Skip to content

Commit ae2eb98

Browse files
ronanc-tigeraronanc-tigera
committed
Merge branch 'master' of github.com:ronanc-tigera/calico into feature/TSLA-8403-whisker-policy-filter
2 parents b2ddd75 + a96488d commit ae2eb98

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

50 files changed

+3168
-57
lines changed

.semaphore/semaphore-scheduled-builds.yml

Lines changed: 24 additions & 0 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

.semaphore/semaphore.yml

Lines changed: 24 additions & 0 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

.semaphore/semaphore.yml.d/blocks/20-whisker-backend.yml

Lines changed: 24 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,24 @@
1+
- name: whisker-backend
2+
run:
3+
when: "${FORCE_RUN} or change_in(['/*', '/whisker-backend/'], {exclude: ['/**/.gitignore', '/**/README.md', '/**/LICENSE']})"
4+
execution_time_limit:
5+
minutes: 30
6+
dependencies:
7+
- Prerequisites
8+
task:
9+
prologue:
10+
commands:
11+
- cd whisker-backend
12+
jobs:
13+
- name: make ci
14+
commands:
15+
- ../.semaphore/run-and-monitor make-ci.log make ci
16+
- name: Build binary
17+
matrix:
18+
- env_var: ARCH
19+
values:
20+
- arm64
21+
- ppc64le
22+
- s390x
23+
commands:
24+
- ../.semaphore/run-and-monitor image-$ARCH.log make build ARCH=$ARCH

Makefile

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -58,6 +58,7 @@ protobuf:
5858
generate:
5959
$(MAKE) gen-semaphore-yaml
6060
$(MAKE) protobuf
61+
$(MAKE) -C lib gen-files
6162
$(MAKE) -C api gen-files
6263
$(MAKE) -C libcalico-go gen-files
6364
$(MAKE) -C felix gen-files

felix/wireguard/wireguard.go

Lines changed: 34 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -128,6 +128,7 @@ type Wireguard struct {
128128
inSyncWireguard bool
129129
inSyncLink bool
130130
inSyncInterfaceAddr bool
131+
inSyncNAPI bool
131132
ifaceUp bool
132133
wireguardNotSupported bool
133134
ourPublicKey *wgtypes.Key
@@ -842,6 +843,10 @@ func (w *Wireguard) Apply() (err error) {
842843
// Wait for the updates to complete.
843844
wg.Wait()
844845

846+
// We can only update the NAPI threading setting after adding our first peer,
847+
// see if we can do that now...
848+
w.maybeUpdateNAPIThreading()
849+
845850
if errWireguard != nil {
846851
// Error applying the wireguard config. Close the wireguard client as a precaution - this will force us to open
847852
// a new client on the next apply.
@@ -1502,20 +1507,42 @@ func (w *Wireguard) ensureLink(netlinkClient netlinkshim.Interface) error {
15021507
// If the link was down, we'll have refreshed it above, check if it's
15031508
// still down.
15041509
if !linkIsUp(link) {
1505-
// Can't do the final update unless the link is up so we'd better
1506-
// return an error so that we get retried.
1510+
// Later updates (for example, setting the NAPI threading setting)
1511+
// will fail if the link isn't up yet.
15071512
return ErrWaitingForLink
15081513
}
15091514

