{"payload":{"feedbackUrl":"https://github.com/orgs/community/discussions/53140","repo":{"id":403443992,"defaultBranch":"main","name":"cilium","ownerLogin":"ysksuzuki","currentUserCanPush":false,"isFork":true,"isEmpty":false,"createdAt":"2021-09-06T00:46:16.000Z","ownerAvatar":"https://avatars.githubusercontent.com/u/5572688?v=4","public":true,"private":false,"isOrgOwned":false},"refInfo":{"name":"","listCacheKey":"v0:1721921390.0","currentOid":""},"activityList":{"items":[{"before":null,"after":"01fbe9a6e01b681994f91b0ce6dde8ea086e39e2","ref":"refs/heads/dump-skip-lb","pushedAt":"2024-07-25T15:29:50.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"ysksuzuki","name":"Yusuke Suzuki","path":"/ysksuzuki","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/5572688?s=80&v=4"},"commit":{"message":"bugtool: dump cilium_skip_lb{4,6}\n\nCollect cilium_skip_lb{4,6} maps in sysdump\n\nfixes: #33901\n\nSigned-off-by: Yusuke Suzuki ","shortMessageHtmlLink":"bugtool: dump cilium_skip_lb{4,6}"}},{"before":null,"after":"56bb4760141b7007b3d38005e3709693e04251c7","ref":"refs/heads/remove-beta-from-lrp","pushedAt":"2024-07-01T12:49:15.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"ysksuzuki","name":"Yusuke Suzuki","path":"/ysksuzuki","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/5572688?s=80&v=4"},"commit":{"message":"docs: remove beta from local redirect policy page\n\nLRP has move to stable. #33032\n\nSigned-off-by: Yusuke Suzuki ","shortMessageHtmlLink":"docs: remove beta from local redirect policy page"}},{"before":"12a95e9fa27e2eb1c85fa578cd7778e2bbc1371c","after":"7d7d5383d573d32410ae12534830c36554922062","ref":"refs/heads/fix-state-proxy-redirect-non-tcp","pushedAt":"2024-06-19T02:17:55.000Z","pushType":"force_push","commitsCount":0,"pusher":{"login":"ysksuzuki","name":"Yusuke Suzuki","path":"/ysksuzuki","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/5572688?s=80&v=4"},"commit":{"message":"bpf: recreate CT entry if proxy_redirect is stale for non-tcp\n\nThis commit fixes the issue that datapath erroneously redirects\n(or doesn't redirect) the reply packets to the proxy if the packet\nhits the stale CT entry.\n\nThe PR #32653 fixed the issue when the TCP connection hits a closing\nstale entry by having __ct_lookup return CT_NEW in that case so that\nthe caller can recreate an entry to update the proxy_redirect flag.\n\nThis commit lets datapath recreate an entry in the case where\nnon-TCP packets hit the stale CT entry with the proxy_redirect flag,\nor an active TCP connection suddenly comes into the scope of an L7 policy.\n\nSigned-off-by: Yusuke Suzuki ","shortMessageHtmlLink":"bpf: recreate CT entry if proxy_redirect is stale for non-tcp"}},{"before":null,"after":"12a95e9fa27e2eb1c85fa578cd7778e2bbc1371c","ref":"refs/heads/fix-state-proxy-redirect-non-tcp","pushedAt":"2024-06-18T05:20:09.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"ysksuzuki","name":"Yusuke Suzuki","path":"/ysksuzuki","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/5572688?s=80&v=4"},"commit":{"message":"bpf: recreate CT entry if proxy_redirect is stale for non-tcp\n\nThis commit fixes the issue that datapath erroneously redirects\n(or doesn't redirect) the reply packets to the proxy if the packet\nhits the stale CT entry.\n\nThe PR #32653 fixed the issue for TCP by having __ct_lookup return\nCT_NEW if the packet hits a closing stale entry so that the caller\ncan recreate an entry to update the proxy_redirect flag.\n\nThis commit lets datapath recreate an entry for non-TCP in the similar\ncase to update the proxy_redirect flag.