[go: up one dir, main page]
Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feature: Flag to change size of egress gateway policy map #23019

Merged
merged 1 commit into from
Feb 3, 2023
Merged

feature: Flag to change size of egress gateway policy map #23019

merged 1 commit into from
Feb 3, 2023

Conversation

cyclinder
Copy link
Contributor
@cyclinder cyclinder commented Jan 10, 2023
edited by aanm
Loading

Signed-off-by: cyclinder qifeng.guo@daocloud.io

Flag to change size of egress gateway policy map

Fixes:

#issue-22929
#issue-22805

Fixes #22929
Fixes #22805

Add flag to configure the size of the egress gateway policy map

@cyclinder cyclinder requested review from a team as code owners January 10, 2023 13:56
@maintainer-s-little-helper maintainer-s-little-helper bot added the dont-merge/needs-release-note-label The author needs to describe the release impact of these changes. label Jan 10, 2023
@github-actions github-actions bot added the kind/community-contribution This was a contribution made by a community member. label Jan 10, 2023
@cyclinder cyclinder force-pushed the egress_flag branch 2 times, most recently from e02a754 to 3624a60 Compare January 10, 2023 14:27
@maintainer-s-little-helper

This comment was marked as resolved.

Sign in to view
@maintainer-s-little-helper maintainer-s-little-helper bot added the dont-merge/needs-sign-off The author needs to add signoff to their commits before merge. label Jan 11, 2023
@maintainer-s-little-helper maintainer-s-little-helper bot removed the dont-merge/needs-sign-off The author needs to add signoff to their commits before merge. label Jan 11, 2023
@qmonnet qmonnet added the release-note/minor This PR changes functionality that users may find relevant to operating Cilium. label Jan 11, 2023
@maintainer-s-little-helper maintainer-s-little-helper bot removed the dont-merge/needs-release-note-label The author needs to describe the release impact of these changes. label Jan 11, 2023
@qmonnet qmonnet added the feature/egress-gateway Impacts the egress IP gateway feature. label Jan 11, 2023
qmonnet
qmonnet requested changes Jan 11, 2023
View reviewed changes
Copy link
Member
@qmonnet qmonnet left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks! Overall looks good to me, although I'm not familiar enough with Egress Gateway to tell if there might be some specific things to consider before allowing to change the number of entries, I'll defer to other reviewers for that.

Would be great to have a bit of context/motivation for the change. Did you hit the current limit?

Some minor items to fix up:

  • Please fix the reports from the Go linter (I think it says some imports are not in the correct block, you can maybe fix that with make gofmt).
  • Please update the documentation with make -C Documentation update-cmdref (this is what the Travis build complains about).
  • Please consider using your real name in the Signed-off-by tag for the commit.
  • Please fix the issue reported inline below.

pkg/option/config.go Outdated Show resolved Hide resolved
@ldelossa
Copy link
Contributor

@cyclinder are you willing to split this PR up a bit into multiple commits, ones which involve the flag addition and ones which involve plumbing it thru, updating business logic.

@cyclinder
Copy link
Contributor Author

Thanks! Overall looks good to me, although I'm not familiar enough with Egress Gateway to tell if there might be some specific things to consider before allowing to change the number of entries, I'll defer to other reviewers for that.

Thanks!

Would be great to have a bit of context/motivation for the change. Did you hit the current limit?

Refer to #22805, The author mentions that he hit the maximum limit in their environment, 954 pods * 65 CIDR blocks * 1 egress gateway = 62010 entries ?

@maintainer-s-little-helper

This comment was marked as resolved.

Sign in to view
@maintainer-s-little-helper maintainer-s-little-helper bot added the dont-merge/needs-sign-off The author needs to add signoff to their commits before merge. label Jan 15, 2023
@cyclinder
Copy link
Contributor Author
  • Please update the documentation with make -C Documentation update-cmdref (this is what the Travis build complains about).
 cilium git:(egress_flag) ✗ make -C Documentation update-cmdref
: 
# Pre-pull FROM docker image due to Buildkit sometimes failing to pull them.
grep -m 1 "^FROM " Dockerfile | tr -d '\r' | cut -d ' ' -f2 | xargs -n1 docker pull
3.10.4-alpine3.15: Pulling from library/python
Digest: sha256:11a95bbf024fc1d116e83d13669e0c16686e271c7c78d5b1436db37672167e5f
Status: Image is up to date for python:3.10.4-alpine3.15
docker.io/library/python:3.10.4-alpine3.15
tar c requirements.txt Dockerfile | docker build  --target docs-builder --tag cilium/docs-builder -
[+] Building 0.1s (9/9) FINISHED                                                                                                                                                                     
 => CACHED [internal] load remote build context                                                                                                                                                 0.0s
 => CACHED copy /context /                                                                                                                                                                      0.0s
 => [internal] load metadata for docker.io/library/python:3.10.4-alpine3.15                                                                                                                     0.0s
 => [docs-base 1/2] FROM docker.io/library/python:3.10.4-alpine3.15                                                                                                                             0.0s
 => CACHED [docs-base 2/2] RUN apk add --no-cache --virtual --update     aspell-en     nodejs     npm     bash     ca-certificates     enchant2     enchant2-dev     git     libc6-compat       0.0s
 => CACHED [docs-builder 1/3] ADD ./requirements.txt /tmp/requirements.txt                                                                                                                      0.0s
 => CACHED [docs-builder 2/3] RUN pip install -r /tmp/requirements.txt                                                                                                                          0.0s
 => CACHED [docs-builder 3/3] RUN install -m 0777 -d /usr/local/lib/python3.10/site-packages/versionwarning/_static/data                                                                        0.0s
 => exporting to image                                                                                                                                                                          0.0s
 => => exporting layers                                                                                                                                                                         0.0s
 => => writing image sha256:4f8a350b633b7671371b644689f449650dd78c450a2719273601148d0adb2e34                                                                                                    0.0s
 => => naming to docker.io/cilium/docs-builder                                                                                                                                                  0.0s

Use 'docker scan' to run Snyk tests against images to find vulnerabilities and learn how to fix them
make -C ../ build
pkg/datapath/loader/check-sources.sh
pkg/datapath/loader/check-sources.sh: bpf_overlay.c is not using send_drop_notify*, please remove it from bpf/source_names_to_ids.h
pkg/datapath/loader/check-sources.sh: bpf_xdp.c is not using send_drop_notify*, please remove it from bpf/source_names_to_ids.h
pkg/datapath/loader/check-sources.sh: arp.h is not using send_drop_notify*, please remove it from bpf/source_names_to_ids.h
pkg/datapath/loader/check-sources.sh: egress_policies.h is not using send_drop_notify*, please remove it from bpf/source_names_to_ids.h
pkg/datapath/loader/check-sources.sh: icmp6.h is not using send_drop_notify*, please remove it from bpf/source_names_to_ids.h
make[1]: *** [check-sources] Error 1
make: *** [cilium-build] Error 2

Hi @qmonnet , failed to run make -C Documentation update-cmdref, how to fix it? can you help me? thank a lot ~

@qmonnet
Copy link
Member
qmonnet commented Jan 16, 2023

I'm not sure why you get this error, I can't reproduce on my side. Have you tried rebasing on the current master branch, running make clean and trying make -C Documentation update-cmdref again?
@aspsk would you know what could produce the above?

@aspsk
Copy link
Contributor
aspsk commented Jan 16, 2023

@aspsk would you know what could produce the above?

Can't reproduce on master. To debug this, one can execute

bash -x pkg/datapath/loader/check-sources.sh

in the broken environment

@cyclinder
Copy link
Contributor Author
cyclinder commented Jan 16, 2023
edited by qmonnet
Loading 
bash -x pkg/datapath/loader/check-sources.sh

in the broken environment

Still fail after make clean, and I try to bash -x pkg/datapath/loader/check-sources.sh:

