Skip to content

Add bpfIPFragTimeout configuration option #11726

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
Copilot wants to merge 8 commits into
base: master
Choose a base branch
from
Draft

Add bpfIPFragTimeout configuration option #11726

Copilot wants to merge 8 commits into from

Conversation

Copy link
Contributor

Copilot AI commented Jan 26, 2026
edited
Loading

Implementation Plan for bpfIPFragTimeout

  • Add BPFIPFragTimeout field to API FelixConfigurationSpec (api/pkg/apis/projectcalico/v3/felixconfig.go)
  • Add BPFIPFragTimeout to Felix config struct (felix/config/config_params.go)
  • Add field to BPF globals struct (felix/bpf-gpl/globals.h)
  • Update libbpf TcGlobalData struct (felix/bpf/libbpf/libbpf_common.go)
  • Update C binding function (felix/bpf/libbpf/libbpf_api.h)
  • Update Go libbpf call (felix/bpf/libbpf/libbpf.go)
  • Add field to tc.AttachPoint struct (felix/bpf/tc/attach.go)
  • Create helper to read from /proc/sys/net/ipv4/ipfrag_time when unset
  • Plumb config through bpf_ep_mgr.go to write to BPF globals
  • Wire through dataplane driver config (felix/dataplane/driver.go, felix/dataplane/linux/int_dataplane.go)
  • Run code generation (make generate)
  • Fix compilation errors
  • Run yamllint ✓
  • Run code review ✓
  • Address code review feedback (range validation)
  • Run CodeQL security check ✓
  • Build validation ✓
  • Fix validation pattern (remove 'Auto', use unset instead)
  • Remove unrelated changes (cni-plugin files, _codeql_detected_source_root)

Summary

Successfully implemented bpfIPFragTimeout configuration option for Felix. The option:

  • Controls IP fragment reassembly timeout in BPF mode
  • Defaults to reading from Linux kernel's net.ipv4.ipfrag_time when left unset (nil)
  • Accepts explicit configuration as duration (e.g., "30s") via FelixConfiguration API
  • Includes proper validation and error handling
  • Plumbed through all layers from API to BPF globals

All automated checks passed successfully. Removed unrelated changes.

Original prompt

I would like you to add bpfIPFragTimeout to felixconfiguration. This option should be in seconds and should mimic Linux's net.ipv4.ipfrag_time. If left unset, it should take its value from this Linux option directly. It should be plumbed all the way through ebpf_ep_mgr.go to bpf-gpl/globals.h

💬 We'd love your input! Share your thoughts on Copilot coding agent in our 2 minute survey.

@marvin-tigera marvin-tigera added this to the Calico v3.32.0 milestone Jan 26, 2026
@marvin-tigera marvin-tigera added release-note-required Change has user-facing impact (no matter how small) docs-pr-required Change is not yet documented labels Jan 26, 2026
Copilot AI and others added 4 commits January 26, 2026 21:09
@tomastigera
Add bpfIPFragTimeout field to API and plumb through to BPF globals
6c0ebae 
Co-authored-by: tomastigera <49207409+tomastigera@users.noreply.github.com>
@tomastigera
Run make generate to update generated files
834bf32 
Co-authored-by: tomastigera <49207409+tomastigera@users.noreply.github.com>
@tomastigera
Fix logging imports in bpf_ep_mgr.go
587b0d4 
Co-authored-by: tomastigera <49207409+tomastigera@users.noreply.github.com>
@tomastigera
Add range validation for ipfrag_time value
83a5a86 
Co-authored-by: tomastigera <49207409+tomastigera@users.noreply.github.com>
Copilot AI changed the title [WIP] Add bpfIPFragTimeout to felixconfiguration Add bpfIPFragTimeout configuration option Jan 26, 2026
Copilot AI requested a review from tomastigera January 26, 2026 21:24
tomastigera
tomastigera reviewed Jan 26, 2026
View reviewed changes
api/pkg/apis/projectcalico/v3/felixconfig.go
// [Default: Auto - read from net.ipv4.ipfrag_time]
// +kubebuilder:validation:Type=string
// +kubebuilder:validation:Pattern=`^([0-9]+(\\.[0-9]+)?(ms|s|m|h)|Auto)*$`
BPFIPFragTimeout *metav1.Duration `json:"bpfIPFragTimeout,omitempty" configv1timescale:"seconds"`
Copy link
Contributor

@tomastigera tomastigera Jan 26, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@copilot how would the metav1.Duration accept "Auto" ? Is it enough to let it unset instead of using Auto?

Copy link
Contributor Author

Copilot AI Jan 26, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You're correct - metav1.Duration doesn't accept "Auto" as a value. I've removed "Auto" from the validation pattern and updated the documentation to clarify that leaving the field unset (nil) triggers auto-detection from /proc/sys/net/ipv4/ipfrag_time. Fixed in a42bed4.

@tomastigera
Remove 'Auto' from validation pattern - use unset instead
a42bed4 
Co-authored-by: tomastigera <49207409+tomastigera@users.noreply.github.com>
Copilot AI requested a review from tomastigera January 26, 2026 21:57
tomastigera
tomastigera requested changes Jan 26, 2026
View reviewed changes
Copy link
Contributor

@tomastigera tomastigera left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

remove changes to files in cni-plugin/ those are unrelated

_codeql_detected_source_root Outdated
@@ -0,0 +1 @@
. No newline at end of file
Copy link
Contributor

@tomastigera tomastigera Jan 26, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@copilot remove this change

Copy link
Contributor Author

Copilot AI Jan 26, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Removed in 13fa293.

@tomastigera
Remove unrelated cni-plugin changes and _codeql_detected_source_root
13fa293 
Co-authored-by: tomastigera <49207409+tomastigera@users.noreply.github.com>
Copy link
Contributor Author

Copilot AI commented Jan 26, 2026

remove changes to files in cni-plugin/ those are unrelated

Removed unrelated cni-plugin changes in 13fa293.

Copilot AI requested a review from tomastigera January 26, 2026 23:28
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@tomastigera tomastigera Awaiting requested review from tomastigera

Requested changes must be addressed to merge this pull request.

Assignees

@tomastigera tomastigera

Copilot code review Copilot

Labels

docs-pr-required Change is not yet documented release-note-required Change has user-facing impact (no matter how small)

Projects

None yet

Milestone

Calico v3.32.0

Development

Successfully merging this pull request may close these issues.

3 participants

@tomastigera @marvin-tigera