WIP

Signed-off-by: Martynas Pumputis <m@lambda.lt>

bpf/init.sh

@@ -34,7 +34,6 @@ ID_WORLD=2
 
 # If the value below is changed, be sure to update bugtool/cmd/configuration.go
 # as well when dumping the routing table in bugtool. See GH-5828.
-PROXY_RT_TABLE=2005
 TO_PROXY_RT_TABLE=2004
 
 set -e
@@ -109,10 +108,6 @@ function move_local_rules()
 
 function setup_proxy_rules()
 {
-	# Any packet from an ingress proxy uses a separate routing table that routes
-	# the packet back to the cilium host device.
-	from_ingress_rulespec="fwmark 0xA00/0xF00 pref 10 lookup $PROXY_RT_TABLE"
-
 	# Any packet to an ingress or egress proxy uses a separate routing table
 	# that routes the packet to the loopback device regardless of the destination
 	# address in the packet. For this to work the ctx must have a socket set
@@ -124,64 +119,28 @@ function setup_proxy_rules()
 			if [ -z "$(ip -4 rule list $to_proxy_rulespec)" ]; then
 				ip -4 rule add $to_proxy_rulespec
 			fi
-			if [ "$ENDPOINT_ROUTES" = "true" ]; then
-				if [ ! -z "$(ip -4 rule list $from_ingress_rulespec)" ]; then
-					ip -4 rule delete $from_ingress_rulespec
-				fi
-			else
-				if [ -z "$(ip -4 rule list $from_ingress_rulespec)" ]; then
-					ip -4 rule add $from_ingress_rulespec
-				fi
-			fi
 		fi
 
 		# Traffic to the host proxy is local
 		ip route replace table $TO_PROXY_RT_TABLE local 0.0.0.0/0 dev lo
-		# Traffic from ingress proxy goes to Cilium address space via the cilium host device
-		if [ "$ENDPOINT_ROUTES" = "true" ]; then
-			ip route delete table $PROXY_RT_TABLE $IP4_HOST/32 dev $HOST_DEV1 2>/dev/null || true
-			ip route delete table $PROXY_RT_TABLE default via $IP4_HOST 2>/dev/null || true
-		else
-			ip route replace table $PROXY_RT_TABLE $IP4_HOST/32 dev $HOST_DEV1
-			ip route replace table $PROXY_RT_TABLE default via $IP4_HOST
-		fi
 	else
 		ip -4 rule del $to_proxy_rulespec 2> /dev/null || true
-		ip -4 rule del $from_ingress_rulespec 2> /dev/null || true
 	fi
 
 	if [ "$IP6_HOST" != "<nil>" ]; then
 		if [ -n "$(ip -6 rule list)" ]; then
 			if [ -z "$(ip -6 rule list $to_proxy_rulespec)" ]; then
 				ip -6 rule add $to_proxy_rulespec
 			fi
-			if [ "$ENDPOINT_ROUTES" = "true" ]; then
-				if [ ! -z "$(ip -6 rule list $from_ingress_rulespec)" ]; then
-					ip -6 rule delete $from_ingress_rulespec
-				fi
-			else
-				if [ -z "$(ip -6 rule list $from_ingress_rulespec)" ]; then
-					ip -6 rule add $from_ingress_rulespec
-				fi
-			fi
 		fi
 
 		IP6_LLADDR=$(ip -6 addr show dev $HOST_DEV2 | grep inet6 | head -1 | awk '{print $2}' | awk -F'/' '{print $1}')
 		if [ -n "$IP6_LLADDR" ]; then
 			# Traffic to the host proxy is local
 			ip -6 route replace table $TO_PROXY_RT_TABLE local ::/0 dev lo
-			# Traffic from ingress proxy goes to Cilium address space via the cilium host device
-			if [ "$ENDPOINT_ROUTES" = "true" ]; then
-				ip -6 route delete table $PROXY_RT_TABLE ${IP6_LLADDR}/128 dev $HOST_DEV1 2>/dev/null || true
-				ip -6 route delete table $PROXY_RT_TABLE default via $IP6_LLADDR dev $HOST_DEV1 2>/dev/null || true
-			else
-				ip -6 route replace table $PROXY_RT_TABLE ${IP6_LLADDR}/128 dev $HOST_DEV1
-				ip -6 route replace table $PROXY_RT_TABLE default via $IP6_LLADDR dev $HOST_DEV1
-			fi
 		fi
 	else
 		ip -6 rule del $to_proxy_rulespec 2> /dev/null || true
-		ip -6 rule del $from_ingress_rulespec 2> /dev/null || true
 	fi
 }