1515+
return nil
1516+
}
1517+
1518+
func (w *Wireguard) maybeUpdateNAPIThreading() {
1519+
if w.inSyncNAPI {
1520+
return
1521+
}
1522+
if !w.inSyncLink {
1523+
log.Debug("Cannot set NAPI threading until link is up.")
1524+
return
1525+
}
1526+
if len(w.nodes) == 0 {
1527+
// An odd restriction of the kernel is that we cannot set NAPI threading
1528+
// until we have at least one peer.
1529+
log.Debug("Cannot set NAPI threading until first peer is added.")
1530+
return
1531+
}
1532+
if !w.inSyncWireguard {
1533+
log.Debug("Cannot set NAPI threading until wireguard is in sync.")
1534+
return
1535+
}
1536+
15101537
// Enable NAPI threading if desired.
15111538
threadedNAPIBit := boolToBinaryString(w.config.ThreadedNAPI)
1512-
w.logCtx.WithField("flags", link.Attrs().Flags).Infof("Set NAPI threading to %s for wireguard interface %s", threadedNAPIBit, w.interfaceName)
1539+
w.logCtx.Infof("Set NAPI threading to %s for wireguard interface %s", threadedNAPIBit, w.interfaceName)
15131540
napiThreadedPath := fmt.Sprintf("/sys/class/net/%s/threaded", w.interfaceName)
15141541
if err := w.writeProcSys(napiThreadedPath, threadedNAPIBit); err != nil {
1515-
w.logCtx.WithError(err).Warnf("failed to set NAPI threading to %s for wireguard for interface %s", threadedNAPIBit, w.interfaceName)
1542+
w.logCtx.WithError(err).Warnf("Failed to set NAPI threading to %s for wireguard interface %s", threadedNAPIBit, w.interfaceName)
1543+
} else {
1544+
w.inSyncNAPI = true
15161545
}
1517-
1518-
return nil
15191546
}
15201547

15211548
func linkIsUp(link netlink.Link) bool {
@@ -1795,6 +1822,7 @@ func (w *Wireguard) setAllInSync(inSync bool) {
17951822
w.inSyncWireguard = inSync
17961823
w.inSyncLink = inSync
17971824
w.inSyncInterfaceAddr = inSync
1825+
w.inSyncNAPI = inSync
17981826
}
17991827

18001828
// DebugNodes returns the set of nodes in the internal cache. Used for testing purposes to test node cleanup.

