loxilb-iogh-219 For IPinIP, need better checks for change in underlyi…

…ng routes

api/restapi/handler/endpoint.go

@@ -70,7 +70,7 @@ func ConfigPostEndPoint(params operations.PostConfigEndpointParams) middleware.R
 	EP.ProbeResp = params.Attr.ProbeResp
 	EP.ProbeDuration = uint32(params.Attr.ProbeDuration)
 	EP.ProbePort = uint16(params.Attr.ProbePort)
-	
+
 	_, err := ApiHooks.NetEpHostAdd(&EP)
 	if err != nil {
 		return &ResultResponse{Result: err.Error()}

loxinet/neighbor.go

@@ -90,6 +90,7 @@ type Neigh struct {
 	Resolved bool
 	HwMark   int
 	RHwMark  int
+	RecNh    *Neigh
 	tFdb     *FdbEnt
 	TunEps   []*NeighTunEp
 	Type     NhType
@@ -265,13 +266,14 @@ func (n *NeighH) NeighRecursiveResolve(ne *Neigh) bool {
 						ne.RHwMark = 0
 						return false
 					}
-					if ne.RHwMark == 0 {
+					if ne.RHwMark == 0 || ne.RecNh == nil || ne.RecNh != nh {
 						tk.LogIt(tk.LogDebug, "IPTun-NH for %s:%s\n", port.HInfo.TunDst.String(), nh.Key.NhString)
 						ret, tep := n.NeighAddTunEP(nh, port.HInfo.TunDst, port.HInfo.TunSrc, port.HInfo.TunID, DpTunIPIP, true)
 						if ret == 0 {
 							rt.RtDepObjs = append(rt.RtDepObjs, nh)
 							ne.RHwMark = tep.HwMark
 							ne.Resolved = true
+							ne.RecNh = nh
 							ne.Type |= NhRecursive
 						}
 						return true

loxinet/rules.go

@@ -21,14 +21,14 @@ import (
 	"encoding/json"
 	"errors"
 	"fmt"
+	cmn "github.com/loxilb-io/loxilb/common"
+	tk "github.com/loxilb-io/loxilib"
+	probing "github.com/prometheus-community/pro-bing"
+	"io/ioutil"
 	"net"
 	"sort"
 	"sync"
 	"time"
-	"io/ioutil"
-	cmn "github.com/loxilb-io/loxilb/common"
-	tk "github.com/loxilb-io/loxilib"
-	probing "github.com/prometheus-community/pro-bing"
 )
 
 // error codes
@@ -282,14 +282,14 @@ type epChecker struct {
 
 // RuleH - context container
 type RuleH struct {
-	Zone   *Zone
-	Cfg    RuleCfg
-	Tables [RtMax]ruleTable
-	epMap  map[string]*epHost
-	epCs   [MaxEndPointCheckers]epChecker
-	wg     sync.WaitGroup
-	lepHID uint8
-	epMx   sync.RWMutex
+	Zone       *Zone
+	Cfg        RuleCfg
+	Tables     [RtMax]ruleTable
+	epMap      map[string]*epHost
+	epCs       [MaxEndPointCheckers]epChecker
+	wg         sync.WaitGroup
+	lepHID     uint8
+	epMx       sync.RWMutex
 	rootCAPool *x509.CertPool
 }
 
@@ -320,17 +320,17 @@ func RulesInit(zone *Zone) *RuleH {
 	nRh.rootCAPool = x509.NewCertPool()
 	rootCACertile := "/opt/loxilb/cert/rootCACert.pem"
 	if exists := FileExists(rootCACertile); exists {
-		
+
 		rootCA, err := ioutil.ReadFile(rootCACertile)
 		if err != nil {
-			tk.LogIt(tk.LogError,"RootCA cert load failed : %v\n", err)
+			tk.LogIt(tk.LogError, "RootCA cert load failed : %v\n", err)
 		} else {
 			nRh.rootCAPool.AppendCertsFromPEM(rootCA)
 			tk.LogIt(tk.LogError, "RootCA cert loaded\n")
 		}
-    }
+	}
 
