From ae06bf24c6ad9eed115cd7742bf64f67a28d3160 Mon Sep 17 00:00:00 2001
From: Walter Neto <walter@tigera.io>
Date: Thu, 19 Dec 2024 10:41:27 +0000
Subject: [PATCH 1/2] Removes the waf-log-file param that is being deprecated

---
 pkg/render/applicationlayer/applicationlayer.go      | 1 -
 pkg/render/applicationlayer/applicationlayer_test.go | 1 -
 2 files changed, 2 deletions(-)

diff --git a/pkg/render/applicationlayer/applicationlayer.go b/pkg/render/applicationlayer/applicationlayer.go
index 8dfbfe890e..7ac0b410bd 100644
--- a/pkg/render/applicationlayer/applicationlayer.go
+++ b/pkg/render/applicationlayer/applicationlayer.go
@@ -312,7 +312,6 @@ func (c *component) containers() []corev1.Container {
 		if c.config.PerHostWAFEnabled || c.config.SidecarInjectionEnabled {
 			commandArgs = append(
 				commandArgs,
-				"--waf-log-file", filepath.Join(CalicologsVolumePath, "waf", "waf.log"),
 				"--waf-ruleset-file", filepath.Join(ModSecurityRulesetVolumePath, "tigera.conf"),
 			)
 			if c.config.PerHostWAFEnabled {
diff --git a/pkg/render/applicationlayer/applicationlayer_test.go b/pkg/render/applicationlayer/applicationlayer_test.go
index bc7a93a1ad..a3aadceb96 100644
--- a/pkg/render/applicationlayer/applicationlayer_test.go
+++ b/pkg/render/applicationlayer/applicationlayer_test.go
@@ -657,7 +657,6 @@ var _ = Describe("Tigera Secure Application Layer rendering tests", func() {
 		dikastesArgs := dikastesContainer.Command
 		expectedDikastesArgs := []string{
 			"--per-host-waf-enabled",
-			"--waf-log-file", filepath.Join(applicationlayer.CalicologsVolumePath, "waf", "waf.log"),
 			"--waf-ruleset-file", filepath.Join(applicationlayer.ModSecurityRulesetVolumePath, "tigera.conf"),
 		}
 		for _, element := range expectedDikastesArgs {

From 282c61a95a99402256ca60dd82783240d9ccf69a Mon Sep 17 00:00:00 2001
From: Walter Neto <walter@tigera.io>
Date: Thu, 19 Dec 2024 11:02:21 +0000
Subject: [PATCH 2/2] gen-versions

---
 .../enterprise/crd.projectcalico.org_felixconfigurations.yaml  | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/pkg/crds/enterprise/crd.projectcalico.org_felixconfigurations.yaml b/pkg/crds/enterprise/crd.projectcalico.org_felixconfigurations.yaml
index 628dee2be5..343a39e4c7 100644
--- a/pkg/crds/enterprise/crd.projectcalico.org_felixconfigurations.yaml
+++ b/pkg/crds/enterprise/crd.projectcalico.org_felixconfigurations.yaml
@@ -148,7 +148,8 @@ spec:
                   that Calico workload traffic flows over as well as any interfaces
                   that handle incoming traffic to nodeports and services from outside
                   the cluster.  It should not match the workload interfaces (usually
-                  named cali...).
+                  named cali...) or any other special device managed by Calico itself
+                  (e.g., tunnels).
                 type: string
               bpfDisableGROForIfaces:
                 description: BPFDisableGROForIfaces is a regular expression that controls