-
Notifications
You must be signed in to change notification settings - Fork 2.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Update vishvananda/netlink #31671
Update vishvananda/netlink #31671
Conversation
Commit 84473ba does not match "(?m)^Signed-off-by:". Please follow instructions provided in https://docs.cilium.io/en/stable/contributing/development/contributing_guide/#developer-s-certificate-of-origin |
84473ba
to
ef0d351
Compare
I misclicked the update branch button, which adds one merge commit for main branch. I did a force push to your remote branch to rectify it, additionally, we can merge 2 commits into one. |
/test |
39c2daf
to
e984789
Compare
/test |
e984789
to
95803b9
Compare
This change in vendor looks good to me, but no harm to have another check from others who involve in triaging the mentioned issue. |
I've been triggering CI here from time to time over the last two weeks but also can't really pinpoint a clear area that's breaking or deduce a simple reproducer. But its definitely multiple tests that keep failing, not just upgrade/downgrade tests. Potentially you could try to bisect the commits between current commit that cilium pulls from the netlink library and your latest fix. Happy to keep running CI with the revisions we need to test. Once we have a commit in the library that breaks cilium, it hopefully will be easier to locate why that change breaks so many tests. |
I think vishvananda/netlink@916f968 is the commit in the netlink lib that is causing the troubles for this PR. At least bisecting lead me to that commit. Can't really say what exactly the problematic part is that causes the issues in CI, but the code added to catch |
Thank you very much @rgo3! ❤️ |
Note that if we want to unblock this sooner, one option is to switch over to our https://github.com/cilium/netlink fork again and revert the offending patch there. |
If IPv4-only is a common environment that folks care about, then I think it would be great to reflect this via contributions towards #30327. Otherwise we'll most likely continue to break it once in a while 🤷. |
I understand, fair point. Sadly, I have neither the time nor the Go experience to do that :( Hopefully someone can tackle this :) |
d0f28c0
to
d098868
Compare
Hello, Someone reverted the offending commit in the netlink library: vishvananda/netlink#976 I just rebased the branch and updated the library to the latest version. @julianwiedmann let's CI this please ! 🙂 Best Regards. |
/test |
Looks much better :). The |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for your contribution and endless effort to drive this one through.
Can you help to re-run $ git status
On branch update-vishvananda-netlink
Changes not staged for commit:
(use "git add/rm <file>..." to update what will be committed)
(use "git restore <file>..." to discard changes in working directory)
deleted: vendor/github.com/vishvananda/netlink/cmd/ipset-test/main.go |
When queried for the routes of an unknown IP family the kernel return the routes for all IP families. This end up returning the IPv4 routes when IPv6 is disabled at boot time. Therefore calling DeleteRouteTable with family = AF_INET6 will delete IPv4 routes too, breaking the DNS proxy. Fixes: cilium#30744 Signed-off-by: Foyer Unix <foyerunix@foyer.lu>
d098868
to
97ef3d4
Compare
Hello, I think the issue should be solved. Not being a Go developer myself, I didn't know the existence of Best Regards. |
/test |
Hello,
Fixes: #30744
When queried for the routes of an unknow IP family the kernel return the routes for all IP families.
This end up returning the IPv4 routes when IPv6 is disabled at boot time. Therefore calling DeleteRouteTable with family = AF_INET6 will delete IPv4 routes too, breaking the DNS proxy.
I didn't include all the new code from the library yet as the contribution guide state that:
Unfortunately I don't see how to split the whole library update into smaller chunks. I also can't guarantee that the updated library code, if included fully, won't cause any regression. Therefore I prefer to run the CI with my changes only first.
Best Regards,