New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
proxy: fix rule deletion if protocol family is unsupported #30299
Conversation
/test |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Consider adding a test case for this by using SocketDisableIPv6.
Nice suggestion @danehans, left the PR as a draft because I didn't come up with a regression test yet. I'll give it a shot tomorrow! |
Using |
@rgo3 thanks for looking into this and providing feedback. /LGTM |
Currently we try to remove IPv6 proxy rules if the IPv6 option is disabled. This is to clean up those rules if a previously running agent has installed them but was restarted with a configuration change. This can fail if the underlying kernel has no IPv6 support. This commit fixes this, by allowing the necessary netlink syscall to fail with EAFNOSUPPORT. Fixes: cilium#29965 Signed-off-by: Robin Gögge <r.goegge@isovalent.com>
b4a2006
to
8be61bb
Compare
/test |
Currently, we try to remove IPv6 proxy rules if the IPv6 option is disabled. This is to clean up those rules if a previously running agent has installed them but was restarted with a configuration change. This can fail if the underlying kernel has no IPv6 support. This commit fixes this, by allowing the necessary netlink syscall to fail with EAFNOSUPPORT.
Fixes: #29965