feat: bump cilium to v1.16.18 and update related images

l1b0k · l1b0k · commit 2a808777dcfc · 2026-01-04T11:38:42.000+08:00
Signed-off-by: l1b0k &lt;libokang.lbk@alibaba-inc.com&gt;
diff --git a/deploy/images/policy/Dockerfile b/deploy/images/policy/Dockerfile
@@ -22,7 +22,7 @@ RUN --mount=type=cache,target=/root/.cache/go-build \
     ( ! $(readelf -d bin/calico-felix | grep -q NEEDED) || ( echo "Error: bin/calico-felix was not statically linked"; false )) \
     && chmod +x /go/src/github.com/projectcalico/calico/bin/calico-felix
 
-FROM --platform=$TARGETPLATFORM quay.io/cilium/cilium-builder:0aa9ec56fe2df313baa592994c1e4dd2a6a38f96@sha256:d5df105dbf3362be00cb88ba8f517d54b3a272e71f7b3e9be38690b48e23149e as cilium-builder
+FROM --platform=$TARGETPLATFORM quay.io/cilium/cilium-builder:03739b8b3d9bcfd05501f61d035f6b027e4c9425@sha256:01cdf345f1aa673c073fdf7f59a78c58eff9974c940d81cfd2286aba890da841 as cilium-builder
 ARG GOPROXY
 ENV GOPROXY=$GOPROXY
 ARG CILIUM_SHA=""
@@ -31,8 +31,8 @@ LABEL cilium-sha=${CILIUM_SHA}
 LABEL maintainer="maintainer@cilium.io"
 WORKDIR /go/src/github.com/cilium
 RUN rm -rf cilium
-ENV GIT_TAG=v1.16.12
-ENV GIT_COMMIT=a66093957f9614320e5d7364615235209b757c55
+ENV GIT_TAG=v1.16.18
+ENV GIT_COMMIT=ab50022137f1d6af6914dead0d83b13ab3119d4d
 RUN git clone -b $GIT_TAG --depth 1 https://github.com/cilium/cilium.git && \
     cd cilium && git config --global user.email terway && git config --global user.name terway && \
     [ "`git rev-parse HEAD`" = "${GIT_COMMIT}" ]
diff --git a/deploy/images/terway/Dockerfile b/deploy/images/terway/Dockerfile
@@ -1,15 +1,13 @@
 # syntax=docker/dockerfile:1-labs
 ARG TERWAY_POLICY_IMAGE=registry-cn-zhangjiakou.ack.aliyuncs.com/acs/terway:policy-71baf890@sha256:20e5741a0ad2dc4358ade7a8d41ebf192e6804bff94da95f34f1be7397b3cf4e
 ARG UBUNTU_IMAGE=registry.cn-hangzhou.aliyuncs.com/acs/ubuntu:24.04-update
-ARG CILIUM_IPROUTE2_IMAGE=quay.io/cilium/cilium-iproute2:3570d58349efb2d6b0342369a836998c93afd291@sha256:1abcd7a5d2117190ab2690a163ee9cd135bc9e4cf8a4df662a8f993044c79342
-ARG CILIUM_LLVM_IMAGE=quay.io/cilium/cilium-llvm:02191b3a68f4003f075e69a61b61faa8d12d4b6d@sha256:54ca04f65a6de3aa5243a7da392aed342c64f579ebd94ea1290590ce77a433a8
-ARG CILIUM_BPFTOOL_IMAGE=quay.io/cilium/cilium-bpftool:5a9c4852a21287686009bfe1cdc1fed6e7aabdea@sha256:188e398ee30456373530698d0d29de66dda0c4428068ea430027ceb7e9c15b7c
-ARG CILIUM_IPTABLES_IMAGE=quay.io/cilium/iptables:1331e9b1b03f70c9d8b08626d9a7126963f86478@sha256:d761d967243aced2729adde1e332a9c9def6baeb61f5f6cde5758b04e9a79355
+ARG CILIUM_LLVM_IMAGE=quay.io/cilium/cilium-llvm:9f1bfe736009afb1fbb562718bbc42ea07d37d8e@sha256:a666a7a01a2dc610c3ab6e32f25ca5e294201f3cbbc01f233320c527955deee3
+ARG CILIUM_BPFTOOL_IMAGE=quay.io/cilium/cilium-bpftool:0db3a73729ceb42e947d826bb96a655be79e5317@sha256:de23c9546c4eafab33f75d6f5d129947bbbafc132dbd113c0cecc9a61929e6b0
+ARG CILIUM_IPTABLES_IMAGE=quay.io/cilium/iptables:67f517af50e18f64cd12625021f1c39246bb4f92@sha256:d075f03e89aacf51908346ec8ed5d251b8d3ad528ce30a710fcd074cdf91f11d
 