\n\nSigned-off-by: Yusuke Suzuki ","shortMessageHtmlLink":"bpf: recreate CT entry if proxy_redirect is stale for non-tcp"}},{"before":null,"after":"25044a85cdaac68dd70ddee95270d7cbd53c9674","ref":"refs/heads/skip-egress-gw-from-host","pushedAt":"2024-06-14T06:37:45.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"ysksuzuki","name":"Yusuke Suzuki","path":"/ysksuzuki","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/5572688?s=80&v=4"},"commit":{"message":"egressgw: skip gressgw handling if the packet is from host\n\nThe egress gateway handling code at bpf_host only cares\nabout packets from the egress proxy, so we can ignore\nthe packets from the host.\n\nSigned-off-by: Yusuke Suzuki ","shortMessageHtmlLink":"egressgw: skip gressgw handling if the packet is from host"}},{"before":null,"after":"e169996613bc2cd9b6ce48df991e792401b4f3be","ref":"refs/heads/fix-egw-l7-policy","pushedAt":"2024-06-02T12:13:31.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"ysksuzuki","name":"Yusuke Suzuki","path":"/ysksuzuki","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/5572688?s=80&v=4"},"commit":{"message":"docs: remove incompatibility with L7 policy\n\nSigned-off-by: Yusuke Suzuki ","shortMessageHtmlLink":"docs: remove incompatibility with L7 policy"}},{"before":"63ff99f9378705a965b1f978ab10896d6f7e0e50","after":"2e65f6e65845a802ffdd033a7734ac8687493192","ref":"refs/heads/backport-1.15-relax-ewg-rp-filter","pushedAt":"2024-05-30T05:09:00.000Z","pushType":"force_push","commitsCount":0,"pusher":{"login":"ysksuzuki","name":"Yusuke Suzuki","path":"/ysksuzuki","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/5572688?s=80&v=4"},"commit":{"message":"egressgw: Let the EGW manager relax rp_filter on egress device\n\n[ upstream commit 43d65ed933e57fb079c9f960ab82b60fb36d46fd ]\n\n[ backporter's note: The sysctl Reconciler has not been introduced in\n v1.15, so the legacy sysctl is used instead. ]\n\nPods running on the Egress GW node fail to communicate with an external\nendpoint through the Egress GW due to the rp_filter in an environment\nwhere egress IP is assigned to a different interface than the one with\nthe default route. The reply packets from the external endpoints are\ndropped by the rp_filter\n\n- A request from a local pod hits eth0 with the default route.\n It matches an IEGP, gets masqueraded & bpf-redirected to eth1 with Egress IP.\n- Replies hit eth1, are revSNATed, and passed on to the stack.\n rp-filter complains that they are received on eth1, when the route doesn't point towards eth1.\n\nThis PR fixes this issue by relaxing rp_filter on interfaces with Egress IP.\n\nSigned-off-by: Yusuke Suzuki ","shortMessageHtmlLink":"egressgw: Let the EGW manager relax rp_filter on egress device"}},{"before":null,"after":"63ff99f9378705a965b1f978ab10896d6f7e0e50","ref":"refs/heads/backport-1.15-relax-ewg-rp-filter","pushedAt":"2024-05-30T03:34:14.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"ysksuzuki","name":"Yusuke Suzuki","path":"/ysksuzuki","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/5572688?s=80&v=4"},"commit":{"message":"egressgw: Let the EGW manager relax rp_filter on egress device\n\n[ upstream commit 43d65ed933e57fb079c9f960ab82b60fb36d46fd ]\n\n[ backporter's note: The sysctl Reconciler has not been introduced in\n v1.15, so the legacy sysctl is used instread. ]\n\nPods running on the Egress GW node fail to communicate with an external\nendpoint through the Egress GW due to the rp_filter in an environment\nwhere egress IP is assigned to a different interface than the one with\nthe default route. The reply packets from the external endpoints are\ndropped by the rp_filter\n\n- A request from a local pod hits eth0 with the default route.\n It matches an IEGP, gets masqueraded & bpf-redirected to eth1 with Egress IP.