diff --git a/calico-enterprise/_includes/components/FelixConfig/config-params.json b/calico-enterprise/_includes/components/FelixConfig/config-params.json index ae69c4aacd..d443828c47 100644 --- a/calico-enterprise/_includes/components/FelixConfig/config-params.json +++ b/calico-enterprise/_includes/components/FelixConfig/config-params.json @@ -753,6 +753,60 @@ { "Name": "Process: Logging", "Fields": [ + { + "Group": "Process: Logging", + "GroupWithSortPrefix": "00 Process: Logging", + "NameConfigFile": "LogActionRateLimit", + "NameEnvVar": "FELIX_LogActionRateLimit", + "NameYAML": "logActionRateLimit", + "NameGoAPI": "LogActionRateLimit", + "StringSchema": "String matching regex `^([1-9]\\d{0,3}/(?:second|minute|hour|day))?$`", + "StringSchemaHTML": "String matching regex ^([1-9]\\d{0,3}/(?:second|minute|hour|day))?$", + "StringDefault": "", + "ParsedDefault": "", + "ParsedDefaultJSON": "\"\"", + "ParsedType": "string", + "YAMLType": "string", + "YAMLSchema": "String matching the regular expression `^[1-9]\\d{0,3}/(?:second|minute|hour|day)$`.", + "YAMLEnumValues": null, + "YAMLSchemaHTML": "String matching the regular expression ^[1-9]\\d{0,3}/(?:second|minute|hour|day)$.", + "YAMLDefault": "", + "Required": false, + "OnParseFailure": "ReplaceWithDefault", + "AllowedConfigSources": "All", + "Description": "Sets the rate of hitting a Log action. The value must be in the format \"N/unit\",\nwhere N is a number and unit is one of: second, minute, hour, or day. For example: \"10/second\" or \"100/hour\".", + "DescriptionHTML": "

Sets the rate of hitting a Log action. The value must be in the format \"N/unit\",\nwhere N is a number and unit is one of: second, minute, hour, or day. For example: \"10/second\" or \"100/hour\".

", + "UserEditable": true, + "GoType": "*string", + "OpenSourceOnly": false + }, + { + "Group": "Process: Logging", + "GroupWithSortPrefix": "00 Process: Logging", + "NameConfigFile": "LogActionRateLimitBurst", + "NameEnvVar": "FELIX_LogActionRateLimitBurst", + "NameYAML": "logActionRateLimitBurst", + "NameGoAPI": "LogActionRateLimitBurst", + "StringSchema": "Integer: [0,2^63-1], [9999,2^63-1]", + "StringSchemaHTML": "Integer: [0,263-1], [9999,263-1]", + "StringDefault": "5", + "ParsedDefault": "5", + "ParsedDefaultJSON": "5", + "ParsedType": "int", + "YAMLType": "integer", + "YAMLSchema": "Integer: [0,2^63-1], [9999,2^63-1]", + "YAMLEnumValues": null, + "YAMLSchemaHTML": "Integer: [0,263-1], [9999,263-1]", + "YAMLDefault": "5", + "Required": false, + "OnParseFailure": "ReplaceWithDefault", + "AllowedConfigSources": "All", + "Description": "Sets the rate limit burst of hitting a Log action when LogActionRateLimit is enabled.", + "DescriptionHTML": "

Sets the rate limit burst of hitting a Log action when LogActionRateLimit is enabled.

", + "UserEditable": true, + "GoType": "*int", + "OpenSourceOnly": false + }, { "Group": "Process: Logging", "GroupWithSortPrefix": "00 Process: Logging", @@ -848,15 +902,15 @@ "ParsedDefaultJSON": "\"calico-packet\"", "ParsedType": "string", "YAMLType": "string", - "YAMLSchema": "String.", + "YAMLSchema": "String matching the regular expression `^([a-zA-Z0-9%: /_-])*$`.", "YAMLEnumValues": null, - "YAMLSchemaHTML": "String.", + "YAMLSchemaHTML": "String matching the regular expression ^([a-zA-Z0-9%: /_-])*$.", "YAMLDefault": "calico-packet", "Required": false, "OnParseFailure": "ReplaceWithDefault", "AllowedConfigSources": "All", - "Description": "The log prefix that Felix uses when rendering LOG rules.", - "DescriptionHTML": "

The log prefix that Felix uses when rendering LOG rules.

", + "Description": "The log prefix that Felix uses when rendering LOG rules. It is possible to use the following specifiers\nto include extra information in the log prefix.\n- %t: Tier name.\n- %k: Kind (short names).\n- %n: Policy or profile name.\n- %p: Policy or profile name (namespace/name for namespaced kinds or just name for non namespaced kinds).\nCalico includes \": \" characters at the end of the generated log prefix.\nNote that iptables shows up to 29 characters for the log prefix and nftables up to 127 characters. Extra characters are truncated.", + "DescriptionHTML": "

The log prefix that Felix uses when rendering LOG rules. It is possible to use the following specifiers\nto include extra information in the log prefix.\n- %t: Tier name.\n- %k: Kind (short names).\n- %n: Policy or profile name.\n- %p: Policy or profile name (namespace/name for namespaced kinds or just name for non namespaced kinds).\nCalico includes \": \" characters at the end of the generated log prefix.\nNote that iptables shows up to 29 characters for the log prefix and nftables up to 127 characters. Extra characters are truncated.

", "UserEditable": true, "GoType": "string", "OpenSourceOnly": false @@ -1855,6 +1909,63 @@ "GoType": "*bool", "OpenSourceOnly": false }, + { + "Group": "Dataplane: Common", + "GroupWithSortPrefix": "10 Dataplane: Common", + "NameConfigFile": "IstioAmbientMode", + "NameEnvVar": "FELIX_IstioAmbientMode", + "NameYAML": "istioAmbientMode", + "NameGoAPI": "IstioAmbientMode", + "StringSchema": "One of: `Disabled`, `Enabled` (case insensitive)", + "StringSchemaHTML": "One of: Disabled, Enabled (case insensitive)", + "StringDefault": "Disabled", + "ParsedDefault": "Disabled", + "ParsedDefaultJSON": "\"Disabled\"", + "ParsedType": "string", + "YAMLType": "string", + "YAMLSchema": "One of: `\"Disabled\"`, `\"Enabled\"`.", + "YAMLEnumValues": [ + "Disabled", + "Enabled" + ], + "YAMLSchemaHTML": "One of: \"Disabled\", \"Enabled\".", + "YAMLDefault": "Disabled", + "Required": false, + "OnParseFailure": "ReplaceWithDefault", + "AllowedConfigSources": "All", + "Description": "Configures Felix to work together with Tigera's Istio distribution.", + "DescriptionHTML": "

Configures Felix to work together with Tigera's Istio distribution.

