Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

wireguard, linuxnodehandler: untangle WireGuard agent from the linux node handler #25419

Merged
merged 1 commit into from
May 25, 2023
Merged

wireguard, linuxnodehandler: untangle WireGuard agent from the linux node handler #25419

merged 1 commit into from
May 25, 2023

Conversation

bimmlerd
Copy link
Member

@bimmlerd bimmlerd commented May 12, 2023
edited

Afaik, the reason the WireGuard node event handling was contained within the linuxNodeHandler code had to do with routing (and that IPSec did it this way). That dependency appears to be gone and entangling the two leads to a deadlock, as diagnosed in #24574.

This patch thus implements NodeHandler for the WireGuard agent, untangling it from the linuxNodeHandler. The wait cycle of the deadlock is thus broken, as the linuxNodeHandler doesn't otherwise acquire the IPCache lock while holding its lock.

From the perspective of the agent, the invocations of the callbacks change insofar that previously, only once the linuxNodeHandler considered itself initialised, it would forward node events. Specifically, this excluded the intial sync of nodes performed on subscribe. However, I didn't see a reason to specifically replicate this behaviour, but I'm open to feedback on that.

Fixes: #24574

Fix a possible deadlock when using WireGuard transparent encryption.

@maintainer-s-little-helper maintainer-s-little-helper bot added the dont-merge/needs-release-note-label The author needs to describe the release impact of these changes. label May 12, 2023
@bimmlerd bimmlerd added kind/bug This is a bug in the Cilium logic. release-note/bug This PR fixes an issue in a previous release of Cilium. area/encryption Impacts encryption support such as IPSec, WireGuard, or kTLS. sig/agent Cilium agent related. labels May 12, 2023
@maintainer-s-little-helper maintainer-s-little-helper bot removed the dont-merge/needs-release-note-label The author needs to describe the release impact of these changes. label May 12, 2023
@bimmlerd bimmlerd force-pushed the pr/bimmlerd/wireguard-node-handler branch from e1dc7b4 to 183d611 Compare May 12, 2023 14:21
@bimmlerd bimmlerd marked this pull request as ready for review May 15, 2023 07:25
@bimmlerd bimmlerd requested review from a team as code owners May 15, 2023 07:25
@bimmlerd bimmlerd requested review from brb and jibi May 15, 2023 07:25
@bimmlerd bimmlerd self-assigned this May 15, 2023
@bimmlerd bimmlerd mentioned this pull request May 15, 2023
Merged
@gandro gandro self-requested a review May 16, 2023 08:23
gandro
gandro reviewed May 16, 2023
View reviewed changes
Copy link
Member

@gandro gandro left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the PR! I'm assuming this is blocked on the subscriber interface refactoring, but overall the approach looks sound to me.

daemon/cmd/daemon.go Show resolved Hide resolved
pkg/wireguard/agent/node_handler.go Outdated Show resolved Hide resolved
pkg/wireguard/agent/node_handler.go Outdated Show resolved Hide resolved
@bimmlerd bimmlerd force-pushed the pr/bimmlerd/wireguard-node-handler branch from 183d611 to bb7a3f4 Compare May 16, 2023 09:19
@bimmlerd bimmlerd requested review from a team as code owners May 16, 2023 09:19
@bimmlerd bimmlerd requested a review from christarazi May 16, 2023 09:19
bimmlerd
bimmlerd commented May 16, 2023
View reviewed changes
Copy link
Member Author

@bimmlerd bimmlerd left a comment
edited

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

rebased on top of the NodeHandler interface changes in #25450, other comments addressed

daemon/cmd/daemon.go Show resolved Hide resolved
pkg/wireguard/agent/node_handler.go Outdated Show resolved Hide resolved
@bimmlerd bimmlerd added the dont-merge/blocked Another PR must be merged before this one. label May 16, 2023
gandro
gandro reviewed May 16, 2023
View reviewed changes
daemon/cmd/daemon.go Show resolved Hide resolved
pkg/wireguard/agent/node_handler.go Outdated Show resolved Hide resolved
christarazi
christarazi approved these changes May 16, 2023
View reviewed changes
Copy link
Member

@christarazi christarazi left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM pending Sebastian's comments

@bimmlerd bimmlerd force-pushed the pr/bimmlerd/wireguard-node-handler branch from bb7a3f4 to 2523387 Compare May 17, 2023 11:16
gandro
gandro approved these changes May 17, 2023
View reviewed changes
Copy link
Member

@gandro gandro left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks!

