Skip to content

Comments

Fix default route detection#716

Merged
guvenc merged 4 commits intomainfrom
fix/nat_default_route
Sep 5, 2025
Merged

Fix default route detection#716
guvenc merged 4 commits intomainfrom
fix/nat_default_route

Conversation

@PlagueCZ
Copy link
Contributor

@PlagueCZ PlagueCZ commented Sep 2, 2025
edited
Loading

Default route detection is now based on route depth/length not IP itself.

The same problem was technically present in IPv6, but there we only do NAT for NAT64 addresses which prevents the bug from manifesting itself.

I was unable to think up a good test for it because of the NAT64 restrictions, but I tested via debug logs inside ipv6_lookup_node.c

Fixes #715
Fixes #718

@github-actions github-actions bot added size/M bug Something isn't working labels Sep 2, 2025
@PlagueCZ
Copy link
Contributor Author

PlagueCZ commented Sep 2, 2025

As a test I deployed this to a compute cluster and my shoot running on it is still working.

@PlagueCZ PlagueCZ marked this pull request as ready for review September 2, 2025 16:57
@PlagueCZ PlagueCZ requested a review from a team as a code owner September 2, 2025 16:57
byteocean
byteocean reviewed Sep 3, 2025
View reviewed changes
@PlagueCZ PlagueCZ force-pushed the fix/nat_default_route branch from 8df5542 to 4e913c1 Compare September 3, 2025 12:06
@PlagueCZ PlagueCZ force-pushed the fix/nat_default_route branch from 4e913c1 to 356ade6 Compare September 3, 2025 15:55
byteocean
byteocean approved these changes Sep 3, 2025
View reviewed changes
Copy link
Contributor

@byteocean byteocean left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM now as communicated.

guvenc
guvenc reviewed Sep 5, 2025
View reviewed changes
test/local/test_nat.py

def test_nat_default_route(prepare_ifaces, grpc_client):
nat_ul_ipv6 = grpc_client.addnat(VM1.name, nat_vip, nat_local_min_port, nat_local_max_port)
try_ip_range(grpc_client, "128.0.0.0/1")
Copy link
Collaborator

@guvenc guvenc Sep 5, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice idea to test with X.0.0.0/1 for checking the default route behaviour with /0.

guvenc
guvenc approved these changes Sep 5, 2025
View reviewed changes
Copy link
Collaborator

@guvenc guvenc left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@guvenc guvenc merged commit 356ade6 into main Sep 5, 2025
6 checks passed
@guvenc guvenc deleted the fix/nat_default_route branch September 5, 2025 10:24
@github-project-automation github-project-automation bot moved this to Done in Roadmap Sep 5, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@byteocean byteocean byteocean approved these changes

@guvenc guvenc guvenc approved these changes

Assignees

No one assigned

Labels

area/networking bug Something isn't working size/M

Projects

Roadmap
Status: Done

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Pytest suite expect_error() bug NAT default route detection edge-case

4 participants

@PlagueCZ @byteocean @guvenc @hardikdr