init.sh: take local lookup rule priority as an argument

Add a new argument which is the local lookup rule priority (by default 100) which will be set when constructing init.sh's arguments. We need the value to match the agent's local lookup rule priority constant so we can ensure proper local lookup rules are installed on agent init. Signed-off-by: Nikolay Aleksandrov <nikolay@isovalent.com>
aanm · Mar 25, 2023 · e370f6e · e370f6e
1 parent d28e1aa
commit e370f6e
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 5 deletions.
diff --git a/bpf/init.sh b/bpf/init.sh
@@ -29,6 +29,7 @@ ENDPOINT_ROUTES=${22}
 PROXY_RULE=${23}
 FILTER_PRIO=${24}
 DEFAULT_RTPROTO=${25}
+LOCAL_RULE_PRIO=${26}
 
 ID_HOST=1
 ID_WORLD=2
@@ -75,21 +76,21 @@ function move_local_rules_af()
 		return
 	fi
 
-	# move the local table lookup rule from pref 0 to pref 100 so we can
-	# insert the cilium ip rules before the local table. It is strictly
+	# move the local table lookup rule from pref 0 to pref LOCAL_RULE_PRIO so we
+	# can insert the cilium ip rules before the local table. It is strictly
 	# required to add the new local rule before deleting the old one as
 	# otherwise local addresses will not be reachable for a short period of
 	# time.
-	$IP rule list | grep 100 | grep "lookup local" || {
-		$IP rule add from all lookup local pref 100 proto $DEFAULT_RTPROTO
+	$IP rule list | grep "${LOCAL_RULE_PRIO}" | grep "lookup local" || {
+		$IP rule add from all lookup local pref ${LOCAL_RULE_PRIO} proto $DEFAULT_RTPROTO
 	}
 	$IP rule del from all lookup local pref 0 2> /dev/null || true
 
 	# check if the move of the local table move was successful and restore
 	# it otherwise
 	if [ "$($IP rule list | grep "lookup local" | wc -l)" -eq "0" ]; then
 		$IP rule add from all lookup local pref 0 proto $DEFAULT_RTPROTO
-		$IP rule del from all lookup local pref 100
+		$IP rule del from all lookup local pref ${LOCAL_RULE_PRIO}
 		echo "Error: The kernel does not support moving the local table routing rule"
 		echo "Local routing rules:"
 		$IP rule list lookup local

diff --git a/pkg/datapath/loader/base.go b/pkg/datapath/loader/base.go
@@ -62,6 +62,7 @@ const (
 	initArgProxyRule
 	initTCFilterPriority
 	initDefaultRTProto
+	initLocalRulePriority
 	initArgMax
 )
 
@@ -405,6 +406,7 @@ func (l *Loader) Reinitialize(ctx context.Context, o datapath.BaseProgramOwner,
 
 	args[initTCFilterPriority] = strconv.Itoa(int(option.Config.TCFilterPriority))
 	args[initDefaultRTProto] = strconv.Itoa(linux_defaults.RTProto)
+	args[initLocalRulePriority] = strconv.Itoa(linux_defaults.RulePriorityLocalLookup)
 
 	// "Legacy" datapath inizialization with the init.sh script
 	// TODO(mrostecki): Rewrite the whole init.sh in Go, step by step.