-
Notifications
You must be signed in to change notification settings - Fork 1.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
zebra: separate zebra ZAPI server open and accept #17313
Conversation
Currently giving this a spin with the shell script from #16747, looks good so far. |
At least a quick smoke-test with our internal testing didn't show any new failures (with this patch and #16749 applied on top of 9.1.2). |
@Mergifyio backport dev/10.2 stable/10.1 stable/10.0 stable/9.1 stable/9.0 |
❌ No backport have been created
GitHub error:
|
0da248f
to
929adf2
Compare
rebased to latest upstream |
929adf2
to
9fb58db
Compare
Fixed a path that's called once per-netns, not once per startup. |
CI:rerun Check ANVL results again |
Might be worth to point out that this does not fix the core issue, but only works around it. The core issue is that While zebra's zserv is the only user of |
Sure - I'm not claiming to have fixed everything, just wanted to try to help with the immediate symptom, I guess.
|
Just to be clear this wasn't meant as a critique to the approach; I think the solution is right for now and should be merged, as it does fix a race condition. |
Separate zebra's ZAPI server socket handling into two phases: an early phase that opens the socket, and a later phase that starts listening for client connections. Signed-off-by: Mark Stapp <[email protected]>
9fb58db
to
506097a
Compare
rebased to latest master |
zebra: separate zebra ZAPI server open and accept (backport #17313)
zebra: separate zebra ZAPI server open and accept (backport #17313)
zebra: separate zebra ZAPI server open and accept (backport #17313)
zebra: separate zebra ZAPI server open and accept (backport #17313)
It sounds from #16747 as if it's possible for zebra to get privs wrong when it sets up its zapi server socket when running in privs-per-process mode. The current zserv code opens and starts listening on that server socket pretty late during startup, since zebra needs to be ready to do what clients start asking it to do.
This PR separates zebra's ZAPI server socket handling into two phases: an early phase that opens the socket, and a later phase that starts listening for client connections. The early 'open' phase is called quite early, before other zebra subsystems are started. The 'start' phase is still called later on.