Skip to main content

Browse the archive

Revision 9f6d52e1a8886f7ba792dee9dc2b933c7dddafce authored by Lorenz Bauer on 11 June 2024, 15:23:53 UTC, committed by André Martins on 13 June 2024, 12:03:41 UTC 
bpf: avoid race when selecting the RevSNAT port
 
The logic to allocate SNAT mapping contains a race condition.
At a high level it does the following:

    if (!revsnat_exists(port)) {
        if (!create_revsnat(port)
            return error;

        ...
    }

Two concurrent executions of the datapath may succeed the
revsnat_exists check, which then leads to one of them bailing
out since create_revsnat fails.

Instead simply try to create the RevSNAT entry. If that fails we
retry with another port.

Signed-off-by: Lorenz Bauer <lmb@isovalent.com>
1 parent dc52072
History
File Mode Size
.devcontainer
.github
.nvim
.vscode
Documentation
api
bpf
bugtool
cilium-dbg
cilium-health
clustermesh-apiserver
contrib
daemon
examples
hack
hubble
hubble-relay
images
install
operator
pkg
plugins
test
tools
vendor
.authors.aux -rw-r--r-- 416 bytes
.clang-format -rw-r--r-- 7.6 KB
.clomonitor.yml -rw-r--r-- 984 bytes
.gitattributes -rw-r--r-- 887 bytes
.gitignore -rw-r--r-- 1.8 KB
.golangci.yaml -rw-r--r-- 4.4 KB
.mailmap -rw-r--r-- 6.9 KB
AUTHORS -rw-r--r-- 51.5 KB
CODEOWNERS -rw-r--r-- 28.2 KB
CODE_OF_CONDUCT.md -rw-r--r-- 2.2 KB
CONTRIBUTING.md -rw-r--r-- 691 bytes
FURTHER_READINGS.rst -rw-r--r-- 6.4 KB
LICENSE -rw-r--r-- 11.1 KB
MAINTAINERS.md -rw-r--r-- 4.6 KB
Makefile -rw-r--r-- 25.3 KB
Makefile.defs -rw-r--r-- 7.5 KB
Makefile.docker -rw-r--r-- 7.1 KB
Makefile.kind -rw-r--r-- 16.8 KB
Makefile.quiet -rw-r--r-- 818 bytes
README.rst -rw-r--r-- 19.6 KB
SECURITY-INSIGHTS.yml -rw-r--r-- 2.1 KB
SECURITY.md -rw-r--r-- 1.0 KB
USERS.md -rw-r--r-- 35.0 KB
VERSION -rw-r--r-- 11 bytes
Vagrantfile -rw-r--r-- 14.9 KB
go.mod -rw-r--r-- 13.6 KB
go.sum -rw-r--r-- 96.9 KB
netlify.toml -rw-r--r-- 92 bytes
stable.txt -rw-r--r-- 8 bytes
vagrant_box_defaults.rb -rw-r--r-- 334 bytes

README.rst

back to top