix should be of the form "DefaultNAT46Prefix ..." (golint) Line 52: warning: comment on exported var ContainerIPv6Mask should be of the form "ContainerIPv6Mask ..." (golint) Line 55: warning: comment on exported var ContainerIPv4Mask should be of the form "ContainerIPv4Mask ..." (golint) Line 59: warning: exported var IPv6DefaultRoute should have comment or be unexported (golint) Related-to: #153 (Resolve golint warnings) Signed-off-by: Alexander Alemayhu <alexander@alemayhu.com> | 23 March 2017, 18:25:03 UTC |
a4aac42 | Michi Mutsuzaki | 23 March 2017, 18:00:32 UTC | Set Jenkins timeout to 30 minutes Abort the Jenkins build if it takes more than 30 minutes. Signed-off-by: Michi Mutsuzaki <michi@covalent.io> | 23 March 2017, 18:24:41 UTC |
f697b0c | Tobias Klauser | 23 March 2017, 10:26:21 UTC | bpf: map: Add new map-in-map types introduced upstream Add the new map types MapTypeArrayOfMaps and MapTypeHashOfMaps to match BPF_MAP_TYPE_ARRAY_OF_MAPS and BPF_MAP_TYPE_HASH_OF_MAPS. They were introduced in the net-next tree in commits 56f668dfe00d ("bpf: Add array of maps support") and bcc6b1b7ebf8 ("bpf: Add hash of maps support"), respectively. Signed-off-by: Tobias Klauser <tklauser@distanz.ch> | 23 March 2017, 13:52:12 UTC |