\n- Replies hit eth1, are revSNATed, and passed on to the stack.\n rp-filter complains that they are received on eth1, when the route doesn't point towards eth1.\n\nThis PR fixes this issue by relaxing rp_filter on interfaces with Egress IP.\n\nSigned-off-by: Yusuke Suzuki ","shortMessageHtmlLink":"egressgw: Let the EGW manager relax rp_filter on egress device"}},{"before":null,"after":"3b71625a2f89cc319b2abf9c06c032f0162b7776","ref":"refs/heads/egw-relax-rp-filter","pushedAt":"2024-05-23T05:39:58.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"ysksuzuki","name":"Yusuke Suzuki","path":"/ysksuzuki","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/5572688?s=80&v=4"},"commit":{"message":"egressgw: Let the EGW manager relax rp_filter on egress device\n\nPods running on the Egress GW node fail to communicate with an external\nendpoint through the Egress GW due to the rp_filter in an environment\nwhere egress IP is assigned to a different interface than the one with\nthe default route. The reply packets from the external endpoints are\ndropped by the rp_filter\n\n- A request from a local pod hits eth0 with the default route.\n It matches an IEGP, gets masqueraded & bpf-redirected to eth1 with Egress IP.\n- Replies hit eth1, are revSNATed, and passed on to the stack.\n rp-filter complains that they are received on eth1, when the route doesn't point towards eth1.\n\nThis PR fixes this issue by relaxing rp_filter on interfaces with Egress IP.\n\nSigned-off-by: Yusuke Suzuki ","shortMessageHtmlLink":"egressgw: Let the EGW manager relax rp_filter on egress device"}},{"before":"c6688438efd597a6997adcb8205d3a566a9904cd","after":"57da00d4ef09c8979759babd2ceb1c542e368d54","ref":"refs/heads/poc-egw-l7-policy","pushedAt":"2024-05-07T07:04:43.000Z","pushType":"force_push","commitsCount":0,"pusher":{"login":"ysksuzuki","name":"Yusuke Suzuki","path":"/ysksuzuki","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/5572688?s=80&v=4"},"commit":{"message":"datapath: Support original source address regardless of datapath mode\n\nSupport original source address regardless of the datapath mode. This\nallows Envoy to use original source address also in the tunnel datapath\nmodes.\n\nSigned-off-by: Jarno Rajahalme ","shortMessageHtmlLink":"datapath: Support original source address regardless of datapath mode"}},{"before":null,"after":"c6688438efd597a6997adcb8205d3a566a9904cd","ref":"refs/heads/poc-egw-l7-policy","pushedAt":"2024-05-07T07:01:36.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"ysksuzuki","name":"Yusuke Suzuki","path":"/ysksuzuki","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/5572688?s=80&v=4"},"commit":{"message":"datapath: Support original source address regardless of datapath mode\n\nSupport original source address regardless of the datapath mode. This\nallows Envoy to use original source address also in the tunnel datapath\nmodes.\n\nSigned-off-by: Jarno Rajahalme ","shortMessageHtmlLink":"datapath: Support original source address regardless of datapath mode"}},{"before":"7a48985dd8c4de1cec64852997960b3b57a23016","after":"ed65b5d1e5aa6b2f4be0f9ba2d9d7962cebcf6cc","ref":"refs/heads/main","pushedAt":"2024-05-07T06:21:04.000Z","pushType":"push","commitsCount":308,"pusher":{"login":"ysksuzuki","name":"Yusuke Suzuki","path":"/ysksuzuki","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/5572688?s=80&v=4"},"commit":{"message":"ingress: control default timeout for ingress listners\n\nSigned-off-by: a5r0n ","shortMessageHtmlLink":"ingress: control default timeout for ingress listners"}},{"before":null,"after":"26521e543547b7303e8f694a8e23400aca14a671","ref":"refs/heads/fix-egw-manager-masq-check","pushedAt":"2024-04-24T02:44:23.