Output 
 cilium git:(egress_flag) ✗ bash -x pkg/datapath/loader/check-sources.sh
++ awk -F: '/^__source_file_name_to_id/{found=1; next}
                /return 0/{exit}
                {if (!found || !/_strcase_/) next}
                {gsub(/.* |"|\)|;/, "", $1); print $1}
                ' bpf/source_names_to_ids.h
+ defined_files='bpf_host.c
bpf_lxc.c
bpf_overlay.c
bpf_xdp.c
arp.h
drop.h
egress_policies.h
icmp6.h
nodeport.h'
++ find bpf/ -maxdepth 1 -name '*.c'
++ find bpf/lib/ -maxdepth 1 -name '*.h'
+ all_files='bpf//bpf_sock.c
bpf//bpf_lxc.c
bpf//bpf_network.c
bpf//bpf_alignchecker.c
bpf//bpf_host.c
bpf//bpf_overlay.c
bpf//bpf_xdp.c
bpf/lib//time.h
bpf/lib//egress_policies.h
bpf/lib//utils.h
bpf/lib//trace_sock.h
bpf/lib//eps.h
bpf/lib//qm.h
bpf/lib//policy.h
bpf/lib//l3.h
bpf/lib//config.h
bpf/lib//nat.h
bpf/lib//proxy_hairpin.h
bpf/lib//overloadable_xdp.h
bpf/lib//endian.h
bpf/lib//encap.h
bpf/lib//fib.h
bpf/lib//events.h
bpf/lib//signal.h
bpf/lib//ids.h
bpf/lib//eth.h
bpf/lib//ghash.h
bpf/lib//l4.h
bpf/lib//ipv4.h
bpf/lib//tailcall.h
bpf/lib//conntrack.h
bpf/lib//neigh.h
bpf/lib//static_data.h
bpf/lib//trace.h
bpf/lib//common.h
bpf/lib//identity.h
bpf/lib//proxy.h
bpf/lib//stubs.h
bpf/lib//pcap.h
bpf/lib//csum.h
bpf/lib//nodeport.h
bpf/lib//arp.h
bpf/lib//nat_46x64.h
bpf/lib//metrics.h
bpf/lib//edt.h
bpf/lib//conntrack_map.h
bpf/lib//maps.h
bpf/lib//time_cache.h
bpf/lib//lb.h
bpf/lib//policy_log.h
bpf/lib//overloadable_skb.h
bpf/lib//icmp6.h
bpf/lib//mono.h
bpf/lib//encrypt.h
bpf/lib//jhash.h
bpf/lib//overloadable.h
bpf/lib//dbg.h
bpf/lib//host_firewall.h
bpf/lib//lxc.h
bpf/lib//hash.h
bpf/lib//drop.h
bpf/lib//ipv6.h'
++ grep -e '\<send_drop_notify\(\|_error\|_ext\|_error_ext\)\>' bpf//bpf_sock.c bpf//bpf_lxc.c bpf//bpf_network.c bpf//bpf_alignchecker.c bpf//bpf_host.c bpf//bpf_overlay.c bpf//bpf_xdp.c bpf/lib//time.h bpf/lib//egress_policies.h bpf/lib//utils.h bpf/lib//trace_sock.h bpf/lib//eps.h bpf/lib//qm.h bpf/lib//policy.h bpf/lib//l3.h bpf/lib//config.h bpf/lib//nat.h bpf/lib//proxy_hairpin.h bpf/lib//overloadable_xdp.h bpf/lib//endian.h bpf/lib//encap.h bpf/lib//fib.h bpf/lib//events.h bpf/lib//signal.h bpf/lib//ids.h bpf/lib//eth.h bpf/lib//ghash.h bpf/lib//l4.h bpf/lib//ipv4.h bpf/lib//tailcall.h bpf/lib//conntrack.h bpf/lib//neigh.h bpf/lib//static_data.h bpf/lib//trace.h bpf/lib//common.h bpf/lib//identity.h bpf/lib//proxy.h bpf/lib//stubs.h bpf/lib//pcap.h bpf/lib//csum.h bpf/lib//nodeport.h bpf/lib//arp.h bpf/lib//nat_46x64.h bpf/lib//metrics.h bpf/lib//edt.h bpf/lib//conntrack_map.h bpf/lib//maps.h bpf/lib//time_cache.h bpf/lib//lb.h bpf/lib//policy_log.h bpf/lib//overloadable_skb.h bpf/lib//icmp6.h bpf/lib//mono.h bpf/lib//encrypt.h bpf/lib//jhash.h bpf/lib//overloadable.h bpf/lib//dbg.h bpf/lib//host_firewall.h bpf/lib//lxc.h bpf/lib//hash.h bpf/lib//drop.h bpf/lib//ipv6.h
++ cut -f1 -d:
++ sort -u
++ xargs -n1 basename
+ required_files='bpf_host.c
bpf_lxc.c
drop.h
nodeport.h'
+ retval=0
+ for f in $required_files
+ grep --silent -w bpf_host.c
+ for f in $required_files
+ grep --silent -w bpf_lxc.c
+ for f in $required_files
+ grep --silent -w drop.h
+ for f in $required_files
+ grep --silent -w nodeport.h
+ retval=0
+ for f in $defined_files
+ grep --silent -w bpf_host.c
+ for f in $defined_files
+ grep --silent -w bpf_lxc.c
+ for f in $defined_files
+ grep --silent -w bpf_overlay.c
+ echo 'pkg/datapath/loader/check-sources.sh: bpf_overlay.c is not using send_drop_notify*, please remove it from bpf/source_names_to_ids.h'
pkg/datapath/loader/check-sources.sh: bpf_overlay.c is not using send_drop_notify*, please remove it from bpf/source_names_to_ids.h
+ retval=1
+ for f in $defined_files
+ grep --silent -w bpf_xdp.c
+ echo 'pkg/datapath/loader/check-sources.sh: bpf_xdp.c is not using send_drop_notify*, please remove it from bpf/source_names_to_ids.h'
pkg/datapath/loader/check-sources.sh: bpf_xdp.c is not using send_drop_notify*, please remove it from bpf/source_names_to_ids.h
+ retval=1
+ for f in $defined_files
+ grep --silent -w arp.h
+ echo 'pkg/datapath/loader/check-sources.sh: arp.h is not using send_drop_notify*, please remove it from bpf/source_names_to_ids.h'
pkg/datapath/loader/check-sources.sh: arp.h is not using send_drop_notify*, please remove it from bpf/source_names_to_ids.h
+ retval=1
+ for f in $defined_files
+ grep --silent -w drop.h
+ for f in $defined_files
+ grep --silent -w egress_policies.h
+ echo 'pkg/datapath/loader/check-sources.sh: egress_policies.h is not using send_drop_notify*, please remove it from bpf/source_names_to_ids.h'
pkg/datapath/loader/check-sources.sh: egress_policies.h is not using send_drop_notify*, please remove it from bpf/source_names_to_ids.h
+ retval=1
+ for f in $defined_files
+ grep --silent -w icmp6.h
+ echo 'pkg/datapath/loader/check-sources.sh: icmp6.h is not using send_drop_notify*, please remove it from bpf/source_names_to_ids.h'
pkg/datapath/loader/check-sources.sh: icmp6.h is not using send_drop_notify*, please remove it from bpf/source_names_to_ids.h
+ retval=1
+ for f in $defined_files
+ grep --silent -w nodeport.h
+ exit 1

and I remove bpf_overlay.c, bpf_xdp.c,arp.h,egress_policies.h,icmp6.h in file bpf/source_names_to_ids.h , It works. but make -C Documentation update-cmdref still failed.

Output 
 cilium git:(egress_flag) ✗ bash -x pkg/datapath/loader/check-sources.sh
++ awk -F: '/^__source_file_name_to_id/{found=1; next}
                /return 0/{exit}
                {if (!found || !/_strcase_/) next}
                {gsub(/.* |"|\)|;/, "", $1); print $1}
                ' bpf/source_names_to_ids.h
+ defined_files='bpf_host.c
bpf_lxc.c
drop.h
nodeport.h'
++ find bpf/ -maxdepth 1 -name '*.c'
++ find bpf/lib/ -maxdepth 1 -name '*.h'
+ all_files='bpf//bpf_sock.c
bpf//bpf_lxc.c
bpf//bpf_network.c
bpf//bpf_alignchecker.c
bpf//bpf_host.c
bpf//bpf_overlay.c
bpf//bpf_xdp.c
bpf/lib//time.h
bpf/lib//egress_policies.h
bpf/lib//utils.h
bpf/lib//trace_sock.h
bpf/lib//eps.h
bpf/lib//qm.h
bpf/lib//policy.h
bpf/lib//l3.h
bpf/lib//config.h
bpf/lib//nat.h
bpf/lib//proxy_hairpin.h
bpf/lib//overloadable_xdp.h
bpf/lib//endian.h
bpf/lib//encap.h
bpf/lib//fib.h
bpf/lib//events.h
bpf/lib//signal.h
bpf/lib//ids.h
bpf/lib//eth.h
bpf/lib//ghash.h
bpf/lib//l4.h
bpf/lib//ipv4.h
bpf/lib//tailcall.h
bpf/lib//conntrack.h
bpf/lib//neigh.h
bpf/lib//static_data.h
bpf/lib//trace.h
bpf/lib//common.h
bpf/lib//identity.h
bpf/lib//proxy.h
bpf/lib//stubs.h
bpf/lib//pcap.h
bpf/lib//csum.h
bpf/lib//nodeport.h
bpf/lib//arp.h
bpf/lib//nat_46x64.h
bpf/lib//metrics.h
bpf/lib//edt.h
bpf/lib//conntrack_map.h
bpf/lib//maps.h
bpf/lib//time_cache.h
bpf/lib//lb.h
bpf/lib//policy_log.h
bpf/lib//overloadable_skb.h
bpf/lib//icmp6.h
bpf/lib//mono.h
bpf/lib//encrypt.h
bpf/lib//jhash.h
bpf/lib//overloadable.h
bpf/lib//dbg.h
bpf/lib//host_firewall.h
bpf/lib//lxc.h
bpf/lib//hash.h
bpf/lib//drop.h
bpf/lib//ipv6.h'
++ grep -e '\<send_drop_notify\(\|_error\|_ext\|_error_ext\)\>' bpf//bpf_sock.c bpf//bpf_lxc.c bpf//bpf_network.c bpf//bpf_alignchecker.c bpf//bpf_host.c bpf//bpf_overlay.c bpf//bpf_xdp.c bpf/lib//time.h bpf/lib//egress_policies.h bpf/lib//utils.h bpf/lib//trace_sock.h bpf/lib//eps.h bpf/lib//qm.h bpf/lib//policy.h bpf/lib//l3.h bpf/lib//config.h bpf/lib//nat.h bpf/lib//proxy_hairpin.h bpf/lib//overloadable_xdp.h bpf/lib//endian.h bpf/lib//encap.h bpf/lib//fib.h bpf/lib//events.h bpf/lib//signal.h bpf/lib//ids.h bpf/lib//eth.h bpf/lib//ghash.h bpf/lib//l4.h bpf/lib//ipv4.h bpf/lib//tailcall.h bpf/lib//conntrack.h bpf/lib//neigh.h bpf/lib//static_data.h bpf/lib//trace.h bpf/lib//common.h bpf/lib//identity.h bpf/lib//proxy.h bpf/lib//stubs.h bpf/lib//pcap.h bpf/lib//csum.h bpf/lib//nodeport.h bpf/lib//arp.h bpf/lib//nat_46x64.h bpf/lib//metrics.h bpf/lib//edt.h bpf/lib//conntrack_map.h bpf/lib//maps.h bpf/lib//time_cache.h bpf/lib//lb.h bpf/lib//policy_log.h bpf/lib//overloadable_skb.h bpf/lib//icmp6.h bpf/lib//mono.h bpf/lib//encrypt.h bpf/lib//jhash.h bpf/lib//overloadable.h bpf/lib//dbg.h bpf/lib//host_firewall.h bpf/lib//lxc.h bpf/lib//hash.h bpf/lib//drop.h bpf/lib//ipv6.h
++ cut -f1 -d:
++ sort -u
++ xargs -n1 basename
+ required_files='bpf_host.c
bpf_lxc.c
drop.h
nodeport.h'
+ retval=0
+ for f in $required_files
+ grep --silent -w bpf_host.c
+ for f in $required_files
+ grep --silent -w bpf_lxc.c
+ for f in $required_files
+ grep --silent -w drop.h
+ for f in $required_files
+ grep --silent -w nodeport.h
+ retval=0
+ for f in $defined_files
+ grep --silent -w bpf_host.c
+ for f in $defined_files
+ grep --silent -w bpf_lxc.c
+ for f in $defined_files
+ grep --silent -w drop.h
+ for f in $defined_files
+ grep --silent -w nodeport.h
+ exit 0
➜  cilium git:(egress_flag) ✗ make D                     
➜  cilium git:(egress_flag) ✗ make -C Documentation update-cmdref
: 
# Pre-pull FROM docker image due to Buildkit sometimes failing to pull them.
grep -m 1 "^FROM " Dockerfile | tr -d '\r' | cut -d ' ' -f2 | xargs -n1 docker pull
3.10.4-alpine3.15: Pulling from library/python
Digest: sha256:11a95bbf024fc1d116e83d13669e0c16686e271c7c78d5b1436db37672167e5f
Status: Image is up to date for python:3.10.4-alpine3.15
docker.io/library/python:3.10.4-alpine3.15
tar c requirements.txt Dockerfile | docker build  --target docs-builder --tag cilium/docs-builder -
[+] Building 0.1s (9/9) FINISHED                                                                                                                                                                     
 => CACHED [internal] load remote build context                                                                                                                                                 0.0s
 => CACHED copy /context /                                                                                                                                                                      0.0s
 => [internal] load metadata for docker.io/library/python:3.10.4-alpine3.15                                                                                                                     0.0s
 => [docs-base 1/2] FROM docker.io/library/python:3.10.4-alpine3.15                                                                                                                             0.0s
 => CACHED [docs-base 2/2] RUN apk add --no-cache --virtual --update     aspell-en     nodejs     npm     bash     ca-certificates     enchant2     enchant2-dev     git     libc6-compat       0.0s
 => CACHED [docs-builder 1/3] ADD ./requirements.txt /tmp/requirements.txt                                                                                                                      0.0s
 => CACHED [docs-builder 2/3] RUN pip install -r /tmp/requirements.txt                                                                                                                          0.0s
 => CACHED [docs-builder 3/3] RUN install -m 0777 -d /usr/local/lib/python3.10/site-packages/versionwarning/_static/data                                                                        0.0s
 => exporting to image                                                                                                                                                                          0.0s
 => => exporting layers                                                                                                                                                                         0.0s
 => => writing image sha256:4f8a350b633b7671371b644689f449650dd78c450a2719273601148d0adb2e34                                                                                                    0.0s
 => => naming to docker.io/cilium/docs-builder                                                                                                                                                  0.0s

