Skip to content

pkg/endpoint: set down the right veth pair interface#44494

Merged
aanm merged 1 commit intomainfrom
pr/fix-set-down-aws
Feb 23, 2026
Merged

pkg/endpoint: set down the right veth pair interface#44494
aanm merged 1 commit intomainfrom
pr/fix-set-down-aws

Conversation

@aanm
Copy link
Copy Markdown
Member

@aanm aanm commented Feb 23, 2026
edited
Loading

On certain environments, where StatefulSets are used, the re-usage of a vethpair with the same name can occur. This can cause some concurrency issues and the setDown function is executed for the "new" veth pair, which uses the same name as the "older" veth pair. To prevent this from happening we should also check if the ifindex matches the veth pair fetched by netlink.

Fixes: 6633ca8 ("datapath,endpoint: explicitly remove TC filters during endpoint teardown")

Fix tearing down wrong pod's veth in aws-cni chaining when using deterministic pod names

Fixes #44463

@aanm
pkg/endpoint: set down the right veth pair interface
b9b33d8 
On certain environments, where StatefulSets are used, the re-usage of a
vethpair with the same name can occur. This can cause some concurrency
issues and the setDown function is executed for the "new" veth pair,
which uses the same name as the "older" veth pair. To prevent this from
happening we should also check if the ifindex matches the veth pair
fetched by netlink.

Fixes: 6633ca8 ("datapath,endpoint: explicitly remove TC filters during endpoint teardown")
Signed-off-by: André Martins <andre@cilium.io>
@aanm aanm requested a review from ti-mo February 23, 2026 10:11
@aanm aanm requested a review from a team as a code owner February 23, 2026 10:11
@aanm aanm added kind/bug This is a bug in the Cilium logic. release-note/bug This PR fixes an issue in a previous release of Cilium. affects/v1.17 This issue affects v1.17 branch affects/v1.18 This issue affects v1.18 branch affects/v1.19 This issue affects v1.19 branch needs-backport/1.19 This PR / issue needs backporting to the v1.19 branch labels Feb 23, 2026
@aanm aanm requested a review from fristonio February 23, 2026 10:11
@aanm aanm enabled auto-merge February 23, 2026 10:11
@aanm
Copy link
Copy Markdown
Member Author

aanm commented Feb 23, 2026

/test

ti-mo
ti-mo approved these changes Feb 23, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@ti-mo ti-mo left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Haha. 🙈

@aanm aanm added this pull request to the merge queue Feb 23, 2026
@maintainer-s-little-helper maintainer-s-little-helper bot added the ready-to-merge This PR has passed all tests and received consensus from code owners to merge. label Feb 23, 2026
Merged via the queue into main with commit 9087bd9 Feb 23, 2026
590 of 597 checks passed
@aanm aanm deleted the pr/fix-set-down-aws branch February 23, 2026 18:42
@yr1453
Copy link
Copy Markdown

yr1453 commented Feb 24, 2026

Not sure the right way to resurface a follow-up. posting here a cross-reference to #44463 (comment) instead of opening a new issue.

@YutaroHayakawa YutaroHayakawa mentioned this pull request Feb 24, 2026
Merged
21 tasks
@YutaroHayakawa YutaroHayakawa added backport-pending/1.19 The backport for Cilium 1.19.x for this PR is in progress. and removed needs-backport/1.19 This PR / issue needs backporting to the v1.19 branch labels Feb 24, 2026
@yr1453 yr1453 mentioned this pull request Feb 25, 2026
Open
3 tasks
@github-actions github-actions bot added backport-done/1.19 The backport for Cilium 1.19.x for this PR is done. and removed backport-pending/1.19 The backport for Cilium 1.19.x for this PR is in progress. labels Mar 2, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ti-mo ti-mo ti-mo approved these changes

@fristonio fristonio fristonio approved these changes

Assignees

No one assigned

Labels

affects/v1.17 This issue affects v1.17 branch affects/v1.18 This issue affects v1.18 branch affects/v1.19 This issue affects v1.19 branch backport-done/1.19 The backport for Cilium 1.19.x for this PR is done. kind/bug This is a bug in the Cilium logic. ready-to-merge This PR has passed all tests and received consensus from code owners to merge. release-note/bug This PR fixes an issue in a previous release of Cilium.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

setDown() tears down wrong pod's veth in aws-cni chaining when deterministic pod names (i.e StatefulSet) cause veth reuse

6 participants

@aanm @yr1453 @ti-mo @fristonio @msune @YutaroHayakawa