ipcache: keep upserted prefixes from being deleted by InjectLabels #29014
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
The "new" ipcache API (InjectLabels()) will delete a prefix if there are no metadata entries left. However, this behavior is not desirable when a user of the old APIs has taken control of this prefix. In order to prevent this, the field "createdFromMetadata" is set on all "new-style" prefixes to indicate they are safe to delete. However, in the case where a prefix is first injected via the metadata layer, then transitions to the old APIs, it should not be deleted. In other words: 1. UpsertMetadata(A) 2. UpsertGeneratedIdentities(A) 3. RemoveMetadata(A) should *not* delete A from the bpf ipcache, just the metadata layer. This change prevents that by ensuring the bit is always set. Signed-off-by: Casey Callendrello <cdc@isovalent.com>
|
Split out from #28673 on @christarazi's request. |
|
Requesting @gandro's review, as he approved the original commit. |
|
/test |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
The "new" ipcache API (InjectLabels()) will delete a prefix if there are no metadata entries left. However, this behavior is not desirable when a user of the old APIs has taken control of this prefix. In order to prevent this, the field "createdFromMetadata" is set on all "new-style" prefixes to indicate they are safe to delete.
However, in the case where a prefix is first injected via the metadata layer, then transitions to the old APIs, it should not be deleted. In other words:
should not delete A from the bpf ipcache, just the metadata layer.
This change prevents that by ensuring the bit is always set.