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"ysksuzuki","name":"Yusuke Suzuki","path":"/ysksuzuki","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/5572688?s=80&v=4"},"commit":{"message":"egressgw: reject config with EnableIPv4Masquerade false\n\nCurrently, the condition check in the egw cell code is not strict enough.\nEGW doesn't work with EnableIPv4Masquerade false, but it doesn't reject\nthat config if EnableIPv6Masquerade is true.\nThis commit rejects that invalidated config.\n\nSigned-off-by: Yusuke Suzuki ","shortMessageHtmlLink":"egressgw: reject config with EnableIPv4Masquerade false"}},{"before":"20cb7cd8c10ee38f02a230a7c5dfb3f0a36a6b6d","after":"7a48985dd8c4de1cec64852997960b3b57a23016","ref":"refs/heads/main","pushedAt":"2024-04-24T02:41:49.000Z","pushType":"push","commitsCount":1455,"pusher":{"login":"ysksuzuki","name":"Yusuke Suzuki","path":"/ysksuzuki","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/5572688?s=80&v=4"},"commit":{"message":"ci: spread scheduled workflows on different branches\n\nThis causes a few issues with cloud-providers based workflows:\n- GKE - we were hitting quota issues: https://github.com/cilium/cilium/actions/runs/8746299915/job/24002950173\n- AKS - we are hitting similar throttling on API in Azure, which is triggering #32038\n\nSigned-off-by: Marcel Zieba ","shortMessageHtmlLink":"ci: spread scheduled workflows on different branches"}},{"before":null,"after":"ebfada7939c46b9a71289234fa58de630c3c6c28","ref":"refs/heads/1.16-bpf-egressgw-edt-test","pushedAt":"2024-02-14T13:01:16.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"ysksuzuki","name":"Yusuke Suzuki","path":"/ysksuzuki","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/5572688?s=80&v=4"},"commit":{"message":"debug","shortMessageHtmlLink":"debug"}},{"before":"cc9d79d06ef0b2f5c9b878bffab2406a5e4e68f3","after":"e13ec5e23f38cf524f2ea5873c1f99fd40bb5fc0","ref":"refs/heads/pressure_metrics_egw","pushedAt":"2024-01-04T08:13:34.000Z","pushType":"force_push","commitsCount":0,"pusher":{"login":"ysksuzuki","name":"Yusuke Suzuki","path":"/ysksuzuki","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/5572688?s=80&v=4"},"commit":{"message":"egressgw: Enable bpf_map_pressure metrics for egress_gw_policy_v4\n\nThis commit converts the egress_gw_policy_v4 map implementation from\nebpf.Map to bpf.Map package and enables the bpf_map_pressure metrics.\n\nFixes: https://github.com/cilium/cilium/issues/23867\n\nSigned-off-by: Yusuke Suzuki ","shortMessageHtmlLink":"egressgw: Enable bpf_map_pressure metrics for egress_gw_policy_v4"}},{"before":"2afcb614a3eeef0df963fffc52006063f96bcac9","after":"20cb7cd8c10ee38f02a230a7c5dfb3f0a36a6b6d","ref":"refs/heads/main","pushedAt":"2024-01-04T08:09:35.000Z","pushType":"push","commitsCount":30,"pusher":{"login":"ysksuzuki","name":"Yusuke Suzuki","path":"/ysksuzuki","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/5572688?s=80&v=4"},"commit":{"message":"bpf: nat: pass back ipv4_load_l4_ports()'s actual drop reason\n\nipv4_load_l4_ports() is now consistently returning a drop reason on error,\nso we can return that instead of DROP_INVALID.\n\nSigned-off-by: Julian Wiedmann ","shortMessageHtmlLink":"bpf: nat: pass back ipv4_load_l4_ports()'s actual drop reason"}},{"before":"f2490f9e26f3f419c7dd673fab5c16a2bd376d72","after":"cc9d79d06ef0b2f5c9b878bffab2406a5e4e68f3","ref":"refs/heads/pressure_metrics_egw","pushedAt":"2023-12-20T23:59:55.000Z","pushType":"force_push","commitsCount":0,"pusher":{"login":"ysksuzuki","name":"Yusuke Suzuki","path":"/ysksuzuki","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/5572688?s=80&v=4"},"commit":{"message":"egressgw: Enable bpf_map_pressure metrics for egress_gw_policy_v4\n\nThis commit converts the egress_gw_policy_v4 map implementation from\nebpf.Map to bpf.Map package and enables the bpf_map_pressure metrics.