linux: devices: increase priority of user choice

The devices controller contains the logic to determine which devices are considered "selected" - that is, which devices cilium considers for things like the choice of direct routing device, etc. As part of this logic, we look at the user-provided configuration, in the form of the '--devices' flag. However, existing code is slightly too opinionated in that it excludes the loopback device before it looks at what the user specifies. It has been reported that using the loopback interface lo as the direct routing device worked in 1.14, but no longer does in 1.15. As this is a somewhat unusual setup, we require the user to specifically include 'lo' into the devices and respect their choice in the selection logic. Fixes: 03ad61b (datapath/linux: Implement DevicesController) Signed-off-by: David Bimmler <david.bimmler@isovalent.com>
cilium · Mar 6, 2024 · 2b51393 · 2b51393
1 parent cbb577b
commit 2b51393
Showing 1 changed file with 14 additions and 14 deletions.
diff --git a/pkg/datapath/linux/devices_controller.go b/pkg/datapath/linux/devices_controller.go
@@ -525,16 +525,25 @@ func (dc *devicesController) isSelectedDevice(d *tables.Device, txn statedb.Writ
 		return false, "device has no addresses"
 	}
 
-	// Skip devices that have an excluded interface flag set.
-	if d.RawFlags&excludedIfFlagsMask != 0 {
-		return false, fmt.Sprintf("excluded flag set (mask=0x%x, flags=0x%x)", excludedIfFlagsMask, d.RawFlags)
-	}
-
 	// Skip devices that don't have the required flags set.
 	if d.RawFlags&requiredIfFlagsMask == 0 {
 		return false, fmt.Sprintf("missing required flag (mask=0x%x, flags=0x%x)", requiredIfFlagsMask, d.RawFlags)
 	}
 
+	// If user specified devices or wildcards, then skip the device if it doesn't match.
+	// If the device does match, then skip further checks.
+	if dc.filter.nonEmpty() {
+		if dc.filter.match(d.Name) {
+			return true, ""
+		}
+		return false, fmt.Sprintf("not matching user filter %v", dc.filter)
+	}
+
+	// Skip devices that have an excluded interface flag set.
+	if d.RawFlags&excludedIfFlagsMask != 0 {
+		return false, fmt.Sprintf("excluded flag set (mask=0x%x, flags=0x%x)", excludedIfFlagsMask, d.RawFlags)
+	}
+
 	// Ignore bridge and bonding slave devices
 	if d.MasterIndex != 0 {
 		return false, fmt.Sprintf("bridged or bonded to ifindex %d", d.MasterIndex)
@@ -546,15 +555,6 @@ func (dc *devicesController) isSelectedDevice(d *tables.Device, txn statedb.Writ
 		return false, "L3 device, kernel too old, >= 5.8 required"
 	}
 
-	// If user specified devices or wildcards, then skip the device if it doesn't match.
-	// If the device does match, then skip further checks.
-	if dc.filter.nonEmpty() {
-		if dc.filter.match(d.Name) {
-			return true, ""
-		}
-		return false, fmt.Sprintf("not matching user filter %v", dc.filter)
-	}
-
 	// Never consider devices with any of the excluded devices.
 	for _, p := range defaults.ExcludedDevicePrefixes {
 		if strings.HasPrefix(d.Name, p) {