zebra: separate zebra ZAPI server open and accept #17313
Conversation
|
Currently giving this a spin with the shell script from #16747, looks good so far. |
|
At least a quick smoke-test with our internal testing didn't show any new failures (with this patch and #16749 applied on top of 9.1.2). |
|
@Mergifyio backport dev/10.2 stable/10.1 stable/10.0 stable/9.1 stable/9.0 |
🟠 Waiting for conditions to match
|
mjstapp
force-pushed
the
zserv_open_unpriv
branch
from
0da248f
to
929adf2
Compare
|
rebased to latest upstream |
Separate zebra's ZAPI server socket handling into two phases: an early phase that opens the socket, and a later phase that starts listening for client connections. Signed-off-by: Mark Stapp <[email protected]>
mjstapp
force-pushed
the
zserv_open_unpriv
branch
from
929adf2
to
9fb58db
Compare
|
Fixed a path that's called once per-netns, not once per startup. |
|
CI:rerun Check ANVL results again |
|
Might be worth to point out that this does not fix the core issue, but only works around it. The core issue is that While zebra's zserv is the only user of |
|
Sure - I'm not claiming to have fixed everything, just wanted to try to help with the immediate symptom, I guess.
|
Just to be clear this wasn't meant as a critique to the approach; I think the solution is right for now and should be merged, as it does fix a race condition. |
It sounds from #16747 as if it's possible for zebra to get privs wrong when it sets up its zapi server socket when running in privs-per-process mode. The current zserv code opens and starts listening on that server socket pretty late during startup, since zebra needs to be ready to do what clients start asking it to do.
This PR separates zebra's ZAPI server socket handling into two phases: an early phase that opens the socket, and a later phase that starts listening for client connections. The early 'open' phase is called quite early, before other zebra subsystems are started. The 'start' phase is still called later on.