\n\nFixes: https://github.com/cilium/cilium/issues/23867\n\nSigned-off-by: Yusuke Suzuki ","shortMessageHtmlLink":"egressgw: Enable bpf_map_pressure metrics for egress_gw_policy_v4"}},{"before":"2f1b3756c8b89b86e5abba8f11d490672d03ada9","after":"2afcb614a3eeef0df963fffc52006063f96bcac9","ref":"refs/heads/main","pushedAt":"2023-12-20T23:56:48.000Z","pushType":"push","commitsCount":37,"pusher":{"login":"ysksuzuki","name":"Yusuke Suzuki","path":"/ysksuzuki","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/5572688?s=80&v=4"},"commit":{"message":"bpf: implement multicast delivery\n\nThis commit implements replication and delivery of multicast packets.\n\nThis commit also enables the Cilium datapath to access both `bpf_clone_redirect`\nand `bpf_map_for_each_elem` helpers.\n\nThe datapath flow is illustrated below:\n\n┌──────────────────────────────────────────┐\n│ │\n│ Sender │\n│ ┌──────┐ ┌─────────┐ │\n│ │ pod ├─────► bpf_lxc │ │\n│ └──────┘ └────┬────┘ │\n│ Local Receivers │ eBPF Replication │\n│ ┌──────┐ ┌──────┐ │ and Redirection │\n│ │ pod ◄─┤ veth ◄─┤(cil_from_container) │\n│ └──────┘ └──────┘ │ ┌───────┐ │\n│ ├─► vxlan │ │\n│ ┌──────┐ ┌──────┐ │ └───┬───┘ │\n│ │ pod ◄─┤ veth ◄─┘ │ │\n│ └──────┘ └──────┘ ┌────┘ │\n│ │ │\n└─────────────────────┼────────────────────┘\n │\n┌─────────────────────┼────────────────────┐\n│ │ │\n│ ┌───▼───┐ │\n│ │ vxlan │ │\n│ └───┬───┘ │\n│ Remote Receivers │ eBPF Replication │\n│ ┌──────┐ ┌──────┐ │ and Redirection │\n│ │ pod ◄─┤ veth ◄─┤ (from_overlay) │\n│ └──────┘ └──────┘ │ │\n│ │ │\n│ ┌──────┐ ┌──────┐ │ │\n│ │ pod ◄─┤ veth ◄─┘ │\n│ └──────┘ └──────┘ │\n│ │\n└──────────────────────────────────────────┘\n\nA multicast sender sends a multicast packet.\n\nThe sender's bpf_lxc program does a lookup in the multicast group map to\ndiscover who has subscribed to the group.\n\nThe program then clones and redirects the packets to the subscriber's\ningress device on the host namespace.\n\nIf the subscriber is remote the packet is cloned and redirected to a\nvxlan device for encapsulation.\n\nOnce the host stack forwards the vxlan encap'd packet to the receiving\nvxlan device on the remote host a similar \"clone and redirect\" process\nis performed once the vxlan driver decaps the packet.\n\nSigned-off-by: Louis DeLosSantos ","shortMessageHtmlLink":"bpf: implement multicast delivery"}},{"before":"790cd869ada4d7df14f6fd14e8f40cce3984d6e4","after":"f2490f9e26f3f419c7dd673fab5c16a2bd376d72","ref":"refs/heads/pressure_metrics_egw","pushedAt":"2023-12-19T01:31:49.000Z","pushType":"force_push","commitsCount":0,"pusher":{"login":"ysksuzuki","name":"Yusuke Suzuki","path":"/ysksuzuki","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/5572688?s=80&v=4"},"commit":{"message":"egressgw: Enable bpf_map_pressure metrics for egress_gw_policy_v4\n\nThis commit converts the egress_gw_policy_v4 map implementation from\nebpf.Map to bpf.Map package and enables the bpf_map_pressure metrics.\n\nFixes: https://github.com/cilium/cilium/issues/23867\n\nSigned-off-by: Yusuke Suzuki ","shortMessageHtmlLink":"egressgw: Enable bpf_map_pressure metrics for egress_gw_policy_v4"}},{"before":"fa0037638534635471c8e45583d78f87ad78b3e1","after":"2f1b3756c8b89b86e5abba8f11d490672d03ada9","ref":"refs/heads/main","pushedAt":"2023-12-19T01:29:41.000Z","pushType":"push","commitsCount":10,"pusher":{"login":"ysksuzuki","name":"Yusuke Suzuki","path":"/ysksuzuki","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/5572688?s=80&v=4"},"commit":{"message":"chore(deps): update