Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

cni: Reserve local ports for DNS proxy even if IPv6 is disabled #32725

Merged
merged 2 commits into from
May 28, 2024
Merged

cni: Reserve local ports for DNS proxy even if IPv6 is disabled #32725

merged 2 commits into from
May 28, 2024

Conversation

gandro
Copy link
Member

@gandro gandro commented May 27, 2024

This fixes a bug where the port reservation of ports which can conflict with transparent DNS proxy where only reserved if IPv6 was enabled.

The call to reserveLocalIPPorts was accidentally added in the "IPv6-only" branch. This commit fixes that by unconditionally reserving local ports.

Fixes: 11fe7cc ("cilium-cni: Reserve ports that can conflict with transparent DNS proxy")

@gandro
daemon: Log set of auto-detected reserved ports
a818a14 
This aids in troubleshooting, as the list of ports is not visible
anywhere else in the sysdump.

Signed-off-by: Sebastian Wicki <sebastian@isovalent.com>
@gandro
cni: Reserve local ports for DNS proxy even if IPv6 is disabled
e69eaa6 
This fixes a bug where the port reservation of ports which can conflict
with transparent DNS proxy where only reserved if IPv6 was enabled.

The call to `reserveLocalIPPorts` was accidentally added in the
"IPv6-only" branch. This commit fixes that by unconditionally
reserving local ports.

Fixes: 11fe7cc ("cilium-cni: Reserve ports that can conflict with transparent DNS proxy")

Signed-off-by: Sebastian Wicki <sebastian@isovalent.com>
@gandro gandro added area/cni Impacts the Container Networking Interface between Cilium and the orchestrator. release-note/bug This PR fixes an issue in a previous release of Cilium. needs-backport/1.13 This PR / issue needs backporting to the v1.13 branch needs-backport/1.14 This PR / issue needs backporting to the v1.14 branch needs-backport/1.15 This PR / issue needs backporting to the v1.15 branch labels May 27, 2024
@gandro gandro requested review from a team as code owners May 27, 2024 08:26
@gandro gandro requested review from nebril and asauber May 27, 2024 08:26
@maintainer-s-little-helper maintainer-s-little-helper bot added this to Needs backport from main in 1.15.6 May 27, 2024
@maintainer-s-little-helper maintainer-s-little-helper bot added this to Needs backport from main in 1.13.17 May 27, 2024
@maintainer-s-little-helper maintainer-s-little-helper bot added this to Needs backport from main in 1.14.12 May 27, 2024
@gandro gandro mentioned this pull request May 27, 2024
Open
3 tasks
@gandro
Copy link
Member Author

gandro commented May 27, 2024

/test

@gandro gandro mentioned this pull request May 27, 2024
Open
nebril
nebril approved these changes May 27, 2024
View reviewed changes
Copy link
Member

@nebril nebril left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good catch!

tklauser
tklauser approved these changes May 28, 2024
View reviewed changes
Copy link
Member

@tklauser tklauser left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks, looks good for @cilium/cli.

@tklauser tklauser removed the request for review from asauber May 28, 2024 08:44
@tklauser tklauser added this pull request to the merge queue May 28, 2024
@julianwiedmann julianwiedmann added the area/proxy Impacts proxy components, including DNS, Kafka, Envoy and/or XDS servers. label May 28, 2024
@maintainer-s-little-helper maintainer-s-little-helper bot added the ready-to-merge This PR has passed all tests and received consensus from code owners to merge. label May 28, 2024
Merged via the queue into cilium:main with commit 76ecb4b May 28, 2024
66 checks passed
@joamaki joamaki mentioned this pull request May 30, 2024
Merged
2 tasks
@joamaki joamaki added backport-pending/1.13 The backport for Cilium 1.13.x for this PR is in progress. and removed needs-backport/1.13 This PR / issue needs backporting to the v1.13 branch labels May 30, 2024
@maintainer-s-little-helper maintainer-s-little-helper bot moved this from Needs backport from main to Backport pending to v1.13 in 1.13.17 May 30, 2024
@joamaki joamaki mentioned this pull request May 30, 2024
Merged
3 tasks
@joamaki joamaki added backport-pending/1.14 The backport for Cilium 1.14.x for this PR is in progress. and removed needs-backport/1.14 This PR / issue needs backporting to the v1.14 branch labels May 30, 2024
@maintainer-s-little-helper maintainer-s-little-helper bot moved this from Needs backport from main to Backport pending to v1.14 in 1.14.12 May 30, 2024
@joamaki joamaki mentioned this pull request May 30, 2024
Merged
6 tasks
@joamaki joamaki added backport-pending/1.15 The backport for Cilium 1.15.x for this PR is in progress. and removed needs-backport/1.15 This PR / issue needs backporting to the v1.15 branch labels May 30, 2024
@maintainer-s-little-helper maintainer-s-little-helper bot moved this from Needs backport from main to Backport pending to v1.15 in 1.15.6 May 30, 2024
@github-actions github-actions bot added backport-done/1.13 The backport for Cilium 1.13.x for this PR is done. and removed backport-pending/1.13 The backport for Cilium 1.13.x for this PR is in progress. labels May 30, 2024
@maintainer-s-little-helper maintainer-s-little-helper bot removed this from Backport pending to v1.13 in 1.13.17 May 30, 2024
@github-actions github-actions bot added backport-done/1.14 The backport for Cilium 1.14.x for this PR is done. and removed backport-pending/1.14 The backport for Cilium 1.14.x for this PR is in progress. labels May 31, 2024
@maintainer-s-little-helper maintainer-s-little-helper bot removed this from Backport pending to v1.14 in 1.14.12 May 31, 2024
@maintainer-s-little-helper maintainer-s-little-helper bot moved this from Backport pending to v1.14 to Backport done to v1.14 in 1.14.12 May 31, 2024
@maintainer-s-little-helper maintainer-s-little-helper bot added this to Backport done to v1.13 in 1.13.17 May 31, 2024
@github-actions github-actions bot added backport-done/1.15 The backport for Cilium 1.15.x for this PR is done. and removed backport-pending/1.15 The backport for Cilium 1.15.x for this PR is in progress. labels May 31, 2024
@maintainer-s-little-helper maintainer-s-little-helper bot removed this from Backport pending to v1.15 in 1.15.6 May 31, 2024
@maintainer-s-little-helper maintainer-s-little-helper bot added this to Backport done to v1.14 in 1.14.12 May 31, 2024
This was referenced Jun 8, 2024
Merged
Merged
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@tklauser tklauser tklauser approved these changes

@nebril nebril nebril approved these changes

Assignees
No one assigned
Labels
area/cni Impacts the Container Networking Interface between Cilium and the orchestrator. area/proxy Impacts proxy components, including DNS, Kafka, Envoy and/or XDS servers. backport-done/1.13 The backport for Cilium 1.13.x for this PR is done. backport-done/1.14 The backport for Cilium 1.14.x for this PR is done. backport-done/1.15 The backport for Cilium 1.15.x for this PR is done. ready-to-merge This PR has passed all tests and received consensus from code owners to merge. release-note/bug This PR fixes an issue in a previous release of Cilium.
Projects
1.13.17
Backport done to v1.13
1.14.12
Backport done to v1.14
cilium v1.13.17
Status: Released
cilium v1.14.12
Status: Released
cilium v1.15.6
Status: Released
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
5 participants
@gandro @tklauser @nebril @joamaki @julianwiedmann