@bimmlerd bimmlerd force-pushed the pr/bimmlerd/wireguard-node-handler branch from 2523387 to 00d797f Compare May 19, 2023 13:10
@maintainer-s-little-helper maintainer-s-little-helper bot moved this from Backport pending to v1.13 to Needs backport from main in 1.13.3 Jun 2, 2023
This was referenced Jun 6, 2023
Merged
Merged
@bimmlerd bimmlerd mentioned this pull request Jun 6, 2023
Merged
2 tasks
@bimmlerd bimmlerd added backport-pending/1.13 The backport for Cilium 1.13.x for this PR is in progress. and removed needs-backport/1.13 This PR / issue needs backporting to the v1.13 branch labels Jun 6, 2023
@maintainer-s-little-helper maintainer-s-little-helper bot moved this from Needs backport from main to Backport pending to v1.13 in 1.13.3 Jun 6, 2023
@bimmlerd bimmlerd mentioned this pull request Jun 6, 2023
Merged
2 tasks
@maintainer-s-little-helper maintainer-s-little-helper bot moved this from Needs backport from main to Backport pending to v1.12 in 1.12.10 Jun 6, 2023
@bimmlerd bimmlerd mentioned this pull request Jun 6, 2023
Merged
2 tasks
@maintainer-s-little-helper maintainer-s-little-helper bot moved this from Needs backport from main to Backport pending to v1.11 in 1.11.18 Jun 6, 2023
@qmonnet qmonnet mentioned this pull request Jun 9, 2023
Closed
@michi-covalent michi-covalent mentioned this pull request Jun 9, 2023
Closed
@gandro gandro added backport-done/1.13 The backport for Cilium 1.13.x for this PR is done. and removed backport-pending/1.13 The backport for Cilium 1.13.x for this PR is in progress. labels Jun 12, 2023
@maintainer-s-little-helper maintainer-s-little-helper bot moved this from Backport pending to v1.13 to Backport done to v1.13 in 1.13.3 Jun 12, 2023
This was referenced Jun 12, 2023
Closed
Merged
Merged
@michi-covalent michi-covalent added backport-done/1.12 The backport for Cilium 1.12.x for this PR is done. and removed backport-pending/1.12 labels Jun 14, 2023
@maintainer-s-little-helper maintainer-s-little-helper bot moved this from Backport pending to v1.12 to Backport done to v1.12 in 1.12.10 Jun 14, 2023
@michi-covalent michi-covalent added backport-done/1.11 The backport for Cilium 1.11.x for this PR is done. and removed backport-pending/1.11 labels Jun 14, 2023
@maintainer-s-little-helper maintainer-s-little-helper bot moved this from Backport pending to v1.11 to Backport done to v1.11 in 1.11.18 Jun 14, 2023
@michi-covalent michi-covalent mentioned this pull request Jun 14, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@christarazi christarazi christarazi approved these changes

@gandro gandro gandro approved these changes

@jibi jibi jibi approved these changes

Assignees

@bimmlerd bimmlerd

Labels
area/encryption Impacts encryption support such as IPSec, WireGuard, or kTLS. backport-done/1.11 The backport for Cilium 1.11.x for this PR is done. backport-done/1.12 The backport for Cilium 1.12.x for this PR is done. backport-done/1.13 The backport for Cilium 1.13.x for this PR is done. kind/bug This is a bug in the Cilium logic. ready-to-merge This PR has passed all tests and received consensus from code owners to merge. release-note/bug This PR fixes an issue in a previous release of Cilium. sig/agent Cilium agent related.
Projects
No open projects
1.11.18
Backport done to v1.11
1.12.10
Backport done to v1.12
1.13.3
Backport done to v1.13
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Nodes hang to update their cluster node list
9 participants
@bimmlerd @Izzette @joestringer @maximumG @gandro @jibi @christarazi @sayboras @michi-covalent