fix(routing): add policy rules for each destination local networks (#1493)

2023-04-11 11:03:07 -05:00
parent 16ecf48b89
commit fc8a2abb8f
2 changed files with 23 additions and 0 deletions
--- a/cmd/gluetun/main.go
+++ b/cmd/gluetun/main.go
@@ -325,6 +325,11 @@ func _main(ctx context.Context, buildInfo models.BuildInformation,
 		return err
 	}

+	err = routingConf.AddLocalRules(localNetworks)
+	if err != nil {
+		return fmt.Errorf("adding local rules: %w", err)
+	}
+
 	const tunDevice = "/dev/net/tun"
 	if err := tun.Check(tunDevice); err != nil {
 		logger.Info(err.Error() + "; creating it...")
--- a/internal/routing/local.go
+++ b/internal/routing/local.go
@@ -85,3 +85,21 @@ func (r *Routing) LocalNetworks() (localNetworks []LocalNetwork, err error) {

 	return localNetworks, nil
 }
+
+func (r *Routing) AddLocalRules(subnets []LocalNetwork) (err error) {
+	for _, net := range subnets {
+		// The main table is a built-in value for Linux, see "man 8 ip-route"
+		const mainTable = 254
+
+		// Local has higher priority then outbound(99) and inbound(100) as the
+		// local routes might be necessary to reach the outbound/inbound routes.
+		const localPriority = 98
+
+		// Main table was setup correctly by Docker, just need to add rules to use it
+		err = r.addIPRule(nil, net.IPNet, mainTable, localPriority)
+		if err != nil {
+			return fmt.Errorf("adding rule: %v: %w", net.IPNet, err)
+		}
+	}
+	return nil
+}