 FROM --platform=$TARGETPLATFORM ${TERWAY_POLICY_IMAGE} AS policy-dist
 FROM --platform=$TARGETPLATFORM ${CILIUM_LLVM_IMAGE} AS llvm-dist
 FROM --platform=$TARGETPLATFORM ${CILIUM_BPFTOOL_IMAGE} AS bpftool-dist
-FROM --platform=$TARGETPLATFORM ${CILIUM_IPROUTE2_IMAGE} AS iproute2-dist
 FROM --platform=$TARGETPLATFORM ${CILIUM_IPTABLES_IMAGE} AS iptables-dist
 
 FROM --platform=$BUILDPLATFORM golang:1.25.5 AS builder
@@ -32,7 +30,7 @@ RUN --mount=type=cache,target=/root/.cache/go-build \
     go build -tags default_build -ldflags "-s -w" -o terway-cli ./cmd/terway-cli
 
 FROM --platform=$TARGETPLATFORM ${UBUNTU_IMAGE}
-RUN apt-get update && apt-get install -y kmod libelf1 libmnl0 iptables nftables kmod curl ipset bash ethtool bridge-utils socat grep findutils jq conntrack iputils-ping && \
+RUN apt-get update && apt-get install -y iproute2 kmod libelf1 libmnl0 iptables nftables kmod curl ipset bash ethtool bridge-utils socat grep findutils jq conntrack iputils-ping && \
     apt-get purge --auto-remove && apt-get clean && rm -rf /var/lib/apt/lists/*
 
 RUN --mount=type=bind,from=iptables-dist,source=/iptables,target=/iptables \
@@ -42,8 +40,6 @@ RUN --mount=type=bind,source=/hack/iptables-wrapper-installer.sh,target=/iptable
 
 COPY --link --from=llvm-dist /usr/local/bin/clang /usr/local/bin/llc /usr/bin/
 COPY --link --from=bpftool-dist /usr/local /usr/local
-COPY --link --from=iproute2-dist /usr/local /usr/local
-COPY --link --from=iproute2-dist /usr/lib/libbpf* /usr/lib/
 COPY --link --from=policy-dist /bin/calico-felix /usr/local/bin/calico-felix
 
 COPY --link ../../../policy/policyinit.sh ./../../policy/uninstall_policy.sh ../../../hack/init.sh /usr/bin/
diff --git a/policy/cilium/0001-cni-add-terway-cni.patch b/policy/cilium/0001-cni-add-terway-cni.patch
@@ -660,7 +660,7 @@ index 07b6afca7c..fd69aab5e6 100644
  	}
  }
 diff --git a/pkg/endpoint/endpoint.go b/pkg/endpoint/endpoint.go
-index bba3bc2aed..ae7e11b752 100644
+index 72f0cbfbbc..063d6c4f58 100644
 --- a/pkg/endpoint/endpoint.go
 +++ b/pkg/endpoint/endpoint.go
 @@ -31,6 +31,7 @@ import (
@@ -671,7 +671,7 @@ index bba3bc2aed..ae7e11b752 100644
  	dptypes "github.com/cilium/cilium/pkg/datapath/types"
  	"github.com/cilium/cilium/pkg/defaults"
  	"github.com/cilium/cilium/pkg/endpoint/regeneration"
-@@ -429,6 +430,10 @@ type Endpoint struct {
+@@ -425,6 +426,10 @@ type Endpoint struct {
  
