From 11c5238d03e38b44c8c461c063987b6c99d5e12d Mon Sep 17 00:00:00 2001 From: r-caamano Date: Mon, 22 Jan 2024 16:12:08 +0000 Subject: [PATCH 1/2] added loopback route cleanup to start_ebpf_router.py --- CHANGELOG.md | 8 ++++++++ files/scripts/start_ebpf_router.py | 2 +- src/zfw.c | 2 +- 3 files changed, 10 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 0fad501..9082ae2 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -3,6 +3,14 @@ All notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). --- + +# [0.5.7] - 2024-01-21 + +### + +-- Modified the "zfw -F" system call in start_ebpf_py.py to "zfw -F -r" to ensure that any ziti created loopback routes are also + cleared when restarting ziti-router. + # [0.5.6] - 2024-01-19 ### diff --git a/files/scripts/start_ebpf_router.py b/files/scripts/start_ebpf_router.py index a814e58..f8162e9 100755 --- a/files/scripts/start_ebpf_router.py +++ b/files/scripts/start_ebpf_router.py @@ -369,7 +369,7 @@ def set_local_rules(resolver): os.system("/opt/openziti/bin/user/user_rules.sh") else: print("ebpf already running!"); - os.system("/usr/sbin/zfw -F") + os.system("/usr/sbin/zfw -F -r") print("Flushed Table") for i in internal_list: if(not tc_status(i, "ingress")): diff --git a/src/zfw.c b/src/zfw.c index 697dcd6..d0f8236 100644 --- a/src/zfw.c +++ b/src/zfw.c @@ -152,7 +152,7 @@ char *tc_interface; char *log_file_name; char *object_file; char *direction_string; -const char *argp_program_version = "0.5.6"; +const char *argp_program_version = "0.5.7"; struct ring_buffer *ring_buffer; __u8 if_list[MAX_IF_LIST_ENTRIES]; From f39d64c977a269abc508d218d17d0a830a07264d Mon Sep 17 00:00:00 2001 From: r-caamano Date: Mon, 22 Jan 2024 17:27:02 +0000 Subject: [PATCH 2/2] Fixed issue with string parse condition and rmoved unuses sed statements from start_ebpf_router.py --- CHANGELOG.md | 2 ++ files/scripts/start_ebpf_router.py | 7 ++----- 2 files changed, 4 insertions(+), 5 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 9082ae2..2b9a9cb 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -10,6 +10,8 @@ All notable changes to this project will be documented in this file. The format -- Modified the "zfw -F" system call in start_ebpf_py.py to "zfw -F -r" to ensure that any ziti created loopback routes are also cleared when restarting ziti-router. +-- Removed deprecated sed entries in start_ebpf_router.py that are no longer required +-- Fixed inaccurate string parse check in start_ebpf_router.py set_local_rules() # [0.5.6] - 2024-01-19 diff --git a/files/scripts/start_ebpf_router.py b/files/scripts/start_ebpf_router.py index f8162e9..55d5379 100755 --- a/files/scripts/start_ebpf_router.py +++ b/files/scripts/start_ebpf_router.py @@ -190,14 +190,13 @@ def get_if_ip(intf): return "" def set_local_rules(resolver): - default_cidr = '0.0.0.0/0' default_ip = '0.0.0.0' default_mask = '0' - if(len(resolver.split('/'))): + if(len(resolver.split('/')) == 2): lan_ip = resolver.split('/')[0] lan_mask = '32' else: - lan_ip = default_cidr + lan_ip = default_ip lan_mask = default_mask add_edge_listener_rules(lan_ip, lan_mask) add_link_listener_rules(lan_ip, lan_mask) @@ -417,8 +416,6 @@ def set_local_rules(resolver): if(os.path.exists('/etc/systemd/system/ziti-router.service') and router_config): unconfigured = os.system("grep -r 'ExecStartPre\=\-\/opt/openziti\/bin\/start_ebpf_router.py' /etc/systemd/system/ziti-router.service") if(unconfigured): - os.system("sed -i 's/ExecStartPre\=\-\/opt\/netfoundry\/ebpf\/objects\/etables \-F \-r/#ExecStartPre\=-\/opt\/netfoundry\/ebpf\/objects\/etables \-F \-r/g' /etc/systemd/system/ziti-router.service") - os.system("sed -i 's/ExecStartPre\=\-\/opt\/netfoundry\/ebpf\/scripts\/tproxy_splicer_startup.sh/#ExecStartPre\=\-\/opt\/netfoundry\/ebpf\/scripts\/tproxy_splicer_startup.sh/g' /etc/systemd/system/ziti-router.service") test1 = 1 test1 = os.system("sed -i '/ExecStart=/i ExecStartPre\=\-\/opt\/openziti\/bin\/start_ebpf_router.py' /etc/systemd/system/ziti-router.service") if(not test1):