proxy/routes: Rename fromProxyRule to fromIngressProxyRule

Because we are introducing fromEgressProxyRule soon, it's better to make clear that the fromProxyRule is for ingress proxy only. This commit also changes its mark from MagicMarkIsProxy to MagicMarkIngress. They hold the same value 0xA00 while have the different semantics. Signed-off-by: Zhichuan Liang <gray.liang@isovalent.com>
jschwinger233 · Apr 25, 2024 · 287dd63 · 287dd63
1 parent 4a8492f
commit 287dd63
Show file tree

Hide file tree

Showing 3 changed files with 25 additions and 25 deletions.
diff --git a/pkg/proxy/proxy.go b/pkg/proxy/proxy.go
@@ -409,7 +409,7 @@ func (p *Proxy) ReinstallRoutingRules() error {
 		}
 
 		if !option.Config.EnableIPSec || option.Config.TunnelingEnabled() {
-			if err := removeFromProxyRoutesIPv4(); err != nil {
+			if err := removeFromIngressProxyRoutesIPv4(); err != nil {
 				return err
 			}
 		} else {
@@ -421,7 +421,7 @@ func (p *Proxy) ReinstallRoutingRules() error {
 		if err := removeToProxyRoutesIPv4(); err != nil {
 			return err
 		}
-		if err := removeFromProxyRoutesIPv4(); err != nil {
+		if err := removeFromIngressProxyRoutesIPv4(); err != nil {
 			return err
 		}
 	}
@@ -432,7 +432,7 @@ func (p *Proxy) ReinstallRoutingRules() error {
 		}
 
 		if !option.Config.EnableIPSec || option.Config.TunnelingEnabled() {
-			if err := removeFromProxyRoutesIPv6(); err != nil {
+			if err := removeFromIngressProxyRoutesIPv6(); err != nil {
 				return err
 			}
 		} else {
@@ -448,7 +448,7 @@ func (p *Proxy) ReinstallRoutingRules() error {
 		if err := removeToProxyRoutesIPv6(); err != nil {
 			return err
 		}
-		if err := removeFromProxyRoutesIPv6(); err != nil {
+		if err := removeFromIngressProxyRoutesIPv6(); err != nil {
 			return err
 		}
 	}

diff --git a/pkg/proxy/routes.go b/pkg/proxy/routes.go
@@ -100,10 +100,10 @@ func removeToProxyRoutesIPv6() error {
 }
 
 var (
-	// Routing rule for traffic from proxy.
-	fromProxyRule = route.Rule{
+	// Routing rule for traffic from ingress proxy.
+	fromIngressProxyRule = route.Rule{
 		Priority: linux_defaults.RulePriorityFromProxyIngress,
-		Mark:     linux_defaults.MagicMarkIsProxy,
+		Mark:     linux_defaults.MagicMarkIngress,
 		Mask:     linux_defaults.MagicMarkHostMask,
 		Table:    linux_defaults.RouteTableFromProxy,
 		Protocol: linux_defaults.RTProto,
@@ -130,8 +130,8 @@ func installFromProxyRoutesIPv4(ipv4 net.IP, device string) error {
 		Proto:   linux_defaults.RTProto,
 	}
 
-	if err := route.ReplaceRule(fromProxyRule); err != nil {
-		return fmt.Errorf("inserting ipv4 from proxy routing rule %v: %w", fromProxyRule, err)
+	if err := route.ReplaceRule(fromIngressProxyRule); err != nil {
+		return fmt.Errorf("inserting ipv4 from ingress proxy routing rule %v: %w", fromIngressProxyRule, err)
 	}
 	if err := route.Upsert(fromProxyToCiliumHostRoute4); err != nil {
 		return fmt.Errorf("inserting ipv4 from proxy to cilium_host route %v: %w", fromProxyToCiliumHostRoute4, err)
@@ -143,10 +143,10 @@ func installFromProxyRoutesIPv4(ipv4 net.IP, device string) error {
 	return nil
 }
 
-// removeFromProxyRoutesIPv4 ensures routes and rules for traffic from the proxy are removed.
-func removeFromProxyRoutesIPv4() error {
-	if err := route.DeleteRule(netlink.FAMILY_V4, fromProxyRule); err != nil && !errors.Is(err, syscall.ENOENT) {
-		return fmt.Errorf("removing ipv4 from proxy routing rule: %w", err)
+// removeFromIngressProxyRoutesIPv4 ensures routes and rules for traffic from the proxy are removed.
+func removeFromIngressProxyRoutesIPv4() error {
+	if err := route.DeleteRule(netlink.FAMILY_V4, fromIngressProxyRule); err != nil && !errors.Is(err, syscall.ENOENT) {
+		return fmt.Errorf("removing ipv4 from ingress proxy routing rule: %w", err)
 	}
 	if err := route.DeleteRouteTable(linux_defaults.RouteTableFromProxy, netlink.FAMILY_V4); err != nil {
 		return fmt.Errorf("removing ipv4 from proxy route table: %w", err)
@@ -175,8 +175,8 @@ func installFromProxyRoutesIPv6(ipv6 net.IP, device string) error {
 		Proto:   linux_defaults.RTProto,
 	}
 