", + "UserEditable": true, + "GoType": "*v3.IstioAmbientMode", + "OpenSourceOnly": false + }, + { + "Group": "Dataplane: Common", + "GroupWithSortPrefix": "10 Dataplane: Common", + "NameConfigFile": "IstioDSCPMark", + "NameEnvVar": "FELIX_IstioDSCPMark", + "NameYAML": "istioDSCPMark", + "NameGoAPI": "IstioDSCPMark", + "StringSchema": "Numeric value: An integer from 0 to 63, representing the 6-bit DSCP code directly; Named value: A case-insensitive string corresponding to a standardized DSCP name (e.g., \"CS0\", \"AF11\", \"AF21\", \"EF\", etc.) as defined in the IANA registry for Differentiated Services Field Codepoints.", + "StringSchemaHTML": "Numeric value: An integer from 0 to 63, representing the 6-bit DSCP code directly; Named value: A case-insensitive string corresponding to a standardized DSCP name (e.g., \"CS0\", \"AF11\", \"AF21\", \"EF\", etc.) as defined in the IANA registry for Differentiated Services Field Codepoints.", + "StringDefault": "23", + "ParsedDefault": "23", + "ParsedDefaultJSON": "23", + "ParsedType": "numorstring.DSCP", + "YAMLType": "integer", + "YAMLSchema": "String.", + "YAMLEnumValues": null, + "YAMLSchemaHTML": "String.", + "YAMLDefault": "", + "Required": false, + "OnParseFailure": "ReplaceWithDefault", + "AllowedConfigSources": "All", + "Description": "Sets the value to use when directing traffic to Istio ZTunnel, when Istio is enabled. The mark is set only on\nSYN packets at the final hop to avoid interference with other protocols. This value is reserved by Calico and must not be used\nwith other Istio installation.", + "DescriptionHTML": "

Sets the value to use when directing traffic to Istio ZTunnel, when Istio is enabled. The mark is set only on\nSYN packets at the final hop to avoid interference with other protocols. This value is reserved by Calico and must not be used\nwith other Istio installation.

", + "UserEditable": true, + "GoType": "*numorstring.DSCP", + "OpenSourceOnly": false + }, { "Group": "Dataplane: Common", "GroupWithSortPrefix": "10 Dataplane: Common", @@ -1980,9 +2091,9 @@ "ParsedDefaultJSON": "0", "ParsedType": "numorstring.Port", "YAMLType": "integer or string", - "YAMLSchema": "String.", + "YAMLSchema": "Port range: either an integer in [0,65535] or a string, representing a range, in format `n:m`", "YAMLEnumValues": null, - "YAMLSchemaHTML": "String.", + "YAMLSchemaHTML": "Port range: either an integer in [0,65535] or a string, representing a range, in format n:m", "YAMLDefault": "0", "Required": false, "OnParseFailure": "ReplaceWithDefault", @@ -2031,11 +2142,11 @@ "NameEnvVar": "FELIX_NFTablesMode", "NameYAML": "nftablesMode", "NameGoAPI": "NFTablesMode", - "StringSchema": "One of: `Disabled`, `Enabled` (case insensitive)", - "StringSchemaHTML": "One of: Disabled, Enabled (case insensitive)", - "StringDefault": "Disabled", - "ParsedDefault": "Disabled", - "ParsedDefaultJSON": "\"Disabled\"", + "StringSchema": "One of: `Auto`, `Disabled`, `Enabled` (case insensitive)", + "StringSchemaHTML": "One of: Auto, Disabled, Enabled (case insensitive)", + "StringDefault": "Auto", + "ParsedDefault": "Auto", + "ParsedDefaultJSON": "\"Auto\"", "ParsedType": "string", "YAMLType": "string", "YAMLSchema": "One of: `\"Auto\"`, `\"Disabled\"`, `\"Enabled\"`.", @@ -2045,7 +2156,7 @@ "Enabled" ], "YAMLSchemaHTML": "One of: \"Auto\", \"Disabled\", \"Enabled\".", - "YAMLDefault": "Disabled", + "YAMLDefault": "Auto", "Required": false, "OnParseFailure": "ReplaceWithDefault", "AllowedConfigSources": "All", @@ -2109,6 +2220,141 @@ "GoType": "string", "OpenSourceOnly": false }, + { + "Group": "Dataplane: Common", + "GroupWithSortPrefix": "10 Dataplane: Common", + "NameConfigFile": "PolicyActivityLogsFileDirectory", + "NameEnvVar": "FELIX_PolicyActivityLogsFileDirectory", + "NameYAML": "policyActivityLogsFileDirectory", + "NameGoAPI": "PolicyActivityLogsFileDirectory", + "StringSchema": "String", + "StringSchemaHTML": "String", + "StringDefault": "/var/log/calico/policy", + "ParsedDefault": "/var/log/calico/policy", + "ParsedDefaultJSON": "\"/var/log/calico/policy\"", + "ParsedType": "string", + "YAMLType": "string", + "YAMLSchema": "String.", + "YAMLEnumValues": null, + "YAMLSchemaHTML": "String.", + "YAMLDefault": "/var/log/calico/policy", + "Required": false, + "OnParseFailure": "ReplaceWithDefault", + "AllowedConfigSources": "All", + "Description": "Sets the directory where policy activity log files are stored.", + "DescriptionHTML": "

Sets the directory where policy activity log files are stored.

