Jarno Rajahalme
Jarno Rajahalme
CT_REOPENED was originally added in https://github.com/cilium/cilium/pull/13340 to emit policy verdicts for apparently re-opened TCP connections, which are in fact more likely to be newly opened TCP connections rather than re-opened...
Hold MapStateEntries in `entries` map, `trie` and `cidr` within the `trie` are additional indices for the same MapStateEntries. `cidr` only indexes keys with CIDR identities, while `trie` indexes keys by...
Use the actual unexpected value, rather then the one that was not found. Fixes: #29162
cilium-cli issues a daemon policy get command to get the current policy revision before updating policy. Then it waits for all the endpoints to have been bumped to the next...
Unit tests do not need the event queues running, this cuts off ~1000 goroutines, which makes debugging test issues easier.
Make SelectorCache identity updates transactional. This allows changes to selections of different selectors to appear at once on a new version published by the selector cache after all the changes...
Remove redundant map operations. If key exists in the allows map, then the entry is an allow entry, and updates in the denies map are not necessary, and the other...
Make MapState `Key` type smaller so that it fits into 64 bits, and only use the non-Identity part (32 bits) in `bitlpm.Trie`. These changes make a mapstate benchmark >10% faster...
Ipcache may be seemingly up-to-date, but the operations to that effect may still be ongoing. If that is the case, wait for the current ipcache revision instead of the revision...
Keep policy MapState internals private to the policy package. To do this we define `endpoint.realizedPolicy` that is no longer simply a pointer to the realized EndpointPolicy, but refers the endpoint...