Capture all routes from network namespace, not just interface#12724
Capture all routes from network namespace, not just interface#12724p12tic wants to merge 1 commit intogoogle:masterfrom
Conversation
Change routesForIface() to use netlink.RouteListFiltered() instead of netlink.RouteList() to capture all routes in the network namespace. Previously, only routes directly associated with a specific interface were captured. This missed custom routes (e.g., from podman-network-create --route option). Fixes google#7168
p12tic
changed the title
| return nil, nil, nil, err | ||
| } | ||
| rs, err := netlink.RouteList(link, netlink.FAMILY_ALL) | ||
| // Get all routes in the namespace, not just routes for this specific link. |
There was a problem hiding this comment.
In that case, isn't the iface parameter in this function meaningless? We should update this function signature and also inspect where this is being called.
cc @nybidari
There was a problem hiding this comment.
Indeed, managed to miss this :/
There was a problem hiding this comment.
I will close the PR for the moment and bring back proper solution.
There was a problem hiding this comment.
@ayushr2 Turns out my mental model was wrong and the issue was that only routes to loopback were not copied. In my environment I used this as a poor man's alternative to blackhole routes.
The real fix is similarly simple as in this PR, though it was way more involved to make relevant code testable and the tests themselves are more verbose: #12725
2 participants
Change routesForIface() to use netlink.RouteListFiltered() instead of netlink.RouteList() to capture all routes in the network namespace.
Previously, only routes directly associated with a specific interface were captured. This missed custom routes (e.g., from podman-network-create --route option).
Fixes #7168