-
Notifications
You must be signed in to change notification settings - Fork 458
/
routing_rules.go
155 lines (126 loc) · 3.43 KB
/
routing_rules.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
// This Source Code Form is subject to the terms of the Mozilla Public
// License, v. 2.0. If a copy of the MPL was not distributed with this
// file, You can obtain one at http://mozilla.org/MPL/2.0/.
package kubespan
import (
"errors"
"fmt"
"os"
"github.com/hashicorp/go-multierror"
"github.com/vishvananda/netlink"
"golang.org/x/sys/unix"
)
// RulesManager manages routing rules outside of controllers/resources scope.
//
// TODO: this might be refactored later to support routing rules in the native network resources.
type RulesManager interface {
Install() error
Cleanup() error
}
// NewRulesManager initializes new RulesManager.
func NewRulesManager(targetTable, internalMark, markMask int) RulesManager {
return &rulesManager{
TargetTable: targetTable,
InternalMark: internalMark,
MarkMask: markMask,
}
}
type rulesManager struct {
TargetTable int
InternalMark int
MarkMask int
}
// Install routing rules.
func (m *rulesManager) Install() error {
nc, err := netlink.NewHandle()
if err != nil {
return fmt.Errorf("failed to get netlink handle: %w", err)
}
defer nc.Close()
if err := nc.RuleAdd(&netlink.Rule{
Priority: nextRuleNumber(nc, unix.AF_INET),
Family: unix.AF_INET,
Table: m.TargetTable,
Mark: m.InternalMark,
Mask: m.MarkMask,
Goto: -1,
Flow: -1,
SuppressIfgroup: -1,
SuppressPrefixlen: -1,
}); err != nil {
if !errors.Is(err, os.ErrExist) {
return fmt.Errorf("failed to add IPv4 table-mark rule: %w", err)
}
}
if err := nc.RuleAdd(&netlink.Rule{
Priority: nextRuleNumber(nc, unix.AF_INET6),
Family: unix.AF_INET6,
Table: m.TargetTable,
Mark: m.InternalMark,
Mask: m.MarkMask,
Goto: -1,
Flow: -1,
SuppressIfgroup: -1,
SuppressPrefixlen: -1,
}); err != nil {
if !errors.Is(err, os.ErrExist) {
return fmt.Errorf("failed to add IPv6 table-mark rule: %w", err)
}
}
return nil
}
func (m *rulesManager) deleteRulesFamily(nc *netlink.Handle, family int) error {
var merr *multierror.Error
list, err := nc.RuleList(family)
if err != nil {
merr = multierror.Append(merr, fmt.Errorf("failed to get route rules: %w", err))
}
for _, r := range list {
if r.Table == m.TargetTable &&
r.Mark == m.InternalMark {
thisRule := r
if err := nc.RuleDel(&thisRule); err != nil {
if !errors.Is(err, os.ErrNotExist) {
merr = multierror.Append(merr, err)
}
}
break
}
}
return merr.ErrorOrNil()
}
// Cleanup the installed routing rules.
func (m *rulesManager) Cleanup() error {
var merr *multierror.Error
nc, err := netlink.NewHandle()
if err != nil {
return fmt.Errorf("failed to get netlink handle: %w", err)
}
defer nc.Close()
if err = m.deleteRulesFamily(nc, unix.AF_INET); err != nil {
merr = multierror.Append(merr, fmt.Errorf("failed to delete all IPv4 route rules: %w", err))
}
if err = m.deleteRulesFamily(nc, unix.AF_INET6); err != nil {
merr = multierror.Append(merr, fmt.Errorf("failed to delete all IPv6 route rules: %w", err))
}
return merr.ErrorOrNil()
}
func nextRuleNumber(nc *netlink.Handle, family int) int {
list, err := nc.RuleList(family)
if err != nil {
return 0
}
for i := 32500; i > 0; i-- {
var found bool
for _, r := range list {
if r.Priority == i {
found = true
break
}
}
if !found {
return i
}
}
return 0
}