-	if err := route.ReplaceRuleIPv6(fromProxyRule); err != nil {
-		return fmt.Errorf("inserting ipv6 from proxy routing rule %v: %w", fromProxyRule, err)
+	if err := route.ReplaceRuleIPv6(fromIngressProxyRule); err != nil {
+		return fmt.Errorf("inserting ipv6 from ingress proxy routing rule %v: %w", fromIngressProxyRule, err)
 	}
 	if err := route.Upsert(fromProxyToCiliumHostRoute6); err != nil {
 		return fmt.Errorf("inserting ipv6 from proxy to cilium_host route %v: %w", fromProxyToCiliumHostRoute6, err)
@@ -188,11 +188,11 @@ func installFromProxyRoutesIPv6(ipv6 net.IP, device string) error {
 	return nil
 }
 
-// removeFromProxyRoutesIPv6 ensures routes and rules for traffic from the proxy are removed.
-func removeFromProxyRoutesIPv6() error {
-	if err := route.DeleteRule(netlink.FAMILY_V6, fromProxyRule); err != nil {
+// removeFromIngressProxyRoutesIPv6 ensures routes and rules for traffic from the proxy are removed.
+func removeFromIngressProxyRoutesIPv6() error {
+	if err := route.DeleteRule(netlink.FAMILY_V6, fromIngressProxyRule); err != nil {
 		if !errors.Is(err, syscall.ENOENT) && !errors.Is(err, syscall.EAFNOSUPPORT) {
-			return fmt.Errorf("removing ipv6 from proxy routing rule: %w", err)
+			return fmt.Errorf("removing ipv6 from ingress proxy routing rule: %w", err)
 		}
 	}
 	if err := route.DeleteRouteTable(linux_defaults.RouteTableFromProxy, netlink.FAMILY_V6); err != nil {

diff --git a/pkg/proxy/routes_test.go b/pkg/proxy/routes_test.go
@@ -74,7 +74,7 @@ func TestRoutes(t *testing.T) {
 				// Install routes and rules the first time.
 				assert.NoError(t, installFromProxyRoutesIPv4(testIPv4, ifName))
 
-				rules, err := route.ListRules(netlink.FAMILY_V4, &fromProxyRule)
+				rules, err := route.ListRules(netlink.FAMILY_V4, &fromIngressProxyRule)
 				assert.NoError(t, err)
 				assert.NotEmpty(t, rules)
 
@@ -88,9 +88,9 @@ func TestRoutes(t *testing.T) {
 				assert.NoError(t, installFromProxyRoutesIPv4(testIPv4, ifName))
 
 				// Remove routes installed before.
-				assert.NoError(t, removeFromProxyRoutesIPv4())
+				assert.NoError(t, removeFromIngressProxyRoutesIPv4())
 
-				rules, err = route.ListRules(netlink.FAMILY_V4, &fromProxyRule)
+				rules, err = route.ListRules(netlink.FAMILY_V4, &fromIngressProxyRule)
 				assert.NoError(t, err)
 				assert.Empty(t, rules)
 
@@ -161,7 +161,7 @@ func TestRoutes(t *testing.T) {
 				// Install routes and rules the first time.
 				assert.NoError(t, installFromProxyRoutesIPv6(testIPv6, ifName))
 
-				rules, err := route.ListRules(netlink.FAMILY_V6, &fromProxyRule)
+				rules, err := route.ListRules(netlink.FAMILY_V6, &fromIngressProxyRule)
 				assert.NoError(t, err)
 				assert.NotEmpty(t, rules)
 
@@ -175,9 +175,9 @@ func TestRoutes(t *testing.T) {
 				assert.NoError(t, installFromProxyRoutesIPv6(testIPv6, ifName))
 
 				// Remove routes installed before.
-				assert.NoError(t, removeFromProxyRoutesIPv6())
+				assert.NoError(t, removeFromIngressProxyRoutesIPv6())
 
-				rules, err = route.ListRules(netlink.FAMILY_V6, &fromProxyRule)
+				rules, err = route.ListRules(netlink.FAMILY_V6, &fromIngressProxyRule)
 				assert.NoError(t, err)
 				assert.Empty(t, rules)