-
Notifications
You must be signed in to change notification settings - Fork 188
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fix pluto crash when remote endpoint is unstable #2517
Merged
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
🤖 Created branch: z_pr2517/sridhargaddam/issue-2516 |
vthapar
approved these changes
Jun 2, 2023
skitt
approved these changes
Jun 2, 2023
Looking into the linter errors |
Currently, submariner-gateway pod while invoking the whack commands does not set any dpdaction flags. So the default dpdaction of disabled was applied. While using this action, when the remote endpoint is not responding within a certain duration, some problematic code path in Libreswan was getting executed and leading to crash. The proper fix would be to use an updated Libreswan, but as a workaround we can explicitly set the dpdaction=hold to avoid hitting the problematic code paths. Related PR in libreswan: libreswan/libreswan@c7a6113 Fixes: submariner-io#2516 Signed-off-by: Sridhar Gaddam <sgaddam@redhat.com> Co-authored-by: Yossi Boaron <yboaron@redhat.com>
tpantelis
approved these changes
Jun 2, 2023
🤖 Closed branches: [z_pr2517/sridhargaddam/issue-2516] |
This was referenced Jun 2, 2023
dfarrell07
added a commit
to sridhargaddam/submariner
that referenced
this pull request
Jun 2, 2023
…2517-origin-release-0.13
sridhargaddam
added a commit
to sridhargaddam/submariner-website
that referenced
this pull request
Jul 5, 2023
Includes the release notes for the following fixes. * Submariner now uses case-insensitive comparison while parsing CNI names. * subctl gather now collects Metrics proxy pod logs in a Globalnet deployment. * Submariner Gateway pod now skips invoking cableEngine cleanup during termination, as this is handled by the Route agent during gateway migration. * Fixed issue which caused the IPsec pluto process to crash when the remote endpoint was unstable. * Submariner now handles out-of-order remote endpoint notifications properly in Globalnet component. Related to: submariner-io/submariner#2486 Related to: submariner-io/subctl#770 Related to: submariner-io/submariner#2499 Related to: submariner-io/submariner#2517 Related to: submariner-io/submariner#2532 Signed-off-by: Sridhar Gaddam <sgaddam@redhat.com>
sridhargaddam
added a commit
to sridhargaddam/submariner-website
that referenced
this pull request
Jul 6, 2023
Includes the release notes for the following fixes. * Submariner now uses case-insensitive comparison while parsing CNI names. * subctl gather now collects Metrics proxy pod logs in a Globalnet deployment. * Submariner Gateway pod now skips invoking cableEngine cleanup during termination, as this is handled by the Route agent during gateway migration. * Fixed issue which caused the IPsec pluto process to crash when the remote endpoint was unstable. * Submariner now handles out-of-order remote endpoint notifications properly in Globalnet component. Related to: submariner-io/submariner#2486 Related to: submariner-io/subctl#770 Related to: submariner-io/submariner#2499 Related to: submariner-io/submariner#2517 Related to: submariner-io/submariner#2532 Signed-off-by: Sridhar Gaddam <sgaddam@redhat.com>
skitt
pushed a commit
to skitt/submariner-website
that referenced
this pull request
Jul 10, 2023
Includes the release notes for the following fixes. * Submariner now uses case-insensitive comparison while parsing CNI names. * subctl gather now collects Metrics proxy pod logs in a Globalnet deployment. * Submariner Gateway pod now skips invoking cableEngine cleanup during termination, as this is handled by the Route agent during gateway migration. * Fixed issue which caused the IPsec pluto process to crash when the remote endpoint was unstable. * Submariner now handles out-of-order remote endpoint notifications properly in Globalnet component. Related to: submariner-io/submariner#2486 Related to: submariner-io/subctl#770 Related to: submariner-io/submariner#2499 Related to: submariner-io/submariner#2517 Related to: submariner-io/submariner#2532 Signed-off-by: Sridhar Gaddam <sgaddam@redhat.com>
skitt
pushed a commit
to skitt/submariner-website
that referenced
this pull request
Jul 10, 2023
Includes the release notes for the following fixes. * Submariner now uses case-insensitive comparison while parsing CNI names. * subctl gather now collects Metrics proxy pod logs in a Globalnet deployment. * Submariner Gateway pod now skips invoking cableEngine cleanup during termination, as this is handled by the Route agent during gateway migration. * Fixed issue which caused the IPsec pluto process to crash when the remote endpoint was unstable. * Submariner now handles out-of-order remote endpoint notifications properly in Globalnet component. Related to: submariner-io/submariner#2486 Related to: submariner-io/subctl#770 Related to: submariner-io/submariner#2499 Related to: submariner-io/submariner#2517 Related to: submariner-io/submariner#2532 Signed-off-by: Sridhar Gaddam <sgaddam@redhat.com>
skitt
pushed a commit
to submariner-io/submariner-website
that referenced
this pull request
Jul 10, 2023
Includes the release notes for the following fixes. * Submariner now uses case-insensitive comparison while parsing CNI names. * subctl gather now collects Metrics proxy pod logs in a Globalnet deployment. * Submariner Gateway pod now skips invoking cableEngine cleanup during termination, as this is handled by the Route agent during gateway migration. * Fixed issue which caused the IPsec pluto process to crash when the remote endpoint was unstable. * Submariner now handles out-of-order remote endpoint notifications properly in Globalnet component. Related to: submariner-io/submariner#2486 Related to: submariner-io/subctl#770 Related to: submariner-io/submariner#2499 Related to: submariner-io/submariner#2517 Related to: submariner-io/submariner#2532 Signed-off-by: Sridhar Gaddam <sgaddam@redhat.com>
