endpoint: Remove the duplicate ENABLE_SIP_VERIFICATION in ep_config.h #25533
Conversation
maintainer-s-little-helper
bot
added
the
dont-merge/needs-release-note-label
oblazek
changed the title
|
/test Job 'Cilium-PR-K8s-1.26-kernel-net-next' failed: Click to show.Test NameFailure OutputJenkins URL: https://jenkins.cilium.io/job/Cilium-PR-K8s-1.26-kernel-net-next/2395/ If it is a flake and a GitHub issue doesn't already exist to track it, comment Then please upload the Jenkins artifacts to that issue. |
pkg/endpoint/endpoint.go
Outdated
| @@ -721,6 +721,12 @@ func (e *Endpoint) SetDefaultOpts(opts *option.IntOptions) { | |||
| e.Options.Opts = option.OptionMap{} | |||
| } | |||
|
|
|||
| // We need to make sure DatapathConfiguration.DisableSipVerification value is same as | |||
| // the value of SourceIPVerification option in the endpoint. | |||
| if e.DatapathConfiguration.DisableSipVerification { | |||
There was a problem hiding this comment.
This looks like a code smell to me. This function is supposed to set the Endpoint's default options. All other code in this function looks rather generic, while this if statement is specific to a feature.
Is this code strictly necessary? Shouldn't this value make it into e.Options.Opts at an earlier stage?
There was a problem hiding this comment.
should be possible, yeah.. it's not strictly necessary, I only need to make sure this is also correctly set on endpoint restoration
There was a problem hiding this comment.
fixed, ptal :)
I also added a unit test to make sure this change is covered.
Btw this was a bit tricky as I found out later that these settings are overriden by calling SetDefaultConfiguration in AddEndpoint(). I believe the removal of it is safe as all references where this is called (the AddEndpoint()) are in the end calling SetDefaultOpts.
|
Changes make sense to me - just waiting for resolution to ti-mo's point. |
oblazek
force-pushed
the
sip_verification
branch
2 times, most recently
from
68027ef
to
f8af249
Compare
|
/test |
|
/ci-multicluster |
|
Playing around with this locally, I notice there is a small different between the old way and using IntOptions. The new way sets |
| @@ -901,10 +901,6 @@ func (h *HeaderfileWriter) writeTemplateConfig(fw *bufio.Writer, e datapath.Endp | |||
| fmt.Fprintf(fw, "#define ENABLE_ROUTING 1\n") | |||
| } | |||
|
|
|||
| if !e.DisableSIPVerification() { | |||
There was a problem hiding this comment.
With this, I think we can just remove this from the EndpointConfiguration interface.
There was a problem hiding this comment.
sounds good, let me try to fix that
oblazek
force-pushed
the
sip_verification
branch
from
3523f01
to
77822d5
Compare
|
rebased with latest main branch.. retrigering tests |
|
/test |
Currently ENABLE_SIP_VERIFICATION runtime option can define ENABLE_SIP_VERIFICATION macro just like DisableSIPVerification endpoint datapath option can. If DatapathConfiguration.DisableSipVerification value is not inline with SourceIPVerification, the two macros in ep_config.h may conflict. Secondly calling of SetDefaultConfiguration() func is removed from AddEndpoint() as that is being called for the second time - although not using this wrapper but via SetDefaultOpts() directly. Related slack thread https://cilium.slack.com/archives/C2B917YHE/p1680518197957369 Signed-off-by: Li Chengyuan <chengyuanli@hotmail.com> Signed-off-by: Ondrej Blazek <ondrej.blazek@firma.seznam.cz>
Add unit test to test SourceIPVerification datapath option can always be overridden by endpoint specific DisableSipVerification datapath configuration. Signed-off-by: Ondrej Blazek <ondrej.blazek@firma.seznam.cz>
Signed-off-by: Ondrej Blazek <ondrej.blazek@firma.seznam.cz>
oblazek
force-pushed
the
sip_verification
branch
from
77822d5
to
20aee91
Compare
|
/test |
|
/ci-gke |
ti-mo
added
the
release-note/bug
maintainer-s-little-helper
bot
added
ready-to-merge
Currently ENABLE_SIP_VERIFICATION runtime option can define ENABLE_SIP_VERIFICATION macro just like DisableSIPVerification endpoint datapath option can. If DatapathConfiguration.DisableSipVerification value is not inline with SourceIPVerification, the two macros in ep_config.h may conflict.
Related slack thread https://cilium.slack.com/archives/C2B917YHE/p1680518197957369
This completes the PR #24150 (i.e. 24150 can be closed, original author is honored here...)