Pim van Pelt
df05bae8a3
Nginx's config-level duplicate-listen check rejected the documented pattern of `listen 80 device=X ipng_source_tag=A; listen 80 device=Y ipng_source_tag=B;` with "a duplicate listen 0.0.0.0:80", and even when the dedup was bypassed the kernel refused the second bind() because the first socket was already holding the port without SO_BINDTODEVICE. The listen wrapper now detects same-sockaddr duplicates before the core handler sees them and records them with `needs_clone=1`. In init_module, phase 1 clones an ngx_listening_t for each such duplicate, phase 3 closes every inherited naked fd, and phase 4 rebinds every target with SO_REUSEADDR + SO_REUSEPORT + SO_BINDTODEVICE set before bind(). SO_REUSEPORT keeps `nginx -s reload` from colliding with the still-bound sockets held by old workers during graceful drain; IPV6_V6ONLY matches nginx's default so the IPv6 listen doesn't claim the IPv4 wildcard and collide with sibling IPv4-specific listens. Restructure 01-module to cover the pattern end-to-end: four device-pinned listens on port 8080 (eth1 shares tag `tag1` across v4 and v6; eth2 splits into `tag2-v4` / `tag2-v6`), clients and server both get IPv6 addresses, and a new "Per-(device, family) request count accuracy" case proves that 10 requests on each of the four combinations yields tag1=20, tag2-v4=10, tag2-v6=10. Mgmt/direct traffic moves to port 9180 so it no longer clashes with the shared-port wildcards. Document the constraint in docs/user-guide.md: all listens on a given port must carry `device=`, and direct traffic belongs on a separate port. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
27 lines
847 B
Bash
27 lines
847 B
Bash
#!/bin/bash
|
|
# SPDX-License-Identifier: Apache-2.0
|
|
# Client container entrypoint: installs curl, waits for containerlab
|
|
# to attach the data-plane veth, configures the IP, removes the mgmt
|
|
# default route so traffic to the server goes through eth1 (data-plane),
|
|
# and stays alive for docker-exec commands from the Robot test.
|
|
|
|
apt-get update -qq
|
|
apt-get install -y -qq curl iproute2 > /dev/null 2>&1
|
|
|
|
# Wait for containerlab to attach eth1.
|
|
echo "Waiting for eth1 ..."
|
|
while ! ip link show eth1 > /dev/null 2>&1; do
|
|
sleep 0.2
|
|
done
|
|
ip link set eth1 up
|
|
ip addr add ${MY_IP} dev eth1
|
|
if [ -n "${MY_IP6}" ]; then
|
|
ip -6 addr add ${MY_IP6} dev eth1 nodad
|
|
fi
|
|
|
|
# Remove the default route so packets to 10.0.x.0/24 go out eth1
|
|
# (the connected route) instead of through the mgmt bridge.
|
|
ip route del default 2>/dev/null || true
|
|
|
|
exec sleep infinity
|