dependency cilium/cilium-cli to v0.15.19\n\nSigned-off-by: renovate[bot] ","shortMessageHtmlLink":"chore(deps): update dependency cilium/cilium-cli to v0.15.19"}},{"before":"9079f79ee7689903a9bdb22ad34dfb98a850d864","after":"790cd869ada4d7df14f6fd14e8f40cce3984d6e4","ref":"refs/heads/pressure_metrics_egw","pushedAt":"2023-12-18T04:13:02.000Z","pushType":"force_push","commitsCount":0,"pusher":{"login":"ysksuzuki","name":"Yusuke Suzuki","path":"/ysksuzuki","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/5572688?s=80&v=4"},"commit":{"message":"egressgw: Enable bpf_map_pressure metrics for egress_gw_policy_v4\n\nThis commit converts the egress_gw_policy_v4 map implementation from\nebpf.Map to bpf.Map package and enables the bpf_map_pressure metrics.\n\nFixes: https://github.com/cilium/cilium/issues/23867\n\nSigned-off-by: Yusuke Suzuki ","shortMessageHtmlLink":"egressgw: Enable bpf_map_pressure metrics for egress_gw_policy_v4"}},{"before":null,"after":"9079f79ee7689903a9bdb22ad34dfb98a850d864","ref":"refs/heads/pressure_metrics_egw","pushedAt":"2023-12-18T03:57:21.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"ysksuzuki","name":"Yusuke Suzuki","path":"/ysksuzuki","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/5572688?s=80&v=4"},"commit":{"message":"egressgw: Enable bpf_map_pressure metrics for egress_gw_policy_v4\n\nThis commit converts the egress_gw_policy_v4 map implentation from\nebpf.Map to bpf.Map package and enables the bpf_map_pressure metrics.\n\nFixes: https://github.com/cilium/cilium/issues/23867\n\nSigned-off-by: Yusuke Suzuki ","shortMessageHtmlLink":"egressgw: Enable bpf_map_pressure metrics for egress_gw_policy_v4"}},{"before":"d745b2859afa1e362ad225864377f1124d3441f1","after":"fa0037638534635471c8e45583d78f87ad78b3e1","ref":"refs/heads/main","pushedAt":"2023-12-18T03:52:56.000Z","pushType":"push","commitsCount":68,"pusher":{"login":"ysksuzuki","name":"Yusuke Suzuki","path":"/ysksuzuki","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/5572688?s=80&v=4"},"commit":{"message":"Update AUTHORS\n\nSigned-off-by: Joe Stringer ","shortMessageHtmlLink":"Update AUTHORS"}},{"before":"276c5565e8716b9fe99aef6e89967a2bd8e1d98f","after":"d745b2859afa1e362ad225864377f1124d3441f1","ref":"refs/heads/main","pushedAt":"2023-12-11T01:56:40.000Z","pushType":"push","commitsCount":2022,"pusher":{"login":"ysksuzuki","name":"Yusuke Suzuki","path":"/ysksuzuki","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/5572688?s=80&v=4"},"commit":{"message":"test: More exceptions for level=warning logs\n\nWe have many different warnings happening in CI. Let's allowlist them\nfor now, so we can at least enforce the new check and stop the bleeding.\n\nSigned-off-by: Paul Chaignon ","shortMessageHtmlLink":"test: More exceptions for level=warning logs"}},{"before":"677603d71c46dd3e69eac64a203df98378c13988","after":"7a9de67631fb5afde8c165cbec69a71a9f5670f9","ref":"refs/heads/backport-cidr-geneve","pushedAt":"2023-12-11T01:44:57.000Z","pushType":"force_push","commitsCount":0,"pusher":{"login":"ysksuzuki","name":"Yusuke Suzuki","path":"/ysksuzuki","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/5572688?s=80&v=4"},"commit":{"message":"bpf: Fix identity determination in bpf_overlay.c\n\n[ upstream commit 895630ba293dc0e40197bbc23ce188ba1557f27f ]\n\nWhen DSR with Geneve is enabled, Cilium identity is not determined by\nthe client's IP address and requests from outside cluster are dropped even\nthough they are permitted by CiliumNetworkPolicy using `fromCIDR`.\n\nThis commit inputs identity that is from the client IP address.