profile
viewpoint
Tobias Klauser tklauser @isovalent / @cilium Switzerland https://distanz.ch

google/gops 4412

A tool to list and diagnose Go processes currently running on your system

carlosedp/riscv-bringup 52

Risc-V journey thru containers and new projects

dlespiau/kube-test-harness 31

Write Kubernetes integration tests in go!

cilium/linux 5

Just local BPF wip branches for upstream

tklauser/build-cross-gccgo 2

Build gccgo toolchain from scratch

henrique/lsci2012 1

LSCI 2012 Programing Project

isovalent/clustermesh-apiserver 0

API server for ClusterMesh

tklauser/afero 0

A FileSystem Abstraction System for Go

tklauser/amicontained 0

Container introspection tool. Find out what container runtime is being used as well as features available.

pull request commentcilium/packer-ci-build

provision/ubuntu: install scapy

build-next-please

tklauser

comment created time in 4 hours

pull request commentcilium/packer-ci-build

provision/ubuntu: install scapy

build-me-please

tklauser

comment created time in 4 hours

PR opened cilium/packer-ci-build

provision/ubuntu: install scapy

scapy will be used for cilium/cilium#10541 to send SCTP INIT packets.

Signed-off-by: Tobias Klauser tklauser@distanz.ch

+1 -0

0 comment

1 changed file

pr created time in 4 hours

push eventcilium/packer-ci-build

Tobias Klauser

commit sha 50ac9a0269e98d4eb54962065f904e08a95cd0e6

provision/ubuntu: install scapy scapy will be used for cilium/cilium#10541 to send SCTP INIT packets. Signed-off-by: Tobias Klauser <tklauser@distanz.ch>

view details

push time in 4 hours

create barnchcilium/packer-ci-build

branch : provision-scapy-install

created branch time in 4 hours

PullRequestReviewEvent

pull request commentcilium/cilium

cilium: print names for reserved identities in `cilium ip list`

test-me-please

tklauser

comment created time in 6 hours

push eventcilium/cilium

Tobias Klauser

commit sha 05cb87fe779ded7a656245dfd7d2c83ec0f77fff

cilium: print names for reserved identities in `cilium ip list` Currently, the identities in the output of `cilium ip list` are always in numeric format: $ cilium ip list IP IDENTITY SOURCE 0.0.0.0/0 2 10.0.0.39/32 1 10.0.0.78/32 4 10.0.0.109/32 61205 k8s 10.0.0.179/32 39864 k8s 10.0.2.15/32 1 10.192.1.86/32 4 10.192.1.110/32 4 10.192.1.144/32 7749 k8s 10.192.1.169/32 4 172.28.128.6/32 1 192.168.9.1/32 1 192.168.36.1/32 7749 k8s 192.168.36.11/32 1 192.168.37.11/32 1 f00d::a0f:0:0:76d5/128 7749 k8s f00d::a0f:0:0:79ba/128 4 f00d::a0f:0:0:9fb8/128 4 f00d::a0f:0:0:f4ec/128 4 fc00::10ca:1/128 7749 k8s Make it easier to immediately recognize reserved identities by their name (without having to remember them) by changing the output to print the name by default: $ cilium ip list IP IDENTITY SOURCE 0.0.0.0/0 world 10.0.0.39/32 host 10.0.0.78/32 health 10.0.0.109/32 61205 k8s 10.0.0.179/32 39864 k8s 10.0.2.15/32 host 10.192.1.86/32 health 10.192.1.110/32 health 10.192.1.144/32 7749 k8s 10.192.1.169/32 health 172.28.128.6/32 host 192.168.9.1/32 host 192.168.36.1/32 7749 k8s 192.168.36.11/32 host 192.168.37.11/32 host f00d::a0f:0:0:76d5/128 7749 k8s f00d::a0f:0:0:79ba/128 health f00d::a0f:0:0:9fb8/128 health f00d::a0f:0:0:f4ec/128 health fc00::10ca:1/128 7749 k8s This behavior can be disabled (i.e. the identities are all printed in numeric format) by specifying the `-n` flag. Signed-off-by: Tobias Klauser <tklauser@distanz.ch>

view details

push time in 9 hours

issue commentsirupsen/logrus

Tag v1.6.1 (and v1.7.0 ?) releases

Thanks for proposing this @thaJeztah, I'd appreciate a new release as well. Especially one including #1088 to reduce dependencies.

thaJeztah

comment created time in 9 hours

pull request commentcilium/cilium

cilium: print names for reserved identities in `cilium ip list`

test-me-please

tklauser

comment created time in 9 hours

PR opened cilium/cilium

cilium: print names for reserved identities in `cilium ip list` area/cli release-note/minor

Currently, the identities in the output of cilium ip list are always in numeric format:

$ cilium ip list
IP                       IDENTITY   SOURCE
0.0.0.0/0                2
10.0.0.39/32             1
10.0.0.78/32             4
10.0.0.109/32            61205      k8s
10.0.0.179/32            39864      k8s
10.0.2.15/32             1
10.192.1.86/32           4
10.192.1.110/32          4
10.192.1.144/32          7749       k8s
10.192.1.169/32          4
172.28.128.6/32          1
192.168.9.1/32           1
192.168.36.1/32          7749       k8s
192.168.36.11/32         1
192.168.37.11/32         1
f00d::a0f:0:0:76d5/128   7749       k8s
f00d::a0f:0:0:79ba/128   4
f00d::a0f:0:0:9fb8/128   4
f00d::a0f:0:0:f4ec/128   4
fc00::10ca:1/128         7749       k8s

