[1.12] Author backport of #28928 (Dns proxy use original source address and port) #29090
Conversation
[ upstream commit 95e25bf ] We have been maintaining and using that fork for a long time and it looks like the custom changes won't make it upstream any time soon. There are no other vendored dependencies using miekg/dns, so switching to the cilium/dns fork shouldn't have any side effects. The fork's module name was changed to match its import path in cilium/dns#4. Let's replace the github.com/miekg/dns import path by github.com/cilium/dns to get rid of another replace directive in go.mod and thus make life a tiny bit easier for downstream packages importing github.com/cilium/cilium. Signed-off-by: Tobias Klauser <tobias@cilium.io>
[ upstream commit 9d70db8 ] Set transparent, reuseaddr, and reuseport options and use the original source address on connections from DNS proxy to DNS servers to allow use of non-local source address as well as recreate sockets on the same 5-tuple without needing to wait for the TCP TIME_WAIT to finish. Use the MagicMarkEgress mark on connections to the dns servers instead the generic MagicMarkIdentity. Use original source address in connections to dns servers when the source address is not one of the host IPs. The original source address and port can not be reused if there is already socket with them to the same destination on the same networking namespace. Use new dns.SharedClients to reuse DNS clients between all requests that originate from the same source address and port. This allows multiple different requests to be pending at the same time on the same dns Client, which happens whenever the source pod sends multiple DNS requests from the same resolver invocation, e.g., for A and AAAA records. Signed-off-by: Jarno Rajahalme <jarno@isovalent.com> info: patch template saved to `-`
|
/test-backport-1.12 Job 'Cilium-PR-K8s-1.19-kernel-4.9' failed: Click to show.Test NameFailure OutputJenkins URL: https://jenkins.cilium.io/job/Cilium-PR-K8s-1.19-kernel-4.9/265/ If it is a flake and a GitHub issue doesn't already exist to track it, comment Then please upload the Jenkins artifacts to that issue. Job 'Cilium-PR-K8s-1.17-kernel-4.9' has 1 failure but they might be new flake since it also hit 1 known flake: #27118 (96.94% similarity) Job 'Cilium-PR-K8s-1.19-kernel-4.9' failed: Click to show.Test NameFailure OutputJenkins URL: https://jenkins.cilium.io/job/Cilium-PR-K8s-1.19-kernel-4.9/266/ If it is a flake and a GitHub issue doesn't already exist to track it, comment Then please upload the Jenkins artifacts to that issue. Job 'Cilium-PR-K8s-1.19-kernel-4.9' failed: Click to show.Test NameFailure OutputJenkins URL: https://jenkins.cilium.io/job/Cilium-PR-K8s-1.19-kernel-4.9/267/ If it is a flake and a GitHub issue doesn't already exist to track it, comment Then please upload the Jenkins artifacts to that issue. |
|
/test-1.17-4.9 |
|
test-1.19-4.9 |
|
/test-1.19-4.9 |
|
/test-1.21-4.9 |
|
/test-1.19-4.9 |
|
test-1.19-4.9 hit one known flake (#24840), I don't think it's worth wasting time running it again. Marking as ready-to-merge. |
Once this PR is merged, a GitHub action will update the labels of these PRs: