fix: remove veth pair in vm ns if previously leaked and fix validation #3940
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This comment was marked as outdated.
This comment was marked as outdated.
Sorry, something went wrong.
|
/azp run Azure Container Networking PR |
|
Azure Pipelines successfully started running 1 pipeline(s). |
QxBytes
force-pushed
the
alew/transparent-vlan-clean-vnet-container-nic
branch
from
33e3145 to
4db2645
Compare
behzad-mir
previously approved these changes
Aug 20, 2025
vipul-21
reviewed
Aug 21, 2025
There was a problem hiding this comment.
Pull Request Overview
This PR fixes issues in transparent-vlan mode by proactively cleaning up leaked veth interfaces and improving validation error messages. The changes prevent network setup failures caused by stale veth pairs that may exist in the wrong namespaces.
- Adds proactive cleanup of vnet and container veth interfaces before creating new veth pairs
- Fixes validation logic to check the correct interface name in the correct namespace
- Updates error messages to be more descriptive and consistent throughout the codebase
Reviewed Changes
Copilot reviewed 3 out of 3 changed files in this pull request and generated 1 comment.
| File | Description |
|---|---|
| network/transparent_vlan_endpointclient_linux.go | Adds cleanup function for leaked interfaces, fixes validation parameters, and updates error messages |
| network/transparent_vlan_endpointclient_linux_test.go | Updates test cases to reflect new validation function signature and improved error messages |
| network/networkutils/networkutils_linux.go | Adds interface name to logging for better debugging |
Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.
Co-authored-by: Copilot <[email protected]> Signed-off-by: Alexander <[email protected]>
vipul-21
approved these changes
Aug 22, 2025
behzad-mir
approved these changes
Aug 25, 2025
|
/azp run Azure Container Networking PR |
|
Azure Pipelines successfully started running 1 pipeline(s). |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Reason for Change:
In transparent-vlan mode, removes the vnet veth interface and container veth interface in the vm namespace if they exist prior to creating the pair in the vm namespace. This won't disrupt existing connections because these pairs are one per container, and if either side of the veth pair were in the vm namespace, the container's networking would be broken. The vnet veth interface must be in the vnet namespace and the container veth interface must be in the container namespace in a working setup (otherwise it is broken and we need to clean up). Removing one side of the veth should remove the other.
The above shouldn't be necessary since we already validate the existence of the veth interfaces on ADD, but it seems like sometimes the veth creation can pass validation, but then disappear for a short period of time before re-appearing, bypassing the cleanup logic during the add.
Also fixes an improper validation check after moving the vnet veth into the vnet namespace (though this did not cause the issue that triggered this fix). Previously it would check the wrong interface name, now it will check the interface name passed in the namespace passed in.
Issue Fixed:
See above
Requirements:
Notes:
Tested on a multitenancy linux transparent vlan setup with no issues
0c99864, consolidate logic and improve uts