Make it easier to immediately recognize reserved identities by their name (without having to remember them) by changing the output to print the name by default:

$ cilium ip list
IP                       IDENTITY   SOURCE
0.0.0.0/0                world
10.0.0.39/32             host
10.0.0.78/32             health
10.0.0.109/32            61205      k8s
10.0.0.179/32            39864      k8s
10.0.2.15/32             host
10.192.1.86/32           health
10.192.1.110/32          health
10.192.1.144/32          7749       k8s
10.192.1.169/32          health
172.28.128.6/32          host
192.168.9.1/32           host
192.168.36.1/32          7749       k8s
192.168.36.11/32         host
192.168.37.11/32         host
f00d::a0f:0:0:76d5/128   7749       k8s
f00d::a0f:0:0:79ba/128   health
f00d::a0f:0:0:9fb8/128   health
f00d::a0f:0:0:f4ec/128   health
fc00::10ca:1/128         7749       k8s

This behavior can be disabled (i.e. the identities are all printed in numeric format) by specifying the -n flag.

Show names for reserved identities in `cilium ip list`.
+15 -5

0 comment

1 changed file

pr created time in 9 hours

create barnchcilium/cilium

branch : pr/tklauser/ip-list-identity-string

created branch time in 9 hours

Pull request review commentgoogle/syzkaller

vm/qemu: allow to specify network device type

 var archConfigs = map[string]*archConfig{ 		Qemu:      "qemu-system-ppc64", 		TargetDir: "/", 		QemuArgs:  "-enable-kvm -vga none",+		NetDev:    "virtio-net-pci", 		CmdLine:   linuxCmdline, 	}, 	"linux/riscv64": { 		Qemu:                   "qemu-system-riscv64", 		TargetDir:              "/", 		QemuArgs:               "-machine virt",-		UseNewQemuNetOptions:   true,+		NetDev:                 "virtio-net-pci",

virtio-net-device worked fine for me with qemu-system-riscv64. Didn't test it with qemu-system-x86_64 though. I just checked with virtio-net-pci and it seems to work for qemu-system-riscv64 as well, so LGTM.

dvyukov

comment created time in 9 hours

PullRequestReviewEvent

delete branch tklauser/moby

delete branch : unix-fileclone

delete time in 2 days

PullRequestReviewEvent
PullRequestReviewEvent

pull request commentmoby/sys

mount: use MNT_* flags from golang.org/x/sys/unix on freebsd

Not really related, but is there any chance FreeBSD's getmntent(2) would be implemented in x/sys/unix? It is used by mountinfo package, here:

https://github.com/moby/sys/blob/4a8c65a81a10cb75cb8beac8fa9278c48ebdf933/mountinfo/mountinfo_freebsd.go#L20

@kolyshkin Thanks. I assume you meant getmntinfo(2), not getmntent(2)? Looking at its implementation

https://github.com/freebsd/freebsd/blob/726c74451f3a4fd9f97e0253f5929f3342bfd88d/lib/libc/gen/getmntinfo.c#L44-L70

it seems it is not a syscall by itself but using the getfsstat(2) syscall internally. This one is already wrapped by golang.org/x/sys/unix:

https://github.com/golang/sys/blob/d9f96fdee20d1e5115ee34ba4016eae6cfb66eb9/unix/syscall_freebsd.go#L160

So it should be fairly straight-forward to implement getmntinfo in Go using it.

tklauser

comment created time in 3 days

delete branch tklauser/console

delete branch : linux-ioctl-x-sys-unix

delete time in 3 days

delete branch tklauser/etcd

delete branch : fileutil-darwin-x-sys-unix

delete time in 3 days

pull request commentcilium/cilium

test, images: update helm to 3.3.4

test-me-please

tklauser

comment created time in 4 days

PR opened cilium/cilium

test, images: update helm to 3.3.4 release-note/ci

In the provision script, also remove the downloaded tarball and un-archived directory after installation.

+6 -4

0 comment

2 changed files

pr created time in 4 days

create barnchcilium/cilium

branch : pr/tklauser/update-helm

created branch time in 4 days

push eventisovalent/clustermesh-apiserver

Tobias Klauser

commit sha 135718a671ad15293edc3e4de96e5851b63ae0b1

gofmt vmmanager.go Signed-off-by: Tobias Klauser <tklauser@distanz.ch>

view details

push time in 4 days

push eventtklauser/bbolt

Tobias Klauser

commit sha 74e833b57266f0ecd4deb7157be785aa134257bc

Use madvise syscall wrapper from golang.org/x/sys/unix Direct syscalls using syscall.Syscall(SYS_*, ...) should no longer be used on darwin, see [1]. Instead, use the madvise syscall wrapper provided by the golang.org/x/sys/unix package for all unix platforms. This implement the same functionality. [1] https://golang.org/doc/go1.12#darwin As suggested by @ptabor in https://github.com/etcd-io/etcd/pull/12316#issuecomment-698193671

view details

push time in 4 days

pull request commentetcd-io/etcd

pkg/fileutil: use fcntl syscall wrappers from golang.org/x/sys/unix

LGTM

Thank you. Bolt also needs to be updated, e.g https://github.com/etcd-io/bbolt/blob/f6be82302843a215152f5a1daf652c1ee5503f85/bolt_unix.go#L7

Thanks, sent https://github.com/etcd-io/bbolt/pull/243

tklauser

comment created time in 4 days

PR opened etcd-io/bbolt

Use madvise syscall wrapper from golang.org/x/sys/unix

Direct syscalls using syscall.Syscall(SYS_*, ...) should no longer be used on darwin, see [1]. Instead, use the madvise syscall wrapper provided by the golang.org/x/sys/unix package for all unix platforms. This implement the same functionality.