  	// NetNsCookie is the network namespace cookie of the Endpoint.
  	NetNsCookie uint64
@@ -682,7 +682,7 @@ index bba3bc2aed..ae7e11b752 100644
  }
  
  func (e *Endpoint) GetRealizedRedirects() (redirects map[string]uint16) {
-@@ -711,6 +716,9 @@ func (e *Endpoint) GetID16() uint16 {
+@@ -709,6 +714,9 @@ func (e *Endpoint) GetID16() uint16 {
  // In some datapath modes, it may return an empty string as there is no unique
  // host netns network interface for this endpoint.
  func (e *Endpoint) HostInterface() string {
@@ -692,7 +692,7 @@ index bba3bc2aed..ae7e11b752 100644
  	return e.ifName
  }
  
-@@ -2590,6 +2598,9 @@ func (e *Endpoint) Delete(conf DeleteConfig) []error {
+@@ -2589,6 +2597,9 @@ func (e *Endpoint) Delete(conf DeleteConfig) []error {
  // setDown sets the Endpoint's underlying interface down. If the interface
  // cannot be retrieved, returns nil.
  func (e *Endpoint) setDown() error {
@@ -794,7 +794,7 @@ index 0000000000..16d42d2e7b
 +	return ep.eniIndex
 +}
 diff --git a/pkg/option/config.go b/pkg/option/config.go
-index 0fbbdeb7f0..e38fd79cdb 100644
+index 41ce99326c..581382cacc 100644
 --- a/pkg/option/config.go
 +++ b/pkg/option/config.go
 @@ -40,6 +40,7 @@ import (
@@ -805,7 +805,7 @@ index 0fbbdeb7f0..e38fd79cdb 100644
  	"github.com/cilium/cilium/pkg/defaults"
  	"github.com/cilium/cilium/pkg/ip"
  	ipamOption "github.com/cilium/cilium/pkg/ipam/option"
-@@ -2574,7 +2575,8 @@ func (c *DaemonConfig) TunnelingEnabled() bool {
+@@ -2573,7 +2574,8 @@ func (c *DaemonConfig) TunnelingEnabled() bool {
  func (c *DaemonConfig) AreDevicesRequired() bool {
  	return c.EnableNodePort || c.EnableHostFirewall || c.EnableWireguard ||
  		c.EnableHighScaleIPcache || c.EnableL2Announcements || c.ForceDeviceRequired ||
@@ -1311,5 +1311,5 @@ index cd4b2f673e..fceb272841 100644
  
  // IPAM is the Cilium specific CNI IPAM configuration
 -- 
-2.39.5 (Apple Git-154)
+2.50.1 (Apple Git-155)
 
diff --git a/policy/cilium/0002-bypass-the-node-local-dns-ip.patch b/policy/cilium/0002-bypass-the-node-local-dns-ip.patch
@@ -32,5 +32,5 @@ index d8871026d5..f7b44be648 100644
  			ret = ipv4_l3(ctx, ETH_HLEN, NULL, NULL, ip4);
  			if (ret == CTX_ACT_OK)
 -- 
-2.39.5 (Apple Git-154)
+2.50.1 (Apple Git-155)
 
diff --git a/policy/cilium/0003-cep-optimize-cep-watch.patch b/policy/cilium/0003-cep-optimize-cep-watch.patch
@@ -132,5 +132,5 @@ index ca0c3753c2..70abef8924 100644
  
  		if annotationsChanged {
 -- 
-2.39.5 (Apple Git-154)
+2.50.1 (Apple Git-155)
 
diff --git a/policy/cilium/0004-lb-enable-in-cluster-load-balancer.patch b/policy/cilium/0004-lb-enable-in-cluster-load-balancer.patch
@@ -61,7 +61,7 @@ index 486d4669c6..9e453da546 100644
  		k8sLoadBalancerIPs = parseIPs(loadBalancerIPs)
  	} else if option.Config.BGPAnnounceLBIP {
 diff --git a/pkg/option/config.go b/pkg/option/config.go
-index e38fd79cdb..854fd4abc5 100644
+index 581382cacc..d082a24585 100644
 --- a/pkg/option/config.go
 +++ b/pkg/option/config.go
 @@ -245,6 +245,9 @@ const (
@@ -84,7 +84,7 @@ index e38fd79cdb..854fd4abc5 100644
  	// EnableSVCSourceRangeCheck enables check of loadBalancerSourceRanges
  	EnableSVCSourceRangeCheck bool
  
