Revision 8f5e88fddc25e5c34060aa2279bf80f823e4bc06 authored by Timo Beckers on 11 June 2024, 14:08:54 UTC, committed by Timo Beckers on 13 June 2024, 13:51:55 UTC
At its inception, Cilium had an external ebpf loader (iproute2) that didn't deal with changes to map properties (type/k/v/maxentries/flags). To allow the agent to upgrade/downgrade maps, a 'map migration' system was introduced that would take the new ELF and compare its maps against their pinned counterparts on the system's bpffs. Incompatible maps were renamed using a ':pending' suffix to allow the loader to create and pin a new instance of the map at its old path. If all went well, the :pending map was removed. Even though it served us for many years, this system wasn't without its drawbacks, primarily the many moving parts (files) to manage on bpffs, as well as its obscuring of subtle bugs in managing tail call map lifecycle. This commit replaces the map migration system with a commit-based system that doesn't modify any bpffs-related resources until all of an ELF's entrypoints are attached and all cross-ELF tail calls (policy progs) have been inserted. After commit() has run for a Collection, only one copy of each map pin will be present on bpffs. This removes all possibility of previous ELF generations being partially attached somewhere, still handling traffic using an old tail call map. Such cases will now fail loudly with the 'missed tail call' metric increasing due to the old tail call map pins being removed. Signed-off-by: Timo Beckers <timo@isovalent.com>
1 parent 8fae0eb
| File | Mode | Size |
|---|---|---|
| .devcontainer | ||
| .github | ||
| .nvim | ||
| .vscode | ||
| Documentation | ||
| api | ||
| bpf | ||
| bugtool | ||
| cilium-dbg | ||
| cilium-health | ||
| clustermesh-apiserver | ||
| contrib | ||
| daemon | ||
| examples | ||
| hack | ||
| hubble | ||
| hubble-relay | ||
| images | ||
| install | ||
| operator | ||
| pkg | ||
| plugins | ||
| test | ||
| tools | ||
| vendor | ||
| .authors.aux | -rw-r--r-- | 416 bytes |
| .clang-format | -rw-r--r-- | 7.6 KB |
| .clomonitor.yml | -rw-r--r-- | 984 bytes |
| .gitattributes | -rw-r--r-- | 887 bytes |
| .gitignore | -rw-r--r-- | 1.8 KB |
| .golangci.yaml | -rw-r--r-- | 4.4 KB |
| .mailmap | -rw-r--r-- | 6.9 KB |
| AUTHORS | -rw-r--r-- | 51.5 KB |
| CODEOWNERS | -rw-r--r-- | 28.2 KB |
| CODE_OF_CONDUCT.md | -rw-r--r-- | 2.2 KB |
| CONTRIBUTING.md | -rw-r--r-- | 691 bytes |
| FURTHER_READINGS.rst | -rw-r--r-- | 6.4 KB |
| LICENSE | -rw-r--r-- | 11.1 KB |
| MAINTAINERS.md | -rw-r--r-- | 4.6 KB |
| Makefile | -rw-r--r-- | 25.3 KB |
| Makefile.defs | -rw-r--r-- | 7.5 KB |
| Makefile.docker | -rw-r--r-- | 7.1 KB |
| Makefile.kind | -rw-r--r-- | 16.8 KB |
| Makefile.quiet | -rw-r--r-- | 818 bytes |
| README.rst | -rw-r--r-- | 19.6 KB |
| SECURITY-INSIGHTS.yml | -rw-r--r-- | 2.1 KB |
| SECURITY.md | -rw-r--r-- | 1.0 KB |
| USERS.md | -rw-r--r-- | 35.0 KB |
| VERSION | -rw-r--r-- | 11 bytes |
| Vagrantfile | -rw-r--r-- | 14.9 KB |
| go.mod | -rw-r--r-- | 13.6 KB |
| go.sum | -rw-r--r-- | 96.9 KB |
| netlify.toml | -rw-r--r-- | 92 bytes |
| stable.txt | -rw-r--r-- | 8 bytes |
| vagrant_box_defaults.rb | -rw-r--r-- | 334 bytes |
Computing file changes ...
