cmd: Add confirmation to encrypt flush command

The cilium-dbg encrypt flush command removes all XFRM states and policies on the node. That will lead to packet drops until connections are reestablished. Traffic will also be sent in plain text between pods. This commit therefore asks for confirmation when running the command, to ensure nobody performs this action by mistake. Signed-off-by: Paul Chaignon <paul.chaignon@gmail.com>
cilium · Nov 6, 2023 · 37b611e · 37b611e
1 parent fe08772
commit 37b611e
Show file tree

Hide file tree

Showing 2 changed files with 26 additions and 2 deletions.
diff --git a/Documentation/cmdref/cilium-dbg_encrypt_flush.md b/Documentation/cmdref/cilium-dbg_encrypt_flush.md
diff --git a/cilium-dbg/cmd/encrypt_flush.go b/cilium-dbg/cmd/encrypt_flush.go
@@ -4,6 +4,8 @@
 package cmd
 
 import (
+	"fmt"
+
 	"github.com/spf13/cobra"
 	"github.com/vishvananda/netlink"
 
@@ -17,12 +19,33 @@ var encryptFlushCmd = &cobra.Command{
 	Long:  "Will cause a short connectivity disruption",
 	Run: func(cmd *cobra.Command, args []string) {
 		common.RequireRootPrivilege("cilium encrypt flush")
-		netlink.XfrmPolicyFlush()
-		netlink.XfrmStateFlush(netlink.XFRM_PROTO_ESP)
+		runXFRMFlush()
 	},
 }
 
+func runXFRMFlush() {
+	confirmationMsg := "Flushing all XFRM states and policies can lead to transient " +
+		"connectivity interruption and plain-text pod-to-pod traffic."
+	if !confirmXFRMCleanup(confirmationMsg) {
+		return
+	}
+	netlink.XfrmPolicyFlush()
+	netlink.XfrmStateFlush(netlink.XFRM_PROTO_ESP)
+	fmt.Println("All XFRM states and policies have been deleted.")
+}
+
+func confirmXFRMCleanup(msg string) bool {
+	if force {
+		return true
+	}
+	var res string
+	fmt.Printf("%s Do you want to continue? [y/N] ", msg)
+	fmt.Scanln(&res)
+	return res == "y"
+}
+
 func init() {
+	encryptFlushCmd.Flags().BoolVarP(&force, forceFlagName, "f", false, "Skip confirmation")
 	CncryptCmd.AddCommand(encryptFlushCmd)
 	command.AddOutputOption(encryptFlushCmd)
 }