", + "UserEditable": true, + "GoType": "*string", + "OpenSourceOnly": false + }, + { + "Group": "Dataplane: Common", + "GroupWithSortPrefix": "10 Dataplane: Common", + "NameConfigFile": "PolicyActivityLogsFileEnabled", + "NameEnvVar": "FELIX_PolicyActivityLogsFileEnabled", + "NameYAML": "policyActivityLogsFileEnabled", + "NameGoAPI": "PolicyActivityLogsFileEnabled", + "StringSchema": "Boolean: `true`, `1`, `yes`, `y`, `t` accepted as True; `false`, `0`, `no`, `n`, `f` accepted (case insensitively) as False.", + "StringSchemaHTML": "Boolean: true, 1, yes, y, t accepted as True; false, 0, no, n, f accepted (case insensitively) as False.", + "StringDefault": "true", + "ParsedDefault": "true", + "ParsedDefaultJSON": "true", + "ParsedType": "bool", + "YAMLType": "boolean", + "YAMLSchema": "Boolean.", + "YAMLEnumValues": null, + "YAMLSchemaHTML": "Boolean.", + "YAMLDefault": "true", + "Required": false, + "OnParseFailure": "ReplaceWithDefault", + "AllowedConfigSources": "All", + "Description": "Controls logging policy activity logs to a file. If false no policy activity logging to file will occur.", + "DescriptionHTML": "

Controls logging policy activity logs to a file. If false no policy activity logging to file will occur.

", + "UserEditable": true, + "GoType": "*bool", + "OpenSourceOnly": false + }, + { + "Group": "Dataplane: Common", + "GroupWithSortPrefix": "10 Dataplane: Common", + "NameConfigFile": "PolicyActivityLogsFileMaxFileSizeMB", + "NameEnvVar": "FELIX_PolicyActivityLogsFileMaxFileSizeMB", + "NameYAML": "policyActivityLogsFileMaxFileSizeMB", + "NameGoAPI": "PolicyActivityLogsFileMaxFileSizeMB", + "StringSchema": "Integer", + "StringSchemaHTML": "Integer", + "StringDefault": "100", + "ParsedDefault": "100", + "ParsedDefaultJSON": "100", + "ParsedType": "int", + "YAMLType": "integer", + "YAMLSchema": "Integer", + "YAMLEnumValues": null, + "YAMLSchemaHTML": "Integer", + "YAMLDefault": "100", + "Required": false, + "OnParseFailure": "ReplaceWithDefault", + "AllowedConfigSources": "All", + "Description": "Sets the max size in MB of policy activity log files before rotation.", + "DescriptionHTML": "

Sets the max size in MB of policy activity log files before rotation.

", + "UserEditable": true, + "GoType": "*int", + "OpenSourceOnly": false + }, + { + "Group": "Dataplane: Common", + "GroupWithSortPrefix": "10 Dataplane: Common", + "NameConfigFile": "PolicyActivityLogsFileMaxFiles", + "NameEnvVar": "FELIX_PolicyActivityLogsFileMaxFiles", + "NameYAML": "policyActivityLogsFileMaxFiles", + "NameGoAPI": "PolicyActivityLogsFileMaxFiles", + "StringSchema": "Integer", + "StringSchemaHTML": "Integer", + "StringDefault": "5", + "ParsedDefault": "5", + "ParsedDefaultJSON": "5", + "ParsedType": "int", + "YAMLType": "integer", + "YAMLSchema": "Integer", + "YAMLEnumValues": null, + "YAMLSchemaHTML": "Integer", + "YAMLDefault": "5", + "Required": false, + "OnParseFailure": "ReplaceWithDefault", + "AllowedConfigSources": "All", + "Description": "Sets the number of policy activity log files to keep.", + "DescriptionHTML": "

Sets the number of policy activity log files to keep.

", + "UserEditable": true, + "GoType": "*int", + "OpenSourceOnly": false + }, + { + "Group": "Dataplane: Common", + "GroupWithSortPrefix": "10 Dataplane: Common", + "NameConfigFile": "PolicyActivityLogsFlushInterval", + "NameEnvVar": "FELIX_PolicyActivityLogsFlushInterval", + "NameYAML": "policyActivityLogsFlushInterval", + "NameGoAPI": "PolicyActivityLogsFlushInterval", + "StringSchema": "Seconds (floating point)", + "StringSchemaHTML": "Seconds (floating point)", + "StringDefault": "15", + "ParsedDefault": "15s", + "ParsedDefaultJSON": "15000000000", + "ParsedType": "time.Duration", + "YAMLType": "string", + "YAMLSchema": "Duration string, for example `1m30s123ms` or `1h5m`.", + "YAMLEnumValues": null, + "YAMLSchemaHTML": "Duration string, for example 1m30s123ms or 1h5m.", + "YAMLDefault": "15s", + "Required": false, + "OnParseFailure": "ReplaceWithDefault", + "AllowedConfigSources": "All", + "Description": "Configures the interval at which Felix exports policy activity logs.", + "DescriptionHTML": "

Configures the interval at which Felix exports policy activity logs.

", + "UserEditable": true, + "GoType": "*v1.Duration", + "OpenSourceOnly": false + }, { "Group": "Dataplane: Common", "GroupWithSortPrefix": "10 Dataplane: Common", @@ -2654,13 +2900,16 @@ "ParsedDefaultJSON": "\"auto\"", "ParsedType": "string", "YAMLType": "string", - "YAMLSchema": "One of: `Auto`, `Legacy`, `NFT`.", + "YAMLSchema": "One of: `\"Auto\"`, `\"Legacy\"`, `\"NFT\"`.", "YAMLEnumValues": [ "Auto", + "Auto", + "Legacy", "Legacy", + "NFT", "NFT" ], - "YAMLSchemaHTML": "One of: Auto, Legacy, NFT.", + "YAMLSchemaHTML": "One of: \"Auto\", \"Legacy\", \"NFT\".", "YAMLDefault": "Auto", "Required": false, "OnParseFailure": "ReplaceWithDefault", @@ -2731,33 +2980,6 @@ "GoType": "string", "OpenSourceOnly": false }, - { - "Group": "Dataplane: iptables", - "GroupWithSortPrefix": "20 Dataplane: iptables", - "NameConfigFile": "IptablesLockFilePath", - "NameEnvVar": "FELIX_IptablesLockFilePath", - "NameYAML": "iptablesLockFilePath", - "NameGoAPI": "IptablesLockFilePath", - "StringSchema": "Path to file", - "StringSchemaHTML": "Path to file", - "StringDefault": "/run/xtables.lock", - "ParsedDefault": "/run/xtables.lock", - "ParsedDefaultJSON": "\"/run/xtables.lock\"", - "ParsedType": "string", - "YAMLType": "string", - "YAMLSchema": "String.", - "YAMLEnumValues": null, - "YAMLSchemaHTML": "String.", - "YAMLDefault": "/run/xtables.lock", - "Required": false, - "OnParseFailure": "ReplaceWithDefault", - "AllowedConfigSources": "All", - "Description": "The location of the iptables lock file. You may need to change this\nif the lock file is not in its standard location (for example if you have mapped it into Felix's\ncontainer at a different path).", - "DescriptionHTML": "

The location of the iptables lock file. You may need to change this\nif the lock file is not in its standard location (for example if you have mapped it into Felix's\ncontainer at a different path).

