Skip to content

fix hostport CNAT entry handling #851

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
hedibouattour wants to merge 1 commit into
base: master
Choose a base branch
from
Open

fix hostport CNAT entry handling #851

hedibouattour wants to merge 1 commit into from

Conversation

@hedibouattour
Copy link
Collaborator

@hedibouattour hedibouattour commented Dec 5, 2025

Hostport-backed pods now create CNAT entries that may be IPv4 or IPv6. Previously, a unique entry ID was stored per hostport; this change moves hostport entry IDs into LocalPodSpecStatus, as they are internal to VPP.

This update also resolves cleanup issues during pod deletion, addressing leftover state that occurred with the previous deletion logic.

sknat
sknat reviewed Dec 9, 2025
View reviewed changes
Copy link
Collaborator

@sknat sknat left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

thanks, good catch !

calico-vpp-agent/cni/model/pod_status.go Outdated
PblIndexes map[string]uint32 `json:"pblIndexes"`
// HostPortEntryIDs is a map from hostport to corresponding cnat entry ids
// in VPP, it may correspond to 2 ids (v4 and v6)
HostPortEntryIDs map[uint16][]uint32
Copy link
Collaborator

@sknat sknat Dec 9, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Could we maybe make this a map[netip.Addr][uint16] instead ?
and key the cnat entries by hostIP and hostPort

calico-vpp-agent/cni/network_vpp_hostports.go Outdated
stack.Push(s.vpp.CnatTranslateDel, id)
}
podSpec.HostPorts[idx].EntryID = id
podSpec.HostPortEntryIDs[hostPort.HostPort] = append(podSpec.HostPortEntryIDs[hostPort.HostPort], id)
Copy link
Collaborator

@sknat sknat Dec 9, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Here we would then log an error if we find a conflicting entry in the map

Copy link
Collaborator Author

@hedibouattour hedibouattour Dec 9, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Which kind of conflict are you thinking about ?

@hedibouattour
fix hostport CNAT entry handling
d746e4f 
Hostport-backed pods now create CNAT entries that may be IPv4 or IPv6.
Previously, a unique entry ID was stored per hostport; this change moves hostport entry IDs into LocalPodSpecStatus, as they are internal to VPP.

This update also resolves cleanup issues during pod deletion, addressing leftover state that occurred with the previous deletion logic.
@hedibouattour hedibouattour force-pushed the fix-hostport-entries-deleting branch from a30bf51 to d746e4f Compare December 9, 2025 17:26
@hedibouattour hedibouattour requested a review from sknat December 10, 2025 16:56
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@sknat sknat Awaiting requested review from sknat

At least 1 approving review is required to merge this pull request.

Assignees

@hedibouattour hedibouattour

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@hedibouattour @sknat