search

cilium / cilium

eBPF-based Networking, Security, and Observability
https://cilium.io
Apache License 2.0
19.16k stars 2.78k forks source link

fqdn: Skip "open ports" check for statically configured ports #33230

Closed gandro closed 1 week ago

gandro commented 1 week ago

When restoring the previous DNS proxy port, we check if the port is already in-use. However, if the port we retreived from GetProxyPort was previously set via SetProxyPort, then we want to use it unconditionally. We rely on isStatic for this, as as static ports cannot change and the open port may be open with SO_REUSEPORT (which proxy.OpenLocalPorts() does not check). Restored ports never have isStatic set to true, so this does retain the "open ports" check if the port was restored.

In addition, when restoring ports we want to make sure that previous calls to SetProxyPort are also not overwritten, thus this commit also only restores the port if it wasn't explicitly set.

This is the same behavior we had previously, which did not check the returned port of d.l7Proxy.GetProxyPort against the list of open ports.

Fixes: d11e4d261279 ("proxy: Reuse proxy ports from datapath on restart")

gandro commented 1 week ago

/test

gandro commented 1 week ago

/test

gandro commented 1 week ago

CI is green except for https://github.com/cilium/cilium/issues/33257 which is expected. Merging.