mtu: fix possible race condition with enable-node-port config.

The MTU cell relies on option.Config.NodePortEnabled which as described in commit c2d65fe61a9231ee961097f894466727a2438768 is prone to a race where the daemon changes this configuration at runtime. This uses the newly introduced option.(*FinalDaemonConfig) type as a parameter dependency to prevent such issues with MTU. Signed-off-by: Tom Hadlaw <tom.hadlaw@isovalent.com>
cilium · May 1, 2024 · e77a166 · e77a166
1 parent ea798df
commit e77a166
Show file tree

Hide file tree

Showing 2 changed files with 4 additions and 2 deletions.
diff --git a/pkg/mtu/cell.go b/pkg/mtu/cell.go
@@ -33,6 +33,7 @@ type mtuParams struct {
 	IPsec        types.IPsecKeyCustodian
 	CNI          cni.CNIConfigManager
 	TunnelConfig tunnel.Config
+	Config       *option.FinalDaemonConfig
 }
 
 func newForCell(lc cell.Lifecycle, p mtuParams) MTU {
@@ -57,7 +58,7 @@ func newForCell(lc cell.Lifecycle, p mtuParams) MTU {
 				option.Config.EnableIPSec,
 				p.TunnelConfig.ShouldAdaptMTU(),
 				option.Config.EnableWireguard,
-				option.Config.EnableHighScaleIPcache && option.Config.EnableNodePort,
+				option.Config.EnableHighScaleIPcache && p.Config.NodePortEnabled(),
 				configuredMTU,
 				externalIP,
 			)

diff --git a/pkg/option/config.go b/pkg/option/config.go
@@ -1358,7 +1358,8 @@ func LogRegisteredOptions(vp *viper.Viper, entry *logrus.Entry) {
 
 // FinalDaemonConfig is a alias for DaemonConfig used to differentiate what stage of daemon option init
 // the config is when it is provided.
-// Any accessor functions on this type should be guarenteed
+// Any accessor functions on this type should be guarenteed to be "final" within the scope of a hive
+// provider (i.e. values should not be modified later).
 type FinalDaemonConfig DaemonConfig
 
 func (c *FinalDaemonConfig) NodePortEnabled() bool {