\n\nFixes: #29153\n\nSigned-off-by: Tomoki Sugiura ","shortMessageHtmlLink":"bpf: Fix identity determination in bpf_overlay.c"}},{"before":"ebed3ee6c21b1c1991471c4c2fd20f57bf0878d2","after":"677603d71c46dd3e69eac64a203df98378c13988","ref":"refs/heads/backport-cidr-geneve","pushedAt":"2023-12-05T14:09:54.000Z","pushType":"force_push","commitsCount":0,"pusher":{"login":"ysksuzuki","name":"Yusuke Suzuki","path":"/ysksuzuki","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/5572688?s=80&v=4"},"commit":{"message":"bpf: Fix identity determination in bpf_overlay.c\n\nWhen DSR with Geneve is enabled, Cilium identity is not determined by\nthe client's IP address and requests from outside cluster are dropped even\nthough they are permitted by CiliumNetworkPolicy using `fromCIDR`.\n\nThis commit inputs identity that is from the client IP address.\n\nFixes: #29153\n\nSigned-off-by: Tomoki Sugiura ","shortMessageHtmlLink":"bpf: Fix identity determination in bpf_overlay.c"}},{"before":"9d495375a0c6fb5ddf12fa40d59e51db88b9b4b9","after":"ebed3ee6c21b1c1991471c4c2fd20f57bf0878d2","ref":"refs/heads/backport-cidr-geneve","pushedAt":"2023-12-04T14:53:40.000Z","pushType":"force_push","commitsCount":0,"pusher":{"login":"ysksuzuki","name":"Yusuke Suzuki","path":"/ysksuzuki","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/5572688?s=80&v=4"},"commit":{"message":"bpf: Fix identity determination in bpf_overlay.c\n\nWhen DSR with Geneve is enabled, Cilium identity is not determined by\nthe client's IP address and requests from outside cluster are dropped even\nthough they are permitted by CiliumNetworkPolicy using `fromCIDR`.\n\nThis commit inputs identity that is from the client IP address.\n\nFixes: #29153\n\nSigned-off-by: Tomoki Sugiura ","shortMessageHtmlLink":"bpf: Fix identity determination in bpf_overlay.c"}},{"before":null,"after":"9d495375a0c6fb5ddf12fa40d59e51db88b9b4b9","ref":"refs/heads/backport-cidr-geneve","pushedAt":"2023-12-04T14:24:31.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"ysksuzuki","name":"Yusuke Suzuki","path":"/ysksuzuki","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/5572688?s=80&v=4"},"commit":{"message":"bpf: Fix identity determination in bpf_overlay.c\n\nWhen DSR with Geneve is enabled, Cilium identity is not determined by\nthe client's IP address and requests from outside cluster are dropped even\nthough they are permitted by CiliumNetworkPolicy using `fromCIDR`.\n\nThis commit inputs identity that is from the client IP address.\n\nFixes: #29153\n\nSigned-off-by: Tomoki Sugiura ","shortMessageHtmlLink":"bpf: Fix identity determination in bpf_overlay.c"}},{"before":null,"after":"8c70f0906a48f56463520849d9ba0798256b3928","ref":"refs/heads/fix-cidr-geneve","pushedAt":"2023-11-30T09:42:09.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"ysksuzuki","name":"Yusuke Suzuki","path":"/ysksuzuki","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/5572688?s=80&v=4"},"commit":{"message":"bpf: Fix identity determination in bpf_overlay.c\n\nThis commit is the custom backport for v1.14.\nUpstream commit: 895630ba293dc0e40197bbc23ce188ba1557f27f\n\nWhen DSR with Geneve is enabled, Cilium identity is not determined by\nthe client's IP address and requests from outside cluster are dropped even\nthough they are permitted by CiliumNetworkPolicy using `fromCIDR`.\n\nThis commit inputs identity that is from the client IP address.\n\nFixes: #29153\n\nReported-by: Tomoki Sugiura \nSigned-off-by: Yusuke Suzuki ","shortMessageHtmlLink":"bpf: Fix identity determination in bpf_overlay.c"}}],"hasNextPage":true,"hasPreviousPage":false,"activityType":"all","actor":null,"timePeriod":"all","sort":"DESC","perPage":30,"cursor":"djE6ks8AAAAEiS2neAA","startCursor":null,"endCursor":null}},"title":"Activity · ysksuzuki/cilium"}