hot_restart: fix socket handoff for listeners with network namespace addresses#43653
Merged
ravenblackx merged 4 commits intoMar 2, 2026
Merged
Conversation
jronak
force-pushed
the
hot-restart-network-namespace
branch
from
3fff32c to
27b1392
Compare
Hot restart socket handoff fails when a listener has network_namespace_filepath configured. The PassListenSocket request only carries the address string, so the parent resolves an address without a namespace that never matches the listener's namespaced address. Thread the network namespace through the PassListenSocket proto, child request, and parent resolution so that namespaced addresses match correctly during hot restart. Signed-off-by: Ronak Jain <ronakjainc@gmail.com>
jronak
force-pushed
the
hot-restart-network-namespace
branch
from
27b1392 to
b1597be
Compare
…-namespace Signed-off-by: Ronak Jain <ronakjainc@gmail.com> Signed-off-by: Ronak Jain <ronakjainc@gmail.com>
jronak
force-pushed
the
hot-restart-network-namespace
branch
from
5c5b442 to
82a31ce
Compare
Contributor
|
/assign @ravenblackx |
ravenblackx
requested changes
Feb 27, 2026
Contributor
ravenblackx
left a comment
ravenblackx
left a comment
There was a problem hiding this comment.
Lots of changes but they're all nitpicky, the general thrust of the PR looks great, thanks!
…setup - Use absl::string_view instead of const std::string& for network_namespace parameter across hot restart interfaces - Use std::make_shared instead of raw new for address construction in tests - Simplify ON_CALL mock setup to not specify arg matchers - Use "" instead of std::string() for empty namespace default Signed-off-by: Ronak Jain <ronakjainc@gmail.com>
auto-merge was automatically disabled
February 28, 2026 07:46
Head branch was pushed to by a user without write access
Avoids unnecessary local variable by passing the network namespace directly to the function call. Signed-off-by: Ronak Jain <ronakjainc@gmail.com>
Contributor
Author
|
/retest |
ravenblackx
approved these changes
Mar 2, 2026
Contributor
|
Normally this would need approval from a senior maintainer too since it touches core code - I'm going to assume @RyanTheOptimist previously enabling auto-merge counts as that endorsement. |
bmjask
pushed a commit
to bmjask/envoy
that referenced
this pull request
Mar 14, 2026
…addresses (envoyproxy#43653) Commit Message: Hot restart socket handoff fails when a listener has `network_namespace_filepath` configured. The `PassListenSocket` request only carries the address string (e.g. `tcp://0.0.0.0:80`), the network namespace is lost. On the parent side, `resolveUrl` produces an address with `networkNamespace() == nullopt`, which never matches the listener's namespaced address (since `operator==` checks namespace equality). The result is `fd == -1`, the child falls back to binding a new socket, breaking handoff. This PR fixes it by passing the network namespace hot restart socket handoff path in child and parent handling. Risk Level: Low, only affects listeners with `network_namespace_filepath` set, which were already broken during hot restart. Testing: Updated and added unit tests in `hot_restarting_parent_test.cc` covering namespace match, mismatch, and mixed (namespace vs no-namespace) cases. Docs Changes: Updated Changelog Release Notes: NA Platform Specific Features: NA --------- Signed-off-by: Ronak Jain <ronakjainc@gmail.com> Signed-off-by: bjmask <11672696+bjmask@users.noreply.github.com>
bvandewalle
pushed a commit
to bvandewalle/envoy
that referenced
this pull request
Mar 17, 2026
…addresses (envoyproxy#43653) Commit Message: Hot restart socket handoff fails when a listener has `network_namespace_filepath` configured. The `PassListenSocket` request only carries the address string (e.g. `tcp://0.0.0.0:80`), the network namespace is lost. On the parent side, `resolveUrl` produces an address with `networkNamespace() == nullopt`, which never matches the listener's namespaced address (since `operator==` checks namespace equality). The result is `fd == -1`, the child falls back to binding a new socket, breaking handoff. This PR fixes it by passing the network namespace hot restart socket handoff path in child and parent handling. Risk Level: Low, only affects listeners with `network_namespace_filepath` set, which were already broken during hot restart. Testing: Updated and added unit tests in `hot_restarting_parent_test.cc` covering namespace match, mismatch, and mixed (namespace vs no-namespace) cases. Docs Changes: Updated Changelog Release Notes: NA Platform Specific Features: NA --------- Signed-off-by: Ronak Jain <ronakjainc@gmail.com>
fishcakez
pushed a commit
to fishcakez/envoy
that referenced
this pull request
Mar 25, 2026
…addresses (envoyproxy#43653) Commit Message: Hot restart socket handoff fails when a listener has `network_namespace_filepath` configured. The `PassListenSocket` request only carries the address string (e.g. `tcp://0.0.0.0:80`), the network namespace is lost. On the parent side, `resolveUrl` produces an address with `networkNamespace() == nullopt`, which never matches the listener's namespaced address (since `operator==` checks namespace equality). The result is `fd == -1`, the child falls back to binding a new socket, breaking handoff. This PR fixes it by passing the network namespace hot restart socket handoff path in child and parent handling. Risk Level: Low, only affects listeners with `network_namespace_filepath` set, which were already broken during hot restart. Testing: Updated and added unit tests in `hot_restarting_parent_test.cc` covering namespace match, mismatch, and mixed (namespace vs no-namespace) cases. Docs Changes: Updated Changelog Release Notes: NA Platform Specific Features: NA --------- Signed-off-by: Ronak Jain <ronakjainc@gmail.com>
krinkinmu
pushed a commit
to grnmeira/envoy
that referenced
this pull request
Apr 20, 2026
…addresses (envoyproxy#43653) Commit Message: Hot restart socket handoff fails when a listener has `network_namespace_filepath` configured. The `PassListenSocket` request only carries the address string (e.g. `tcp://0.0.0.0:80`), the network namespace is lost. On the parent side, `resolveUrl` produces an address with `networkNamespace() == nullopt`, which never matches the listener's namespaced address (since `operator==` checks namespace equality). The result is `fd == -1`, the child falls back to binding a new socket, breaking handoff. This PR fixes it by passing the network namespace hot restart socket handoff path in child and parent handling. Risk Level: Low, only affects listeners with `network_namespace_filepath` set, which were already broken during hot restart. Testing: Updated and added unit tests in `hot_restarting_parent_test.cc` covering namespace match, mismatch, and mixed (namespace vs no-namespace) cases. Docs Changes: Updated Changelog Release Notes: NA Platform Specific Features: NA --------- Signed-off-by: Ronak Jain <ronakjainc@gmail.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Commit Message: Hot restart socket handoff fails when a listener has
network_namespace_filepathconfigured. ThePassListenSocketrequest only carries the address string (e.g.tcp://0.0.0.0:80), the network namespace is lost. On the parent side,resolveUrlproduces an address withnetworkNamespace() == nullopt, which never matches the listener's namespaced address (sinceoperator==checks namespace equality). The result isfd == -1, the child falls back to binding a new socket, breaking handoff.This PR fixes it by passing the network namespace hot restart socket handoff path in child and parent handling.
Risk Level: Low, only affects listeners with
network_namespace_filepathset, which were already broken during hot restart.Testing: Updated and added unit tests in
hot_restarting_parent_test.cccovering namespace match, mismatch, and mixed (namespace vs no-namespace) cases.Docs Changes: Updated Changelog
Release Notes: NA
Platform Specific Features: NA