egr hooks: blacklisting of certain interfaces

api/loxinlp/nlp.go

@@ -82,7 +82,9 @@ type NlH struct {
 	LinkUpdateCh
 	NeighUpdateCh
 	RouteUpdateCh
-	IMap map[string]Intf
+	IMap      map[string]Intf
+	BlackList string
+	BLRgx     *regexp.Regexp
 }
 
 var hooks cmn.NetHookInterface
@@ -1198,6 +1200,12 @@ func DelRoute(route nlp.Route) int {
 
 func LUWorkSingle(m nlp.LinkUpdate) int {
 	var ret int
+
+	filter := nNl.BLRgx.MatchString(m.Link.Attrs().Name)
+	if filter {
+		return -1
+	}
+
 	ret = ModLink(m.Link, m.Header.Type == syscall.RTM_NEWLINK)
 	return ret
 }
@@ -1210,6 +1218,11 @@ func AUWorkSingle(m nlp.AddrUpdate) int {
 		return -1
 	}
 
+	filter := nNl.BLRgx.MatchString(link.Attrs().Name)
+	if filter {
+		return -1
+	}
+
 	attrs := link.Attrs()
 	name := attrs.Name
 	if m.NewAddr {
@@ -1243,6 +1256,11 @@ func NUWorkSingle(m nlp.NeighUpdate) int {
 		return -1
 	}
 
+	filter := nNl.BLRgx.MatchString(link.Attrs().Name)
+	if filter {
+		return -1
+	}
+
 	add := m.Type == syscall.RTM_NEWNEIGH
 
 	if add {
@@ -1257,6 +1275,17 @@ func NUWorkSingle(m nlp.NeighUpdate) int {
 func RUWorkSingle(m nlp.RouteUpdate) int {
 	var ret int
 
+	link, err := nlp.LinkByIndex(m.LinkIndex)
+	if err != nil {
+		fmt.Println(err)
+		return -1
+	}
+
+	filter := nNl.BLRgx.MatchString(link.Attrs().Name)
+	if filter {
+		return -1
+	}
+
 	if m.Type == syscall.RTM_NEWROUTE {
 		ret = AddRoute(m.Route)
 	} else {
@@ -1338,6 +1367,10 @@ func GetBridges() {
 		return
 	}
 	for _, link := range links {
+		filter := nNl.BLRgx.MatchString(link.Attrs().Name)
+		if filter {
+			continue
+		}
 		switch link.(type) {
 		case *nlp.Bridge:
 			{
@@ -1360,8 +1393,13 @@ func NlpGet(ch chan bool) int {
 	}
 
 	for _, link := range links {
-		ret = ModLink(link, true)
 
+		filter := nNl.BLRgx.MatchString(link.Attrs().Name)
+		if filter {
+			continue
+		}
+
+		ret = ModLink(link, true)
 		if ret == -1 {
 			continue
 		}
@@ -1488,7 +1526,7 @@ func LbSessionGet(done bool) int {
 	return 0
 }
 
-func NlpInit(bgpPeerMode bool) *NlH {
+func NlpInit(bgpPeerMode bool, blackList string) *NlH {
 
 	nNl = new(NlH)
 
@@ -1506,6 +1544,8 @@ func NlpInit(bgpPeerMode bool) *NlH {
 		return nNl
 	}
 
+	nNl.BlackList = blackList
+	nNl.BLRgx = regexp.MustCompile(blackList)
 	nNl.FromAUCh = make(chan nlp.AddrUpdate, cmn.AuWorkqLen)
 	nNl.FromLUCh = make(chan nlp.LinkUpdate, cmn.LuWorkQLen)
 	nNl.FromNUCh = make(chan nlp.NeighUpdate, cmn.NuWorkQLen)

loxinet/loxinet.go

@@ -303,7 +303,7 @@ func loxiNetInit() {
 	// Initialize the nlp subsystem
 	if !opts.Opts.NoNlp {
 		nlp.NlpRegister(NetAPIInit(opts.Opts.BgpPeerMode))
-		nlp.NlpInit(opts.Opts.BgpPeerMode)
+		nlp.NlpInit(opts.Opts.BgpPeerMode, opts.Opts.BlackList)
 	}
 
 	// Initialize the Prometheus subsystem

options/options.go

@@ -26,4 +26,5 @@ var Opts struct {
 	RssEnable         bool           `long:"rss-enable" description:"Enable rss optimization(experimental)"`
 	EgrHooks          bool           `long:"egr-hooks" description:"Enable eBPF egress hooks(experimental)"`
 	BgpPeerMode       bool           `short:"r" long:"peer" description:"Run loxilb with goBGP only, no Datapath"`
+	BlackList         string         `long:"blacklist" description:"Regex string of blacklisted ports" default:"none"`
 }