", - "UserEditable": true, - "GoType": "string", - "OpenSourceOnly": false - }, { "Group": "Dataplane: iptables", "GroupWithSortPrefix": "20 Dataplane: iptables", @@ -2779,35 +3001,8 @@ "Required": false, "OnParseFailure": "ReplaceWithDefault", "AllowedConfigSources": "All", - "Description": "When IptablesLockTimeout is enabled: the time that Felix will wait between\nattempts to acquire the iptables lock if it is not available. Lower values make Felix more\nresponsive when the lock is contended, but use more CPU.", - "DescriptionHTML": "

When IptablesLockTimeout is enabled: the time that Felix will wait between\nattempts to acquire the iptables lock if it is not available. Lower values make Felix more\nresponsive when the lock is contended, but use more CPU.

", - "UserEditable": true, - "GoType": "*v1.Duration", - "OpenSourceOnly": false - }, - { - "Group": "Dataplane: iptables", - "GroupWithSortPrefix": "20 Dataplane: iptables", - "NameConfigFile": "IptablesLockTimeoutSecs", - "NameEnvVar": "FELIX_IptablesLockTimeoutSecs", - "NameYAML": "iptablesLockTimeout", - "NameGoAPI": "IptablesLockTimeout", - "StringSchema": "Seconds (floating point)", - "StringSchemaHTML": "Seconds (floating point)", - "StringDefault": "0", - "ParsedDefault": "0s", - "ParsedDefaultJSON": "0", - "ParsedType": "time.Duration", - "YAMLType": "string", - "YAMLSchema": "Duration string, for example `1m30s123ms` or `1h5m`.", - "YAMLEnumValues": null, - "YAMLSchemaHTML": "Duration string, for example 1m30s123ms or 1h5m.", - "YAMLDefault": "0s", - "Required": false, - "OnParseFailure": "ReplaceWithDefault", - "AllowedConfigSources": "All", - "Description": "The time that Felix itself will wait for the iptables lock (rather than delegating the\nlock handling to the `iptables` command).\n\nDeprecated: `iptables-restore` v1.8+ always takes the lock, so enabling this feature results in deadlock.", - "DescriptionHTML": "

The time that Felix itself will wait for the iptables lock (rather than delegating the\nlock handling to the iptables command).

\n

Deprecated: iptables-restore v1.8+ always takes the lock, so enabling this feature results in deadlock.

", + "Description": "Configures the interval between attempts to claim\nthe xtables lock. Shorter intervals are more responsive but use more CPU.", + "DescriptionHTML": "

Configures the interval between attempts to claim\nthe xtables lock. Shorter intervals are more responsive but use more CPU.

", "UserEditable": true, "GoType": "*v1.Duration", "OpenSourceOnly": false @@ -3773,33 +3968,6 @@ "GoType": "*v3.BPFJITHardeningType", "OpenSourceOnly": false }, - { - "Group": "Dataplane: eBPF", - "GroupWithSortPrefix": "22 Dataplane: eBPF", - "NameConfigFile": "BPFKubeProxyEndpointSlicesEnabled", - "NameEnvVar": "FELIX_BPFKubeProxyEndpointSlicesEnabled", - "NameYAML": "bpfKubeProxyEndpointSlicesEnabled", - "NameGoAPI": "BPFKubeProxyEndpointSlicesEnabled", - "StringSchema": "Boolean: `true`, `1`, `yes`, `y`, `t` accepted as True; `false`, `0`, `no`, `n`, `f` accepted (case insensitively) as False.", - "StringSchemaHTML": "Boolean: true, 1, yes, y, t accepted as True; false, 0, no, n, f accepted (case insensitively) as False.", - "StringDefault": "true", - "ParsedDefault": "true", - "ParsedDefaultJSON": "true", - "ParsedType": "bool", - "YAMLType": "boolean", - "YAMLSchema": "Boolean.", - "YAMLEnumValues": null, - "YAMLSchemaHTML": "Boolean.", - "YAMLDefault": "true", - "Required": false, - "OnParseFailure": "ReplaceWithDefault", - "AllowedConfigSources": "All", - "Description": "Deprecated and has no effect. BPF\nkube-proxy always accepts endpoint slices. This option will be removed in\nthe next release.", - "DescriptionHTML": "

Deprecated and has no effect. BPF\nkube-proxy always accepts endpoint slices. This option will be removed in\nthe next release.

", - "UserEditable": true, - "GoType": "*bool", - "OpenSourceOnly": false - }, { "Group": "Dataplane: eBPF", "GroupWithSortPrefix": "22 Dataplane: eBPF", @@ -3966,6 +4134,60 @@ "GoType": "string", "OpenSourceOnly": false }, + { + "Group": "Dataplane: eBPF", + "GroupWithSortPrefix": "22 Dataplane: eBPF", + "NameConfigFile": "BPFMaglevMaxEndpointsPerService", + "NameEnvVar": "FELIX_BPFMaglevMaxEndpointsPerService", + "NameYAML": "bpfMaglevMaxEndpointsPerService", + "NameGoAPI": "BPFMaglevMaxEndpointsPerService", + "StringSchema": "Integer: [1,3000]", + "StringSchemaHTML": "Integer: [1,3000]", + "StringDefault": "100", + "ParsedDefault": "100", + "ParsedDefaultJSON": "100", + "ParsedType": "int", + "YAMLType": "integer", + "YAMLSchema": "Integer: [1,3000]", + "YAMLEnumValues": null, + "YAMLSchemaHTML": "Integer: [1,3000]", + "YAMLDefault": "100", + "Required": false, + "OnParseFailure": "ReplaceWithDefault", + "AllowedConfigSources": "All", + "Description": "The maximum number of endpoints\nexpected to be part of a single Maglev-enabled service.\n\nInfluences the size of the per-service Maglev lookup-tables generated by Felix\nand thus the amount of memory reserved.", + "DescriptionHTML": "

The maximum number of endpoints\nexpected to be part of a single Maglev-enabled service.

\n

Influences the size of the per-service Maglev lookup-tables generated by Felix\nand thus the amount of memory reserved.

