Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(riklet): improve iptables management #109

Merged
merged 4 commits into from
Apr 26, 2023
Merged

feat(riklet): improve iptables management #109

merged 4 commits into from
Apr 26, 2023

Conversation

alexandrebrg
Copy link
Member

Closes #

📑 Description

  • Remove the need to know system internet-exposed network interface name
  • Remove the need to know system internet IPv4 address
  • Use a custom iptables chain to manage redirections
  • Usage of impl Drop for Iptables to prepare for graceful shutdown
  • Boot args used in scripts/tool.sh run-firecracker are now similar to the ones used in riklet
  • Remove riklet boot arg to deactivate ipv6 as it causes crashes (for now)

✅ Checks

  • My pull request adheres to the code style of this project
  • My code is documented
  • I provided unitary tests or procedure to test my code
  • My PR have a clear description of what my code is supposed to do

ℹ Additional Information

@alexandrebrg
feat(iptables): add chain managemement support
11b0b7e 
Signed-off-by: AlexandreBrg <burgoni@pm.me>
@alexandrebrg
feat(riklet): improve iptables management
807f809 
We will no longer base our redirection on the input iface and a given
ipv4 address, but on the whole network packets. It opens for new feature
around the network with iptables as we now use a custom chain ("RIKLET")
to redirect packets.

Signed-off-by: AlexandreBrg <burgoni@pm.me>
@alexandrebrg
chore(riklet): deprecate config ifnet and ifnet_ip parameters
f60f196 
* Remove usage of ifnet parameter
* Remove usage of ifnet_ip parameter
* Mark fields as deprecated in the CLI

Signed-off-by: AlexandreBrg <burgoni@pm.me>
@alexandrebrg
chore(scripts): use similar boot args as riklet
c8df35f 
Signed-off-by: AlexandreBrg <burgoni@pm.me>
@github-actions github-actions bot added the type/enhancement New feature or request label Apr 25, 2023
@alexandrebrg alexandrebrg marked this pull request as ready for review April 25, 2023 17:24
@alexandrebrg alexandrebrg requested a review from a team as a code owner April 25, 2023 17:24
kalil-pelissier
kalil-pelissier reviewed Apr 26, 2023
View reviewed changes
Copy link
Contributor

@kalil-pelissier kalil-pelissier left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

riklet/src/runtime/function_runtime.rs Show resolved Hide resolved
@alexandrebrg alexandrebrg merged commit deb8768 into main Apr 26, 2023
@alexandrebrg alexandrebrg deleted the feat-iptables-chain branch April 26, 2023 09:35
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@kalil-pelissier kalil-pelissier kalil-pelissier approved these changes

Assignees
No one assigned
Labels
type/enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@alexandrebrg @kalil-pelissier