-@@ -3053,6 +3059,7 @@ func (c *DaemonConfig) Populate(vp *viper.Viper) {
+@@ -3052,6 +3058,7 @@ func (c *DaemonConfig) Populate(vp *viper.Viper) {
  	c.EnableIPIPTermination = vp.GetBool(EnableIPIPTermination)
  	c.EnableUnreachableRoutes = vp.GetBool(EnableUnreachableRoutes)
  	c.EnableNodePort = vp.GetBool(EnableNodePort)
@@ -93,5 +93,5 @@ index e38fd79cdb..854fd4abc5 100644
  	c.EnableHostPort = vp.GetBool(EnableHostPort)
  	c.EnableHostLegacyRouting = vp.GetBool(EnableHostLegacyRouting)
 -- 
-2.39.5 (Apple Git-154)
+2.50.1 (Apple Git-155)
 
diff --git a/policy/cilium/0005-deprecated-disable-per-package-lb.patch b/policy/cilium/0005-deprecated-disable-per-package-lb.patch
@@ -53,7 +53,7 @@ index 0db9f8a1fa..28ff4c121f 100644
  	cDefinesMap["HOST_ID"] = fmt.Sprintf("%d", identity.GetReservedID(labels.IDNameHost))
  	cDefinesMap["WORLD_ID"] = fmt.Sprintf("%d", identity.GetReservedID(labels.IDNameWorld))
 diff --git a/pkg/option/config.go b/pkg/option/config.go
-index 854fd4abc5..33d18ab335 100644
+index d082a24585..ab0731826c 100644
 --- a/pkg/option/config.go
 +++ b/pkg/option/config.go
 @@ -1233,6 +1233,8 @@ const (
@@ -65,7 +65,7 @@ index 854fd4abc5..33d18ab335 100644
  )
  
  // Default string arguments
-@@ -2435,6 +2437,8 @@ type DaemonConfig struct {
+@@ -2434,6 +2436,8 @@ type DaemonConfig struct {
  	// EnableSocketLBPodConnectionTermination enables the termination of connections from pods
  	// to deleted service backends when socket-LB is enabled
  	EnableSocketLBPodConnectionTermination bool
@@ -74,7 +74,7 @@ index 854fd4abc5..33d18ab335 100644
  }
  
  var (
-@@ -3171,6 +3175,8 @@ func (c *DaemonConfig) Populate(vp *viper.Viper) {
+@@ -3170,6 +3174,8 @@ func (c *DaemonConfig) Populate(vp *viper.Viper) {
  	c.BPFEventsTraceEnabled = vp.GetBool(BPFEventsTraceEnabled)
  	c.EnableIPSecEncryptedOverlay = vp.GetBool(EnableIPSecEncryptedOverlay)
  
@@ -84,5 +84,5 @@ index 854fd4abc5..33d18ab335 100644
  	switch c.ServiceNoBackendResponse {
  	case ServiceNoBackendResponseReject, ServiceNoBackendResponseDrop:
 -- 
-2.39.5 (Apple Git-154)
+2.50.1 (Apple Git-155)
 
diff --git a/policy/cilium/0006-gops-allow-disable-gops.patch b/policy/cilium/0006-gops-allow-disable-gops.patch
@@ -23,5 +23,5 @@ index 707835d816..0e2da2efa6 100644
  	addrField := logrus.Fields{"address": addr, logfields.LogSubsys: "gops"}
  	log = log.WithFields(addrField)
 -- 
-2.39.5 (Apple Git-154)
+2.50.1 (Apple Git-155)
 
diff --git a/policy/cilium/0007-ctmap-log-ct-gc-status.patch b/policy/cilium/0007-ctmap-log-ct-gc-status.patch
@@ -39,5 +39,5 @@ index c4ebecc404..81555cfc8a 100644
  }
  
