Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

daemon: do not allow --auto-direct-node-routes when tunneling is enabled #15196

Merged
merged 1 commit into from
Mar 5, 2021
Merged

daemon: do not allow --auto-direct-node-routes when tunneling is enabled #15196

merged 1 commit into from
Mar 5, 2021

Conversation

jibi
Copy link
Member

@jibi jibi commented Mar 4, 2021
edited
Loading

Enabling --auto-direct-node-routes when tunneling is enabled can cause
traffic to leave the node through a physical interface (i.e. not
encapsulated) rather than via the tunnel.

Reported-by: Paul Chaignon paul@cilium.io
Signed-off-by: Gilberto Bertin gilberto@isovalent.com

@maintainer-s-little-helper maintainer-s-little-helper bot added the dont-merge/needs-release-note-label The author needs to describe the release impact of these changes. label Mar 4, 2021
@maintainer-s-little-helper maintainer-s-little-helper bot added this to In progress in 1.10.0 Mar 4, 2021
@jibi
daemon: do not allow --auto-direct-node-routes when tunneling is enabled
4d76779 
Enabling --auto-direct-node-routes when tunneling is enabled can cause
traffic to leave the node through a physical interface (i.e. not
encapsulated) rather than via the tunnel.

Reported-by: Paul Chaignon <paul@cilium.io>
Signed-off-by: Gilberto Bertin <gilberto@isovalent.com>
@jibi jibi force-pushed the pr/jibi/fatal-on-auto-direct-node-routes-with-tunneling branch from 80f0ebe to 4d76779 Compare March 4, 2021 10:13
@jibi jibi marked this pull request as ready for review March 4, 2021 10:13
@jibi jibi requested a review from a team March 4, 2021 10:13
@jibi jibi requested review from a team as code owners March 4, 2021 10:13
@jibi jibi added the release-note/minor This PR changes functionality that users may find relevant to operating Cilium. label Mar 4, 2021
@maintainer-s-little-helper maintainer-s-little-helper bot removed the dont-merge/needs-release-note-label The author needs to describe the release impact of these changes. label Mar 4, 2021
@jibi jibi added area/daemon Impacts operation of the Cilium daemon. needs-backport/1.8 labels Mar 4, 2021
@maintainer-s-little-helper maintainer-s-little-helper bot added this to Needs backport from master in 1.9.5 Mar 4, 2021
@maintainer-s-little-helper maintainer-s-little-helper bot added this to Needs backport from master in 1.8.8 Mar 4, 2021
@jibi
Copy link
Member Author

jibi commented Mar 4, 2021

test-me-please

@qmonnet qmonnet removed their assignment Mar 4, 2021
@qmonnet
Copy link
Member

qmonnet commented Mar 4, 2021

Label-wise, is this a minor feature or a bug fix?

@pchaigno
Copy link
Member

pchaigno commented Mar 4, 2021

I would say minor feature because it may affect users if they had incorrect flags in place. It's not a security bug, so let's remove the v1.8 backport.

@maintainer-s-little-helper maintainer-s-little-helper bot removed this from Needs backport from master in 1.8.8 Mar 4, 2021
@aanm aanm merged commit a537ae3 into master Mar 5, 2021
1.10.0 automation moved this from In progress to Done Mar 5, 2021
@aanm aanm deleted the pr/jibi/fatal-on-auto-direct-node-routes-with-tunneling branch March 5, 2021 11:18
@tklauser tklauser mentioned this pull request Mar 8, 2021
Merged
@maintainer-s-little-helper maintainer-s-little-helper bot moved this from Needs backport from master to Backport pending to v1.9 in 1.9.5 Mar 8, 2021
@maintainer-s-little-helper maintainer-s-little-helper bot moved this from Needs backport from master to Backport pending to v1.9 in 1.9.5 Mar 8, 2021
@maintainer-s-little-helper maintainer-s-little-helper bot moved this from Backport pending to v1.9 to Backport done to v1.9 in 1.9.5 Mar 8, 2021
@christarazi christarazi mentioned this pull request Mar 10, 2021
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@borkmann borkmann borkmann approved these changes

@pchaigno pchaigno pchaigno approved these changes

@qmonnet qmonnet qmonnet approved these changes

@nebril nebril Awaiting requested review from nebril

@jrajahalme jrajahalme Awaiting requested review from jrajahalme

Assignees

@borkmann borkmann

@nebril nebril

@jrajahalme jrajahalme

Labels
area/daemon Impacts operation of the Cilium daemon. release-note/minor This PR changes functionality that users may find relevant to operating Cilium.
Projects
No open projects
1.10.0
Done
1.9.5
Backport done to v1.9
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
9 participants
@jibi @qmonnet @pchaigno @borkmann @tklauser @joestringer @nebril @aanm @jrajahalme