From 36899a8c3555a0e4403fe08d0e64e8757293f11f Mon Sep 17 00:00:00 2001
From: l1b0k <libokang.lbk@alibaba-inc.com>
Date: Thu, 16 May 2024 16:57:42 +0800
Subject: [PATCH] daemon: validate cni request container id

Signed-off-by: l1b0k <libokang.lbk@alibaba-inc.com>
---
 daemon/daemon.go | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/daemon/daemon.go b/daemon/daemon.go
index 0e8c3643..89788505 100644
--- a/daemon/daemon.go
+++ b/daemon/daemon.go
@@ -461,7 +461,12 @@ func (n *networkService) GetIPInfo(ctx context.Context, r *rpc.GetInfoRequest) (
 			Msg:  "Unexpected network type, maybe daemon mode changed",
 		}
 	}
-
+	if oldRes.ContainerID != nil {
+		if r.K8SPodInfraContainerId != *oldRes.ContainerID {
+			log.Info("cni request not match stored resource, ignored", "old", *oldRes.ContainerID)
+			return reply, nil
+		}
+	}
 	netConf := make([]*rpc.NetConf, 0)
 
 	err = json.Unmarshal([]byte(oldRes.NetConf), &netConf)