fix(routing): add policy rules for each destination local networks (#1493)
This commit is contained in:
Kyle Manna
@@ -325,6 +325,11 @@ func _main(ctx context.Context, buildInfo models.BuildInformation,
|
|||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
|
||||||
|
err = routingConf.AddLocalRules(localNetworks)
|
||||||
|
if err != nil {
|
||||||
|
return fmt.Errorf("adding local rules: %w", err)
|
||||||
|
}
|
||||||
|
|
||||||
const tunDevice = "/dev/net/tun"
|
const tunDevice = "/dev/net/tun"
|
||||||
if err := tun.Check(tunDevice); err != nil {
|
if err := tun.Check(tunDevice); err != nil {
|
||||||
logger.Info(err.Error() + "; creating it...")
|
logger.Info(err.Error() + "; creating it...")
|
||||||
|
|||||||
@@ -85,3 +85,21 @@ func (r *Routing) LocalNetworks() (localNetworks []LocalNetwork, err error) {
|
|||||||
|
|
||||||
return localNetworks, nil
|
return localNetworks, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func (r *Routing) AddLocalRules(subnets []LocalNetwork) (err error) {
|
||||||
|
for _, net := range subnets {
|
||||||
|
// The main table is a built-in value for Linux, see "man 8 ip-route"
|
||||||
|
const mainTable = 254
|
||||||
|
|
||||||
|
// Local has higher priority then outbound(99) and inbound(100) as the
|
||||||
|
// local routes might be necessary to reach the outbound/inbound routes.
|
||||||
|
const localPriority = 98
|
||||||
|
|
||||||
|
// Main table was setup correctly by Docker, just need to add rules to use it
|
||||||
|
err = r.addIPRule(nil, net.IPNet, mainTable, localPriority)
|
||||||
|
if err != nil {
|
||||||
|
return fmt.Errorf("adding rule: %v: %w", net.IPNet, err)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
|||||||
Reference in New Issue
Block a user