Currently, when the route controller processes updates from netlink, it
checks if the routes in the table are nil or have no destination.
However, we control this and can guarantee that it's never the case.
Instead, we should check if the routes from netlink are valid.
Signed-off-by: Lucas Servén Marín <lserven@gmail.com>
This commit entirely replaces NAT in Kilo with a few iproute2 rules.
Previously, Kilo would source-NAT the majority of packets in order to
avoid problems with strict source checks in cloud providers causing
packets to be considered martians. This source-NAT-ing made it
difficult to correctly apply Kuberenetes NetworkPolicies based on source
IPs.
This rewrite instead relies on a handful of iproute2 rules to ensure
that packets get encapsulated in certain scenarios based on the source
network and/or source interface.
This has the benefit of avoiding extra iptables bloat as well as
enabling better compatibility with NetworkPolicies.
Signed-off-by: Lucas Servén Marín <lserven@gmail.com>
When interfaces on the host churn, the kernel will remove routes
associated with those interfaces. This could cause the Kilo route
controller to become out of sync with the routes that really exist. This
commit fixes this behavior.