 -- 
-2.39.5 (Apple Git-154)
+2.50.1 (Apple Git-155)
 
diff --git a/policy/cilium/0008-Ignore-the-link-local-IPv6-addresses-as-it-is-genera.patch b/policy/cilium/0008-Ignore-the-link-local-IPv6-addresses-as-it-is-genera.patch
@@ -34,5 +34,5 @@ index 0b1187c6dc..f003329fc9 100644
  				pluginCtx.Logger.WithError(err).WithField(logfields.Interface, link.Attrs().Name).Warn("No valid IPv6 address found")
  			}
 -- 
-2.39.5 (Apple Git-154)
+2.50.1 (Apple Git-155)
 
diff --git a/policy/cilium/0009-bandwidth-support-ingress-QoS-using-eBPF-token-bucke.patch b/policy/cilium/0009-bandwidth-support-ingress-QoS-using-eBPF-token-bucke.patch
@@ -462,7 +462,7 @@ index 594dad4677..013092819b 100644
  	if e.ConntrackLocalLocked() {
  		// Remove endpoint-specific CT map pins.
 diff --git a/pkg/endpoint/endpoint.go b/pkg/endpoint/endpoint.go
-index ae7e11b752..20005f82db 100644
+index 063d6c4f58..fbc397aca4 100644
 --- a/pkg/endpoint/endpoint.go
 +++ b/pkg/endpoint/endpoint.go
 @@ -217,6 +217,9 @@ type Endpoint struct {
@@ -475,7 +475,7 @@ index ae7e11b752..20005f82db 100644
  	// mac is the MAC address of the endpoint
  	// Constant after endpoint creation / restoration.
  	mac mac.MAC // Container MAC address.
-@@ -1835,7 +1838,7 @@ func (e *Endpoint) metadataResolver(ctx context.Context,
+@@ -1834,7 +1837,7 @@ func (e *Endpoint) metadataResolver(ctx context.Context,
  		if err != nil {
  			return "", filterResolveMetadataError(err)
  		}
@@ -918,5 +918,5 @@ index 0000000000..739c859fe4
 +	}
 +}
 -- 
-2.39.5 (Apple Git-154)
+2.50.1 (Apple Git-155)
 
diff --git a/policy/cilium/0010-Revert-fix-Adding-ipv6-check-on-the-node-init-functi.patch b/policy/cilium/0010-Revert-fix-Adding-ipv6-check-on-the-node-init-functi.patch
@@ -30,5 +30,5 @@ index 70aae859f1..90d3d52b0d 100644
  	} else {
  		// if node resource could not be received, fail if
 -- 
-2.39.5 (Apple Git-154)
+2.50.1 (Apple Git-155)
 
diff --git a/policy/cilium/0011-fix-viper-flag.patch b/policy/cilium/0011-fix-viper-flag.patch
@@ -9,10 +9,10 @@ Signed-off-by: l1b0k <libokang.dev@gmail.com>
  1 file changed, 1 insertion(+), 1 deletion(-)
 
 diff --git a/pkg/option/config.go b/pkg/option/config.go
-index 33d18ab335..120d749348 100644
+index ab0731826c..7d8dcd0f8f 100644
 --- a/pkg/option/config.go
 +++ b/pkg/option/config.go
-@@ -3063,7 +3063,7 @@ func (c *DaemonConfig) Populate(vp *viper.Viper) {
+@@ -3062,7 +3062,7 @@ func (c *DaemonConfig) Populate(vp *viper.Viper) {
  	c.EnableIPIPTermination = vp.GetBool(EnableIPIPTermination)
  	c.EnableUnreachableRoutes = vp.GetBool(EnableUnreachableRoutes)
  	c.EnableNodePort = vp.GetBool(EnableNodePort)
@@ -22,5 +22,5 @@ index 33d18ab335..120d749348 100644
  	c.EnableHostPort = vp.GetBool(EnableHostPort)
  	c.EnableHostLegacyRouting = vp.GetBool(EnableHostLegacyRouting)
 -- 
-2.39.5 (Apple Git-154)
+2.50.1 (Apple Git-155)
 
