Skip to content

Don't delete static host mappings for non-primary IPs #1464

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
JackDoan merged 9 commits into from
Sep 4, 2025
Merged

Don't delete static host mappings for non-primary IPs #1464

JackDoan merged 9 commits into from
Sep 4, 2025

Conversation

@JackDoan
Copy link
Collaborator

@JackDoan JackDoan commented Sep 3, 2025
edited
Loading

Fixes #1447

  • The config of Nebula included a static host mapping for one IP of the host. The host's certificate includes multiple IPs. Spelunking through the code, the function DeleteVpnAddrs is updated in master to support a host with multiple IPs. However, that function will only skip address deletion if the first IP in the certificate is recorded as having a static host mapping entry. We believe that in the user's reported case, the first IP in the host cert was not the IP listed in the config's static host mapping.

  • Reading through the code to investigate this issue, I noticed that unlockedGetRemoteList may also overwrite a static mapping if it receives a list of IP's and if the first IP in the slice is not in the addrMap but any subsequent IP is in the map. In that case, the subsequent IP entries will be overwritten by the newly created entry.

  • To close this issue, investigate the lighthouse addrMap to cover the scenario in which a given host's secondary IP appears in the static host map.

  • Add tests to prove this is fixed!

@JackDoan JackDoan self-assigned this Sep 3, 2025
@JackDoan JackDoan force-pushed the dont-trample-static-host-mappings-for-multi-ip branch from e21f24f to 88d9085 Compare September 3, 2025 14:33
@JackDoan JackDoan force-pushed the dont-trample-static-host-mappings-for-multi-ip branch from 88d9085 to 8d68931 Compare September 3, 2025 18:03
JackDoan
JackDoan commented Sep 4, 2025
View reviewed changes
@JackDoan JackDoan marked this pull request as ready for review September 4, 2025 16:07
@JackDoan JackDoan force-pushed the dont-trample-static-host-mappings-for-multi-ip branch from 076b5b3 to 0b127be Compare September 4, 2025 19:26
@JackDoan JackDoan merged commit 932e329 into master Sep 4, 2025
9 checks passed
@JackDoan JackDoan deleted the dont-trample-static-host-mappings-for-multi-ip branch September 4, 2025 19:49
This was referenced Sep 5, 2025
Merged
Merged
@wadey wadey added this to the v1.10.0 milestone Sep 10, 2025
@nbrownus nbrownus mentioned this pull request Nov 19, 2025
Merged
63 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@nbrownus nbrownus nbrownus approved these changes

@brad-defined brad-defined Awaiting requested review from brad-defined

Assignees

@JackDoan JackDoan

Labels

cla:signed

Projects

None yet

Milestone

v1.10.0

Development

Successfully merging this pull request may close these issues.

🐛 BUG: Nebula may lose a static host mapping

4 participants

@JackDoan @nbrownus @wadey