graymon

Pr/gray/main/fix leak detection race

1

Please ensure your pull request adheres to the following guidelines: - [ ] For first time contributors, read [Submitting a pull request](https://docs.cilium.io/en/stable/contributing/development/contributing_guide/#submitting-a-pull-request) - [ ] All code is covered by...

ipsec: Fix unencrypted traffic when IPsec is used with L7 egress proxy

6

This PR fixes unencrypted traffic among nodes when IPsec is used with L7 egress proxy. Fixes: #31984 ```release-note Fixes unencrypted traffic among nodes when IPsec is used with L7 egress...

ipsec: Fix unencrypted traffic when IPsec is used with L7 egress proxy

11

This PR fixes unencrypted traffic among nodes when IPsec is used with L7 egress proxy. This PR supersedes #31955 that didn't take https://github.com/cilium/proxy/pull/742 into consideration. (The last three patches are...

Security advisory: https://github.com/cilium/cilium/security/advisories/GHSA-j89h-qrvr-xc36 Previous PRs (#29530, #29594, #30095) addressed the vulnerabilities for IPsec and L7 ingress proxy, this issue is opened for IPsec and L7 **egress** proxy. ## Initial Attempts...

[v1.14] ipsec: Safely delete Xfrm state

2

- [ ] #32450 @jschwinger233 Once this PR is merged, a GitHub action will update the labels of these PRs: ```upstream-prs 32450 ```

[v1.13] ipsec: Safely delete Xfrm state

4

- [ ] #32450 @jschwinger233 Once this PR is merged, a GitHub action will update the labels of these PRs: ```upstream-prs 32450 ```

Pr/gray/v1.15/decouple ipsec gh actions

2

Please ensure your pull request adheres to the following guidelines: - [ ] For first time contributors, read [Submitting a pull request](https://docs.cilium.io/en/stable/contributing/development/contributing_guide/#submitting-a-pull-request) - [ ] All code is covered by...

github: Split conn-disrupt-test action

6

Please ensure your pull request adheres to the following guidelines: - [ ] For first time contributors, read [Submitting a pull request](https://docs.cilium.io/en/stable/contributing/development/contributing_guide/#submitting-a-pull-request) - [ ] All code is covered by...

Attach to-wireguard to the tc egress of cilium_wg0

2

Fixes: https://github.com/cilium/cilium/issues/32899 Please ensure your pull request adheres to the following guidelines: - [ ] For first time contributors, read [Submitting a pull request](https://docs.cilium.io/en/stable/contributing/development/contributing_guide/#submitting-a-pull-request) - [ ] All code is...

When XDP is attached to a veth, skbs will be consumed and re-created on that veth. This is done in the function veth_convert_skb_to_xdp_buff(): ``` // drivers/net/veth.c static int veth_convert_skb_to_xdp_buff(struct veth_rq...