Add a new manager for all-hosts ipset even when IPIP is not enabled

[mazdakn]

Description

Previously, we only used all-hosts-net ipset for ipip encapsulation. However, we need it now for more features listed below:

• For QoS policy to set DSCP on traffic leaving a cluster (including hosts): Set DSCP for host endpoints #10825
• Also with introduction of IPPoolsAndHostIPs for natOutgoingExclusions option, all-hosts-net ipset needs to be present. Since ATM, this ipset is only managed by IPIP manager, using the mentioned value in any routing setup except IPIP leads to Felix not being able to program rules, and eventually panicing. The change made in the NAT outgoing FV test simply triggers the panic.
• Additionally, using IPPoolsAndHostIPs with IPv6 pools, would panic Felix even in IPIP, since IPIP encap does not support IPv6.

This PR adds a new manager to manage all-hosts-net ipset by separating the functionality from IPIP manager. The new manager will always be running since the ipset is needed by IPIP encapsulation, NAT outgoing, and QoS Policy.

Related issues/PRs

Todos

• Tests
• Documentation
• Release note

Release Note

TBD

Reminder for the reviewer

Make sure that this PR has the correct labels and milestone set.

Every PR needs one docs-* label.

• docs-pr-required: This change requires a change to the documentation that has not been completed yet.
• docs-completed: This change has all necessary documentation completed.
• docs-not-required: This change has no user-facing impact and requires no docs.

Every PR needs one release-note-* label.

• release-note-required: This PR has user-facing changes. Most PRs should have this label.
• release-note-not-required: This PR has no user-facing changes.

Other optional labels:

• cherry-pick-candidate: This PR should be cherry-picked to an earlier release. For bug fixes only.
• needs-operator-pr: This PR is related to install and requires a corresponding change to the operator.

[Copilot]

Pull Request Overview

This PR introduces a standalone manager for the all-hosts ipset that operates independently of IPIP functionality. The change extracts ipset management from the IPIP manager and creates a dedicated hostsIPSetManager to handle all-hosts ipset updates even when IPIP is disabled.

• Extracts all-hosts ipset management from IPIP manager into a dedicated manager
• Creates hostsIPSetManager that operates for both IPv4 and IPv6 without IPIP dependency
• Updates tests to reflect the architectural change

Reviewed Changes

Copilot reviewed 6 out of 6 changed files in this pull request and generated 2 comments.

Show a summary per file

File	Description
felix/dataplane/linux/ipset_hosts_mgr.go	New dedicated manager for all-hosts ipset functionality
felix/dataplane/linux/ipset_hosts_mgr_test.go	Comprehensive test coverage for the new hosts ipset manager
felix/dataplane/linux/ipip_mgr.go	Removes all-hosts ipset management functionality from IPIP manager
felix/dataplane/linux/ipip_mgr_test.go	Removes ipset-related tests that moved to the new manager
felix/dataplane/linux/int_dataplane.go	Registers the new hosts ipset manager for both IPv4 and IPv6
felix/fv/nat_outgoing_test.go	Updates test configuration to disable IPIP and configure NAT exclusions

---

_{Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.}