", + "UserEditable": true, + "GoType": "*int", + "OpenSourceOnly": false + }, + { + "Group": "Dataplane: eBPF", + "GroupWithSortPrefix": "22 Dataplane: eBPF", + "NameConfigFile": "BPFMaglevMaxServices", + "NameEnvVar": "FELIX_BPFMaglevMaxServices", + "NameYAML": "bpfMaglevMaxServices", + "NameGoAPI": "BPFMaglevMaxServices", + "StringSchema": "Integer: [1,3000]", + "StringSchemaHTML": "Integer: [1,3000]", + "StringDefault": "100", + "ParsedDefault": "100", + "ParsedDefaultJSON": "100", + "ParsedType": "int", + "YAMLType": "integer", + "YAMLSchema": "Integer: [1,3000]", + "YAMLEnumValues": null, + "YAMLSchemaHTML": "Integer: [1,3000]", + "YAMLDefault": "100", + "Required": false, + "OnParseFailure": "ReplaceWithDefault", + "AllowedConfigSources": "All", + "Description": "The maximum number of expected Maglev-enabled\nservices that Felix will allocate lookup-tables for.", + "DescriptionHTML": "

The maximum number of expected Maglev-enabled\nservices that Felix will allocate lookup-tables for.

", + "UserEditable": true, + "GoType": "*int", + "OpenSourceOnly": false + }, { "Group": "Dataplane: eBPF", "GroupWithSortPrefix": "22 Dataplane: eBPF", @@ -4253,9 +4475,9 @@ "ParsedDefaultJSON": "\"20000:29999\"", "ParsedType": "numorstring.Port", "YAMLType": "integer or string", - "YAMLSchema": "String.", + "YAMLSchema": "Port range: either an integer in [0,65535] or a string, representing a range, in format `n:m`", "YAMLEnumValues": null, - "YAMLSchemaHTML": "String.", + "YAMLSchemaHTML": "Port range: either an integer in [0,65535] or a string, representing a range, in format n:m", "YAMLDefault": "20000:29999", "Required": false, "OnParseFailure": "ReplaceWithDefault", @@ -8816,4 +9038,4 @@ ] } ] -} \ No newline at end of file +} diff --git a/calico-enterprise_versioned_docs/version-3.21-2/_includes/components/FelixConfig/config-params.json b/calico-enterprise_versioned_docs/version-3.21-2/_includes/components/FelixConfig/config-params.json index 03f81131c6..0b129efe0f 100644 --- a/calico-enterprise_versioned_docs/version-3.21-2/_includes/components/FelixConfig/config-params.json +++ b/calico-enterprise_versioned_docs/version-3.21-2/_includes/components/FelixConfig/config-params.json @@ -8613,4 +8613,4 @@ ] } ] -} \ No newline at end of file +} diff --git a/calico-enterprise_versioned_docs/version-3.22-2/_includes/components/FelixConfig/config-params.json b/calico-enterprise_versioned_docs/version-3.22-2/_includes/components/FelixConfig/config-params.json index a62f14f9e5..3c28de306c 100644 --- a/calico-enterprise_versioned_docs/version-3.22-2/_includes/components/FelixConfig/config-params.json +++ b/calico-enterprise_versioned_docs/version-3.22-2/_includes/components/FelixConfig/config-params.json @@ -8793,4 +8793,4 @@ ] } ] -} \ No newline at end of file +} diff --git a/calico-enterprise_versioned_docs/version-3.23-1/_includes/components/FelixConfig/config-params.json b/calico-enterprise_versioned_docs/version-3.23-1/_includes/components/FelixConfig/config-params.json index 488e86903e..e94fce4da1 100644 --- a/calico-enterprise_versioned_docs/version-3.23-1/_includes/components/FelixConfig/config-params.json +++ b/calico-enterprise_versioned_docs/version-3.23-1/_includes/components/FelixConfig/config-params.json @@ -8980,4 +8980,4 @@ ] } ] -} \ No newline at end of file +} diff --git a/calico/_includes/components/FelixConfig/config-params.json b/calico/_includes/components/FelixConfig/config-params.json index 2a8b2d9baa..ae9cc25733 100644 --- a/calico/_includes/components/FelixConfig/config-params.json +++ b/calico/_includes/components/FelixConfig/config-params.json @@ -986,6 +986,84 @@ "UserEditable": true, "GoType": "*bool" }, + { + "Group": "Process: Prometheus metrics", + "GroupWithSortPrefix": "00 Process: Prometheus metrics", + "NameConfigFile": "PrometheusMetricsCAFile", + "NameEnvVar": "FELIX_PrometheusMetricsCAFile", + "NameYAML": "prometheusMetricsCAFile", + "NameGoAPI": "PrometheusMetricsCAFile", + "StringSchema": "String", + "StringSchemaHTML": "String", + "StringDefault": "", + "ParsedDefault": "", + "ParsedDefaultJSON": "\"\"", + "ParsedType": "string", + "YAMLType": "string", + "YAMLSchema": "String.", + "YAMLEnumValues": null, + "YAMLSchemaHTML": "String.", + "YAMLDefault": "", + "Required": false, + "OnParseFailure": "ReplaceWithDefault", + "AllowedConfigSources": "All", + "Description": "Defines the absolute path to the TLS CA certificate file used for securing the /metrics endpoint.\nThis certificate must be valid and accessible by the calico-node process.", + "DescriptionHTML": "

Defines the absolute path to the TLS CA certificate file used for securing the /metrics endpoint.\nThis certificate must be valid and accessible by the calico-node process.

", + "UserEditable": true, + "GoType": "*string" + }, + { + "Group": "Process: Prometheus metrics", + "GroupWithSortPrefix": "00 Process: Prometheus metrics", + "NameConfigFile": "PrometheusMetricsCertFile", + "NameEnvVar": "FELIX_PrometheusMetricsCertFile", + "NameYAML": "prometheusMetricsCertFile", + "NameGoAPI": "PrometheusMetricsCertFile", + "StringSchema": "String", + "StringSchemaHTML": "String", + "StringDefault": "", + "ParsedDefault": "", + "ParsedDefaultJSON": "\"\"", + "ParsedType": "string", + "YAMLType": "string", + "YAMLSchema": "String.", + "YAMLEnumValues": null, + "YAMLSchemaHTML": "String.", + "YAMLDefault": "", + "Required": false, + "OnParseFailure": "ReplaceWithDefault", + "AllowedConfigSources": "All", + "Description": "Defines the absolute path to the TLS certificate file used for securing the /metrics endpoint.\nThis certificate must be valid and accessible by the calico-node process.", + "DescriptionHTML": "

Defines the absolute path to the TLS certificate file used for securing the /metrics endpoint.\nThis certificate must be valid and accessible by the calico-node process.

