From e370f6e87f2d652d723bc2163efffecffed6b7e2 Mon Sep 17 00:00:00 2001 From: Nikolay Aleksandrov Date: Thu, 23 Mar 2023 13:51:55 +0200 Subject: [PATCH] init.sh: take local lookup rule priority as an argument Add a new argument which is the local lookup rule priority (by default 100) which will be set when constructing init.sh's arguments. We need the value to match the agent's local lookup rule priority constant so we can ensure proper local lookup rules are installed on agent init. Signed-off-by: Nikolay Aleksandrov --- bpf/init.sh | 11 ++++++----- pkg/datapath/loader/base.go | 2 ++ 2 files changed, 8 insertions(+), 5 deletions(-) diff --git a/bpf/init.sh b/bpf/init.sh index dab18d5f26819..a9f2d50520227 100755 --- a/bpf/init.sh +++ b/bpf/init.sh @@ -29,6 +29,7 @@ ENDPOINT_ROUTES=${22} PROXY_RULE=${23} FILTER_PRIO=${24} DEFAULT_RTPROTO=${25} +LOCAL_RULE_PRIO=${26} ID_HOST=1 ID_WORLD=2 @@ -75,13 +76,13 @@ function move_local_rules_af() return fi - # move the local table lookup rule from pref 0 to pref 100 so we can - # insert the cilium ip rules before the local table. It is strictly + # move the local table lookup rule from pref 0 to pref LOCAL_RULE_PRIO so we + # can insert the cilium ip rules before the local table. It is strictly # required to add the new local rule before deleting the old one as # otherwise local addresses will not be reachable for a short period of # time. - $IP rule list | grep 100 | grep "lookup local" || { - $IP rule add from all lookup local pref 100 proto $DEFAULT_RTPROTO + $IP rule list | grep "${LOCAL_RULE_PRIO}" | grep "lookup local" || { + $IP rule add from all lookup local pref ${LOCAL_RULE_PRIO} proto $DEFAULT_RTPROTO } $IP rule del from all lookup local pref 0 2> /dev/null || true @@ -89,7 +90,7 @@ function move_local_rules_af() # it otherwise if [ "$($IP rule list | grep "lookup local" | wc -l)" -eq "0" ]; then $IP rule add from all lookup local pref 0 proto $DEFAULT_RTPROTO - $IP rule del from all lookup local pref 100 + $IP rule del from all lookup local pref ${LOCAL_RULE_PRIO} echo "Error: The kernel does not support moving the local table routing rule" echo "Local routing rules:" $IP rule list lookup local diff --git a/pkg/datapath/loader/base.go b/pkg/datapath/loader/base.go index 1e9e028965888..817074324fb51 100644 --- a/pkg/datapath/loader/base.go +++ b/pkg/datapath/loader/base.go @@ -62,6 +62,7 @@ const ( initArgProxyRule initTCFilterPriority initDefaultRTProto + initLocalRulePriority initArgMax ) @@ -405,6 +406,7 @@ func (l *Loader) Reinitialize(ctx context.Context, o datapath.BaseProgramOwner, args[initTCFilterPriority] = strconv.Itoa(int(option.Config.TCFilterPriority)) args[initDefaultRTProto] = strconv.Itoa(linux_defaults.RTProto) + args[initLocalRulePriority] = strconv.Itoa(linux_defaults.RulePriorityLocalLookup) // "Legacy" datapath inizialization with the init.sh script // TODO(mrostecki): Rewrite the whole init.sh in Go, step by step.