Martynas Pumputis
Martynas Pumputis
Previously, we required users to restart cilium-agent upon the key change. After https://github.com/cilium/cilium/pull/19814, this is no longer the case. If a new key(s) changes packet size, then the MTU will...
A mixture of `iptables-nft` and `iptables-legacy` rules is known to be a culprit of weird issues (e.g., unexpected pkt drops) - https://github.com/kubernetes-sigs/iptables-wrappers#background. We should do an early detection of such...
At the time of writing this issue, we use `iptables-legacy` in LVH VMs which are run by the ci-e2e job. Considering that many distros are switching to `iptables-nft`, we should...
We run [K8sDatapathConfiguration](https://github.com/cilium/cilium/blob/master/test/k8s/datapath_configuration.go) on [the old 5.4 CI pipeline](https://jenkins.cilium.io/job/cilium-master-k8s-1.24-kernel-5.4/) just to check for BPF complexity issues. However, we already have a Github action to check for BPF complexity issues -...
As discussed offline, we have decided to bump the minimal supported kernel vsn to 4.18 on RHEL / 4.19 other distros in v1.13. This is a placeholder issue to track...
bpf_sock depends on some BPF helpers which are guarded with ifdefs for a fallback on older kernels. To find out and to test the max complexity of the program we...
Currently, the bpf_sock's svc endpoint selection mechanism for unconnected UDP assumes that endpoints of the svc will be stored in the same order in the `lb{4,6}_services_v2` BPF map for the...
Currently, we do not differentiate between UDP and TCP services both in the BPF datapath and cilium-agent which means that services of different L4 protocols with the same port number...