client/doublezerod: set tunnel interface down before deleting

CHANGELOG.md

@@ -7,6 +7,8 @@ All notable changes to this project will be documented in this file.
 ### Breaking
 
 ### Changes
+- Client
+  - Set tunnel interface administratively down before deleting during teardown, so external applications with sockets bound to the tunnel's overlay IP receive errors before the interface is removed
 - CLI
   - Add `geolocation user` subcommands to manage GeolocationUser accounts and targets: `create`, `delete`, `get`, `list`, `add-target`, `remove-target`, and `update-payment-status`
 - Controller

client/doublezerod/internal/api/resolve_route_test.go

@@ -21,6 +21,7 @@ type mockNetlinker struct {
 }
 
 func (m *mockNetlinker) TunnelAdd(*routing.Tunnel) error                  { return nil }
+func (m *mockNetlinker) TunnelDown(*routing.Tunnel) error                 { return nil }
 func (m *mockNetlinker) TunnelDelete(*routing.Tunnel) error               { return nil }
 func (m *mockNetlinker) TunnelAddrAdd(*routing.Tunnel, string, int) error { return nil }
 func (m *mockNetlinker) TunnelUp(*routing.Tunnel) error                   { return nil }

client/doublezerod/internal/manager/http_test.go

@@ -503,6 +503,11 @@ func (m *MockNetlink) TunnelAdd(t *routing.Tunnel) error {
 	return nil
 }
 
+func (m *MockNetlink) TunnelDown(t *routing.Tunnel) error {
+	m.callLog = append(m.callLog, "TunnelDown")
+	return nil
+}
+
 func (m *MockNetlink) TunnelDelete(n *routing.Tunnel) error {
 	m.callLog = append(m.callLog, "TunnelDelete")
 	m.tunRemoved = n

client/doublezerod/internal/manager/reconciler_test.go

@@ -47,6 +47,7 @@ type mockNetlink struct {
 }
 
 func (m *mockNetlink) TunnelAdd(*routing.Tunnel) error                  { return nil }
+func (m *mockNetlink) TunnelDown(*routing.Tunnel) error                 { return nil }
 func (m *mockNetlink) TunnelDelete(*routing.Tunnel) error               { return nil }
 func (m *mockNetlink) TunnelAddrAdd(*routing.Tunnel, string, int) error { return nil }
 func (m *mockNetlink) TunnelUp(*routing.Tunnel) error                   { return nil }

client/doublezerod/internal/routing/config_test.go

@@ -247,6 +247,7 @@ func newMockNetlinker() *MockNetlinker {
 	m := &MockNetlinker{}
 	m.Update(func(nl *MockNetlinker) {
 		nl.TunnelAddFunc = func(*Tunnel) error { return nil }
+		nl.TunnelDownFunc = func(*Tunnel) error { return nil }
 		nl.TunnelDeleteFunc = func(*Tunnel) error { return nil }
 		nl.TunnelAddrAddFunc = func(*Tunnel, string, int) error { return nil }
 		nl.TunnelUpFunc = func(*Tunnel) error { return nil }
@@ -262,6 +263,7 @@ func newMockNetlinker() *MockNetlinker {
 
 type MockNetlinker struct {
 	TunnelAddFunc       func(*Tunnel) error
+	TunnelDownFunc      func(*Tunnel) error
 	TunnelDeleteFunc    func(*Tunnel) error
 	TunnelAddrAddFunc   func(*Tunnel, string, int) error
 	TunnelUpFunc        func(*Tunnel) error
@@ -281,6 +283,11 @@ func (m *MockNetlinker) TunnelAdd(t *Tunnel) error {
 	defer m.mu.Unlock()
 	return m.TunnelAddFunc(t)
 }
+func (m *MockNetlinker) TunnelDown(t *Tunnel) error {
+	m.mu.Lock()
+	defer m.mu.Unlock()
+	return m.TunnelDownFunc(t)
+}
 func (m *MockNetlinker) TunnelDelete(t *Tunnel) error {
 	m.mu.Lock()
 	defer m.mu.Unlock()