Use 'docker scan' to run Snyk tests against images to find vulnerabilities and learn how to fix them
make -C ../ build
pkg/datapath/loader/check-sources.sh
CGO_ENABLED=1  go build  -mod=vendor -ldflags ' -X "github.com/cilium/cilium/pkg/version.ciliumVersion=1.13.90 4ec82bbc50 2022-12-21T11:47:52+01:00" -s -w -X "github.com/cilium/cilium/pkg/envoy.RequiredEnvoyVersionSHA=ff9a74a473dd5c1f6bfd7ce10938dab648f70c09" -X "github.com/cilium/cilium/pkg/datapath/loader.DatapathSHA256=0b593a7a3372367dee33873939cbf50191aa3f7a1e1890e09eae81a54b509317" -extldflags -Wl,-soname,libcilium.so.1' -tags=osusergo  -o libcilium.so.1 -buildmode=c-shared
# github.com/cilium/cilium/proxylib
/Users/cyclinder/Downloads/goland/go/pkg/tool/darwin_amd64/link: running clang failed: exit status 1
ld: unknown option: -soname
clang: error: linker command failed with exit code 1 (use -v to see invocation)

make[2]: *** [libcilium.so] Error 2
make[1]: *** [proxylib] Error 2
make: *** [cilium-build] Error 2

@qmonnet
Copy link
Member
qmonnet commented Jan 17, 2023

Still fail after make clean, and I try to bash -x pkg/datapath/loader/check-sources.sh:

Sorry, I don't understand what's happening in your case. I note the double slashes in the filenames returned by the command find:

[...]
++ find bpf/ -maxdepth 1 -name '*.c'
++ find bpf/lib/ -maxdepth 1 -name '*.h'
+ all_files='bpf//bpf_sock.c
bpf//bpf_lxc.c
bpf//bpf_network.c
[...]

But even these should not prevent the script from finding the correct information in the files. It seems that we're not getting all expected file names from that part:

++ grep -e '\<send_drop_notify\(\|_error\|_ext\|_error_ext\)\>' [...]
++ cut -f1 -d:
++ sort -u
++ xargs -n1 basename
+ required_files='bpf_host.c
bpf_lxc.c
drop.h
nodeport.h'

But I don't know why. Out of curiosity, what does grep --version give you?

Anyway, I don't think this issue matters much for your PR. Until we figure this out, I'd recommand simply skipping this check, you could for example edit the Makefile like this (to remove the dependency on the check-sources target) and run make -C Documentation update-cmdref:

diff --git a/Makefile b/Makefile
index ce3f26220403..c3b2d62805d6 100644
--- a/Makefile
+++ b/Makefile
@@ -112,7 +112,7 @@ define generate_k8s_protobuf
 		--go-header-file "$(PWD)/hack/custom-boilerplate.go.txt"
 endef
 
-build: check-sources $(SUBDIRS) ## Builds all the components for Cilium by executing make in the respective sub directories.
+build: $(SUBDIRS) ## Builds all the components for Cilium by executing make in the respective sub directories.
 
 build-container: check-sources ## Builds components required for cilium-agent container.
 	for i in $(SUBDIRS_CILIUM_CONTAINER); do $(MAKE) $(SUBMAKEOPTS) -C $$i all; done

@maintainer-s-little-helper maintainer-s-little-helper bot removed the dont-merge/needs-sign-off The author needs to add signoff to their commits before merge. label Jan 18, 2023
pippolo84
pippolo84 reviewed Jan 24, 2023
View reviewed changes
Copy link
Member
@pippolo84 pippolo84 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for your PR!
Overall LGTM, minus the issues already pointed out by other reviewers.

jibi
jibi requested changes Jan 24, 2023
View reviewed changes
Copy link
Member
@jibi jibi left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for tackling this!

I did a first pass and the PR looks generally good, only a couple of minor things to address.

Also we should export this new option in the Helm charts:

pkg/option/config.go Outdated Show resolved Hide resolved
pkg/option/config.go Outdated Show resolved Hide resolved
pkg/maps/egressmap/egress.go Outdated Show resolved Hide resolved
@cyclinder
Copy link
Contributor Author

Still fail after make clean, and I try to bash -x pkg/datapath/loader/check-sources.sh:

Sorry, I don't understand what's happening in your case. I note the double slashes in the filenames returned by the command find:

[...]
++ find bpf/ -maxdepth 1 -name '*.c'
++ find bpf/lib/ -maxdepth 1 -name '*.h'
+ all_files='bpf//bpf_sock.c
bpf//bpf_lxc.c
bpf//bpf_network.c
[...]

But even these should not prevent the script from finding the correct information in the files. It seems that we're not getting all expected file names from that part:

++ grep -e '\<send_drop_notify\(\|_error\|_ext\|_error_ext\)\>' [...]
++ cut -f1 -d:
++ sort -u
++ xargs -n1 basename
+ required_files='bpf_host.c
bpf_lxc.c
drop.h
nodeport.h'

But I don't know why. Out of curiosity, what does grep --version give you?

Anyway, I don't think this issue matters much for your PR. Until we figure this out, I'd recommand simply skipping this check, you could for example edit the Makefile like this (to remove the dependency on the check-sources target) and run make -C Documentation update-cmdref:

diff --git a/Makefile b/Makefile
index ce3f26220403..c3b2d62805d6 100644
--- a/Makefile
+++ b/Makefile
@@ -112,7 +112,7 @@ define generate_k8s_protobuf
 		--go-header-file "$(PWD)/hack/custom-boilerplate.go.txt"
 endef
 
-build: check-sources $(SUBDIRS) ## Builds all the components for Cilium by executing make in the respective sub directories.
+build: $(SUBDIRS) ## Builds all the components for Cilium by executing make in the respective sub directories.
 
 build-container: check-sources ## Builds components required for cilium-agent container.
 	for i in $(SUBDIRS_CILIUM_CONTAINER); do $(MAKE) $(SUBMAKEOPTS) -C $$i all; done

Thanks, I following your way. but it still fail on my mac.

diff --git a/Makefile b/Makefile
index ce3f262204..c3b2d62805 100644
--- a/Makefile
+++ b/Makefile
@@ -112,7 +112,7 @@ define generate_k8s_protobuf
                --go-header-file "$(PWD)/hack/custom-boilerplate.go.txt"
 endef
 
-build: check-sources $(SUBDIRS) ## Builds all the components for Cilium by executing make in the respective sub directories.
+build: $(SUBDIRS) ## Builds all the components for Cilium by executing make in the respective sub directories.
 
 build-container: check-sources ## Builds components required for cilium-agent container.
        for i in $(SUBDIRS_CILIUM_CONTAINER); do $(MAKE) $(SUBMAKEOPTS) -C $$i all; done

output:

➜  cilium git:(egress_flag) ✗ make -C Documentation update-cmdref
: 
# Pre-pull FROM docker image due to Buildkit sometimes failing to pull them.
grep -m 1 "^FROM " Dockerfile | tr -d '\r' | cut -d ' ' -f2 | xargs -n1 docker pull









