Skip to content

fqdn: Skip "open ports" check for statically configured ports #33230

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Jun 19, 2024
Merged

fqdn: Skip "open ports" check for statically configured ports #33230

merged 1 commit into from
Jun 19, 2024

Conversation

gandro
Copy link
Member

@gandro gandro commented Jun 18, 2024
edited
Loading

When restoring the previous DNS proxy port, we check if the port is
already in-use. However, if the port we retreived from GetProxyPort
was previously set via SetProxyPort, then we want to use it
unconditionally. We rely on isStatic for this, as as static ports
cannot change and the open port may be open with SO_REUSEPORT (which
proxy.OpenLocalPorts() does not check). Restored ports never have
isStatic set to true, so this does retain the "open ports" check if
the port was restored.

In addition, when restoring ports we want to make sure
that previous calls to SetProxyPort are also not overwritten, thus
this commit also only restores the port if it wasn't explicitly set.

This is the same behavior we had previously, which did not check the
returned port of d.l7Proxy.GetProxyPort against the list of open
ports.

Fixes: d11e4d2 ("proxy: Reuse proxy ports from datapath on restart")

@gandro gandro added area/proxy Impacts proxy components, including DNS, Kafka, Envoy and/or XDS servers. release-note/misc This PR makes changes that have no direct user impact. labels Jun 18, 2024
@gandro gandro requested review from a team as code owners June 18, 2024 10:32
@gandro gandro requested review from christarazi and pippolo84 June 18, 2024 10:32
@github-actions github-actions bot added the sig/policy Impacts whether traffic is allowed or denied based on user-defined policies. label Jun 18, 2024
@gandro
Copy link
Member Author

gandro commented Jun 18, 2024

/test

@gandro gandro force-pushed the pr/gandro/proxy-skip-open-ports-check-for-static-port branch 3 times, most recently from 6ba233a to 0c589af Compare June 18, 2024 12:25
pippolo84
pippolo84 approved these changes Jun 18, 2024
View reviewed changes
Copy link
Member

@pippolo84 pippolo84 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@gandro gandro force-pushed the pr/gandro/proxy-skip-open-ports-check-for-static-port branch from 0c589af to a394dc1 Compare June 19, 2024 07:54
@gandro
fqdn: Skip "open ports" check for statically configured ports
47f1467 
When restoring the previous DNS proxy port, we check if the port is
already in-use. However, if the port we retrieved from `GetProxyPort`
was previously set via `SetProxyPort`, then we want to use it
unconditionally. We rely on `isStatic` for this, as static ports cannot
change and the open port may be open with `SO_REUSEPORT` (which
`proxy.OpenLocalPorts()` does not check). Restored ports never have
`isStatic` set to true, so this does retain the "open ports" check if
the port was restored.

In addition, when restoring ports we want to make sure that previous
calls to `SetProxyPort` are also not overwritten, thus this commit also
only restores the port if it wasn't explicitly set.

This is the same behavior we had previously, which did not check the
returned port of `d.l7Proxy.GetProxyPort` against the list of open
ports.

Fixes: d11e4d2 ("proxy: Reuse proxy ports from datapath on restart")

Signed-off-by: Sebastian Wicki <sebastian@isovalent.com>
@gandro gandro force-pushed the pr/gandro/proxy-skip-open-ports-check-for-static-port branch from a394dc1 to 47f1467 Compare June 19, 2024 07:58
@gandro
Copy link
Member Author

gandro commented Jun 19, 2024

/test

@gandro
Copy link
Member Author

gandro commented Jun 19, 2024

CI is green except for #33257 which is expected. Merging.

@gandro gandro merged commit fb7e01b into cilium:main Jun 19, 2024
@joestringer joestringer mentioned this pull request Jun 28, 2024
Merged
This was referenced Nov 6, 2024
Merged
Merged
@maintainer-s-little-helper maintainer-s-little-helper bot added the ready-to-merge This PR has passed all tests and received consensus from code owners to merge. label Nov 6, 2024
@gandro gandro added needs-backport/1.15 and removed ready-to-merge This PR has passed all tests and received consensus from code owners to merge. labels Nov 6, 2024
@maintainer-s-little-helper maintainer-s-little-helper bot added the ready-to-merge This PR has passed all tests and received consensus from code owners to merge. label Nov 6, 2024
@gandro
Copy link
Member Author

gandro commented Nov 6, 2024

The "Fixed" commit was backported to stable branches. This means we need to backport this too.

@gandro gandro mentioned this pull request Nov 11, 2024
Merged
1 task
@gandro gandro added the backport-pending/1.14 The backport for Cilium 1.14.x for this PR is in progress. label Nov 11, 2024
@github-actions github-actions bot added backport-done/1.14 The backport for Cilium 1.14.x for this PR is done. and removed backport-pending/1.14 The backport for Cilium 1.14.x for this PR is in progress. labels Nov 11, 2024
@gandro gandro mentioned this pull request Nov 13, 2024
Merged
1 task
@gandro gandro added backport-pending/1.15 The backport for Cilium 1.15.x for this PR is in progress. and removed needs-backport/1.15 labels Nov 13, 2024
@cilium-release-bot cilium-release-bot bot mentioned this pull request Nov 13, 2024
Merged
@github-actions github-actions bot added backport-done/1.15 The backport for Cilium 1.15.x for this PR is done. and removed backport-pending/1.15 The backport for Cilium 1.15.x for this PR is in progress. labels Nov 13, 2024
@cilium-release-bot cilium-release-bot bot mentioned this pull request Nov 14, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@pippolo84 pippolo84 pippolo84 approved these changes

@christarazi christarazi christarazi approved these changes

Assignees
No one assigned
Labels
area/proxy Impacts proxy components, including DNS, Kafka, Envoy and/or XDS servers. backport-done/1.14 The backport for Cilium 1.14.x for this PR is done. backport-done/1.15 The backport for Cilium 1.15.x for this PR is done. ready-to-merge This PR has passed all tests and received consensus from code owners to merge. release-note/misc This PR makes changes that have no direct user impact. sig/policy Impacts whether traffic is allowed or denied based on user-defined policies.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@gandro @pippolo84 @christarazi