bpf: Derive host netns cookie via SO_NETNS_COOKIE #17018
Merged
Commits on Aug 3, 2021
-
bpf: Derive host netns cookie via SO_NETNS_COOKIE
When running in nested environments (e.g. Kind), cilium-agent does not run in the host netns. So, in such cases the cookie comparison based on bpf_get_netns_cookie(NULL) in bpf_sock.c for checking whether a socket belongs to a host netns does not work. This breaks some socket-lb functionality. To fix this, we derive the cookie of the netns in which cilium-agent runs via getsockopt(...SO_NETNS_COOKIE...) and then use it in the check above. This is based on an assumption that cilium-agent always runs with "hostNetwork: true". Signed-off-by: Martynas Pumputis <m@lambda.lt>
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.