[1] https://golang.org/doc/go1.12#darwin

As suggested by @ptabor in https://github.com/etcd-io/etcd/pull/12316#issuecomment-698193671

+6 -13

0 comment

3 changed files

pr created time in 4 days

create barnchtklauser/bbolt

branch : madvise-x-sys-unix

created branch time in 4 days

fork tklauser/bbolt

An embedded key/value database for Go.

https://go.etcd.io/bbolt

fork in 4 days

issue commentgolang/go

syscall: panic when syscall.ParseSocketControlMessage called

Which Go version and and on which GOARCH is this? The original post says go version go1.15.1 darwin/amd64 but you seem to be running this on GOOS=linux?

I cannot reproduce on go 1.15.2 with the given data using the following test:

func TestParseSocketControlMessage(t *testing.T) {
        for _, tc := range [][]byte{
                {1, 31, 65, 55, 214, 142, 234, 242, 235, 176, 145, 153, 234, 178, 2, 177, 238, 111, 87, 28, 84, 157, 20, 223, 14, 118, 21, 61, 176, 39, 113, 172},
                {1, 2, 11, 46, 119, 211, 135, 230, 134, 164, 122, 177, 135, 166, 111, 165, 131, 123, 58, 8, 57, 137, 121, 203, 99, 98, 120, 41, 221, 51, 28, 184},
                {1, 15, 176, 48, 199, 181, 23, 145, 22, 211, 111, 200, 23, 209, 255, 210, 19, 12, 170, 127, 169, 254, 233, 188, 243, 21, 232, 94, 77, 68, 140, 207},
                {1, 43, 111, 48, 214, 55, 188, 180, 189, 246, 163, 107, 188, 244, 84, 247, 184, 41, 1, 90, 2, 219, 66, 153, 88, 48, 67, 123, 230, 97, 39, 234},
                {1, 33, 185, 7, 158, 109, 173, 219, 172, 153, 161, 4, 173, 155, 69, 152, 169, 70, 16, 53, 19, 180, 83, 246, 73, 95, 82, 20, 247, 14, 54, 133},
                {1, 62, 215, 26, 79, 218, 126, 130, 127, 192, 142, 142, 126, 194, 150, 193, 122, 31, 195, 108, 192, 237, 128, 175, 154, 6, 129, 77, 36, 87, 229, 220},
                {1, 2, 166, 7, 6, 238, 42, 207, 43, 141, 12, 220, 42, 143, 194, 140, 46, 82, 151, 33, 148, 160, 212, 226, 206, 75, 213, 0, 112, 26, 177, 145},
                {1, 16, 130, 36, 213, 6, 159, 238, 158, 172, 179, 79, 159, 174, 119, 173, 155, 115, 34, 0, 33, 129, 97, 195, 123, 106, 96, 33, 197, 59, 4, 176},
                {1, 12, 50, 4, 187, 36, 199, 216, 198, 154, 141, 105, 199, 152, 47, 155, 195, 69, 122, 54, 121, 183, 57, 245, 35, 92, 56, 23, 157, 13, 92, 134},
        } {
                _, err := syscall.ParseSocketControlMessage(tc)
                if err != nil && err != syscall.EINVAL {
                        t.Errorf("ParseSocketControlMessage: %v", err)
                }
        }
}

This never panic()s and ParseSocketControlMessage always returns EINVAL as expected for an invalid socket control message. Could you please post the modified reproducer program with the recover and logging of the socket control message which you used to gather the sample data?

blacktear23

comment created time in 4 days

delete branch tklauser/git-lfs

delete branch : ficlone-x-sys-unix

delete time in 4 days

delete branch tklauser/sys-1

delete branch : freebsd-x-sys-unix

delete time in 4 days

delete branch tklauser/syncthing

delete branch : ioctl-clone-x-sys-unix

delete time in 4 days

PullRequestReviewEvent

pull request commentcilium/cilium

k8s: Consider session affinity parameters when comparing Services

retest-net-next

adamwg

comment created time in 5 days

push eventtklauser/syncthing

Tobias Klauser

commit sha 41c365403ecf883b766baf498f6d28480b4e4f79

lib/fs: use file clone ioctl wrappers and types from golang.org/x/sys/unix Use the IoctlFileClone and IoctlFileCloneRange ioctl wrappers and the FileCloneRange type provided by golang.org/x/sys/unix instead of locally implementing them. This also allows to re-enable the code for ppc/ppc64/ppc64le again (see commit 758a1a6a3729 ("lib/fs: Disable ioctl on ppc (fixes #6898) (#6901)")) since golang.org/x/sys/unix internally uses the correct FICLONE and FICLONERANGE values depending on $GOARCH.

view details

push time in 5 days

Pull request review commentsyncthing/syncthing

lib/fs: use file clone ioctl wrappers and types from golang.org/x/sys/unix

 func copyRangeIoctl(src, dst basicFile, srcOffset, dstOffset, size int64) error  	if srcOffset == 0 && dstOffset == 0 && size == 0 { 		// Optimization for whole file copies.-		var errNo syscall.Errno 		_, err := withFileDescriptors(src, dst, func(srcFd, dstFd uintptr) (int, error) {-			_, _, errNo = syscall.Syscall(syscall.SYS_IOCTL, dstFd, FICLONE, srcFd)-			return 0, nil+			return 0, unix.IoctlFileClone(int(dstFd), int(srcFd)) 		}) 		// Failure in withFileDescriptors 		if err != nil { 			return err 		}

