mirror of
https://github.com/slackhq/nebula.git
synced 2026-02-14 08:44:24 +01:00
Avoid losing system originated unsafe routes on reload (#1573)
Some checks failed
gofmt / Run gofmt (push) Failing after 3s
smoke-extra / Run extra smoke tests (push) Failing after 2s
smoke / Run multi node smoke test (push) Failing after 3s
Build and test / Build all and test on ubuntu-linux (push) Failing after 2s
Build and test / Build and test on linux with boringcrypto (push) Failing after 3s
Build and test / Build and test on linux with pkcs11 (push) Failing after 2s
Build and test / Build and test on macos-latest (push) Has been cancelled
Build and test / Build and test on windows-latest (push) Has been cancelled
Some checks failed
gofmt / Run gofmt (push) Failing after 3s
smoke-extra / Run extra smoke tests (push) Failing after 2s
smoke / Run multi node smoke test (push) Failing after 3s
Build and test / Build all and test on ubuntu-linux (push) Failing after 2s
Build and test / Build and test on linux with boringcrypto (push) Failing after 3s
Build and test / Build and test on linux with pkcs11 (push) Failing after 2s
Build and test / Build and test on macos-latest (push) Has been cancelled
Build and test / Build and test on windows-latest (push) Has been cancelled
This commit is contained in:
Nate Brown
@@ -10,6 +10,7 @@ import (
|
|||||||
"net/netip"
|
"net/netip"
|
||||||
"os"
|
"os"
|
||||||
"strings"
|
"strings"
|
||||||
|
"sync"
|
||||||
"sync/atomic"
|
"sync/atomic"
|
||||||
"time"
|
"time"
|
||||||
"unsafe"
|
"unsafe"
|
||||||
@@ -40,6 +41,11 @@ type tun struct {
|
|||||||
useSystemRoutes bool
|
useSystemRoutes bool
|
||||||
useSystemRoutesBufferSize int
|
useSystemRoutesBufferSize int
|
||||||
|
|
||||||
|
// These are routes learned from `tun.use_system_route_table`
|
||||||
|
// stored here to make it easier to restore them after a reload
|
||||||
|
routesFromSystem map[netip.Prefix]routing.Gateways
|
||||||
|
routesFromSystemLock sync.Mutex
|
||||||
|
|
||||||
l *logrus.Logger
|
l *logrus.Logger
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -164,6 +170,13 @@ func (t *tun) reload(c *config.C, initial bool) error {
|
|||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Bring along any routes learned from the system route table on reload
|
||||||
|
t.routesFromSystemLock.Lock()
|
||||||
|
for dst, gw := range t.routesFromSystem {
|
||||||
|
routeTree.Insert(dst, gw)
|
||||||
|
}
|
||||||
|
t.routesFromSystemLock.Unlock()
|
||||||
|
|
||||||
oldDefaultMTU := t.DefaultMTU
|
oldDefaultMTU := t.DefaultMTU
|
||||||
oldMaxMTU := t.MaxMTU
|
oldMaxMTU := t.MaxMTU
|
||||||
newDefaultMTU := c.GetInt("tun.mtu", DefaultMTU)
|
newDefaultMTU := c.GetInt("tun.mtu", DefaultMTU)
|
||||||
@@ -673,14 +686,18 @@ func (t *tun) updateRoutes(r netlink.RouteUpdate) {
|
|||||||
|
|
||||||
newTree := t.routeTree.Load().Clone()
|
newTree := t.routeTree.Load().Clone()
|
||||||
|
|
||||||
|
t.routesFromSystemLock.Lock()
|
||||||
if r.Type == unix.RTM_NEWROUTE {
|
if r.Type == unix.RTM_NEWROUTE {
|
||||||
t.l.WithField("destination", dst).WithField("via", gateways).Info("Adding route")
|
t.l.WithField("destination", dst).WithField("via", gateways).Info("Adding route")
|
||||||
|
t.routesFromSystem[dst] = gateways
|
||||||
newTree.Insert(dst, gateways)
|
newTree.Insert(dst, gateways)
|
||||||
|
|
||||||
} else {
|
} else {
|
||||||
t.l.WithField("destination", dst).WithField("via", gateways).Info("Removing route")
|
t.l.WithField("destination", dst).WithField("via", gateways).Info("Removing route")
|
||||||
|
delete(t.routesFromSystem, dst)
|
||||||
newTree.Delete(dst)
|
newTree.Delete(dst)
|
||||||
}
|
}
|
||||||
|
t.routesFromSystemLock.Unlock()
|
||||||
t.routeTree.Store(newTree)
|
t.routeTree.Store(newTree)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user