Merge pull request #366 from TrekkieCoder/main

PR - support blacklisting of certain interfaces
loxilb-io · Jul 29, 2023 · f68b394 · f68b394
2 parents 5711621 + 9e303c8
commit f68b394
Show file tree

Hide file tree

Showing 9 changed files with 62 additions and 19 deletions.
diff --git a/api/loxinlp/nlp.go b/api/loxinlp/nlp.go
@@ -82,7 +82,9 @@ type NlH struct {
 	LinkUpdateCh
 	NeighUpdateCh
 	RouteUpdateCh
-	IMap map[string]Intf
+	IMap      map[string]Intf
+	BlackList string
+	BLRgx     *regexp.Regexp
 }
 
 var hooks cmn.NetHookInterface
@@ -1198,6 +1200,12 @@ func DelRoute(route nlp.Route) int {
 
 func LUWorkSingle(m nlp.LinkUpdate) int {
 	var ret int
+
+	filter := nNl.BLRgx.MatchString(m.Link.Attrs().Name)
+	if filter {
+		return -1
+	}
+
 	ret = ModLink(m.Link, m.Header.Type == syscall.RTM_NEWLINK)
 	return ret
 }
@@ -1210,6 +1218,11 @@ func AUWorkSingle(m nlp.AddrUpdate) int {
 		return -1
 	}
 
+	filter := nNl.BLRgx.MatchString(link.Attrs().Name)
+	if filter {
+		return -1
+	}
+
 	attrs := link.Attrs()
 	name := attrs.Name
 	if m.NewAddr {
@@ -1243,6 +1256,11 @@ func NUWorkSingle(m nlp.NeighUpdate) int {
 		return -1
 	}
 
+	filter := nNl.BLRgx.MatchString(link.Attrs().Name)
+	if filter {
+		return -1
+	}
+
 	add := m.Type == syscall.RTM_NEWNEIGH
 
 	if add {
@@ -1257,6 +1275,17 @@ func NUWorkSingle(m nlp.NeighUpdate) int {
 func RUWorkSingle(m nlp.RouteUpdate) int {
 	var ret int
 
+	link, err := nlp.LinkByIndex(m.LinkIndex)
+	if err != nil {
+		fmt.Println(err)
+		return -1
+	}
+
+	filter := nNl.BLRgx.MatchString(link.Attrs().Name)
+	if filter {
+		return -1
+	}
+
 	if m.Type == syscall.RTM_NEWROUTE {
 		ret = AddRoute(m.Route)
 	} else {
@@ -1338,6 +1367,10 @@ func GetBridges() {
 		return
 	}
 	for _, link := range links {
+		filter := nNl.BLRgx.MatchString(link.Attrs().Name)
+		if filter {
+			continue
+		}
 		switch link.(type) {
 		case *nlp.Bridge:
 			{
@@ -1360,8 +1393,13 @@ func NlpGet(ch chan bool) int {
 	}
 
 	for _, link := range links {
-		ret = ModLink(link, true)
 
+		filter := nNl.BLRgx.MatchString(link.Attrs().Name)
+		if filter {
+			continue
+		}
+
+		ret = ModLink(link, true)
 		if ret == -1 {
 			continue
 		}
@@ -1488,7 +1526,7 @@ func LbSessionGet(done bool) int {
 	return 0
 }
 
-func NlpInit(bgpPeerMode bool) *NlH {
+func NlpInit(bgpPeerMode bool, blackList string) *NlH {
 
 	nNl = new(NlH)
 
@@ -1506,6 +1544,8 @@ func NlpInit(bgpPeerMode bool) *NlH {
 		return nNl
 	}
 
+	nNl.BlackList = blackList
+	nNl.BLRgx = regexp.MustCompile(blackList)
 	nNl.FromAUCh = make(chan nlp.AddrUpdate, cmn.AuWorkqLen)
 	nNl.FromLUCh = make(chan nlp.LinkUpdate, cmn.LuWorkQLen)
 	nNl.FromNUCh = make(chan nlp.NeighUpdate, cmn.NuWorkQLen)

diff --git a/cicd/k3s-flannel-incluster/Vagrantfile b/cicd/k3s-flannel-incluster/Vagrantfile
@@ -2,7 +2,6 @@
 # vi: set ft=ruby :
 
 workers = (ENV['WORKERS'] || "2").to_i
-#box_name = (ENV['VAGRANT_BOX'] || "ubuntu/focal64")
 box_name = (ENV['VAGRANT_BOX'] || "sysnet4admin/Ubuntu-k8s")
 box_version = "0.7.1"
 Vagrant.configure("2") do |config|
@@ -13,17 +12,16 @@ Vagrant.configure("2") do |config|
     config.vbguest.auto_update = false
   end
 
