Skip to content

[v1.17] wireguard:fix: always detach unneeded programs#38184

Merged
julianwiedmann merged 2 commits intocilium:v1.17from
smagnani96:pr/fix-detach-wireguard-v1.17
Mar 18, 2025
Merged

[v1.17] wireguard:fix: always detach unneeded programs#38184
julianwiedmann merged 2 commits intocilium:v1.17from
smagnani96:pr/fix-detach-wireguard-v1.17

Conversation

@smagnani96
Copy link
Copy Markdown
Contributor

@smagnani96 smagnani96 commented Mar 13, 2025

Manual backport for #38179.

Once this PR is merged, a GitHub action will update the labels of these PRs:

 38179

@smagnani96 smagnani96 added kind/backports This PR provides functionality previously merged into master. backport/1.17 This PR represents a backport for Cilium 1.17.x of a PR that was merged to main. labels Mar 13, 2025
@smagnani96 smagnani96 mentioned this pull request Mar 13, 2025
Merged
@smagnani96 smagnani96 force-pushed the pr/fix-detach-wireguard-v1.17 branch from 514c34e to f2d6d7f Compare March 13, 2025 22:45
@smagnani96 smagnani96 mentioned this pull request Mar 13, 2025
Merged
4 tasks
@smagnani96 smagnani96 force-pushed the pr/fix-detach-wireguard-v1.17 branch from f2d6d7f to d5247b9 Compare March 14, 2025 00:22
@jschwinger233
Copy link
Copy Markdown
Member

jschwinger233 commented Mar 14, 2025

But this won't help the ci downgrade issue in #38077, because we don't have the downgrade cilium image with this patch until next 117 release?

@smagnani96
Copy link
Copy Markdown
Contributor Author

smagnani96 commented Mar 14, 2025
edited
Loading

But this won't help the ci downgrade issue in #38077, because we don't have the downgrade cilium image with this patch until next 117 release?

#38187 <- That PR will introduce the removal logic for the new cil_from_wireguard.

But as you say, I'm afraid it will not make CI happy until a next release of v1.17 I guess, since in the action we test against stable and not patch. I think I'm ok with holding merging #38077 until next month.
Edit: CI seems to test against top-of-branch. Downgrading to Cilium v1.17 actually outputs Cilium: Ok 1.17.2 (v1.17.2-fb3ab54f). So we don't need to wait.

@smagnani96 smagnani96 mentioned this pull request Mar 14, 2025
Merged
@smagnani96 smagnani96 force-pushed the pr/fix-detach-wireguard-v1.17 branch from d5247b9 to 9d0b36c Compare March 14, 2025 14:18
@smagnani96
wireguard:config: refactor attach conditions into a function
e84206f 
[ upstream commit 71f5f12 ]

This commit moves the current check whether to attach cil_to_wireguard
into a specific config utility function.

Signed-off-by: Simone Magnani <simone.magnani@isovalent.com>
@smagnani96
wireguard: always detach bpf programs when not needed
ef540ca 
[ upstream commit 570f056 ]

This commit patches our current logic to always remove the BPF programs
from cilium_wg0 when not needed. Prior to this, we tend to skip the check,
which could cause problems due to the fact that programs are not unloaded.

Signed-off-by: Simone Magnani <simone.magnani@isovalent.com>
@smagnani96 smagnani96 force-pushed the pr/fix-detach-wireguard-v1.17 branch from 9d0b36c to ef540ca Compare March 17, 2025 18:19
@smagnani96
Copy link
Copy Markdown
Contributor Author

smagnani96 commented Mar 17, 2025

/test

@smagnani96 smagnani96 marked this pull request as ready for review March 18, 2025 10:20
@smagnani96 smagnani96 requested a review from a team as a code owner March 18, 2025 10:20
@maintainer-s-little-helper maintainer-s-little-helper bot added the ready-to-merge This PR has passed all tests and received consensus from code owners to merge. label Mar 18, 2025
@julianwiedmann julianwiedmann added this pull request to the merge queue Mar 18, 2025
Merged via the queue into cilium:v1.17 with commit 2d35849 Mar 18, 2025
60 checks passed
@smagnani96 smagnani96 deleted the pr/fix-detach-wireguard-v1.17 branch March 18, 2025 11:28
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@rgo3 rgo3 rgo3 approved these changes

@julianwiedmann julianwiedmann julianwiedmann approved these changes

Assignees

No one assigned

Labels

backport/1.17 This PR represents a backport for Cilium 1.17.x of a PR that was merged to main. kind/backports This PR provides functionality previously merged into master. ready-to-merge This PR has passed all tests and received consensus from code owners to merge.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@smagnani96 @jschwinger233 @rgo3 @julianwiedmann @msune