Good point, done.

tklauser

comment created time in 5 days

PullRequestReviewEvent

push eventisovalent/clustermesh-apiserver

Tobias Klauser

commit sha 4812f74ba83e5614b9de634c354be0790beaf027

Update Cilium to 1.8.3 1. Vendor github.com/cilium/cilium using: go get github.com/cilium/cilium@v1.8.3 go mod tidy && go mod vendor 2. Update the "replace" section in go.mod with the values from go.mod at github.com/cilium/cilium@v1.8.3 3. Then adjust any APIs which changed. Signed-off-by: Tobias Klauser <tklauser@distanz.ch>

view details

Tobias Klauser

commit sha 5aa1b1c2a6c50c7bc624308a7f366aac83689fe3

Dockerfile: use golang 1.15.2 for builder and alpine 3.12.0 for certs Signed-off-by: Tobias Klauser <tklauser@distanz.ch>

view details

Tobias Klauser

commit sha 2339a0dbc2cba0c8046576102d7b5674751054f7

README.md: fix command formatting Signed-off-by: Tobias Klauser <tklauser@distanz.ch>

view details

Tobias Klauser

commit sha 114347e24c382c50426b2122d6163e916a64b1ad

Update cilium/.heartbeat Add go routine that updates 'cilium.heartbeat' every kvstore.HeartbeatWriteInterval. This is required when Cilium agent is configured to connect to etcd of clustermesh-apiserver as the main kvstore. Co-authored-by: Jarno Rajahalme <jarno@covalent.io> Signed-off-by: Jarno Rajahalme <jarno@covalent.io> Signed-off-by: Tobias Klauser <tklauser@distanz.ch>

view details

push time in 5 days

create barnchisovalent/clustermesh-apiserver

branch : pr/gke-fixes-rebased

created branch time in 5 days

Pull request review commentsyncthing/syncthing

lib/fs: use file clone ioctl wrappers and types from golang.org/x/sys/unix

 func copyRangeIoctl(src, dst basicFile, srcOffset, dstOffset, size int64) error  	if srcOffset == 0 && dstOffset == 0 && size == 0 { 		// Optimization for whole file copies.-		var errNo syscall.Errno+		var innerErr error 		_, err := withFileDescriptors(src, dst, func(srcFd, dstFd uintptr) (int, error) {-			_, _, errNo = syscall.Syscall(syscall.SYS_IOCTL, dstFd, FICLONE, srcFd)+			innerErr = unix.IoctlFileClone(int(dstFd), int(srcFd)) 			return 0, nil 		}) 		// Failure in withFileDescriptors 		if err != nil { 			return err 		}-		if errNo != 0 {-			return errNo+		if innerErr != nil {+			return innerErr 		} 		return nil 	} -	var errNo syscall.Errno+	var innerErr error 	_, err = withFileDescriptors(src, dst, func(srcFd, dstFd uintptr) (int, error) {-		params := fileCloneRange{-			srcFd:     int64(srcFd),-			srcOffset: uint64(srcOffset),-			srcLength: uint64(size),-			dstOffset: uint64(dstOffset),+		params := unix.FileCloneRange{+			Src_fd:      int64(srcFd),+			Src_offset:  uint64(srcOffset),+			Src_length:  uint64(size),+			Dest_offset: uint64(dstOffset), 		}-		_, _, errNo = syscall.Syscall(syscall.SYS_IOCTL, dstFd, FICLONERANGE, uintptr(unsafe.Pointer(&params)))+		innerErr = unix.IoctlFileCloneRange(int(dstFd), &params) 		return 0, nil 	}) 	// Failure in withFileDescriptors 	if err != nil { 		return err 	}-	if errNo != 0 {-		return errNo+	if innerErr != nil {+		return innerErr

Done, thanks for the review.

tklauser

comment created time in 5 days

PullRequestReviewEvent

push eventtklauser/syncthing

Tobias Klauser

commit sha 801db5e98247757dbf5780068163e7c0a26ffd85

lib/fs: use file clone ioctl wrappers and types from golang.org/x/sys/unix Use the IoctlFileClone and IoctlFileCloneRange ioctl wrappers and the FileCloneRange type provided by golang.org/x/sys/unix instead of locally implementing them. This also allows to re-enable the code for ppc/ppc64/ppc64le again (see commit 758a1a6a3729 ("lib/fs: Disable ioctl on ppc (fixes #6898) (#6901)")) since golang.org/x/sys/unix internally uses the correct FICLONE and FICLONERANGE values depending on $GOARCH.