-	nRh.wg.Add(MaxEndPointCheckers) 
+	nRh.wg.Add(MaxEndPointCheckers)
 
 	return nRh
 }
@@ -1327,7 +1327,7 @@ func validateEpHostOpts(hostName string, args epHostOpts) (int, error) {
 		args.probePort == 0 {
 		return RuleArgsErr, errors.New("host-args unknown probe port")
 	}
-	
+
 	return 0, nil
 }
 
@@ -1346,17 +1346,17 @@ func (R *RuleH) AddEpHost(apiCall bool, hostName string, desc string, args epHos
 	}
 	// Load CA cert into pool
 	if args.probeType == HostProbeHttps {
-		rootCACertile := "/opt/loxilb/cert/"+hostName+"/rootCACert.pem"
+		rootCACertile := "/opt/loxilb/cert/" + hostName + "/rootCACert.pem"
 		if exists := FileExists(rootCACertile); exists {
 			rootCA, err := ioutil.ReadFile(rootCACertile)
 			if err != nil {
-				tk.LogIt(tk.LogError,"RootCA cert load failed : %v", err)
+				tk.LogIt(tk.LogError, "RootCA cert load failed : %v", err)
 				return RuleArgsErr, errors.New("rootCA cert load failed\n")
 			} else {
 				R.rootCAPool.AppendCertsFromPEM(rootCA)
-				tk.LogIt(tk.LogDebug, "RootCA cert loaded for %s\n",hostName)
+				tk.LogIt(tk.LogDebug, "RootCA cert loaded for %s\n", hostName)
 			}
-	    }
+		}
 	}
 	ep := R.epMap[hostName]
 	if ep != nil {
@@ -1372,7 +1372,7 @@ func (R *RuleH) AddEpHost(apiCall bool, hostName string, desc string, args epHos
 	ep.hostName = hostName
 	ep.desc = desc
 	ep.opts = args
-	
+
 	if apiCall != true {
 		ep.ruleCount = 1
 	}
@@ -1508,7 +1508,7 @@ func (R *RuleH) epCheckNow(ep *epHost) {
 		urlStr := fmt.Sprintf("http://%s:%d/%s", addr.String(), ep.opts.probePort, ep.opts.probeReq)
 		sOk := tk.HTTPProber(urlStr)
 		ep.transitionState(sOk, ep.opts.inActTryThr)
-	}  else if ep.opts.probeType == HostProbeHttps {
+	} else if ep.opts.probeType == HostProbeHttps {
 		var addr net.IP
 		if addr = net.ParseIP(ep.hostName); addr == nil {
 			// This is already verified

loxinet/utils.go

@@ -18,6 +18,8 @@ package loxinet
 
 import (
 	"bytes"
+	"crypto/tls"
+	"crypto/x509"
 	opts "github.com/loxilb-io/loxilb/options"
 	tk "github.com/loxilb-io/loxilib"
 	"io/ioutil"
@@ -27,8 +29,6 @@ import (
 	"strconv"
 	"syscall"
 	"time"
-	"crypto/x509"
-	"crypto/tls"
 )
 
 // IterIntf - interface implementation to iterate various loxinet
@@ -148,7 +148,6 @@ func KAString2Mode(kaStr string) (bool, bool) {
 	return spawnKa, kaMode
 }
 
-
 // HTTPSProber - Do a https probe for given url
 // returns true/false depending on whether probing was successful
 func HTTPSProber(urls string, certPool *x509.CertPool, resp string) bool {
@@ -158,11 +157,11 @@ func HTTPSProber(urls string, certPool *x509.CertPool, resp string) bool {
 
 	timeout := time.Duration(2 * time.Second)
 	client := http.Client{Timeout: timeout,
-						  Transport: &http.Transport{
-							IdleConnTimeout: 5 * time.Second,
-  						    TLSClientConfig: &tls.Config{RootCAs: certPool,},},
-						 }
-    if req, err = http.NewRequest(http.MethodGet, urls, nil); err != nil {
+		Transport: &http.Transport{
+			IdleConnTimeout: 5 * time.Second,
+			TLSClientConfig: &tls.Config{RootCAs: certPool}},
+	}
+	if req, err = http.NewRequest(http.MethodGet, urls, nil); err != nil {
 		return false
 	}