New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fqdn: Add Protocol to DNS Proxy Cache #31328
fqdn: Add Protocol to DNS Proxy Cache #31328
Conversation
837a2f4
to
d27bad7
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for the PR!
Note: the precheck error is due to a missing update of MockFQDNProxy.UpdateAllowed
signature in pkg/fqdn/proxy/proxy.go
.
Does it make sense to have a generic ProtoPort struct somewhere? That would make the signatures a lot simpler, as well as being a proper map key. It would also help prevent future errors where we talk about port without protocol. |
d27bad7
to
c2c1128
Compare
Edit: |
/ci-verifier |
DNS Proxy indexes domain selectors by port
only. In cases where protocols collide on port
the DNS proxy may have a more restrictive selector than it should because it does not merge port
protocols for L7 policies (only ports).
Refactor all users of the DNS Proxy are updated
to add protocol to any DNS Proxy entries, and all
tests are updated to test for port-protocol
merge errors.