3.10.4-alpine3.15: Pulling from library/python
Digest: sha256:11a95bbf024fc1d116e83d13669e0c16686e271c7c78d5b1436db37672167e5f
Status: Image is up to date for python:3.10.4-alpine3.15
docker.io/library/python:3.10.4-alpine3.15
tar c requirements.txt Dockerfile | docker build  --target docs-builder --tag cilium/docs-builder -
[+] Building 0.3s (9/9) FINISHED                                                                                                                                                                     
 => CACHED [internal] load remote build context                                                                                                                                                 0.0s
 => CACHED copy /context /                                                                                                                                                                      0.0s
 => [internal] load metadata for docker.io/library/python:3.10.4-alpine3.15                                                                                                                     0.0s
 => [docs-base 1/2] FROM docker.io/library/python:3.10.4-alpine3.15                                                                                                                             0.0s
 => CACHED [docs-base 2/2] RUN apk add --no-cache --virtual --update     aspell-en     nodejs     npm     bash     ca-certificates     enchant2     enchant2-dev     git     libc6-compat       0.0s
 => CACHED [docs-builder 1/3] ADD ./requirements.txt /tmp/requirements.txt                                                                                                                      0.0s
 => CACHED [docs-builder 2/3] RUN pip install -r /tmp/requirements.txt                                                                                                                          0.0s
 => CACHED [docs-builder 3/3] RUN install -m 0777 -d /usr/local/lib/python3.10/site-packages/versionwarning/_static/data                                                                        0.0s
 => exporting to image                                                                                                                                                                          0.1s
 => => exporting layers                                                                                                                                                                         0.0s
 => => writing image sha256:4f8a350b633b7671371b644689f449650dd78c450a2719273601148d0adb2e34                                                                                                    0.0s
 => => naming to docker.io/cilium/docs-builder                                                                                                                                                  0.0s

Use 'docker scan' to run Snyk tests against images to find vulnerabilities and learn how to fix them
make -C ../ build
CGO_ENABLED=1  go build  -mod=vendor -ldflags ' -X "github.com/cilium/cilium/pkg/version.ciliumVersion=1.13.90 491c7c131f 2023-01-18T18:01:03+08:00" -s -w -X "github.com/cilium/cilium/pkg/envoy.RequiredEnvoyVersionSHA=ff9a74a473dd5c1f6bfd7ce10938dab648f70c09" -X "github.com/cilium/cilium/pkg/datapath/loader.DatapathSHA256=0b593a7a3372367dee33873939cbf50191aa3f7a1e1890e09eae81a54b509317" -extldflags -Wl,-soname,libcilium.so.1' -tags=osusergo  -o libcilium.so.1 -buildmode=c-shared
# github.com/cilium/cilium/proxylib
/Users/cyclinder/Downloads/goland/go/pkg/tool/darwin_amd64/link: running clang failed: exit status 1
ld: unknown option: -soname
clang: error: linker command failed with exit code 1 (use -v to see invocation)

I try run it on liunx-amd64, See if the results are different.

@cyclinder cyclinder requested review from a team as code owners January 25, 2023 07:30
@qmonnet
Copy link
Member
qmonnet commented Jan 25, 2023

I try run it on liunx-amd64, See if the results are different.

OK, let me know how make -C Documentation update-cmdref goes on Linux. If it's still failing, I'll just run it here on top of your changes and pass you the diff. You're not expected to spend hours on debugging/fixing that command when contributing a PR :).

@cyclinder
Copy link
Contributor Author

OK, let me know how make -C Documentation update-cmdref goes on Linux. If it's still failing, I'll just run it here on top of your changes and pass you the diff. You're not expected to spend hours on debugging/fixing that command when contributing a PR :).

thanks! sad, it's still failing...

