New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
endpoint: Remove the duplicate ENABLE_SIP_VERIFICATION in ep_config.h #25533
Conversation
/test Job 'Cilium-PR-K8s-1.26-kernel-net-next' failed: Click to show.Test Name
Failure Output
Jenkins URL: https://jenkins.cilium.io/job/Cilium-PR-K8s-1.26-kernel-net-next/2395/ If it is a flake and a GitHub issue doesn't already exist to track it, comment Then please upload the Jenkins artifacts to that issue. |
pkg/endpoint/endpoint.go
Outdated
@@ -721,6 +721,12 @@ func (e *Endpoint) SetDefaultOpts(opts *option.IntOptions) { | |||
e.Options.Opts = option.OptionMap{} | |||
} | |||
|
|||
// We need to make sure DatapathConfiguration.DisableSipVerification value is same as | |||
// the value of SourceIPVerification option in the endpoint. | |||
if e.DatapathConfiguration.DisableSipVerification { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This looks like a code smell to me. This function is supposed to set the Endpoint's default options. All other code in this function looks rather generic, while this if statement is specific to a feature.
Is this code strictly necessary? Shouldn't this value make it into e.Options.Opts
at an earlier stage?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
should be possible, yeah.. it's not strictly necessary, I only need to make sure this is also correctly set on endpoint restoration
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
fixed, ptal :)
I also added a unit test to make sure this change is covered.
Btw this was a bit tricky as I found out later that these settings are overriden by calling SetDefaultConfiguration
in AddEndpoint()
. I believe the removal of it is safe as all references where this is called (the AddEndpoint()
) are in the end calling SetDefaultOpts
.
Changes make sense to me - just waiting for resolution to ti-mo's point. |
68027ef
to
f8af249
Compare
/test |
/ci-multicluster |
Playing around with this locally, I notice there is a small different between the old way and using IntOptions. The new way sets |
@@ -901,10 +901,6 @@ func (h *HeaderfileWriter) writeTemplateConfig(fw *bufio.Writer, e datapath.Endp | |||
fmt.Fprintf(fw, "#define ENABLE_ROUTING 1\n") | |||
} | |||
|
|||
if !e.DisableSIPVerification() { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
With this, I think we can just remove this from the EndpointConfiguration
interface.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
sounds good, let me try to fix that
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Tests lgtm
3523f01
to
77822d5
Compare
rebased with latest main branch.. retrigering tests |
/test |
Currently ENABLE_SIP_VERIFICATION runtime option can define ENABLE_SIP_VERIFICATION macro just like DisableSIPVerification endpoint datapath option can. If DatapathConfiguration.DisableSipVerification value is not inline with SourceIPVerification, the two macros in ep_config.h may conflict. Secondly calling of SetDefaultConfiguration() func is removed from AddEndpoint() as that is being called for the second time - although not using this wrapper but via SetDefaultOpts() directly. Related slack thread https://cilium.slack.com/archives/C2B917YHE/p1680518197957369 Signed-off-by: Li Chengyuan <chengyuanli@hotmail.com> Signed-off-by: Ondrej Blazek <ondrej.blazek@firma.seznam.cz>
Add unit test to test SourceIPVerification datapath option can always be overridden by endpoint specific DisableSipVerification datapath configuration. Signed-off-by: Ondrej Blazek <ondrej.blazek@firma.seznam.cz>
Signed-off-by: Ondrej Blazek <ondrej.blazek@firma.seznam.cz>
77822d5
to
20aee91
Compare
/test |
/ci-gke |
Currently ENABLE_SIP_VERIFICATION runtime option can define ENABLE_SIP_VERIFICATION macro just like DisableSIPVerification endpoint datapath option can. If DatapathConfiguration.DisableSipVerification value is not inline with SourceIPVerification, the two macros in ep_config.h may conflict.
Related slack thread https://cilium.slack.com/archives/C2B917YHE/p1680518197957369
This completes the PR #24150 (i.e. 24150 can be closed, original author is honored here...)