dfarrell07
pushed a commit
to dfarrell07/submariner-website
that referenced
this pull request
Oct 18, 2023
Includes the release notes for the following fixes. * Submariner now uses case-insensitive comparison while parsing CNI names. * subctl gather now collects Metrics proxy pod logs in a Globalnet deployment. * Submariner Gateway pod now skips invoking cableEngine cleanup during termination, as this is handled by the Route agent during gateway migration. * Fixed issue which caused the IPsec pluto process to crash when the remote endpoint was unstable. * Submariner now handles out-of-order remote endpoint notifications properly in Globalnet component. Related to: submariner-io/submariner#2486 Related to: submariner-io/subctl#770 Related to: submariner-io/submariner#2499 Related to: submariner-io/submariner#2517 Related to: submariner-io/submariner#2532 Signed-off-by: Sridhar Gaddam <sgaddam@redhat.com>
dfarrell07
pushed a commit
to dfarrell07/submariner-website
that referenced
this pull request
Oct 18, 2023
Includes the release notes for the following fixes. * Submariner now uses case-insensitive comparison while parsing CNI names. * subctl gather now collects Metrics proxy pod logs in a Globalnet deployment. * Submariner Gateway pod now skips invoking cableEngine cleanup during termination, as this is handled by the Route agent during gateway migration. * Fixed issue which caused the IPsec pluto process to crash when the remote endpoint was unstable. * Submariner now handles out-of-order remote endpoint notifications properly in Globalnet component. Related to: submariner-io/submariner#2486 Related to: submariner-io/subctl#770 Related to: submariner-io/submariner#2499 Related to: submariner-io/submariner#2517 Related to: submariner-io/submariner#2532 Signed-off-by: Sridhar Gaddam <sgaddam@redhat.com>
dfarrell07
pushed a commit
to dfarrell07/submariner-website
that referenced
this pull request
Oct 19, 2023
Includes the release notes for the following fixes. * Submariner now uses case-insensitive comparison while parsing CNI names. * subctl gather now collects Metrics proxy pod logs in a Globalnet deployment. * Submariner Gateway pod now skips invoking cableEngine cleanup during termination, as this is handled by the Route agent during gateway migration. * Fixed issue which caused the IPsec pluto process to crash when the remote endpoint was unstable. * Submariner now handles out-of-order remote endpoint notifications properly in Globalnet component. Related to: submariner-io/submariner#2486 Related to: submariner-io/subctl#770 Related to: submariner-io/submariner#2499 Related to: submariner-io/submariner#2517 Related to: submariner-io/submariner#2532 Signed-off-by: Sridhar Gaddam <sgaddam@redhat.com>
tpantelis
pushed a commit
to submariner-io/submariner-website
that referenced
this pull request
Oct 22, 2023
Includes the release notes for the following fixes. * Submariner now uses case-insensitive comparison while parsing CNI names. * subctl gather now collects Metrics proxy pod logs in a Globalnet deployment. * Submariner Gateway pod now skips invoking cableEngine cleanup during termination, as this is handled by the Route agent during gateway migration. * Fixed issue which caused the IPsec pluto process to crash when the remote endpoint was unstable. * Submariner now handles out-of-order remote endpoint notifications properly in Globalnet component. Related to: submariner-io/submariner#2486 Related to: submariner-io/subctl#770 Related to: submariner-io/submariner#2499 Related to: submariner-io/submariner#2517 Related to: submariner-io/submariner#2532 Signed-off-by: Sridhar Gaddam <sgaddam@redhat.com>
tpantelis
pushed a commit
to tpantelis/submariner-website
that referenced
this pull request
Nov 7, 2023
Includes the release notes for the following fixes. * Submariner now uses case-insensitive comparison while parsing CNI names. * subctl gather now collects Metrics proxy pod logs in a Globalnet deployment. * Submariner Gateway pod now skips invoking cableEngine cleanup during termination, as this is handled by the Route agent during gateway migration. * Fixed issue which caused the IPsec pluto process to crash when the remote endpoint was unstable. * Submariner now handles out-of-order remote endpoint notifications properly in Globalnet component. Related to: submariner-io/submariner#2486 Related to: submariner-io/subctl#770 Related to: submariner-io/submariner#2499 Related to: submariner-io/submariner#2517 Related to: submariner-io/submariner#2532 Signed-off-by: Sridhar Gaddam <sgaddam@redhat.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Labels
backport-handled
ready-to-test
When a PR is ready for full E2E testing
release-note-handled
release-note-needed
Should be mentioned in the release notes
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Currently, submariner-gateway pod while invoking the whack commands does not set any dpdaction flags. So the default dpdaction of disabled was applied. While using this action, when the remote endpoint is not responding within a certain duration, some problematic code path in Libreswan was getting executed and leading to crash. The proper fix would be to use an updated Libreswan, but as a workaround we can explicitly set the dpdaction=hold to avoid hitting the problematic code paths.
Related PR in libreswan:
libreswan/libreswan@c7a6113
Fixes: #2516
Co-authored-by: Yossi Boaron yboaron@redhat.com