[root@localhost cilium]# make -C Documentation update-cmdref
make: 进入目录“/root/cyclinder/cilium/Documentation”
:
# Pre-pull FROM docker image due to Buildkit sometimes failing to pull them.
grep -m 1 "^FROM " Dockerfile | tr -d '\r' | cut -d ' ' -f2 | xargs -n1 docker pull
3.10.4-alpine3.15: Pulling from library/python
Digest: sha256:11a95bbf024fc1d116e83d13669e0c16686e271c7c78d5b1436db37672167e5f
Status: Image is up to date for python:3.10.4-alpine3.15
docker.io/library/python:3.10.4-alpine3.15
tar c requirements.txt Dockerfile | docker build  --target docs-builder --tag cilium/docs-builder -
Sending build context to Docker daemon  10.24kB
Step 1/10 : FROM docker.io/library/python:3.10.4-alpine3.15 AS docs-base
 ---> abd9fc366a36
Step 2/10 : LABEL maintainer="maintainer@cilium.io"
 ---> Using cache
 ---> c7a2b8661cfc
Step 3/10 : RUN apk add --no-cache --virtual --update     aspell-en     nodejs     npm     bash     ca-certificates     enchant2     enchant2-dev     git     libc6-compat     py-pip     python3     py3-sphinx     gcc     musl-dev     && true
 ---> Using cache
 ---> 68bb57dac1e3
Step 4/10 : FROM docs-base AS docs-builder
 ---> 68bb57dac1e3
Step 5/10 : ADD ./requirements.txt /tmp/requirements.txt
 ---> Using cache
 ---> e0914f07ef92
Step 6/10 : RUN pip install -r /tmp/requirements.txt
 ---> Using cache
 ---> 174f630132dc
Step 7/10 : ENV HOME=/tmp
 ---> Using cache
 ---> 8558671076fa
Step 8/10 : ENV READTHEDOCS_VERSION=$READTHEDOCS_VERSION
 ---> Using cache
 ---> ab0d1eea7b90
Step 9/10 : ENV MAKE_GIT_REPO_SAFE=1
 ---> Using cache
 ---> fae7eb628f17
Step 10/10 : RUN install -m 0777 -d /usr/local/lib/python3.10/site-packages/versionwarning/_static/data
 ---> Using cache
 ---> e0bbdd9965e7
Successfully built e0bbdd9965e7
Successfully tagged cilium/docs-builder:latest
make -C ../ build
make[1]: 进入目录“/root/cyclinder/cilium”
pkg/datapath/loader/check-sources.sh
make[2]: 进入目录“/root/cyclinder/cilium/proxylib”
CGO_ENABLED=1  go build  -mod=vendor -ldflags ' -X "github.com/cilium/cilium/pkg/version.ciliumVersion=1.13.90 84f6cbc %aI" -s -w -X "github.com/cilium/cilium/pkg/envoy.RequiredEnvoyVersionSHA=ff9a74a473dd5c1f6bfd7ce10938dab648f70c09" -X "github.com/cilium/cilium/pkg/datapath/loader.DatapathSHA256=d15d02fe7d4a7aa0f0aee009cbb7401d7c035ff0045d20542e57d95eb0d4ed06" -extldflags -Wl,-soname,libcilium.so.1' -tags=osusergo  -o libcilium.so.1 -buildmode=c-shared
ln -sf libcilium.so.1 libcilium.so || cp libcilium.so.1 libcilium.so
make[2]: 离开目录“/root/cyclinder/cilium/proxylib”
make[2]: 进入目录“/root/cyclinder/cilium/envoy”
  SKIP  envoy/
cilium-envoy has been moved to github.com/cilium/proxy
make[2]: 离开目录“/root/cyclinder/cilium/envoy”
make[2]: 进入目录“/root/cyclinder/cilium/bpf”
set -e; \
if [ "" != "" ]; then \
	 :  " [-DALLOW_ICMP_FRAG_NEEDED=1 ]"; clang -DALLOW_ICMP_FRAG_NEEDED=1  -I/root/cyclinder/cilium/bpf/include -I/root/cyclinder/cilium/bpf -D__NR_CPUS__=8 -O2 -g -target bpf -std=gnu89 -nostdinc -emit-llvm -Wall -Wextra -Werror -Wshadow -Wno-address-of-packed-member -Wno-unknown-warning-option -Wno-gnu-variable-sized-type-not-at-end -Wdeclaration-after-statement -Wimplicit-int-conversion -Wenum-conversion -c bpf_lxc.c -o bpf_lxc.ll; llc -march=bpf -mcpu=v2 -o /dev/null bpf_lxc.ll;   :  " [-DSKIP_DEBUG=1 ]"; clang -DSKIP_DEBUG=1  -I/root/cyclinder/cilium/bpf/include -I/root/cyclinder/cilium/bpf -D__NR_CPUS__=8 -O2 -g -target bpf -std=gnu89 -nostdinc -emit-llvm -Wall -Wextra -Werror -Wshadow -Wno-address-of-packed-member -Wno-unknown-warning-option -Wno-gnu-variable-sized-type-not-at-end -Wdeclaration-after-statement -Wimplicit-int-conversion -Wenum-conversion -c bpf_lxc.c -o bpf_lxc.ll; llc -march=bpf -mcpu=v2 -o /dev/null bpf_lxc.ll;   :  " [-DHAVE_LPM_TRIE_MAP_TYPE=1 ]"; clang -DHAVE_LPM_TRIE_MAP_TYPE=1  -I/root/cyclinder/cilium/bpf/include -I/root/cyclinder/cilium/bpf -D__NR_CPUS__=8 -O2 -g -target bpf -std=gnu89 -nostdinc -emit-llvm -Wall -Wextra -Werror -Wshadow -Wno-address-of-packed-member -Wno-unknown-warning-option -Wno-gnu-variable-sized-type-not-at-end -Wdeclaration-after-statement -Wimplicit-int-conversion -Wenum-conversion -c bpf_lxc.c -o bpf_lxc.ll; llc -march=bpf -mcpu=v2 -o /dev/null bpf_lxc.ll;   :  " [-DHAVE_LRU_HASH_MAP_TYPE=1 ]"; clang -DHAVE_LRU_HASH_MAP_TYPE=1  -I/root/cyclinder/cilium/bpf/include -I/root/cyclinder/cilium/bpf -D__NR_CPUS__=8 -O2 -g -target bpf -std=gnu89 -nostdinc -emit-llvm -Wall -Wextra -Werror -Wshadow -Wno-address-of-packed-member -Wno-unknown-warning-option -Wno-gnu-variable-sized-type-not-at-end -Wdeclaration-after-statement -Wimplicit-int-conversion -Wenum-conversion -c bpf_lxc.c -o bpf_lxc.ll; llc -march=bpf -mcpu=v2 -o /dev/null bpf_lxc.ll;   :  " [-DENABLE_IPV4=1 ]"; clang -DENABLE_IPV4=1  -I/root/cyclinder/cilium/bpf/include -I/root/cyclinder/cilium/bpf -D__NR_CPUS__=8 -O2 -g -target bpf -std=gnu89 -nostdinc -emit-llvm -Wall -Wextra -Werror -Wshadow -Wno-address-of-packed-member -Wno-unknown-warning-option -Wno-gnu-variable-sized-type-not-at-end -Wdeclaration-after-statement -Wimplicit-int-conversion -Wenum-conversion -c bpf_lxc.c -o bpf_lxc.ll; llc -march=bpf -mcpu=v2 -o /dev/null bpf_lxc.ll;   :  " [-DENABLE_IPV6=1 ]"; clang -DENABLE_IPV6=1  -I/root/cyclinder/cilium/bpf/include -I/root/cyclinder/cilium/bpf -D__NR_CPUS__=8 -O2 -g -target bpf -std=gnu89 -nostdinc -emit-llvm -Wall -Wextra -Werror -Wshadow -Wno-address-of-packed-member -Wno-unknown-warning-option -Wno-gnu-variable-sized-type-not-at-end -Wdeclaration-after-statement -Wimplicit-int-conversion -Wenum-conversion -c bpf_lxc.c -o bpf_lxc.ll; llc -march=bpf -mcpu=v2 -o /dev/null bpf_lxc.ll;   :  " [-DENABLE_IPV4=1 -DENABLE_IPV6=1 -DPOLICY_VERDICT_NOTIFY=1 -DENABLE_IPSEC=1 -DIP_POOLS=1 ]"; clang -DENABLE_IPV4=1 -DENABLE_IPV6=1 -DPOLICY_VERDICT_NOTIFY=1 -DENABLE_IPSEC=1 -DIP_POOLS=1  -I/root/cyclinder/cilium/bpf/include -I/root/cyclinder/cilium/bpf -D__NR_CPUS__=8 -O2 -g -target bpf -std=gnu89 -nostdinc -emit-llvm -Wall -Wextra -Werror -Wshadow -Wno-address-of-packed-member -Wno-unknown-warning-option -Wno-gnu-variable-sized-type-not-at-end -Wdeclaration-after-statement -Wimplicit-int-conversion -Wenum-conversion -c bpf_lxc.c -o bpf_lxc.ll; llc -march=bpf -mcpu=v2 -o /dev/null bpf_lxc.ll;   :  " [-DENABLE_IPV4=1 -DENCAP_IFINDEX=1 -DTUNNEL_MODE=1 -DPOLICY_VERDICT_NOTIFY=1 ]"; clang -DENABLE_IPV4=1 -DENCAP_IFINDEX=1 -DTUNNEL_MODE=1 -DPOLICY_VERDICT_NOTIFY=1  -I/root/cyclinder/cilium/bpf/include -I/root/cyclinder/cilium/bpf -D__NR_CPUS__=8 -O2 -g -target bpf -std=gnu89 -nostdinc -emit-llvm -Wall -Wextra -Werror -Wshadow -Wno-address-of-packed-member -Wno-unknown-warning-option -Wno-gnu-variable-sized-type-not-at-end -Wdeclaration-after-statement -Wimplicit-int-conversion -Wenum-conversion -c bpf_lxc.c -o bpf_lxc.ll; llc -march=bpf -mcpu=v2 -o /dev/null bpf_lxc.ll;   :  " [-DENABLE_IPV4=1 -DENCAP_IFINDEX=1 -DTUNNEL_MODE=1 -DPOLICY_VERDICT_NOTIFY=1 -DENABLE_IPSEC=1 -DIP_POOLS=1 ]"; clang -DENABLE_IPV4=1 -DENCAP_IFINDEX=1 -DTUNNEL_MODE=1 -DPOLICY_VERDICT_NOTIFY=1 -DENABLE_IPSEC=1 -DIP_POOLS=1  -I/root/cyclinder/cilium/bpf/include -I/root/cyclinder/cilium/bpf -D__NR_CPUS__=8 -O2 -g -target bpf -std=gnu89 -nostdinc -emit-llvm -Wall -Wextra -Werror -Wshadow -Wno-address-of-packed-member -Wno-unknown-warning-option -Wno-gnu-variable-sized-type-not-at-end -Wdeclaration-after-statement -Wimplicit-int-conversion -Wenum-conversion -c bpf_lxc.c -o bpf_lxc.ll; llc -march=bpf -mcpu=v2 -o /dev/null bpf_lxc.ll;   :  " [-DENABLE_IPV4=1 -DENCAP_IFINDEX=1 -DTUNNEL_MODE=1 -DPOLICY_VERDICT_NOTIFY=1 -DHAVE_LPM_TRIE_MAP_TYPE=1 ]"; clang -DENABLE_IPV4=1 -DENCAP_IFINDEX=1 -DTUNNEL_MODE=1 -DPOLICY_VERDICT_NOTIFY=1 -DHAVE_LPM_TRIE_MAP_TYPE=1  -I/root/cyclinder/cilium/bpf/include -I/root/cyclinder/cilium/bpf -D__NR_CPUS__=8 -O2 -g -target bpf -std=gnu89 -nostdinc -emit-llvm -Wall -Wextra -Werror -Wshadow -Wno-address-of-packed-member -Wno-unknown-warning-option -Wno-gnu-variable-sized-type-not-at-end -Wdeclaration-after-statement -Wimplicit-int-conversion -Wenum-conversion -c bpf_lxc.c -o bpf_lxc.ll; llc -march=bpf -mcpu=v2 -o /dev/null bpf_lxc.ll;   :  " [-DENABLE_IPV4=1 -DENCAP_IFINDEX=1 -DTUNNEL_MODE=1 -DPOLICY_VERDICT_NOTIFY=1 -DHAVE_LPM_TRIE_MAP_TYPE=1 -DENABLE_EGRESS_GATEWAY=1 ]"; clang -DENABLE_IPV4=1 -DENCAP_IFINDEX=1 -DTUNNEL_MODE=1 -DPOLICY_VERDICT_NOTIFY=1 -DHAVE_LPM_TRIE_MAP_TYPE=1 -DENABLE_EGRESS_GATEWAY=1  -I/root/cyclinder/cilium/bpf/include -I/root/cyclinder/cilium/bpf -D__NR_CPUS__=8 -O2 -g -target bpf -std=gnu89 -nostdinc -emit-llvm -Wall -Wextra -Werror -Wshadow -Wno-address-of-packed-member -Wno-unknown-warning-option -Wno-gnu-variable-sized-type-not-at-end -Wdeclaration-after-statement -Wimplicit-int-conversion -Wenum-conversion -c bpf_lxc.c -o bpf_lxc.ll; llc -march=bpf -mcpu=v2 -o /dev/null bpf_lxc.ll;   :  " [-DENABLE_IPV4=1 -DENCAP_IFINDEX=1 -DTUNNEL_MODE=1 -DPOLICY_VERDICT_NOTIFY=1 -DHAVE_LPM_TRIE_MAP_TYPE=1 -DHAVE_LRU_HASH_MAP_TYPE=1 ]"; clang -DENABLE_IPV4=1 -DENCAP_IFINDEX=1 -DTUNNEL_MODE=1 -DPOLICY_VERDICT_NOTIFY=1 -DHAVE_LPM_TRIE_MAP_TYPE=1 -DHAVE_LRU_HASH_MAP_TYPE=1  -I/root/cyclinder/cilium/bpf/include -I/root/cyclinder/cilium/bpf -D__NR_CPUS__=8 -O2 -g -target bpf -std=gnu89 -nostdinc -emit-llvm -Wall -Wextra -Werror -Wshadow -Wno-address-of-packed-member -Wno-unknown-warning-option -Wno-gnu-variable-sized-type-not-at-end -Wdeclaration-after-statement -Wimplicit-int-conversion -Wenum-conversion -c bpf_lxc.c -o bpf_lxc.ll; llc -march=bpf -mcpu=v2 -o /dev/null bpf_lxc.ll;   :  " [-DENABLE_IPV4=1 -DENCAP_IFINDEX=1 -DTUNNEL_MODE=1 -DPOLICY_VERDICT_NOTIFY=1 -DENABLE_IPV4_FRAGMENTS=1 ]"; clang -DENABLE_IPV4=1 -DENCAP_IFINDEX=1 -DTUNNEL_MODE=1 -DPOLICY_VERDICT_NOTIFY=1 -DENABLE_IPV4_FRAGMENTS=1  -I/root/cyclinder/cilium/bpf/include -I/root/cyclinder/cilium/bpf -D__NR_CPUS__=8 -O2 -g -target bpf -std=gnu89 -nostdinc -emit-llvm -Wall -Wextra -Werror -Wshadow -Wno-address-of-packed-member -Wno-unknown-warning-option -Wno-gnu-variable-sized-type-not-at-end -Wdeclaration-after-statement -Wimplicit-int-conversion -Wenum-conversion -c bpf_lxc.c -o bpf_lxc.ll; llc -march=bpf -mcpu=v2 -o /dev/null bpf_lxc.ll;   :  " [-DENABLE_IPV6=1 -DENCAP_IFINDEX=1 -DTUNNEL_MODE=1 -DPOLICY_VERDICT_NOTIFY=1 ]"; clang -DENABLE_IPV6=1 -DENCAP_IFINDEX=1 -DTUNNEL_MODE=1 -DPOLICY_VERDICT_NOTIFY=1  -I/root/cyclinder/cilium/bpf/include -I/root/cyclinder/cilium/bpf -D__NR_CPUS__=8 -O2 -g -target bpf -std=gnu89 -nostdinc -emit-llvm -Wall -Wextra -Werror -Wshadow -Wno-address-of-packed-member -Wno-unknown-warning-option -Wno-gnu-variable-sized-type-not-at-end -Wdeclaration-after-statement -Wimplicit-int-conversion -Wenum-conversion -c bpf_lxc.c -o bpf_lxc.ll; llc -march=bpf -mcpu=v2 -o /dev/null bpf_lxc.ll;   :  " [-DENABLE_IPV6=1 -DENCAP_IFINDEX=1 -DTUNNEL_MODE=1 -DPOLICY_VERDICT_NOTIFY=1 -DENABLE_IPSEC=1 -DIP_POOLS=1 ]"; clang -DENABLE_IPV6=1 -DENCAP_IFINDEX=1 -DTUNNEL_MODE=1 -DPOLICY_VERDICT_NOTIFY=1 -DENABLE_IPSEC=1 -DIP_POOLS=1  -I/root/cyclinder/cilium/bpf/include -I/root/cyclinder/cilium/bpf -D__NR_CPUS__=8 -O2 -g -target bpf -std=gnu89 -nostdinc -emit-llvm -Wall -Wextra -Werror -Wshadow -Wno-address-of-packed-member -Wno-unknown-warning-option -Wno-gnu-variable-sized-type-not-at-end -Wdeclaration-after-statement -Wimplicit-int-conversion -Wenum-conversion -c bpf_lxc.c -o bpf_lxc.ll; llc -march=bpf -mcpu=v2 -o /dev/null bpf_lxc.ll;   :  " [-DENABLE_IPV6=1 -DENCAP_IFINDEX=1 -DTUNNEL_MODE=1 -DPOLICY_VERDICT_NOTIFY=1 -DHAVE_LPM_TRIE_MAP_TYPE=1 ]"; clang -DENABLE_IPV6=1 -DENCAP_IFINDEX=1 -DTUNNEL_MODE=1 -DPOLICY_VERDICT_NOTIFY=1 -DHAVE_LPM_TRIE_MAP_TYPE=1  -I/root/cyclinder/cilium/bpf/include -I/root/cyclinder/cilium/bpf -D__NR_CPUS__=8 -O2 -g -target bpf -std=gnu89 -nostdinc -emit-llvm -Wall -Wextra -Werror -Wshadow -Wno-address-of-packed-member -Wno-unknown-warning-option -Wno-gnu-variable-sized-type-not-at-end -Wdeclaration-after-statement -Wimplicit-int-conversion -Wenum-conversion -c bpf_lxc.c -o bpf_lxc.ll; llc -march=bpf -mcpu=v2 -o /dev/null bpf_lxc.ll;   :  " [-DENABLE_IPV6=1 -DENCAP_IFINDEX=1 -DTUNNEL_MODE=1 -DPOLICY_VERDICT_NOTIFY=1 -DHAVE_LPM_TRIE_MAP_TYPE=1 -DHAVE_LRU_HASH_MAP_TYPE=1 ]"; clang -DENABLE_IPV6=1 -DENCAP_IFINDEX=1 -DTUNNEL_MODE=1 -DPOLICY_VERDICT_NOTIFY=1 -DHAVE_LPM_TRIE_MAP_TYPE=1 -DHAVE_LRU_HASH_MAP_TYPE=1  -I/root/cyclinder/cilium/bpf/include -I/root/cyclinder/cilium/bpf -D__NR_CPUS__=8 -O2 -g -target bpf -std=gnu89 -nostdinc -emit-llvm -Wall -Wextra -Werror -Wshadow -Wno-address-of-packed-member -Wno-unknown-warning-option -Wno-gnu-variable-sized-type-not-at-end -Wdeclaration-after-statement -Wimplicit-int-conversion -Wenum-conversion -c bpf_lxc.c -o bpf_lxc.ll; llc -march=bpf -mcpu=v2 -o /dev/null bpf_lxc.ll;   :  " [-DENABLE_IPV6=1 -DENCAP_IFINDEX=1 -DTUNNEL_MODE=1 -DPOLICY_VERDICT_NOTIFY=1 -DENABLE_IPV4=1 ]"; clang -DENABLE_IPV6=1 -DENCAP_IFINDEX=1 -DTUNNEL_MODE=1 -DPOLICY_VERDICT_NOTIFY=1 -DENABLE_IPV4=1  -I/root/cyclinder/cilium/bpf/include -I/root/cyclinder/cilium/bpf -D__NR_CPUS__=8 -O2 -g -target bpf -std=gnu89 -nostdinc -emit-llvm -Wall -Wextra -Werror -Wshadow -Wno-address-of-packed-member -Wno-unknown-warning-option -Wno-gnu-variable-sized-type-not-at-end -Wdeclaration-after-statement -Wimplicit-int-conversion -Wenum-conversion -c bpf_lxc.c -o bpf_lxc.ll; llc -march=bpf -mcpu=v2 -o /dev/null bpf_lxc.ll;   :  " [-DENABLE_IPV6=1 -DENCAP_IFINDEX=1 -DTUNNEL_MODE=1 -DPOLICY_VERDICT_NOTIFY=1 -DENABLE_IPV4=1 -DENABLE_ROUTING=1 ]"; clang -DENABLE_IPV6=1 -DENCAP_IFINDEX=1 -DTUNNEL_MODE=1 -DPOLICY_VERDICT_NOTIFY=1 -DENABLE_IPV4=1 -DENABLE_ROUTING=1  -I/root/cyclinder/cilium/bpf/include -I/root/cyclinder/cilium/bpf -D__NR_CPUS__=8 -O2 -g -target bpf -std=gnu89 -nostdinc -emit-llvm -Wall -Wextra -Werror -Wshadow -Wno-address-of-packed-member -Wno-unknown-warning-option -Wno-gnu-variable-sized-type-not-at-end -Wdeclaration-after-statement -Wimplicit-int-conversion -Wenum-conversion -c bpf_lxc.c -o bpf_lxc.ll; llc -march=bpf -mcpu=v2 -o /dev/null bpf_lxc.ll;   :  " [-DENABLE_IPV6=1 -DENCAP_IFINDEX=1 -DTUNNEL_MODE=1 -DPOLICY_VERDICT_NOTIFY=1 -DENABLE_IPV4=1 -DENABLE_IPSEC=1 -DIP_POOLS=1 -DENABLE_ENCAP_HOST_REMAP=1 ]"; clang -DENABLE_IPV6=1 -DENCAP_IFINDEX=1 -DTUNNEL_MODE=1 -DPOLICY_VERDICT_NOTIFY=1 -DENABLE_IPV4=1 -DENABLE_IPSEC=1 -DIP_POOLS=1 -DENABLE_ENCAP_HOST_REMAP=1  -I/root/cyclinder/cilium/bpf/include -I/root/cyclinder/cilium/bpf -D__NR_CPUS__=8 -O2 -g -target bpf -std=gnu89 -nostdinc -emit-llvm -Wall -Wextra -Werror -Wshadow -Wno-address-of-packed-member -Wno-unknown-warning-option -Wno-gnu-variable-sized-type-not-at-end -Wdeclaration-after-statement -Wimplicit-int-conversion -Wenum-conversion -c bpf_lxc.c -o bpf_lxc.ll; llc -march=bpf -mcpu=v2 -o /dev/null bpf_lxc.ll;   :  " [-DENABLE_IPV6=1 -DENCAP_IFINDEX=1 -DTUNNEL_MODE=1 -DPOLICY_VERDICT_NOTIFY=1 -DENABLE_IPV4=1 -DENABLE_IPSEC=1 -DIP_POOLS=1 -DENABLE_ENCAP_HOST_REMAP=1 -DENABLE_L7_LB=1 ]"; clang -DENABLE_IPV6=1 -DENCAP_IFINDEX=1 -DTUNNEL_MODE=1 -DPOLICY_VERDICT_NOTIFY=1 -DENABLE_IPV4=1 -DENABLE_IPSEC=1 -DIP_POOLS=1 -DENABLE_ENCAP_HOST_REMAP=1 -DENABLE_L7_LB=1  -I/root/cyclinder/cilium/bpf/include -I/root/cyclinder/cilium/bpf -D__NR_CPUS__=8 -O2 -g -target bpf -std=gnu89 -nostdinc -emit-llvm -Wall -Wextra -Werror -Wshadow -Wno-address-of-packed-member -Wno-unknown-warning-option -Wno-gnu-variable-sized-type-not-at-end -Wdeclaration-after-statement -Wimplicit-int-conversion -Wenum-conversion -c bpf_lxc.c -o bpf_lxc.ll; llc -march=bpf -mcpu=v2 -o /dev/null bpf_lxc.ll;   :  " [-DENABLE_IPV4=1 -DENCAP_IFINDEX=1 -DTUNNEL_MODE=1 -DPOLICY_VERDICT_NOTIFY=1 -DENABLE_IPV6=1 -DHAVE_LPM_TRIE_MAP_TYPE=1 -DHAVE_LRU_HASH_MAP_TYPE=1 ]"; clang -DENABLE_IPV4=1 -DENCAP_IFINDEX=1 -DTUNNEL_MODE=1 -DPOLICY_VERDICT_NOTIFY=1 -DENABLE_IPV6=1 -DHAVE_LPM_TRIE_MAP_TYPE=1 -DHAVE_LRU_HASH_MAP_TYPE=1  -I/root/cyclinder/cilium/bpf/include -I/root/cyclinder/cilium/bpf -D__NR_CPUS__=8 -O2 -g -target bpf -std=gnu89 -nostdinc -emit-llvm -Wall -Wextra -Werror -Wshadow -Wno-address-of-packed-member -Wno-unknown-warning-option -Wno-gnu-variable-sized-type-not-at-end -Wdeclaration-after-statement -Wimplicit-int-conversion -Wenum-conversion -c bpf_lxc.c -o bpf_lxc.ll; llc -march=bpf -mcpu=v2 -o /dev/null bpf_lxc.ll;   :  " [-DENABLE_IPV4=1 -DENCAP_IFINDEX=1 -DTUNNEL_MODE=1 -DPOLICY_VERDICT_NOTIFY=1 -DENABLE_IPV6=1 -DHAVE_LPM_TRIE_MAP_TYPE=1 -DHAVE_LRU_HASH_MAP_TYPE=1 -DENABLE_TPROXY=1 ]"; clang -DENABLE_IPV4=1 -DENCAP_IFINDEX=1 -DTUNNEL_MODE=1 -DPOLICY_VERDICT_NOTIFY=1 -DENABLE_IPV6=1 -DHAVE_LPM_TRIE_MAP_TYPE=1 -DHAVE_LRU_HASH_MAP_TYPE=1 -DENABLE_TPROXY=1  -I/root/cyclinder/cilium/bpf/include -I/root/cyclinder/cilium/bpf -D__NR_CPUS__=8 -O2 -g -target bpf -std=gnu89 -nostdinc -emit-llvm -Wall -Wextra -Werror -Wshadow -Wno-address-of-packed-member -Wno-unknown-warning-option -Wno-gnu-variable-sized-type-not-at-end -Wdeclaration-after-statement -Wimplicit-int-conversion -Wenum-conversion -c bpf_lxc.c -o bpf_lxc.ll; llc -march=bpf -mcpu=v2 -o /dev/null bpf_lxc.ll;   :  " [-DENABLE_IPV4=1 -DENCAP_IFINDEX=1 -DTUNNEL_MODE=1 -DPOLICY_VERDICT_NOTIFY=1 -DENABLE_IPV6=1 -DHAVE_LPM_TRIE_MAP_TYPE=1 -DHAVE_LRU_HASH_MAP_TYPE=1 -DENABLE_TPROXY=1 -DENABLE_L7_LB=1 ]"; clang -DENABLE_IPV4=1 -DENCAP_IFINDEX=1 -DTUNNEL_MODE=1 -DPOLICY_VERDICT_NOTIFY=1 -DENABLE_IPV6=1 -DHAVE_LPM_TRIE_MAP_TYPE=1 -DHAVE_LRU_HASH_MAP_TYPE=1 -DENABLE_TPROXY=1 -DENABLE_L7_LB=1  -I/root/cyclinder/cilium/bpf/include -I/root/cyclinder/cilium/bpf -D__NR_CPUS__=8 -O2 -g -target bpf -std=gnu89 -nostdinc -emit-llvm -Wall -Wextra -Werror -Wshadow -Wno-address-of-packed-member -Wno-unknown-warning-option -Wno-gnu-variable-sized-type-not-at-end -Wdeclaration-after-statement -Wimplicit-int-conversion -Wenum-conversion -c bpf_lxc.c -o bpf_lxc.ll; llc -march=bpf -mcpu=v2 -o /dev/null bpf_lxc.ll;   :  " [-DENCAP_IFINDEX=1 -DTUNNEL_MODE=1 -DENABLE_IPV4=1 -DENABLE_IPV6=1 -DPOLICY_VERDICT_NOTIFY=1 ]"; clang -DENCAP_IFINDEX=1 -DTUNNEL_MODE=1 -DENABLE_IPV4=1 -DENABLE_IPV6=1 -DPOLICY_VERDICT_NOTIFY=1  -I/root/cyclinder/cilium/bpf/include -I/root/cyclinder/cilium/bpf -D__NR_CPUS__=8 -O2 -g -target bpf -std=gnu89 -nostdinc -emit-llvm -Wall -Wextra -Werror -Wshadow -Wno-address-of-packed-member -Wno-unknown-warning-option -Wno-gnu-variable-sized-type-not-at-end -Wdeclaration-after-statement -Wimplicit-int-conversion -Wenum-conversion -c bpf_lxc.c -o bpf_lxc.ll; llc -march=bpf -mcpu=v2 -o /dev/null bpf_lxc.ll;   :  " [-DENCAP_IFINDEX=1 -DTUNNEL_MODE=1 -DENABLE_IPV4=1 -DENABLE_IPV6=1 -DPOLICY_VERDICT_NOTIFY=1 -DENABLE_NAT_46X64=1 -DENABLE_NAT_46X64_GATEWAY=1 ]"; clang -DENCAP_IFINDEX=1 -DTUNNEL_MODE=1 -DENABLE_IPV4=1 -DENABLE_IPV6=1 -DPOLICY_VERDICT_NOTIFY=1 -DENABLE_NAT_46X64=1 -DENABLE_NAT_46X64_GATEWAY=1  -I/root/cyclinder/cilium/bpf/include -I/root/cyclinder/cilium/bpf -D__NR_CPUS__=8 -O2 -g -target bpf -std=gnu89 -nostdinc -emit-llvm -Wall -Wextra -Werror -Wshadow -Wno-address-of-packed-member -Wno-unknown-warning-option -Wno-gnu-variable-sized-type-not-at-end -Wdeclaration-after-statement -Wimplicit-int-conversion -Wenum-conversion -c bpf_lxc.c -o bpf_lxc.ll; llc -march=bpf -mcpu=v2 -o /dev/null bpf_lxc.ll;   :  " [-DENCAP_IFINDEX=1 -DTUNNEL_MODE=1 -DENABLE_NODEPORT=1 -DENABLE_IPV4=1 -DENABLE_IPV6=1 -DPOLICY_VERDICT_NOTIFY=1 ]"; clang -DENCAP_IFINDEX=1 -DTUNNEL_MODE=1 -DENABLE_NODEPORT=1 -DENABLE_IPV4=1 -DENABLE_IPV6=1 -DPOLICY_VERDICT_NOTIFY=1  -I/root/cyclinder/cilium/bpf/include -I/root/cyclinder/cilium/bpf -D__NR_CPUS__=8 -O2 -g -target bpf -std=gnu89 -nostdinc -emit-llvm -Wall -Wextra -Werror -Wshadow -Wno-address-of-packed-member -Wno-unknown-warning-option -Wno-gnu-variable-sized-type-not-at-end -Wdeclaration-after-statement -Wimplicit-int-conversion -Wenum-conversion -c bpf_lxc.c -o bpf_lxc.ll; llc -march=bpf -mcpu=v2 -o /dev/null bpf_lxc.ll;   :  " [-DENCAP_IFINDEX=1 -DTUNNEL_MODE=1 -DENABLE_NODEPORT=1 -DENABLE_DSR=1 -DENABLE_IPV4=1 -DENABLE_IPV6=1 -DPOLICY_VERDICT_NOTIFY=1 ]"; clang -DENCAP_IFINDEX=1 -DTUNNEL_MODE=1 -DENABLE_NODEPORT=1 -DENABLE_DSR=1 -DENABLE_IPV4=1 -DENABLE_IPV6=1 -DPOLICY_VERDICT_NOTIFY=1  -I/root/cyclinder/cilium/bpf/include -I/root/cyclinder/cilium/bpf -D__NR_CPUS__=8 -O2 -g -target bpf -std=gnu89 -nostdinc -emit-llvm -Wall -Wextra -Werror -Wshadow -Wno-address-of-packed-member -Wno-unknown-warning-option -Wno-gnu-variable-sized-type-not-at-end -Wdeclaration-after-statement -Wimplicit-int-conversion -Wenum-conversion -c bpf_lxc.c -o bpf_lxc.ll; llc -march=bpf -mcpu=v2 -o /dev/null bpf_lxc.ll;   :  " [-DENABLE_IPV4=1 -DENABLE_IPV6=1 -DENCAP_IFINDEX=1 -DTUNNEL_MODE=1 -DPOLICY_VERDICT_NOTIFY=1 -DUSE_BPF_PROG_FOR_INGRESS_POLICY=1 ]"; clang -DENABLE_IPV4=1 -DENABLE_IPV6=1 -DENCAP_IFINDEX=1 -DTUNNEL_MODE=1 -DPOLICY_VERDICT_NOTIFY=1 -DUSE_BPF_PROG_FOR_INGRESS_POLICY=1  -I/root/cyclinder/cilium/bpf/include -I/root/cyclinder/cilium/bpf -D__NR_CPUS__=8 -O2 -g -target bpf -std=gnu89 -nostdinc -emit-llvm -Wall -Wextra -Werror -Wshadow -Wno-address-of-packed-member -Wno-unknown-warning-option -Wno-gnu-variable-sized-type-not-at-end -Wdeclaration-after-statement -Wimplicit-int-conversion -Wenum-conversion -c bpf_lxc.c -o bpf_lxc.ll; llc -march=bpf -mcpu=v2 -o /dev/null bpf_lxc.ll;   :  " [-DENABLE_IPV4=1 -DENABLE_IPV6=1 -DENCAP_IFINDEX=1 -DTUNNEL_MODE=1 -DHAVE_LPM_TRIE_MAP_TYPE=1 -DHAVE_LRU_HASH_MAP_TYPE=1 -DENABLE_TPROXY=1 -DENABLE_HOST_ROUTING=1 ]"; clang -DENABLE_IPV4=1 -DENABLE_IPV6=1 -DENCAP_IFINDEX=1 -DTUNNEL_MODE=1 -DHAVE_LPM_TRIE_MAP_TYPE=1 -DHAVE_LRU_HASH_MAP_TYPE=1 -DENABLE_TPROXY=1 -DENABLE_HOST_ROUTING=1  -I/root/cyclinder/cilium/bpf/include -I/root/cyclinder/cilium/bpf -D__NR_CPUS__=8 -O2 -g -target bpf -std=gnu89 -nostdinc -emit-llvm -Wall -Wextra -Werror -Wshadow -Wno-address-of-packed-member -Wno-unknown-warning-option -Wno-gnu-variable-sized-type-not-at-end -Wdeclaration-after-statement -Wimplicit-int-conversion -Wenum-conversion -c bpf_lxc.c -o bpf_lxc.ll; llc -march=bpf -mcpu=v2 -o /dev/null bpf_lxc.ll;   :  " [-DENABLE_IPV4=1 -DENABLE_IPV6=1 -DENCAP_IFINDEX=1 -DTUNNEL_MODE=1 -DHAVE_LPM_TRIE_MAP_TYPE=1 -DHAVE_LRU_HASH_MAP_TYPE=1 -DENABLE_TPROXY=1 -DENABLE_HOST_ROUTING=1 -DENABLE_SKIP_FIB=1 ]"; clang -DENABLE_IPV4=1 -DENABLE_IPV6=1 -DENCAP_IFINDEX=1 -DTUNNEL_MODE=1 -DHAVE_LPM_TRIE_MAP_TYPE=1 -DHAVE_LRU_HASH_MAP_TYPE=1 -DENABLE_TPROXY=1 -DENABLE_HOST_ROUTING=1 -DENABLE_SKIP_FIB=1  -I/root/cyclinder/cilium/bpf/include -I/root/cyclinder/cilium/bpf -D__NR_CPUS__=8 -O2 -g -target bpf -std=gnu89 -nostdinc -emit-llvm -Wall -Wextra -Werror -Wshadow -Wno-address-of-packed-member -Wno-unknown-warning-option -Wno-gnu-variable-sized-type-not-at-end -Wdeclaration-after-statement -Wimplicit-int-conversion -Wenum-conversion -c bpf_lxc.c -o bpf_lxc.ll; llc -march=bpf -mcpu=v2 -o /dev/null bpf_lxc.ll;   :  " [-DENABLE_IPV4=1 -DENABLE_IPV6=1 -DENCAP_IFINDEX=1 -DTUNNEL_MODE=1 -DHAVE_LPM_TRIE_MAP_TYPE=1 -DHAVE_LRU_HASH_MAP_TYPE=1 -DENABLE_TPROXY=1 -DENABLE_HOST_ROUTING=1 -DENABLE_SKIP_FIB=1 -DENABLE_WIREGUARD=1 ]"; clang -DENABLE_IPV4=1 -DENABLE_IPV6=1 -DENCAP_IFINDEX=1 -DTUNNEL_MODE=1 -DHAVE_LPM_TRIE_MAP_TYPE=1 -DHAVE_LRU_HASH_MAP_TYPE=1 -DENABLE_TPROXY=1 -DENABLE_HOST_ROUTING=1 -DENABLE_SKIP_FIB=1 -DENABLE_WIREGUARD=1  -I/root/cyclinder/cilium/bpf/include -I/root/cyclinder/cilium/bpf -D__NR_CPUS__=8 -O2 -g -target bpf -std=gnu89 -nostdinc -emit-llvm -Wall -Wextra -Werror -Wshadow -Wno-address-of-packed-member -Wno-unknown-warning-option -Wno-gnu-variable-sized-type-not-at-end -Wdeclaration-after-statement -Wimplicit-int-conversion -Wenum-conversion -c bpf_lxc.c -o bpf_lxc.ll; llc -march=bpf -mcpu=v2 -o /dev/null bpf_lxc.ll;   :  " [-DENABLE_IPV4=1 -DENABLE_IPV6=1 -DENCAP_IFINDEX=1 -DTUNNEL_MODE=1 -DHAVE_LPM_TRIE_MAP_TYPE=1 -DHAVE_LRU_HASH_MAP_TYPE=1 -DENABLE_TPROXY=1 -DENABLE_HOST_ROUTING=1 -DENABLE_SKIP_FIB=1 -DENABLE_WIREGUARD=1 -DENABLE_ICMP_RULE=1 -DENABLE_SCTP=1 ]"; clang -DENABLE_IPV4=1 -DENABLE_IPV6=1 -DENCAP_IFINDEX=1 -DTUNNEL_MODE=1 -DHAVE_LPM_TRIE_MAP_TYPE=1 -DHAVE_LRU_HASH_MAP_TYPE=1 -DENABLE_TPROXY=1 -DENABLE_HOST_ROUTING=1 -DENABLE_SKIP_FIB=1 -DENABLE_WIREGUARD=1 -DENABLE_ICMP_RULE=1 -DENABLE_SCTP=1  -I/root/cyclinder/cilium/bpf/include -I/root/cyclinder/cilium/bpf -D__NR_CPUS__=8 -O2 -g -target bpf -std=gnu89 -nostdinc -emit-llvm -Wall -Wextra -Werror -Wshadow -Wno-address-of-packed-member -Wno-unknown-warning-option -Wno-gnu-variable-sized-type-not-at-end -Wdeclaration-after-statement -Wimplicit-int-conversion -Wenum-conversion -c bpf_lxc.c -o bpf_lxc.ll; llc -march=bpf -mcpu=v2 -o /dev/null bpf_lxc.ll;  \
fi
clang -DSKIP_DEBUG=1 -DENABLE_IPV4=1 -DENABLE_IPV6=1 -DENABLE_ROUTING=1 -DPOLICY_VERDICT_NOTIFY=1 -DALLOW_ICMP_FRAG_NEEDED=1 -DENABLE_IDENTITY_MARK=1 -DMONITOR_AGGREGATION=3 -DCT_REPORT_FLAGS=0x0002 -DENABLE_HOST_FIREWALL=1 -DENABLE_ICMP_RULE=1 -DENABLE_CUSTOM_CALLS=1 -DENABLE_SRV6=1 -DENABLE_L7_LB=1 -DHAVE_LPM_TRIE_MAP_TYPE=1 -DHAVE_LRU_HASH_MAP_TYPE=1 -DENABLE_MASQUERADE=1 -DENABLE_SRC_RANGE_CHECK=1 -DENABLE_NODEPORT=1 -DENABLE_NODEPORT_ACCELERATION=1 -DENABLE_SESSION_AFFINITY=1 -DENABLE_DSR_ICMP_ERRORS=1 -DENABLE_DSR=1 -DENABLE_DSR_HYBRID=1 -DENABLE_IPV4_FRAGMENTS=1 -DENABLE_EGRESS_GATEWAY=1 -DENCAP_IFINDEX=1 -DTUNNEL_MODE=1 -I/root/cyclinder/cilium/bpf/include -I/root/cyclinder/cilium/bpf -D__NR_CPUS__=8 -O2 -g -target bpf -std=gnu89 -nostdinc -emit-llvm -Wall -Wextra -Werror -Wshadow -Wno-address-of-packed-member -Wno-unknown-warning-option -Wno-gnu-variable-sized-type-not-at-end -Wdeclaration-after-statement -Wimplicit-int-conversion -Wenum-conversion -c bpf_lxc.c -o bpf_lxc.ll
error: unknown target triple 'bpf', please use -triple or -arch
make[2]: *** [bpf_lxc.ll] 错误 1
make[2]: 离开目录“/root/cyclinder/cilium/bpf”
make[1]: *** [bpf] 错误 2
make[1]: 离开目录“/root/cyclinder/cilium”
make: *** [cilium-build] 错误 2
make: 离开目录“/root/cyclinder/cilium/Documentation”
[root@localhost cilium]# bpf^C
[root@localhost cilium]# ^C
[root@localhost cilium]# uname -a
Linux localhost.localdomain 5.4.228-1.el7.elrepo.x86_64 #1 SMP Thu Dec 15 18:03:40 EST 2022 x86_64 x86_64 x86_64 GNU/Linux

