Daemon: ensure we know about all managed interfaces

If the daemon is restarted, we start not knowing about any of the managed interfaces. If we perform activities like reseting everything due to IngressNodeFirewallNodeState deletion for example, we will not cleanup all XDP programs. IngNodeFwController knows all pinned interfaces and ensure we know about them in ebpfSingleton. Future work is needed to refactor this to not have two seperate sources of information about the same thing. Signed-off-by: Martin Kennelly <mkennell@redhat.com>
openshift · Oct 30, 2022 · 957b7a9 · 957b7a9
1 parent 02a6999
commit 957b7a9
Show file tree

Hide file tree

Showing 2 changed files with 15 additions and 0 deletions.
diff --git a/pkg/ebpf/ingress_node_firewall_loader.go b/pkg/ebpf/ingress_node_firewall_loader.go
@@ -376,6 +376,15 @@ func (infc *IngNodeFwController) loadPinnedLinks() error {
 	return nil
 }
 
+func (infc *IngNodeFwController) GetPinnedLinkNames() []string {
+	linkNames := make([]string, 0, len(infc.links))
+
+	for linkName, _ := range infc.links {
+		linkNames = append(linkNames, linkName)
+	}
+	return linkNames
+}
+
 // cleanup will delete an interface's eBPF objects.
 func (infc *IngNodeFwController) cleanup(ifName string) error {
 	l, ok := infc.links[ifName]

diff --git a/pkg/ebpfsyncer/ebpfsyncer.go b/pkg/ebpfsyncer/ebpfsyncer.go
@@ -87,6 +87,12 @@ func (e *ebpfSingleton) SyncInterfaceIngressRules(
 		return err
 	}
 
+	// Ensure IngNodeFwController's pinned links and our managed interfaces align
+	// TODO: refactor to not have managed interfaces names from two sources
+	for _, linkName := range e.c.GetPinnedLinkNames() {
+		e.managedInterfaces[linkName] = struct{}{}
+	}
+
 	// For delete operations, detach all interfaces and run a cleanup, set managed interfaces and the
 	// manager to empty / nil values, then return.
 	if isDelete {