view details

push time in 5 days

push eventtklauser/clustermesh-apiserver

Tobias Klauser

commit sha 4812f74ba83e5614b9de634c354be0790beaf027

Update Cilium to 1.8.3 1. Vendor github.com/cilium/cilium using: go get github.com/cilium/cilium@v1.8.3 go mod tidy && go mod vendor 2. Update the "replace" section in go.mod with the values from go.mod at github.com/cilium/cilium@v1.8.3 3. Then adjust any APIs which changed. Signed-off-by: Tobias Klauser <tklauser@distanz.ch>

view details

Tobias Klauser

commit sha 5aa1b1c2a6c50c7bc624308a7f366aac83689fe3

Dockerfile: use golang 1.15.2 for builder and alpine 3.12.0 for certs Signed-off-by: Tobias Klauser <tklauser@distanz.ch>

view details

Tobias Klauser

commit sha 2339a0dbc2cba0c8046576102d7b5674751054f7

README.md: fix command formatting Signed-off-by: Tobias Klauser <tklauser@distanz.ch>

view details

Tobias Klauser

commit sha 114347e24c382c50426b2122d6163e916a64b1ad

Update cilium/.heartbeat Add go routine that updates 'cilium.heartbeat' every kvstore.HeartbeatWriteInterval. This is required when Cilium agent is configured to connect to etcd of clustermesh-apiserver as the main kvstore. Co-authored-by: Jarno Rajahalme <jarno@covalent.io> Signed-off-by: Jarno Rajahalme <jarno@covalent.io> Signed-off-by: Tobias Klauser <tklauser@distanz.ch>

view details

push time in 5 days

delete branch tklauser/clustermesh-apiserver

delete branch : pr/gke-fixes-rebased

delete time in 5 days

create barnchtklauser/clustermesh-apiserver

branch : pr/gke-fixes-rebased

created branch time in 5 days

pull request commentgit-lfs/git-lfs

tools: use IoctlFileClone from golang.org/x/sys/unix

Hey,

Thanks for the patch, and welcome to Git LFS! I agree this is a good improvement to make.

Thanks.

I have just one request: can you rebase this onto the latest version of master, where I've just fixed CI, so we can get this green and make sure everything's working before we merge it?

Sure, just pushed the rebased version of this PR. I was wondering about the CI failures and I'm glad they weren't this PR's fault :)

tklauser

comment created time in 5 days

push eventtklauser/git-lfs

brian m. carlson

commit sha 69553c99481bde12742864c27f94e437862d2709

ci: don't reinstall openssl with Homebrew GitHub Actions ships its own version of the openssl Homebrew package that fails to reinstall with an EPERM error. Since the reason we did these contortions was to relink gettext and we finally gave up and disabled gettext, let's just go back to a brew link --force and stop trying to reinstall.

view details

brian m. carlson

commit sha 6785eede411e3c941b1480bd9a39b0ed7769b802

Merge pull request #4260 from git-lfs/ci-brew ci: don't reinstall openssl with Homebrew

view details

Tobias Klauser

commit sha ff9775905754069b9e1136a34e5505affd8299cf

tools: use IoctlFileClone from golang.org/x/sys/unix Use the IoctlFileClone ioctl wrapper provided by golang.org/x/sys/unix instead of locally implementing it. This also fixes the ioctl on GOARCHes where the value of FICLONE is different from the currently used ioctlFiClone value (e.g. mips64/mips64le and ppc64/ppc64le). This PR also bumps the version of golang.org/x/sys to get IoctlFileClone and updates its vendored version by running `go get golang.org/x/sys@latest && go mod tidy && go mod vendor`.

view details

push time in 5 days

pull request commentmoby/sys

Add support for OpenBSD in addition to FreeBSD

Just noticed that #36 might conflict with this. x/sys/unix provides the MNT_* flags for OpenBSD as well, so it should be easy to adjust either of the PRs, depending on which one gets merged first.

thaJeztah

comment created time in 5 days

PR opened moby/sys

mount: use MNT_* flags from golang.org/x/sys/unix on freebsd

Bump golang.org/x/sys/unix to the latest version and use the MNT_* constants defined there instead of getting them from sys/mount.h using cgo.

Full diff for the golang.org/x/sys/unix bump: https://github.com/golang/sys/compare/d5e6a3e2c0ae...aee5d888a86055dc6ab0342f9cdc7b53aaeaec62

+11 -14

0 comment

4 changed files

pr created time in 5 days

create barnchtklauser/sys-1

branch : freebsd-x-sys-unix

created branch time in 5 days

delete branch tklauser/clustermesh-apiserver

delete branch : pr/tklauser/update-cilium-1.8.3

delete time in 5 days

delete branch tklauser/clustermesh-apiserver

delete branch : pr/tklauser/dockerfile-base

delete time in 5 days

delete branch tklauser/clustermesh-apiserver

delete branch : pr/tklauser/readme-formatting

delete time in 5 days

delete branch tklauser/clustermesh-apiserver

delete branch : cilium-heartbeat

delete time in 5 days

PR opened cilium/clustermesh-apiserver

Update cilium/.heartbeat

Add go routine that updates 'cilium.heartbeat' every kvstore.HeartbeatWriteInterval. This is required when Cilium agent is configured to connect to etcd of clustermesh-apiserver as the main kvstore.