diff --git a/policy/cilium/0012-fix-src-label.patch b/policy/cilium/0012-fix-src-label.patch
@@ -34,5 +34,5 @@ index dab62a1026..596dcdd30d 100644
  		}
  		cilium_dbg(ctx, info ? DBG_IP_ID_MAP_SUCCEED4 : DBG_IP_ID_MAP_FAILED4,
 -- 
-2.39.5 (Apple Git-154)
+2.50.1 (Apple Git-155)
 
diff --git a/policy/cilium/0013-fix-keep-legacy-logic.patch b/policy/cilium/0013-fix-keep-legacy-logic.patch
@@ -45,5 +45,5 @@ index df3ad3fd0a..146c802483 100644
  			scopedLog := ep.Logger(subsystem).WithFields(logrus.Fields{
  				logfields.Interface: device,
 -- 
-2.39.5 (Apple Git-154)
+2.50.1 (Apple Git-155)
 
diff --git a/policy/cilium/0014-feat-datapath-add-multi-host-stack-support-for-veth-.patch b/policy/cilium/0014-feat-datapath-add-multi-host-stack-support-for-veth-.patch
@@ -31,19 +31,19 @@ index 596dcdd30d..30cc8f6c19 100644
 +++ b/bpf/bpf_lxc.c
 @@ -14,7 +14,10 @@
  #define IS_BPF_LXC 1
-
+ 
  #define EVENT_SOURCE LXC_ID
 +
 +#ifndef ENABLE_MULTI_HOST_STACK
  #define LOCAL_DNS_IP 0x0A14FEA9
 +#endif
-
+ 
  #include "lib/auth.h"
  #include "lib/tailcall.h"
 @@ -1272,8 +1275,13 @@ maybe_pass_to_stack: __maybe_unused;
  		int oif = 0;
  #endif
-
+ 
 -        if (ip4->daddr == LOCAL_DNS_IP )
 -            goto pass_to_stack;
 +#ifdef ENABLE_MULTI_HOST_STACK
@@ -53,7 +53,7 @@ index 596dcdd30d..30cc8f6c19 100644
 +		if (ip4->daddr == LOCAL_DNS_IP )
 +			goto pass_to_stack;
 +#endif
-
+ 
  		if (oif > 0) {
  			ret = ipv4_l3(ctx, ETH_HLEN, NULL, NULL, ip4);
 diff --git a/bpf/lib/eps.h b/bpf/lib/eps.h
@@ -101,7 +101,7 @@ index 40aef24988..1ce95572ac 100644
 @@ -387,6 +387,14 @@ func newDaemon(ctx context.Context, cleaner *daemonCleanup, params *daemonParams
  	}
  	lbmap.Init(lbmapInitParams)
-
+ 
 +	// no bother for ipvlan
 +	if option.Config.DatapathMode == datapathOption.DatapathModeVeth {
 +		err = initHostStackCIDR()
@@ -111,7 +111,7 @@ index 40aef24988..1ce95572ac 100644
 +	}
 +
  	params.NodeManager.Subscribe(params.Datapath.Node())
-
+ 
  	identity.IterateReservedIdentities(func(_ identity.NumericIdentity, _ *identity.Identity) {
 diff --git a/daemon/cmd/daemon_main.go b/daemon/cmd/daemon_main.go
 index 5a80538e8d..1b8e51ea63 100644
@@ -120,13 +120,13 @@ index 5a80538e8d..1b8e51ea63 100644
 @@ -378,6 +378,9 @@ func InitGlobalFlags(cmd *cobra.Command, vp *viper.Viper) {
  	flags.Bool(option.EnableInClusterLoadBalance, false, "Enable k8s in cluster loadbalance")
  	option.BindEnv(vp, option.EnableInClusterLoadBalance)
-
+ 
 +	flags.StringSlice(option.TerwayHostStackCIDR, []string{"169.254.20.10/32"}, "CIDRs to route traffic to host stack, this is node level config, if you change this config, you need to restart this node")
 +	option.BindEnv(vp, option.TerwayHostStackCIDR)
 +
  	flags.Bool(option.EnableL7Proxy, defaults.EnableL7Proxy, "Enable L7 proxy for L7 policy enforcement")
  	option.BindEnv(vp, option.EnableL7Proxy)
-
+ 
 diff --git a/daemon/cmd/hoststack-cidr.go b/daemon/cmd/hoststack-cidr.go
 new file mode 100644
 index 0000000000..9e6f6e8326
@@ -187,7 +187,7 @@ index 28ff4c121f..0901a7e695 100644
 @@ -1096,6 +1096,17 @@ func (h *HeaderfileWriter) writeTemplateConfig(fw *bufio.Writer, devices []strin
  	case datapathOption.DatapathModeVeth:
  		fmt.Fprintf(fw, "#define DATAPATH_VETH 1\n")
-
+ 
 +		hasExtra := false
 +		for _, hostStack := range option.Config.HostStackCIDRs {
 +			if hostStack != "169.254.20.10/32" {
@@ -359,7 +359,7 @@ index 0000000000..97ddc373fc
 +	return result, nil
 +}
 diff --git a/pkg/option/config.go b/pkg/option/config.go
-index 120d749348..b8d3364107 100644
+index 7d8dcd0f8f..533fd5a2ba 100644
 --- a/pkg/option/config.go
 +++ b/pkg/option/config.go
 @@ -1235,6 +1235,8 @@ const (
@@ -371,7 +371,7 @@ index 120d749348..b8d3364107 100644
  )
  