", + "UserEditable": true, + "GoType": "*string" + }, + { + "Group": "Process: Prometheus metrics", + "GroupWithSortPrefix": "00 Process: Prometheus metrics", + "NameConfigFile": "PrometheusMetricsClientAuth", + "NameEnvVar": "FELIX_PrometheusMetricsClientAuth", + "NameYAML": "prometheusMetricsClientAuth", + "NameGoAPI": "PrometheusMetricsClientAuth", + "StringSchema": "One of: `NoClientCert`, `RequireAndVerifyClientCert`, `RequireAnyClientCert`, `VerifyClientCertIfGiven` (case insensitive)", + "StringSchemaHTML": "One of: NoClientCert, RequireAndVerifyClientCert, RequireAnyClientCert, VerifyClientCertIfGiven (case insensitive)", + "StringDefault": "RequireAndVerifyClientCert", + "ParsedDefault": "RequireAndVerifyClientCert", + "ParsedDefaultJSON": "\"RequireAndVerifyClientCert\"", + "ParsedType": "string", + "YAMLType": "string", + "YAMLSchema": "", + "YAMLEnumValues": null, + "YAMLSchemaHTML": "", + "YAMLDefault": "RequireAndVerifyClientCert", + "Required": false, + "OnParseFailure": "ReplaceWithDefault", + "AllowedConfigSources": "All", + "Description": "Specifies the client authentication type for the /metrics endpoint.\nThis determines how the server validates client certificates. Default is \"RequireAndVerifyClientCert\".", + "DescriptionHTML": "

Specifies the client authentication type for the /metrics endpoint.\nThis determines how the server validates client certificates. Default is \"RequireAndVerifyClientCert\".

", + "UserEditable": true, + "GoType": "*v3.PrometheusMetricsClientAuthType" + }, { "Group": "Process: Prometheus metrics", "GroupWithSortPrefix": "00 Process: Prometheus metrics", @@ -1038,6 +1116,32 @@ "UserEditable": true, "GoType": "string" }, + { + "Group": "Process: Prometheus metrics", + "GroupWithSortPrefix": "00 Process: Prometheus metrics", + "NameConfigFile": "PrometheusMetricsKeyFile", + "NameEnvVar": "FELIX_PrometheusMetricsKeyFile", + "NameYAML": "prometheusMetricsKeyFile", + "NameGoAPI": "PrometheusMetricsKeyFile", + "StringSchema": "String", + "StringSchemaHTML": "String", + "StringDefault": "", + "ParsedDefault": "", + "ParsedDefaultJSON": "\"\"", + "ParsedType": "string", + "YAMLType": "string", + "YAMLSchema": "String.", + "YAMLEnumValues": null, + "YAMLSchemaHTML": "String.", + "YAMLDefault": "", + "Required": false, + "OnParseFailure": "ReplaceWithDefault", + "AllowedConfigSources": "All", + "Description": "Defines the absolute path to the private key file corresponding to the TLS certificate\nused for securing the /metrics endpoint. The private key must be valid and accessible by the calico-node process.", + "DescriptionHTML": "

Defines the absolute path to the private key file corresponding to the TLS certificate\nused for securing the /metrics endpoint. The private key must be valid and accessible by the calico-node process.

", + "UserEditable": true, + "GoType": "*string" + }, { "Group": "Process: Prometheus metrics", "GroupWithSortPrefix": "00 Process: Prometheus metrics", @@ -1775,9 +1879,9 @@ "ParsedDefaultJSON": "0", "ParsedType": "numorstring.Port", "YAMLType": "integer or string", - "YAMLSchema": "String.", + "YAMLSchema": "Port range: either an integer in [0,65535] or a string, representing a range, in format `n:m`", "YAMLEnumValues": null, - "YAMLSchemaHTML": "String.", + "YAMLSchemaHTML": "Port range: either an integer in [0,65535] or a string, representing a range, in format n:m", "YAMLDefault": "0", "Required": false, "OnParseFailure": "ReplaceWithDefault", @@ -1794,11 +1898,11 @@ "NameEnvVar": "FELIX_NFTablesMode", "NameYAML": "nftablesMode", "NameGoAPI": "NFTablesMode", - "StringSchema": "One of: `Disabled`, `Enabled` (case insensitive)", - "StringSchemaHTML": "One of: Disabled, Enabled (case insensitive)", - "StringDefault": "Disabled", - "ParsedDefault": "Disabled", - "ParsedDefaultJSON": "\"Disabled\"", + "StringSchema": "One of: `Auto`, `Disabled`, `Enabled` (case insensitive)", + "StringSchemaHTML": "One of: Auto, Disabled, Enabled (case insensitive)", + "StringDefault": "Auto", + "ParsedDefault": "Auto", + "ParsedDefaultJSON": "\"Auto\"", "ParsedType": "string", "YAMLType": "string", "YAMLSchema": "One of: `\"Auto\"`, `\"Disabled\"`, `\"Enabled\"`.", @@ -1808,7 +1912,7 @@ "`\"Enabled\"`" ], "YAMLSchemaHTML": "One of: \"Auto\", \"Disabled\", \"Enabled\".", - "YAMLDefault": "Disabled", + "YAMLDefault": "Auto", "Required": false, "OnParseFailure": "ReplaceWithDefault", "AllowedConfigSources": "All", @@ -2239,14 +2343,14 @@ "ParsedDefaultJSON": "\"auto\"", "ParsedType": "string", "YAMLType": "string", - "YAMLSchema": "One of: `Auto`, `Legacy`, `NFT`.", + "YAMLSchema": "One of: `\"Auto\"`, `\"Legacy\"`, `\"NFT\"`.", "YAMLEnumValues": [ - "Auto", - "Legacy", - "NFT" + "`\"Auto\"`", + "`\"Legacy\"`", + "`\"NFT\"`" ], - "YAMLSchemaHTML": "One of: Auto, Legacy, NFT.", - "YAMLDefault": "Auto", + "YAMLSchemaHTML": "One of: \"Auto\", \"Legacy\", \"NFT\".", + "YAMLDefault": "auto", "Required": false, "OnParseFailure": "ReplaceWithDefault", "AllowedConfigSources": "All", @@ -2313,32 +2417,6 @@ "UserEditable": true, "GoType": "string" }, - { - "Group": "Dataplane: iptables", - "GroupWithSortPrefix": "20 Dataplane: iptables", - "NameConfigFile": "IptablesLockFilePath", - "NameEnvVar": "FELIX_IptablesLockFilePath", - "NameYAML": "iptablesLockFilePath", - "NameGoAPI": "IptablesLockFilePath", - "StringSchema": "Path to file", - "StringSchemaHTML": "Path to file", - "StringDefault": "/run/xtables.lock", - "ParsedDefault": "/run/xtables.lock", - "ParsedDefaultJSON": "\"/run/xtables.lock\"", - "ParsedType": "string", - "YAMLType": "string", - "YAMLSchema": "String.", - "YAMLEnumValues": null, - "YAMLSchemaHTML": "String.", - "YAMLDefault": "/run/xtables.lock", - "Required": false, - "OnParseFailure": "ReplaceWithDefault", - "AllowedConfigSources": "All", - "Description": "The location of the iptables lock file. You may need to change this\nif the lock file is not in its standard location (for example if you have mapped it into Felix's\ncontainer at a different path).", - "DescriptionHTML": "