I don't want to spend any more time on this 😅, is there a way to replace this command?

@jibi
Copy link
Member
jibi commented Jan 31, 2023

@cyclinder I sorted a bunch of nits and run the command to update docs, can you cherry pick this commit and the squash it with your initial commit? d45ec97

@cyclinder cyclinder force-pushed the egress_flag branch 2 times, most recently from 0136521 to dcca9cd Compare February 1, 2023 04:21
@cyclinder
Copy link
Contributor Author

@cyclinder I sorted a bunch of nits and run the command to update docs, can you cherry pick this commit and the squash it with your initial commit? d45ec97

Many thanks! @jibi

I have already cp d45ec97 to my initial commit. Waiting for the results of the ci test.

jibi
jibi reviewed Feb 1, 2023
View reviewed changes
daemon/cmd/daemon_main.go Outdated Show resolved Hide resolved
jibi
jibi reviewed Feb 1, 2023
View reviewed changes
daemon/cmd/daemon_main.go Outdated Show resolved Hide resolved
@jibi
Copy link
Member
jibi commented Feb 1, 2023

(and please squash the merge commit 🙏)

@cyclinder
feature: Flag to change size of egress gateway policy map
02c4f67 
Signed-off-by: qifeng guo <qifeng.guo@daocloud.io>
Signed-off-by: cyclinder <qifeng.guo@daocloud.io>
qmonnet
qmonnet approved these changes Feb 1, 2023
View reviewed changes
Copy link
Member
@qmonnet qmonnet left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't want to spend any more time on this sweat_smile, is there a way to replace this command?

Sorry to hear it's still not working, and apologies for the bad experience. Thanks a lot for trying anyway (and thank you Gilberto for helping!).

Looks good to me now!

Travis failure is related to #23314.

@qmonnet
Copy link
Member
qmonnet commented Feb 1, 2023

/test

@qmonnet qmonnet requested a review from jibi February 1, 2023 13:44
jibi
jibi approved these changes Feb 1, 2023
View reviewed changes
Copy link
Member
@jibi jibi left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good now, thanks! 🚀

aanm
aanm approved these changes Feb 3, 2023
View reviewed changes
Copy link
Member
@aanm aanm left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The test failures / flakes are not related with these changes.

@aanm aanm merged commit 01f7d9a into cilium:master Feb 3, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@pippolo84 pippolo84 pippolo84 left review comments

@jibi jibi jibi approved these changes

@aanm aanm aanm approved these changes

@qmonnet qmonnet qmonnet approved these changes

@ldelossa ldelossa Awaiting requested review from ldelossa ldelossa was automatically assigned from cilium/cli

@sayboras sayboras Awaiting requested review from sayboras sayboras was automatically assigned from cilium/sig-k8s

Assignees
No one assigned
Labels
feature/egress-gateway Impacts the egress IP gateway feature. kind/community-contribution This was a contribution made by a community member. release-note/minor This PR changes functionality that users may find relevant to operating Cilium.
Projects
None yet
Milestone
No milestone
7 participants
@cyclinder @ldelossa @qmonnet @aspsk @jibi @pippolo84 @aanm