-  #config.vm.define "loxilb" do |loxilb|
-  #  loxilb.vm.hostname = 'llb1'
-    #loxilb.vm.network "forwarded_port", guest: 55002, host: 5502, protocol: "tcp"
-  #  loxilb.vm.network :private_network, ip: "192.168.80.9", :netmask => "255.255.255.0"
-  #  loxilb.vm.network :private_network, ip: "192.168.90.9", :netmask => "255.255.255.0"
-  #  loxilb.vm.provision :shell, :path => "loxilb.sh"
-  #  loxilb.vm.provider :virtualbox do |vbox|
-  #      vbox.customize ["modifyvm", :id, "--memory", 6000]
-  #      vbox.customize ["modifyvm", :id, "--cpus", 4]
-  #  end
-  #end
+  config.vm.define "host" do |host|
+    host.vm.hostname = 'host1'
+    host.vm.network :private_network, ip: "192.168.80.9", :netmask => "255.255.255.0"
+    host.vm.network :private_network, ip: "192.168.90.9", :netmask => "255.255.255.0"
+    host.vm.provision :shell, :path => "host.sh"
+    host.vm.provider :virtualbox do |vbox|
+        vbox.customize ["modifyvm", :id, "--memory", 2048]
+        vbox.customize ["modifyvm", :id, "--cpus", 1]
+    end
+  end
 
   config.vm.define "master1" do |master|
     master.vm.hostname = 'master1'

diff --git a/cicd/k3s-flannel-incluster/host.sh b/cicd/k3s-flannel-incluster/host.sh
@@ -0,0 +1,2 @@
+sudo ip route add 123.123.123.0/24 via 192.168.90.10
+echo "Host is up"
diff --git a/cicd/k3s-flannel-incluster/loxilb.yml b/cicd/k3s-flannel-incluster/loxilb.yml
@@ -32,7 +32,7 @@ spec:
       containers:
       - name: loxilb-app
         image: "ghcr.io/loxilb-io/loxilb:latest"
-        command: [ "/root/loxilb-io/loxilb/loxilb", "--bgp", "--egr-hooks" ]
+        command: [ "/root/loxilb-io/loxilb/loxilb", "--bgp", "--egr-hooks", "--blacklist=cni[0-9a-z]|veth.|flannel." ]
         ports:
         - containerPort: 11111
         - containerPort: 179

diff --git a/cicd/k3s-flannel-incluster/master1.sh b/cicd/k3s-flannel-incluster/master1.sh
@@ -6,6 +6,6 @@ echo $MASTER_IP > /vagrant/master-ip
 cp /var/lib/rancher/k3s/server/node-token /vagrant/node-token
 sed -i -e "s/127.0.0.1/${MASTER_IP}/g" /etc/rancher/k3s/k3s.yaml
 cp /etc/rancher/k3s/k3s.yaml /vagrant/k3s.yaml
-#sudo kubectl apply -f /vagrant/loxilb.yml
-#sudo kubectl apply -f /vagrant/kube-loxilb.yml
+sudo kubectl apply -f /vagrant/loxilb.yml
+sudo kubectl apply -f /vagrant/kube-loxilb.yml
 /vagrant/wait_ready.sh
diff --git a/cicd/k3s-flannel-incluster/rmconfig.sh b/cicd/k3s-flannel-incluster/rmconfig.sh
@@ -4,3 +4,4 @@ vagrant destroy -f worker1
 vagrant destroy -f worker2
 vagrant destroy -f master1
 vagrant destroy -f master2
+vagrant destroy -f host
diff --git a/cicd/k3s-flannel-incluster/worker.sh b/cicd/k3s-flannel-incluster/worker.sh
@@ -5,6 +5,7 @@ export NODE_TOKEN=$(cat /vagrant/node-token)
 mkdir -p /etc/rancher/k3s
 cp -f /vagrant/k3s.yaml /etc/rancher/k3s/k3s.yaml
 curl -sfL https://get.k3s.io | K3S_TOKEN=${NODE_TOKEN} sh -s - agent --server https://192.168.80.10:6443 --node-ip=${WORKER_ADDR} --node-external-ip=${WORKER_ADDR} -t ${NODE_TOKEN}
+sudo kubectl apply -f /vagrant/loxilb-peer.yml
 sudo kubectl apply -f /vagrant/nginx.yml
 sudo kubectl apply -f /vagrant/udp.yml
 sudo kubectl apply -f /vagrant/sctp.yml

diff --git a/loxinet/loxinet.go b/loxinet/loxinet.go
@@ -303,7 +303,7 @@ func loxiNetInit() {
 	// Initialize the nlp subsystem
 	if !opts.Opts.NoNlp {
 		nlp.NlpRegister(NetAPIInit(opts.Opts.BgpPeerMode))
-		nlp.NlpInit(opts.Opts.BgpPeerMode)
+		nlp.NlpInit(opts.Opts.BgpPeerMode, opts.Opts.BlackList)
 	}
 
 	// Initialize the Prometheus subsystem

diff --git a/options/options.go b/options/options.go
@@ -26,4 +26,5 @@ var Opts struct {
 	RssEnable         bool           `long:"rss-enable" description:"Enable rss optimization(experimental)"`
 	EgrHooks          bool           `long:"egr-hooks" description:"Enable eBPF egress hooks(experimental)"`
 	BgpPeerMode       bool           `short:"r" long:"peer" description:"Run loxilb with goBGP only, no Datapath"`
+	BlackList         string         `long:"blacklist" description:"Regex string of blacklisted ports" default:"none"`
 }