Commit Graph

5 Commits

Author SHA1 Message Date
Lucas Servén Marín
19abddf1fe
pkg/route: correct route error check
Currently, when the route controller processes updates from netlink, it
checks if the routes in the table are nil or have no destination.
However, we control this and can guarantee that it's never the case.
Instead, we should check if the routes from netlink are valid.

Signed-off-by: Lucas Servén Marín <lserven@gmail.com>
2021-04-30 18:17:51 +02:00
Lucas Servén Marín
134cbe90be
pkg/route,pkg/mesh: replace NAT with ip rules
This commit entirely replaces NAT in Kilo with a few iproute2 rules.
Previously, Kilo would source-NAT the majority of packets in order to
avoid problems with strict source checks in cloud providers causing
packets to be considered martians. This source-NAT-ing made it
difficult to correctly apply Kuberenetes NetworkPolicies based on source
IPs.

This rewrite instead relies on a handful of iproute2 rules to ensure
that packets get encapsulated in certain scenarios based on the source
network and/or source interface.

This has the benefit of avoiding extra iptables bloat as well as
enabling better compatibility with NetworkPolicies.

Signed-off-by: Lucas Servén Marín <lserven@gmail.com>
2020-02-20 21:27:50 +01:00
Lucas Servén Marín
1265ce0cd5
pkg/route: filter invalid route updates
This commit fixes the underlying issue that caused crashes when
receiving a nil route update, as reported in
https://github.com/squat/kilo/issues/17.
2019-09-24 16:13:14 +02:00
Lucas Servén Marín
c65627dab0
pkg/route: account for interface churn
When interfaces on the host churn, the kernel will remove routes
associated with those interfaces. This could cause the Kilo route
controller to become out of sync with the routes that really exist. This
commit fixes this behavior.
2019-05-07 12:06:21 +02:00
Lucas Serven
e989f0a25f
init 2019-01-18 02:50:10 +01:00