go.mod

Lines changed: 23 additions & 16 deletions
Original file line numberDiff line numberDiff line change
@@ -36,6 +36,7 @@ require (
3636
github.com/google/netstack v0.0.0-20191123085552-55fcc16cd0eb
3737
github.com/google/safetext v0.0.0-20230106111101-7156a760e523
3838
github.com/google/uuid v1.6.0
39+
github.com/gorilla/mux v1.8.1 // indirect
3940
github.com/gruntwork-io/terratest v0.48.0
4041
github.com/ishidawataru/sctp v0.0.0-20230406120618-7ff4192f6ff2
4142
github.com/joho/godotenv v1.5.1
@@ -53,11 +54,12 @@ require (
5354
github.com/nmrshll/go-cp v0.0.0-20180115193924-61436d3b7cfa
5455
github.com/olekukonko/tablewriter v0.0.5
5556
github.com/onsi/ginkgo v1.16.5
56-
github.com/onsi/ginkgo/v2 v2.22.0
57-
github.com/onsi/gomega v1.36.1
57+
github.com/onsi/ginkgo/v2 v2.22.1
58+
github.com/onsi/gomega v1.36.2
5859
github.com/patrickmn/go-cache v2.1.0+incompatible
5960
github.com/pkg/errors v0.9.1
60-
github.com/projectcalico/api v0.0.0-00010101000000-000000000000
61+
github.com/projectcalico/api v0.0.0-20220722155641-439a754a988b
62+
github.com/projectcalico/calico/lib/httpmachinery v0.0.0-00010101000000-000000000000
6163
github.com/projectcalico/go-json v0.0.0-20161128004156-6219dc7339ba
6264
github.com/projectcalico/go-yaml-wrapper v0.0.0-20191112210931-090425220c54
6365
github.com/prometheus/client_golang v1.20.5
@@ -120,7 +122,7 @@ require (
120122
github.com/JeffAshton/win_pdh v0.0.0-20161109143554-76bb4ee9f0ab // indirect
121123
github.com/Microsoft/go-winio v0.6.2 // indirect
122124
github.com/NYTimes/gziphandler v1.1.1 // indirect
123-
github.com/ProtonMail/go-crypto v0.0.0-20230217124315-7d5c6f04bbb8 // indirect
125+
github.com/ProtonMail/go-crypto v1.0.0 // indirect
124126
github.com/alessio/shellescape v1.4.2 // indirect
125127
github.com/alexflint/go-filemutex v1.3.0 // indirect
126128
github.com/antlr4-go/antlr/v4 v4.13.0 // indirect
@@ -176,7 +178,7 @@ require (
176178
github.com/coreos/go-iptables v0.7.0 // indirect
177179
github.com/coreos/go-systemd/v22 v22.5.0 // indirect
178180
github.com/cpuguy83/go-md2man/v2 v2.0.5 // indirect
179-
github.com/cyphar/filepath-securejoin v0.2.4 // indirect
181+
github.com/cyphar/filepath-securejoin v0.2.5 // indirect
180182
github.com/distribution/reference v0.6.0 // indirect
181183
github.com/docker/go-connections v0.5.0 // indirect
182184
github.com/docker/go-units v0.5.0 // indirect
@@ -187,15 +189,18 @@ require (
187189
github.com/evanphx/json-patch/v5 v5.9.0 // indirect
188190
github.com/felixge/httpsnoop v1.0.4 // indirect
189191
github.com/fxamacker/cbor/v2 v2.7.0 // indirect
192+
github.com/gabriel-vasile/mimetype v1.4.6 // indirect
190193
github.com/ghodss/yaml v1.0.0 // indirect
191194
github.com/go-errors/errors v1.4.2 // indirect
192195
github.com/go-logr/stdr v1.2.2 // indirect
193196
github.com/go-ole/go-ole v1.2.6 // indirect
194197
github.com/go-openapi/jsonpointer v0.19.6 // indirect
195198
github.com/go-openapi/jsonreference v0.20.2 // indirect
196199
github.com/go-openapi/swag v0.22.4 // indirect
197-
github.com/go-playground/locales v0.12.1 // indirect
198-
github.com/go-playground/universal-translator v0.0.0-20170327191703-71201497bace // indirect
200+
github.com/go-playground/form v3.1.4+incompatible // indirect
201+
github.com/go-playground/locales v0.14.1 // indirect
202+
github.com/go-playground/universal-translator v0.18.1 // indirect
203+
github.com/go-playground/validator/v10 v10.22.1 // indirect
199204
github.com/go-sql-driver/mysql v1.8.1 // indirect
200205
github.com/go-task/slim-sprig/v3 v3.0.0 // indirect
201206
github.com/godbus/dbus/v5 v5.1.0 // indirect
@@ -214,7 +219,7 @@ require (
214219
github.com/google/gnostic-models v0.6.8 // indirect
215220
github.com/google/go-querystring v1.1.0 // indirect
216221
github.com/google/gofuzz v1.2.0 // indirect
217-
github.com/google/pprof v0.0.0-20241029153458-d1b30febd7db // indirect
222+
github.com/google/pprof v0.0.0-20241210010833-40e02aabc2ad // indirect
218223
github.com/gorilla/websocket v1.5.3 // indirect
219224
github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0 // indirect
220225