Co-authored-by: Jarno Rajahalme jarno@covalent.io Signed-off-by: Jarno Rajahalme jarno@covalent.io Signed-off-by: Tobias Klauser tklauser@distanz.ch

+15 -1

0 comment

1 changed file

pr created time in 5 days

create barnchtklauser/clustermesh-apiserver

branch : cilium-heartbeat

created branch time in 5 days

PullRequestReviewEvent

push eventtklauser/git-lfs

Tobias Klauser

commit sha bba076b54b3242819e0560f27869294a083ad2ed

tools: use IoctlFileClone from golang.org/x/sys/unix Use the IoctlFileClone ioctl wrapper provided by golang.org/x/sys/unix instead of locally implementing it. This also fixes the ioctl on GOARCHes where the value of FICLONE is different from the currently used ioctlFiClone value (e.g. mips64/mips64le and ppc64/ppc64le). This PR also bumps the version of golang.org/x/sys to get IoctlFileClone and updates its vendored version by running `go get golang.org/x/sys@latest && go mod tidy && go mod vendor`.

view details

push time in 5 days

push eventtklauser/git-lfs

Tobias Klauser

commit sha d891ffc56c33891d0c708cedb893062452b6cf22

tools: use IoctlFileClone from golang.org/x/sys/unix Use the IoctlFileClone ioctl wrapper provided by golang.org/x/sys/unix instead of locally implementing it. This also fixes the ioctl on GOARCHes where the value of FICLONE is different from the currently used ioctlFiClone value (e.g. mips64/mips64le and ppc64/ppc64le). This PR also bumps the version of golang.org/x/sys to get IoctlFileClone and updates its vendored version by running `go get golang.org/x/sys@latest && go mod tidy && go mod vendor`.

view details

push time in 5 days

PR opened git-lfs/git-lfs

tools: use IoctlFileClone from golang.org/x/sys/unix

Use the IoctlFileClone ioctl wrapper provided by golang.org/x/sys/unix instead of locally implementing it. This also fixes the ioctl on GOARCHes where the value of FICLONE is different from the currently used ioctlFiClone value (e.g. mips64/mips64le and ppc64/ppc64le).

This PR also bumps the version of golang.org/x/sys to get IoctlFileClone.

+5 -11

0 comment

3 changed files

pr created time in 5 days

push eventtklauser/git-lfs

Tobias Klauser

commit sha 056a9113c8310ebdac2e86fa0adb7a9f8482bc0a

tools: use IoctlFileClone from golang.org/x/sys/unix Use the IoctlFileClone ioctl wrapper provided by golang.org/x/sys/unix instead of locally implementing it. This also fixes the ioctl on GOARCHes where the value of FICLONE is different from the currently used ioctlFiClone value (e.g. mips64/mips64le and ppc64/ppc64le). This PR also bumps the version of golang.org/x/sys to get IoctlFileClone.

view details

push time in 5 days

create barnchtklauser/git-lfs

branch : ficlone-x-sys-unix

created branch time in 5 days

fork tklauser/git-lfs

Git extension for versioning large files

https://git-lfs.github.com

fork in 5 days

push eventtklauser/syncthing

Tobias Klauser

commit sha 2691c8fb2254d5c2fb3db451f34dfb7d5acf4910

lib/fs: use file clone ioctl wrappers and types from golang.org/x/sys/unix Use the IoctlFileClone and IoctlFileCloneRange ioctl wrappers and the FileCloneRange type provided by golang.org/x/sys/unix instead of locally implementing them. This also allows to re-enable the code for ppc/ppc64/ppc64le again (see commit 758a1a6a3729 ("lib/fs: Disable ioctl on ppc (fixes #6898) (#6901)")) since golang.org/x/sys/unix internally uses the correct FICLONE and FICLONERANGE values depending on $GOARCH.

view details

push time in 5 days

push eventtklauser/syncthing

Tobias Klauser

commit sha ed104444c19484833a7afd7cfb73ebc402a0be92

build: bump golang.org/x/sys to latest version Updated by running `go get golang.org/x/sys@latest && go mod tidy`

view details

Tobias Klauser

commit sha 8b374f85779940b86791757c6b0b8d06273c21f2

lib/fs: use file clone ioctl wrappers and types from golang.org/x/sys/unix Use the IoctlFileClone and IoctlFileCloneRange ioctl wrappers and the FileCloneRange type provided by golang.org/x/sys/unix instead of locally implementing them. This also allows to re-enable the code for ppc/ppc64/ppc64le again (see commit 758a1a6a3729 ("lib/fs: Disable ioctl on ppc (fixes #6898) (#6901)")) since the golang.org/x/sys/unix internally uses the correct FICLONE and FICLONERANGE values depending on $GOARCH.

view details

push time in 5 days

PR opened syncthing/syncthing

Use file clone ioctl wrappers and types from golang.org/x/sys/unix

Purpose

Use the IoctlFileClone and IoctlFileCloneRange ioctl wrappers and the FileCloneRange type provided by golang.org/x/sys/unix instead of locally implementing them. This also allows to re-enable the code for ppc/ppc64/ppc64le again since the golang.org/x/sys/unix internally uses the correct FICLONE and FICLONERANGE values depending on $GOARCH.

This PR also bumps the version of golang.org/x/sys

Testing

Ran unit tests in lib/fs using go test -v ./lib/fs

+19 -52

0 comment

3 changed files

pr created time in 5 days

create barnchtklauser/syncthing

branch : ioctl-clone-x-sys-unix

created branch time in 5 days

fork tklauser/syncthing

Open Source Continuous File Synchronization

https://forum.syncthing.net/

fork in 5 days

Pull request review commentcilium/cilium

Fix typo in UpdateEC2AdapterLimitViaAPI command line flag

 func init() { 		operatorOption.ENITags, "ENI tags in the form of k1=v1 (multiple k/v pairs can be passed by repeating the CLI flag)") 	option.BindEnv(operatorOption.ENITags) -	flags.Bool(operatorOption.UpdateEC2AdapterLimitViaAPI, false, "Use the EC2 API to update the instance type to adapter limits")+	flags.Bool(operatorOption.UpdateEC2AdapterLimitViaAPI, false, fmt.Sprintf("Use the EC2 API to update the instance type to adapter limits. Deprecated in favor of %s", operatorOption.UpdateEC2AdapterLimitViaAPIv2)) 	option.BindEnv(operatorOption.UpdateEC2AdapterLimitViaAPI)+	flags.MarkDeprecated(operatorOption.UpdateEC2AdapterLimitViaAPI, "This option will be removed in v1.10")+	flags.Bool(operatorOption.UpdateEC2AdapterLimitViaAPIv2, false, "Use the EC2 API to update the instance type to adapter limits")+	option.BindEnv(operatorOption.UpdateEC2AdapterLimitViaAPIv2)