The location of the iptables lock file. You may need to change this\nif the lock file is not in its standard location (for example if you have mapped it into Felix's\ncontainer at a different path).

", - "UserEditable": true, - "GoType": "string" - }, { "Group": "Dataplane: iptables", "GroupWithSortPrefix": "20 Dataplane: iptables", @@ -2360,34 +2438,8 @@ "Required": false, "OnParseFailure": "ReplaceWithDefault", "AllowedConfigSources": "All", - "Description": "When IptablesLockTimeout is enabled: the time that Felix will wait between\nattempts to acquire the iptables lock if it is not available. Lower values make Felix more\nresponsive when the lock is contended, but use more CPU.", - "DescriptionHTML": "

When IptablesLockTimeout is enabled: the time that Felix will wait between\nattempts to acquire the iptables lock if it is not available. Lower values make Felix more\nresponsive when the lock is contended, but use more CPU.

", - "UserEditable": true, - "GoType": "*v1.Duration" - }, - { - "Group": "Dataplane: iptables", - "GroupWithSortPrefix": "20 Dataplane: iptables", - "NameConfigFile": "IptablesLockTimeoutSecs", - "NameEnvVar": "FELIX_IptablesLockTimeoutSecs", - "NameYAML": "iptablesLockTimeout", - "NameGoAPI": "IptablesLockTimeout", - "StringSchema": "Seconds (floating point)", - "StringSchemaHTML": "Seconds (floating point)", - "StringDefault": "0", - "ParsedDefault": "0s", - "ParsedDefaultJSON": "0", - "ParsedType": "time.Duration", - "YAMLType": "string", - "YAMLSchema": "Duration string, for example `1m30s123ms` or `1h5m`.", - "YAMLEnumValues": null, - "YAMLSchemaHTML": "Duration string, for example 1m30s123ms or 1h5m.", - "YAMLDefault": "0s", - "Required": false, - "OnParseFailure": "ReplaceWithDefault", - "AllowedConfigSources": "All", - "Description": "The time that Felix itself will wait for the iptables lock (rather than delegating the\nlock handling to the `iptables` command).\n\nDeprecated: `iptables-restore` v1.8+ always takes the lock, so enabling this feature results in deadlock.", - "DescriptionHTML": "

The time that Felix itself will wait for the iptables lock (rather than delegating the\nlock handling to the iptables command).

\n

Deprecated: iptables-restore v1.8+ always takes the lock, so enabling this feature results in deadlock.

", + "Description": "Configures the interval between attempts to claim\nthe xtables lock. Shorter intervals are more responsive but use more CPU.", + "DescriptionHTML": "

Configures the interval between attempts to claim\nthe xtables lock. Shorter intervals are more responsive but use more CPU.

", "UserEditable": true, "GoType": "*v1.Duration" }, @@ -3295,32 +3347,6 @@ "UserEditable": true, "GoType": "*v3.BPFJITHardeningType" }, - { - "Group": "Dataplane: eBPF", - "GroupWithSortPrefix": "22 Dataplane: eBPF", - "NameConfigFile": "BPFKubeProxyEndpointSlicesEnabled", - "NameEnvVar": "FELIX_BPFKubeProxyEndpointSlicesEnabled", - "NameYAML": "bpfKubeProxyEndpointSlicesEnabled", - "NameGoAPI": "BPFKubeProxyEndpointSlicesEnabled", - "StringSchema": "Boolean: `true`, `1`, `yes`, `y`, `t` accepted as True; `false`, `0`, `no`, `n`, `f` accepted (case insensitively) as False.", - "StringSchemaHTML": "Boolean: true, 1, yes, y, t accepted as True; false, 0, no, n, f accepted (case insensitively) as False.", - "StringDefault": "true", - "ParsedDefault": "true", - "ParsedDefaultJSON": "true", - "ParsedType": "bool", - "YAMLType": "boolean", - "YAMLSchema": "Boolean.", - "YAMLEnumValues": null, - "YAMLSchemaHTML": "Boolean.", - "YAMLDefault": "true", - "Required": false, - "OnParseFailure": "ReplaceWithDefault", - "AllowedConfigSources": "All", - "Description": "Deprecated and has no effect. BPF\nkube-proxy always accepts endpoint slices. This option will be removed in\nthe next release.", - "DescriptionHTML": "

Deprecated and has no effect. BPF\nkube-proxy always accepts endpoint slices. This option will be removed in\nthe next release.

