diff --git a/bpf/init.sh b/bpf/init.sh index dab18d5f26819..a9f2d50520227 100755 --- a/bpf/init.sh +++ b/bpf/init.sh @@ -29,6 +29,7 @@ ENDPOINT_ROUTES=${22} PROXY_RULE=${23} FILTER_PRIO=${24} DEFAULT_RTPROTO=${25} +LOCAL_RULE_PRIO=${26} ID_HOST=1 ID_WORLD=2 @@ -75,13 +76,13 @@ function move_local_rules_af() return fi - # move the local table lookup rule from pref 0 to pref 100 so we can - # insert the cilium ip rules before the local table. It is strictly + # move the local table lookup rule from pref 0 to pref LOCAL_RULE_PRIO so we + # can insert the cilium ip rules before the local table. It is strictly # required to add the new local rule before deleting the old one as # otherwise local addresses will not be reachable for a short period of # time. - $IP rule list | grep 100 | grep "lookup local" || { - $IP rule add from all lookup local pref 100 proto $DEFAULT_RTPROTO + $IP rule list | grep "${LOCAL_RULE_PRIO}" | grep "lookup local" || { + $IP rule add from all lookup local pref ${LOCAL_RULE_PRIO} proto $DEFAULT_RTPROTO } $IP rule del from all lookup local pref 0 2> /dev/null || true @@ -89,7 +90,7 @@ function move_local_rules_af() # it otherwise if [ "$($IP rule list | grep "lookup local" | wc -l)" -eq "0" ]; then $IP rule add from all lookup local pref 0 proto $DEFAULT_RTPROTO - $IP rule del from all lookup local pref 100 + $IP rule del from all lookup local pref ${LOCAL_RULE_PRIO} echo "Error: The kernel does not support moving the local table routing rule" echo "Local routing rules:" $IP rule list lookup local diff --git a/pkg/datapath/loader/base.go b/pkg/datapath/loader/base.go index 1e9e028965888..817074324fb51 100644 --- a/pkg/datapath/loader/base.go +++ b/pkg/datapath/loader/base.go @@ -62,6 +62,7 @@ const ( initArgProxyRule initTCFilterPriority initDefaultRTProto + initLocalRulePriority initArgMax ) @@ -405,6 +406,7 @@ func (l *Loader) Reinitialize(ctx context.Context, o datapath.BaseProgramOwner, args[initTCFilterPriority] = strconv.Itoa(int(option.Config.TCFilterPriority)) args[initDefaultRTProto] = strconv.Itoa(linux_defaults.RTProto) + args[initLocalRulePriority] = strconv.Itoa(linux_defaults.RulePriorityLocalLookup) // "Legacy" datapath inizialization with the init.sh script // TODO(mrostecki): Rewrite the whole init.sh in Go, step by step.