And here:

	flags.Bool(operatorOption.UpdateEC2AdapterLimitViaAPIDeprecated, false, fmt.Sprintf("Use the EC2 API to update the instance type to adapter limits. Deprecated in favor of %s", operatorOption.UpdateEC2AdapterLimitViaAPI))
	option.BindEnv(operatorOption.UpdateEC2AdapterLimitViaAPIDeprecated)
	flags.MarkDeprecated(operatorOption.UpdateEC2AdapterLimitViaAPIDeprecated, "This option will be removed in v1.10")
	flags.Bool(operatorOption.UpdateEC2AdapterLimitViaAPI, false, "Use the EC2 API to update the instance type to adapter limits")
	option.BindEnv(operatorOption.UpdateEC2AdapterLimitViaAPI)
soumynathan

comment created time in 5 days

Pull request review commentcilium/cilium

Fix typo in UpdateEC2AdapterLimitViaAPI command line flag

 func (c *OperatorConfig) Populate() { 	// AWS options  	c.AWSReleaseExcessIPs = viper.GetBool(AWSReleaseExcessIPs)-	c.UpdateEC2AdapterLimitViaAPI = viper.GetBool(UpdateEC2AdapterLimitViaAPI)+	c.UpdateEC2AdapterLimitViaAPI = viper.GetBool(UpdateEC2AdapterLimitViaAPI) ||+		viper.GetBool(UpdateEC2AdapterLimitViaAPIv2)

Given the above change, this would then be:

	c.UpdateEC2AdapterLimitViaAPI = viper.GetBool(UpdateEC2AdapterLimitViaAPIDeprecated) ||
		viper.GetBool(UpdateEC2AdapterLimitViaAPI)
soumynathan

comment created time in 5 days

PullRequestReviewEvent

Pull request review commentcilium/cilium

Fix typo in UpdateEC2AdapterLimitViaAPI command line flag

 const ( 	// API to fill out the instancetype to adapter limit mapping. 	UpdateEC2AdapterLimitViaAPI = "update-ec2-apdater-limit-via-api" +	// UpdateEC2AdapterLimitViaAPIv2 configures the operator to use the EC2+	// API to fill out the instancetype to adapter limit mapping.+	UpdateEC2AdapterLimitViaAPIv2 = "update-ec2-adapter-limit-via-api"+

I'd rename this const and re-use the name for the "new option" to better reflect that the misspelledoption is deprecated and so we don't forget to remove it in 1.10:

	UpdateEC2AdapterLimitViaAPIDeprecated = "update-ec2-apdater-limit-via-api"

	// UpdateEC2AdapterLimitViaAPI configures the operator to use the EC2
	// API to fill out the instancetype to adapter limit mapping.
	UpdateEC2AdapterLimitViaAPI = "update-ec2-adapter-limit-via-api"

soumynathan

comment created time in 5 days

PullRequestReviewEvent

Pull request review commentcilium/cilium

Add deny policies

 const ( 	AllPorts = uint16(0) ) +type policyFlag uint8++const (+	policyFlagDeny = 1 << 0+)++type PolicyEntryFlags uint8++// UInt8 returns the UInt8 representation of the PolicyEntryFlags.+func (pef PolicyEntryFlags) UInt8() uint8 {+	return uint8(pef)+}++func (pef PolicyEntryFlags) is(pf policyFlag) bool {+	return uint8(pef)&uint8(pf) != 0+}++func (pef PolicyEntryFlags) IsDeny() bool {+	return pef.is(policyFlagDeny)+}++// String returns the string implementation of ServiceFlags.
// String returns the string implementation of PolicyEntryFlags.
aanm

comment created time in 5 days

PullRequestReviewEvent
PullRequestReviewEvent

Pull request review commentcilium/cilium

Add NodePortAddresses as KP-free command line option

 type NodeAddressingFamily interface { 	// on the node 	AllocationCIDR() *cidr.CIDR -	// LocalAddresses lists all local addresses-	LocalAddresses() ([]net.IP, error)+	// MapLocalAddresses lists all local addresses

Nit: this godoc comment probably needs to be adjusted to reflect the map behavior, e.g.

	// MapLocalAddresses applies a function to each local address.

or similar.

nathanjsweet

comment created time in 5 days

PullRequestReviewEvent

create barnchtklauser/moby

branch : unix-fileclone

created branch time in 6 days

PR opened moby/moby

daemon/graphdriver/copy: use IoctlFileClone from golang.org/x/sys/unix

Vendor the latest version of golang.org/x/sys/unix (full diff: https://github.com/golang/sys/compare/196b9ba8737a10c9253b04174f25881e562da5b8...aee5d888a86055dc6ab0342f9cdc7b53aaeaec62) to get unix.IoctlClone and use it in copyRegular. This allows to drop the cgo-based implementation.