", - "UserEditable": true, - "GoType": "*bool" - }, { "Group": "Dataplane: eBPF", "GroupWithSortPrefix": "22 Dataplane: eBPF", @@ -3481,6 +3507,58 @@ "UserEditable": true, "GoType": "string" }, + { + "Group": "Dataplane: eBPF", + "GroupWithSortPrefix": "22 Dataplane: eBPF", + "NameConfigFile": "BPFMaglevMaxEndpointsPerService", + "NameEnvVar": "FELIX_BPFMaglevMaxEndpointsPerService", + "NameYAML": "bpfMaglevMaxEndpointsPerService", + "NameGoAPI": "BPFMaglevMaxEndpointsPerService", + "StringSchema": "Integer: [1,3000]", + "StringSchemaHTML": "Integer: [1,3000]", + "StringDefault": "100", + "ParsedDefault": "100", + "ParsedDefaultJSON": "100", + "ParsedType": "int", + "YAMLType": "integer", + "YAMLSchema": "Integer: [1,3000]", + "YAMLEnumValues": null, + "YAMLSchemaHTML": "Integer: [1,3000]", + "YAMLDefault": "100", + "Required": false, + "OnParseFailure": "ReplaceWithDefault", + "AllowedConfigSources": "All", + "Description": "The maximum number of endpoints\nexpected to be part of a single Maglev-enabled service.\n\nInfluences the size of the per-service Maglev lookup-tables generated by Felix\nand thus the amount of memory reserved.", + "DescriptionHTML": "

The maximum number of endpoints\nexpected to be part of a single Maglev-enabled service.

\n

Influences the size of the per-service Maglev lookup-tables generated by Felix\nand thus the amount of memory reserved.

", + "UserEditable": true, + "GoType": "*int" + }, + { + "Group": "Dataplane: eBPF", + "GroupWithSortPrefix": "22 Dataplane: eBPF", + "NameConfigFile": "BPFMaglevMaxServices", + "NameEnvVar": "FELIX_BPFMaglevMaxServices", + "NameYAML": "bpfMaglevMaxServices", + "NameGoAPI": "BPFMaglevMaxServices", + "StringSchema": "Integer: [1,3000]", + "StringSchemaHTML": "Integer: [1,3000]", + "StringDefault": "100", + "ParsedDefault": "100", + "ParsedDefaultJSON": "100", + "ParsedType": "int", + "YAMLType": "integer", + "YAMLSchema": "Integer: [1,3000]", + "YAMLEnumValues": null, + "YAMLSchemaHTML": "Integer: [1,3000]", + "YAMLDefault": "100", + "Required": false, + "OnParseFailure": "ReplaceWithDefault", + "AllowedConfigSources": "All", + "Description": "The maximum number of expected Maglev-enabled\nservices that Felix will allocate lookup-tables for.", + "DescriptionHTML": "

The maximum number of expected Maglev-enabled\nservices that Felix will allocate lookup-tables for.

", + "UserEditable": true, + "GoType": "*int" + }, { "Group": "Dataplane: eBPF", "GroupWithSortPrefix": "22 Dataplane: eBPF", @@ -3758,9 +3836,9 @@ "ParsedDefaultJSON": "\"20000:29999\"", "ParsedType": "numorstring.Port", "YAMLType": "integer or string", - "YAMLSchema": "String.", + "YAMLSchema": "Port range: either an integer in [0,65535] or a string, representing a range, in format `n:m`", "YAMLEnumValues": null, - "YAMLSchemaHTML": "String.", + "YAMLSchemaHTML": "Port range: either an integer in [0,65535] or a string, representing a range, in format n:m", "YAMLDefault": "20000:29999", "Required": false, "OnParseFailure": "ReplaceWithDefault", @@ -3834,24 +3912,23 @@ "NameGoAPI": "BPFRedirectToPeer", "StringSchema": "One of: `Disabled`, `Enabled`, `L2Only` (case insensitive)", "StringSchemaHTML": "One of: Disabled, Enabled, L2Only (case insensitive)", - "StringDefault": "L2Only", - "ParsedDefault": "L2Only", - "ParsedDefaultJSON": "\"L2Only\"", + "StringDefault": "Enabled", + "ParsedDefault": "Enabled", + "ParsedDefaultJSON": "\"Enabled\"", "ParsedType": "string", "YAMLType": "string", - "YAMLSchema": "One of: `\"Disabled\"`, `\"Enabled\"`, `\"L2Only\"`.", + "YAMLSchema": "One of: `\"Disabled\"`, `\"Enabled\"`.", "YAMLEnumValues": [ "`\"Disabled\"`", - "`\"Enabled\"`", - "`\"L2Only\"`" + "`\"Enabled\"`" ], - "YAMLSchemaHTML": "One of: \"Disabled\", \"Enabled\", \"L2Only\".", - "YAMLDefault": "L2Only", + "YAMLSchemaHTML": "One of: \"Disabled\", \"Enabled\".", + "YAMLDefault": "Enabled", "Required": true, "OnParseFailure": "ReplaceWithDefault", "AllowedConfigSources": "All", - "Description": "Controls which whether it is allowed to forward straight to the\npeer side of the workload devices. It is allowed for any host L2 devices by default\n(L2Only), but it breaks TCP dump on the host side of workload device as it bypasses\nit on ingress. Value of Enabled also allows redirection from L3 host devices like\nIPIP tunnel or Wireguard directly to the peer side of the workload's device. This\nmakes redirection faster, however, it breaks tools like tcpdump on the peer side.\nUse Enabled with caution.", - "DescriptionHTML": "

Controls which whether it is allowed to forward straight to the\npeer side of the workload devices. It is allowed for any host L2 devices by default\n(L2Only), but it breaks TCP dump on the host side of workload device as it bypasses\nit on ingress. Value of Enabled also allows redirection from L3 host devices like\nIPIP tunnel or Wireguard directly to the peer side of the workload's device. This\nmakes redirection faster, however, it breaks tools like tcpdump on the peer side.\nUse Enabled with caution.

", + "Description": "Controls whether traffic may be forwarded directly to the peer side of a workload’s device.\nNote that the legacy \"L2Only\" option is now deprecated and if set it is treated like \"Enabled.\nSetting this option to \"Enabled\" allows direct redirection (including from L3 host devices such as IPIP tunnels or WireGuard),\nwhich can improve redirection performance but causes the redirected packets to bypass the host‑side ingress path.\nAs a result, packet‑capture tools on the host side of the workload device (for example, tcpdump) will not see that traffic.", + "DescriptionHTML": "

Controls whether traffic may be forwarded directly to the peer side of a workload’s device.\nNote that the legacy \"L2Only\" option is now deprecated and if set it is treated like \"Enabled.\nSetting this option to \"Enabled\" allows direct redirection (including from L3 host devices such as IPIP tunnels or WireGuard),\nwhich can improve redirection performance but causes the redirected packets to bypass the host‑side ingress path.\nAs a result, packet‑capture tools on the host side of the workload device (for example, tcpdump) will not see that traffic.

", "UserEditable": true, "GoType": "string" }