github.com/grpc-ecosystem/grpc-gateway/v2 v2.20.0 // indirect
@@ -223,7 +228,7 @@ require (
223228
github.com/hashicorp/go-multierror v1.1.1 // indirect
224229
github.com/hashicorp/hcl v1.0.0 // indirect
225230
github.com/homeport/dyff v1.6.0 // indirect
226-
github.com/imdario/mergo v0.3.12 // indirect
231+
github.com/imdario/mergo v0.3.15 // indirect
227232
github.com/inconshreveable/mousetrap v1.1.0 // indirect
228233
github.com/jackc/pgpassfile v1.0.0 // indirect
229234
github.com/jackc/pgservicefile v0.0.0-20240606120523-5a60cdf6a761 // indirect
@@ -235,7 +240,7 @@ require (
235240
github.com/karrick/godirwalk v1.17.0 // indirect
236241
github.com/klauspost/compress v1.17.11 // indirect
237242
github.com/kylelemons/godebug v1.1.0 // indirect
238-
github.com/leodido/go-urn v0.0.0-20181204092800-a67a23e1c1af // indirect
243+
github.com/leodido/go-urn v1.4.0 // indirect
239244
github.com/libopenstorage/openstorage v1.0.0 // indirect
240245
github.com/lithammer/dedent v1.1.0 // indirect
241246
github.com/lucasb-eyer/go-colorful v1.2.0 // indirect
@@ -244,7 +249,7 @@ require (
244249
github.com/mailru/easyjson v0.7.7 // indirect
245250
github.com/mattn/go-ciede2000 v0.0.0-20170301095244-782e8c62fec3 // indirect
246251
github.com/mattn/go-isatty v0.0.20 // indirect
247-
github.com/mattn/go-runewidth v0.0.9 // indirect
252+
github.com/mattn/go-runewidth v0.0.16 // indirect
248253
github.com/mattn/go-zglob v0.0.2-0.20190814121620-e3c945676326 // indirect
249254
github.com/mdlayher/genetlink v1.0.0 // indirect
250255
github.com/mdlayher/netlink v1.1.0 // indirect
@@ -255,7 +260,7 @@ require (
255260
github.com/mitchellh/mapstructure v1.5.0 // indirect
256261
github.com/moby/docker-image-spec v1.3.1 // indirect
257262
github.com/moby/spdystream v0.4.0 // indirect
258-
github.com/moby/sys/mountinfo v0.7.1 // indirect
263+
github.com/moby/sys/mountinfo v0.7.2 // indirect
259264
github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
260265
github.com/modern-go/reflect2 v1.0.2 // indirect
261266
github.com/mohae/deepcopy v0.0.0-20170603005431-491d3605edfb // indirect
@@ -274,14 +279,15 @@ require (
274279
github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect
275280
github.com/power-devops/perfstat v0.0.0-20210106213030-5aafc221ea8c // indirect
276281
github.com/pquerna/otp v1.4.0 // indirect
282+
github.com/rivo/uniseg v0.4.7 // indirect
277283
github.com/russross/blackfriday/v2 v2.1.0 // indirect
278284
github.com/sagikazarmark/locafero v0.4.0 // indirect
279285
github.com/sagikazarmark/slog-shim v0.1.0 // indirect
280286
github.com/seccomp/libseccomp-golang v0.10.0 // indirect
281-
github.com/sergi/go-diff v1.3.1 // indirect
287+
github.com/sergi/go-diff v1.3.2-0.20230802210424-5b0b94c5c0d3 // indirect
282288
github.com/sourcegraph/conc v0.3.0 // indirect
283289
github.com/spf13/afero v1.11.0 // indirect
284-
github.com/spf13/cast v1.6.0 // indirect
290+
github.com/spf13/cast v1.7.0 // indirect
285291
github.com/stoewer/go-strcase v1.2.0 // indirect
286292
github.com/stretchr/objx v0.5.2 // indirect
287293
github.com/subosito/gotenv v1.6.0 // indirect
@@ -312,11 +318,10 @@ require (
312318
golang.org/x/net v0.33.0 // indirect
313319
golang.org/x/oauth2 v0.24.0 // indirect
314320
golang.org/x/term v0.27.0 // indirect
315-
golang.org/x/tools v0.26.0 // indirect
321+
golang.org/x/tools v0.28.0 // indirect
316322
golang.zx2c4.com/wireguard v0.0.20200121 // indirect
317323
google.golang.org/genproto/googleapis/api v0.0.0-20241104194629-dd2ea8efbc28 // indirect
318324
gopkg.in/evanphx/json-patch.v4 v4.12.0 // indirect
319-
gopkg.in/go-playground/assert.v1 v1.2.1 // indirect
320325
gopkg.in/inf.v0 v0.9.1 // indirect
321326
gopkg.in/ini.v1 v1.67.0 // indirect
322327
gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7 // indirect
@@ -376,3 +381,5 @@ replace (
376381
k8s.io/pod-security-admission => k8s.io/pod-security-admission v0.31.4
377382
k8s.io/sample-apiserver => k8s.io/sample-apiserver v0.31.4
378383
)
384+
385+
replace github.com/projectcalico/calico/lib/httpmachinery => ./lib/httpmachinery

0 commit comments

Comments
 (0)