Skip to main content

Browse the archive

https://github.com/cilium/cilium
09 April 2024, 21:14:05 UTC
Revision 0a83ad24a0d4e2af4ef86fe3631f561bd4b68f5e authored by André Martins on 15 August 2022, 22:04:12 UTC, committed by Aditi Ghag on 24 August 2022, 00:48:32 UTC 
pkg/endpoint: set namedPortsGetter interface on ParseEndpoint
 
[ upstream commit 7eb68cb0270443e8dc682ef83487ace126f3cbeb ]

When restoring endpoints from the state directory we need to also
initialize their internal "getters" as they will not be initialized on
restore.

This prevents Cilium from crashing upon initialization when a CNP with a
named port is available on the cluster.

```
goroutine 827 [running]:
github.com/cilium/cilium/pkg/endpoint.(*Endpoint).GetNamedPortLocked(0xc00024a000, 0x50?, {0xc000ba1cd0, 0x9}, 0xc0?)
 /go/src/github.com/cilium/cilium/pkg/endpoint/policy.go:68 +0x4f
github.com/cilium/cilium/pkg/policy.(*L4Filter).ToMapState(0xc001080000, {0x3434870, 0xc00024a000}, 0x1)
 /go/src/github.com/cilium/cilium/pkg/policy/l4.go:345 +0x2c3
github.com/cilium/cilium/pkg/policy.(*EndpointPolicy).computeDirectionL4PolicyMapEntries(0xc0019e8540, 0xc0019e8540?, 0xc0019e80d8?, 0x40?)
 /go/src/github.com/cilium/cilium/pkg/policy/resolve.go:171 +0xba
github.com/cilium/cilium/pkg/policy.(*EndpointPolicy).computeDesiredL4PolicyMapEntries(0xc0019e8540)
 /go/src/github.com/cilium/cilium/pkg/policy/resolve.go:164 +0x56
github.com/cilium/cilium/pkg/policy.(*selectorPolicy).DistillPolicy(0xc000d180c0, {0x3434870?, 0xc00024a000}, 0x0)
 /go/src/github.com/cilium/cilium/pkg/policy/resolve.go:141 +0x105
github.com/cilium/cilium/pkg/policy.(*cachedSelectorPolicy).Consume(0xc000123770?, {0x3434870?, 0xc00024a000?})
 /go/src/github.com/cilium/cilium/pkg/policy/distillery.go:202 +0x35
github.com/cilium/cilium/pkg/endpoint.(*Endpoint).regeneratePolicy(0xc00024a000)
 /go/src/github.com/cilium/cilium/pkg/endpoint/policy.go:234 +0x3f7
github.com/cilium/cilium/pkg/endpoint.(*Endpoint).runPreCompilationSteps(0xc00024a000, 0xc000399400)
 /go/src/github.com/cilium/cilium/pkg/endpoint/bpf.go:814 +0x2c5
github.com/cilium/cilium/pkg/endpoint.(*Endpoint).regenerateBPF(0xc00024a000, 0xc000399400)
 /go/src/github.com/cilium/cilium/pkg/endpoint/bpf.go:584 +0x189
github.com/cilium/cilium/pkg/endpoint.(*Endpoint).regenerate(0xc00024a000, 0xc000399400)
 /go/src/github.com/cilium/cilium/pkg/endpoint/policy.go:398 +0x7a5
github.com/cilium/cilium/pkg/endpoint.(*EndpointRegenerationEvent).Handle(0xc0014a2b70, 0x29fef80?)
 /go/src/github.com/cilium/cilium/pkg/endpoint/events.go:53 +0x325
```

Example of such CNP:
```
apiVersion: cilium.io/v2
kind: CiliumNetworkPolicy
metadata:
  namespace: cilium-test
  name: client-egress-to-echo-deny-named-port
spec:
  endpointSelector:
    matchLabels:
      kind: client
  egressDeny:
  - toPorts:
    - ports:
      - port: "http-8080"
        protocol: TCP
    toEndpoints:
    - matchLabels:
        io.kubernetes.pod.namespace: cilium-test
        kind: echo
```

Fixes: 6e7e9468be4b ("endpoint: Remove references to global ipcache")

Reported-by: Tam Mach <tam.mach@isovalent.com>
Signed-off-by: André Martins <andre@cilium.io>
Signed-off-by: Aditi Ghag <aditi@cilium.io>
1 parent 481d6cc
History
Tip revision: 0a83ad24a0d4e2af4ef86fe3631f561bd4b68f5e authored by André Martins on 15 August 2022, 22:04:12 UTC
pkg/endpoint: set namedPortsGetter interface on ParseEndpoint
Tip revision: 0a83ad2
File Mode Size
.github
.travis
Documentation
api
bpf
bugtool
cilium
cilium-health
clustermesh-apiserver
contrib
daemon
envoy
examples
hack
hubble-relay
images
install
jenkinsfiles
operator
pkg
plugins
proxylib
test
tools
vendor
.authors.aux -rw-r--r-- 416 bytes
.clomonitor.yml -rw-r--r-- 181 bytes
.gitattributes -rw-r--r-- 367 bytes
.gitignore -rw-r--r-- 1.5 KB
.golangci.yaml -rw-r--r-- 3.5 KB
.mailmap -rw-r--r-- 5.3 KB
.travis.yml -rw-r--r-- 492 bytes
AUTHORS -rw-r--r-- 29.4 KB
CHANGELOG.md -rw-r--r-- 69.0 KB
CODEOWNERS -rw-r--r-- 1.1 KB
CODE_OF_CONDUCT.md -rw-r--r-- 2.2 KB
CONTRIBUTING.md -rw-r--r-- 473 bytes
FURTHER_READINGS.rst -rw-r--r-- 4.9 KB
GO_VERSION -rw-r--r-- 7 bytes
LICENSE -rw-r--r-- 11.1 KB
MAINTAINERS.md -rw-r--r-- 4.0 KB
Makefile -rw-r--r-- 30.4 KB
Makefile.defs -rw-r--r-- 7.3 KB
Makefile.docker -rw-r--r-- 6.4 KB
Makefile.quiet -rw-r--r-- 818 bytes
README.rst -rw-r--r-- 16.6 KB
SECURITY.md -rw-r--r-- 615 bytes
USERS.md -rw-r--r-- 18.0 KB
VERSION -rw-r--r-- 7 bytes
Vagrantfile -rw-r--r-- 14.8 KB
go.mod -rw-r--r-- 11.1 KB
go.sum -rw-r--r-- 159.7 KB
netlify.toml -rw-r--r-- 92 bytes
stable.txt -rw-r--r-- 8 bytes
vagrant_box_defaults.rb -rw-r--r-- 394 bytes

README.rst

back to top