+560 -62

0 comment

45 changed files

pr created time in 6 days

push eventcilium/packer-ci-build

Tobias Klauser

commit sha 705188a9cc47a009560f2298132b866079abe54c

provision: update Go to 1.15.2 Signed-off-by: Tobias Klauser <tklauser@distanz.ch>

view details

Tobias Klauser

commit sha 355cd529ae436c3c47d2c30260dc61b81d4341da

provision: update golangci-lint to 1.13.0 Follow cilium/cilium#13245 Suggested-by: Tam Mach <sayboras@yahoo.com> Signed-off-by: Tobias Klauser <tklauser@distanz.ch>

view details

push time in 6 days

delete branch cilium/packer-ci-build

delete branch : pr/tklauser/bump-golang

delete time in 6 days

PullRequestReviewEvent
PullRequestReviewEvent

Pull request review commentcilium/cilium

EKS: improve rules for asymmetric routing (multi-node NodePort)

 func writePreFilterHeader(preFilter *prefilter.PreFilter, dir string) error { 	return fw.Flush() } +type setting struct {+	name      string+	val       string+	ignoreErr bool+}++func addENIRules(sysSettings []setting) ([]setting, error) {+	// AWS ENI mode requires symmetric routing, see+	// iptables.addCiliumENIRules().+	// The default AWS daemonset installs the following rules that are used+	// for NodePort traffic between nodes:+	//+	// # sysctl -w net.ipv4.conf.eth0.rp_filter=2+	// # iptables -t mangle -A PREROUTING -i eth0 -m comment --comment "AWS, primary ENI" -m addrtype --dst-type LOCAL --limit-iface-in -j CONNMARK --set-xmark 0x80/0x80+	// # iptables -t mangle -A PREROUTING -i eni+ -m comment --comment "AWS, primary ENI" -j CONNMARK --restore-mark --nfmask 0x80 --ctmask 0x80+	// # ip rule add fwmark 0x80/0x80 lookup main+	//+	// It marks packets coming from another node through eth0, and restores+	// the mark on the return path to force a lookup into the main routing+	// table. Without these rules, the "ip rules" set by the cilium-cni+	// plugin tell the host to lookup into the table related to the VPC for+	// which the CIDR used by the endpoint has been configured.+	//+	// We want to reproduce equivalent rules to ensure correct routing.+	if !option.Config.EnableIPv4 {+		return nil, nil

I think we should return setting here in order to keep the existing ones.

		return setting, nil
qmonnet

comment created time in 6 days

PullRequestReviewEvent
PullRequestReviewEvent

pull request commentcilium/packer-ci-build

Bump Go and golangci-lint

build-next-please

tklauser

comment created time in 6 days

pull request commentcilium/packer-ci-build

Bump Go and golangci-lint

build-me-please

tklauser

comment created time in 6 days

PullRequestReviewEvent

Pull request review commentcilium/cilium

Add deny policies

 const ( 	AllPorts = uint16(0) ) +type policyFlag uint8++const (+	policyFlagDeny = 1 << 0+)++type PolicyEntryFlags uint8++// UInt8 returns the UInt8 representation of the ServiceFlags.

Nit:

// UInt8 returns the UInt8 representation of the PolicyEntryFlags.
aanm

comment created time in 6 days

Pull request review commentcilium/cilium

Add deny policies

 func (e *EgressRule) CreateDerivative(ctx context.Context) (*EgressRule, error) 	e.SetAggregatedSelectors() 	return newRule, nil }++// CreateDerivative will return a new rule based on the data gathered by the+// rules that creates a new derivative policy.+// In the case of ToGroups will call outside using the groups callback and this+// function can take a bit of time.+func (e *EgressDenyRule) CreateDerivative(ctx context.Context) (*EgressDenyRule, error) {+	newRule := e.DeepCopy()+	if !e.RequiresDerivative() {+		return newRule, nil+	}+	newRule.ToCIDRSet = CIDRRuleSlice{}

nit: preallocate the slice

	newRule.ToCIDRSet = make(CIDRRuleSlice, 0, len(e.ToGroups)
aanm

comment created time in 6 days

Pull request review commentcilium/cilium

Add deny policies

 const ( 	AllPorts = uint16(0) ) +type policyFlag uint8++const (+	policyFlagDeny = 1 << 0+)++type PolicyEntryFlags uint8++// UInt8 returns the UInt8 representation of the ServiceFlags.+func (pef PolicyEntryFlags) UInt8() uint8 {+	return uint8(pef)+}++func (pef PolicyEntryFlags) is(pf policyFlag) bool {+	return uint8(pef)&uint8(pf) != 0+}++func (pef PolicyEntryFlags) IsDeny() bool {+	return pef.is(policyFlagDeny)+}++// String returns the string implementation of ServiceFlags.+func (pef PolicyEntryFlags) String() string {+	var str []string++	if pef.IsDeny() {+		str = append(str, "Deny")+	} else {+		str = append(str, "Allow")+	}++	return strings.Join(str, ", ")+}

I think this can be simplified to:

func (pef PolicyEntryFlags) String() string {
	if pef.IsDeny() {
		return "Deny"
	}
	return "Allow"
}
aanm

comment created time in 6 days

Pull request review commentcilium/cilium

Add deny policies

 struct policy_key {  struct policy_entry { 	__be16		proxy_port;-	__u16		pad0;+	__u8		deny:1,

Looks like this change ended up in the wrong commit (cilium/cmd: dump policy deny maps). It should probably be part of bpf: add deny policy enforcement?

aanm

comment created time in 6 days

PullRequestReviewEvent
PullRequestReviewEvent
more