Skip to content

Commit e8c2532

Browse files
BSWANGBSWANG
authored
Merge pull request #747 from l1b0k/fix/egress_filter
Fix/egress filter
2 parents 3e9786e + 380a899 commit e8c2532

File tree

3 files changed

+48
-2
lines changed

3 files changed

+48
-2
lines changed

Diff for: deploy/images/terway-controlplane/Dockerfile

+1-1
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,5 @@
11
# syntax=docker/dockerfile:1-labs
2-
ARG TERWAY_POLICY_IMAGE=registry-cn-zhangjiakou.ack.aliyuncs.com/acs/terway:policy-f8917871@sha256:2824419b5a87dd83f12a27aa5994b293c4f6013d8ab575f2fd781ad8997925b5
2+
ARG TERWAY_POLICY_IMAGE=registry-cn-zhangjiakou.ack.aliyuncs.com/acs/terway:policy-19db2f16@sha256:b174a7f4878b9690c49470403409adc46e08217be57d702ba124c453bf08872d
33

44
FROM --platform=$TARGETPLATFORM ${TERWAY_POLICY_IMAGE} AS policy-dist
55

Diff for: deploy/images/terway/Dockerfile

+1-1
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,5 @@
11
# syntax=docker/dockerfile:1-labs
2-
ARG TERWAY_POLICY_IMAGE=registry-cn-zhangjiakou.ack.aliyuncs.com/acs/terway:policy-f8917871@sha256:2824419b5a87dd83f12a27aa5994b293c4f6013d8ab575f2fd781ad8997925b5
2+
ARG TERWAY_POLICY_IMAGE=registry-cn-zhangjiakou.ack.aliyuncs.com/acs/terway:policy-19db2f16@sha256:b174a7f4878b9690c49470403409adc46e08217be57d702ba124c453bf08872d
33
ARG UBUNTU_IMAGE=registry.cn-hangzhou.aliyuncs.com/acs/ubuntu:22.04-update
44
ARG CILIUM_LLVM_IMAGE=quay.io/cilium/cilium-llvm:547db7ec9a750b8f888a506709adb41f135b952e@sha256:4d6fa0aede3556c5fb5a9c71bc6b9585475ac9b1064f516d4c45c8fb691c9d9e
55
ARG CILIUM_BPFTOOL_IMAGE=quay.io/cilium/cilium-bpftool:78448c1a37ff2b790d5e25c3d8b8ec3e96e6405f@sha256:99a9453a921a8de99899ef82e0822f0c03f65d97005c064e231c06247ad8597d

Diff for: policy/cilium/0036-fix-egress-filter-check.patch

+46
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,46 @@
1+
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
2+
From: l1b0k <[email protected]>
3+
Date: Mon, 30 Dec 2024 10:20:33 +0800
4+
Subject: fix egress filter check
5+
6+
Signed-off-by: l1b0k <[email protected]>
7+
---
8+
pkg/datapath/loader/netlink.go | 22 +++++++++++++++++++++-
9+
1 file changed, 21 insertions(+), 1 deletion(-)
10+
11+
diff --git a/pkg/datapath/loader/netlink.go b/pkg/datapath/loader/netlink.go
12+
index 92af541580..bc0ae8539c 100644
13+
--- a/pkg/datapath/loader/netlink.go
14+
+++ b/pkg/datapath/loader/netlink.go
15+
@@ -138,7 +138,27 @@ func replaceDatapath(ctx context.Context, ifName, objPath, progSec, progDirectio
16+
if err != nil {
17+
l.WithError(err).Error("Remove filter")
18+
} else {
19+
- l.Infof("Remove filter")
20+
+ l.Infof("Remove ingress filter")
21+
+ }
22+
+ }
23+
+ }
24+
+ }
25+
+
26+
+ egressFilters, err := netlink.FilterList(link, netlink.HANDLE_MIN_EGRESS)
27+
+ if err != nil {
28+
+ l.WithError(err).Error("Could get filter")
29+
+ } else {
30+
+ for _, filter := range egressFilters {
31+
+ bpf, ok := filter.(*netlink.BpfFilter)
32+
+ if ok {
33+
+ if bpf.Priority != 1 || !bpf.DirectAction {
34+
+ continue
35+
+ }
36+
+ err = netlink.FilterDel(filter)
37+
+ if err != nil {
38+
+ l.WithError(err).Error("Remove filter")
39+
+ } else {
40+
+ l.Infof("Remove egress filter")
41+
}
42+
}
43+
}
44+
--
45+
2.39.5 (Apple Git-154)
46+

0 commit comments

Comments
 (0)