client/doublezerod/internal/routing/netlink.go

@@ -13,6 +13,7 @@ type Netlink struct{}
 
 type Netlinker interface {
 	TunnelAdd(*Tunnel) error
+	TunnelDown(*Tunnel) error
 	TunnelDelete(*Tunnel) error
 	// TunnelAddrAdd adds an address to a tunnel interface with the given scope (syscall.RT_SCOPE_*).
 	TunnelAddrAdd(*Tunnel, string, int) error
@@ -42,6 +43,18 @@ func (n Netlink) TunnelAdd(t *Tunnel) error {
 	}
 	return err
 }
+func (n Netlink) TunnelDown(t *Tunnel) error {
+	gre := &nl.Gretun{
+		LinkAttrs: nl.LinkAttrs{
+			Name:      t.Name,
+			EncapType: string(t.EncapType),
+		},
+		Local:  t.LocalUnderlay,
+		Remote: t.RemoteUnderlay,
+	}
+	return nl.LinkSetDown(gre)
+}
+
 func (n Netlink) TunnelDelete(t *Tunnel) error {
 	gre := &nl.Gretun{
 		LinkAttrs: nl.LinkAttrs{

client/doublezerod/internal/services/edgefiltering.go

@@ -105,6 +105,11 @@ func (s *EdgeFilteringService) Teardown() error {
 		errRemovePeer = fmt.Errorf("bgp: error while deleting peer: %v", err)
 	}
 
+	slog.Info("teardown: setting tunnel interface down")
+	if err := s.nl.TunnelDown(s.Tunnel); err != nil {
+		slog.Error("teardown: error setting tunnel interface down", "error", err)
+	}
+
 	slog.Info("teardown: removing tunnel interface")
 	if err := s.nl.TunnelDelete(s.Tunnel); err != nil {
 		errRemoveTunnel = fmt.Errorf("error removing tunnel interface: %v", err)

client/doublezerod/internal/services/ibrl.go

@@ -100,6 +100,11 @@ func (s *IBRLService) Teardown() error {
 		errRemovePeer = fmt.Errorf("bgp: error while deleting peer: %v", err)
 	}
 
+	slog.Info("teardown: setting tunnel interface down")
+	if err := s.nl.TunnelDown(s.Tunnel); err != nil {
+		slog.Error("teardown: error setting tunnel interface down", "error", err)
+	}
+
 	slog.Info("teardown: removing tunnel interface")
 	if err := s.nl.TunnelDelete(s.Tunnel); err != nil {
 		errRemoveTunnel = fmt.Errorf("error removing tunnel interface: %v", err)

client/doublezerod/internal/services/multicast.go

@@ -186,6 +186,11 @@ func (s *MulticastService) Teardown() error {
 	} else if err != nil {
 		errRemovePeer = fmt.Errorf("bgp: error while deleting peer: %v", err)
 	}
+	slog.Info("teardown: setting tunnel interface down")
+	if err := s.nl.TunnelDown(s.Tunnel); err != nil {
+		slog.Error("teardown: error setting tunnel interface down", "error", err)
+	}
+
 	slog.Info("teardown: removing tunnel interface")
 	if err := s.nl.TunnelDelete(s.Tunnel); err != nil {
 		errRemoveTunnel = fmt.Errorf("error removing tunnel interface: %v", err)

client/doublezerod/internal/services/services_test.go

@@ -58,6 +58,11 @@ func (m *MockNetlink) TunnelAdd(t *routing.Tunnel) error {
 	return nil
 }
 
+func (m *MockNetlink) TunnelDown(t *routing.Tunnel) error {
+	m.callLog = append(m.callLog, "TunnelDown")
+	return nil
+}
+
 func (m *MockNetlink) TunnelDelete(n *routing.Tunnel) error {
 	m.callLog = append(m.callLog, "TunnelDelete")
 	m.tunRemoved = n