  // Default string arguments
-@@ -2439,6 +2441,8 @@ type DaemonConfig struct {
+@@ -2438,6 +2440,8 @@ type DaemonConfig struct {
  	EnableSocketLBPodConnectionTermination bool
  
  	DisablePerPacketLB bool
@@ -380,7 +380,7 @@ index 120d749348..b8d3364107 100644
  }
  
  var (
-@@ -3176,6 +3180,7 @@ func (c *DaemonConfig) Populate(vp *viper.Viper) {
+@@ -3175,6 +3179,7 @@ func (c *DaemonConfig) Populate(vp *viper.Viper) {
  	c.EnableIPSecEncryptedOverlay = vp.GetBool(EnableIPSecEncryptedOverlay)
  
  	c.DisablePerPacketLB = vp.GetBool(DisablePerPacketLB)
@@ -389,5 +389,5 @@ index 120d749348..b8d3364107 100644
  	c.ServiceNoBackendResponse = vp.GetString(ServiceNoBackendResponse)
  	switch c.ServiceNoBackendResponse {
 -- 
-2.39.5 (Apple Git-154)
+2.50.1 (Apple Git-155)
 
diff --git a/policy/cilium/0016-bpf-fix-hairpin.patch b/policy/cilium/0016-bpf-fix-hairpin.patch

Original file line number	Diff line number	Diff line change
`@@ -39,5 +39,5 @@ index c4ebecc404..81555cfc8a 100644`
`39`	`39`	`}`
`40`	`40`
`41`	`41`	`--`
`42`		`-2.39.5 (Apple Git-154)`
	`42`	`+2.50.1 (Apple Git-155)`
`43`	`43`
Original file line number	Diff line number	Diff line change
`@@ -34,5 +34,5 @@ index 0b1187c6dc..f003329fc9 100644`
`34`	`34`	`pluginCtx.Logger.WithError(err).WithField(logfields.Interface, link.Attrs().Name).Warn("No valid IPv6 address found")`
`35`	`35`	`}`
`36`	`36`	`--`
`37`		`-2.39.5 (Apple Git-154)`
	`37`	`+2.50.1 (Apple Git-155)`
`38`	`38`