New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
loader: check enabled L7 proxy via config property #26627
loader: check enabled L7 proxy via config property #26627
Conversation
Currently, the check whether l7 proxy functionality is enabled is based on whether the passed proxy reference is `nil` or not. Due to Go's nil-handling on Interfaces, this result in calls to `proxy.ReinstallRules` even though l7 proxy functionality isn't enabled. Therefore, this commit changes the check towards checking the config property. Signed-off-by: Marco Hofstetter <marco.hofstetter@isovalent.com>
/test |
@@ -541,7 +541,7 @@ func (l *Loader) Reinitialize(ctx context.Context, o datapath.BaseProgramOwner, | |||
} | |||
|
|||
// Reinstall proxy rules for any running proxies if needed | |||
if p != nil { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Why do we get a typed nil here in the first place? Your fix is pragmatic, but I wonder whether we can't get rid of the untyped nil instead. This probably isn't the only case where it's problematic and we really ought to move away from global variables influencing behaviour.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@lmb When I introduced the hive cell for the Proxy (PR), the existing behaviour has been kept - to keep the PR as small as possible. -> If L7 proxy is disabled, the hive provider returns nil.
But i see it exactly like you - it's confusing and this logic bloats into all the modules - even though it seems as this is the only problematic case, all other cases are already checking with the config property or doing the reflection-based check.
It's just that I thought it's best to handle this as a bug and just fix it.
I plan to extract an interface for the proxy in a follow up PR anyway. This might be the chance to return an implementation which acts accordingly when L7 proxy functionality is disabled.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yeah, makes sense. I've run into this as well :(
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Good catch, having been bitten by nil
checks on interfaces it's better to avoid them!
Currently, the check whether l7 proxy functionality is enabled is based on whether the passed proxy reference is
nil
or not.Due to Go's nil-handling on Interfaces, this result in calls to
proxy.ReinstallRules
even though l7 proxy functionality isn't enabled. It doesn't result in nil panics, because the method doesn't access the proxy itself. (I detected the actual issue in a separate PR which accesses fields of the proxy struct in this method)Therefore, this commit changes the check towards checking the config property.
As an alternative, it would be possible to add a nil check based on
reflect.ValueOf(p).IsNil()
- but i thought it's better to check the config property.