in pkg/config/config_policy_routing.go [76:218]
func init() {
f := func(ip net.IP) (linkIndex int, netdev string, gw net.IP) {
routes, err := netlink.RouteGet(ip)
if err != nil {
glog.Errorf("failed to get route for IP: %v (%v)", ip, err)
return
}
gw = routes[0].Gw
linkIndex = routes[0].LinkIndex
l, err := netlink.LinkByIndex(linkIndex)
if err != nil {
glog.Errorf("failed to get the link by index: %v (%v)", linkIndex, err)
}
netdev = l.Attrs().Name
return
}
defaultLinkIndex, defaultNetdev, defaultGateway = f(net.IPv4(8, 8, 8, 8))
_, localNetdev, _ = f(net.IPv4(127, 0, 0, 1))
sysctlReversePathFilter := fmt.Sprintf("net.ipv4.conf.%s.rp_filter", defaultNetdev)
hairpinMaskStr := fmt.Sprintf("0x%x", hairpinMask)
PolicyRoutingConfigSet.Configs = []Config{
SysctlConfig{
Key: sysctlReversePathFilter,
Value: "2",
DefaultValue: "1",
SysctlFunc: sysctl.Sysctl,
},
IPTablesRuleConfig{
IPTablesChainSpec{
TableName: tableMangle,
ChainName: gcpPreRoutingChain,
IsDefaultChain: false,
IPT: ipt,
},
[]IPTablesRuleSpec{
[]string{
"-j", "CONNMARK", "--restore-mark", "--nfmask", hairpinMaskStr, "--ctmask", hairpinMaskStr,
"-m", "comment", "--comment", policyRoutingGcpPreRoutingComment,
},
},
ipt,
},
IPTablesRuleConfig{
IPTablesChainSpec{
TableName: tableMangle,
ChainName: preRoutingChain,
IsDefaultChain: true,
IPT: ipt,
},
[]IPTablesRuleSpec{
[]string{"-j", gcpPreRoutingChain, "-m", "comment", "--comment", policyRoutingPreRoutingComment},
},
ipt,
},
IPTablesRuleConfig{
IPTablesChainSpec{
TableName: tableMangle,
ChainName: gcpPostRoutingChain,
IsDefaultChain: false,
IPT: ipt,
},
[]IPTablesRuleSpec{
[]string{"-m", "mark", "--mark",
fmt.Sprintf("0x%x/0x%x", hairpinMark, hairpinMask),
"-j", "CONNMARK", "--save-mark", "--nfmask", hairpinMaskStr, "--ctmask", hairpinMaskStr, "-m",
"comment", "--comment", policyRoutingGcpPostRoutingComment},
},
ipt,
},
IPTablesRuleConfig{
IPTablesChainSpec{
TableName: tableMangle,
ChainName: postRoutingChain,
IsDefaultChain: true,
IPT: ipt,
},
[]IPTablesRuleSpec{
[]string{"-j", gcpPostRoutingChain, "-m", "comment", "--comment", policyRoutingPostRoutingComment},
},
ipt,
},
IPRouteConfig{
Route: netlink.Route{
Table: customRouteTable,
LinkIndex: defaultLinkIndex,
Gw: defaultGateway,
Dst: nil,
},
RouteAdd: netlink.RouteAdd,
RouteDel: netlink.RouteDel,
},
IPRuleConfig{
Rule: netlink.Rule{
Mark: hairpinMark,
Mask: hairpinMask,
Table: unix.RT_TABLE_MAIN,
Priority: hairpinRulePriority,
SuppressIfgroup: -1,
SuppressPrefixlen: -1,
Goto: -1,
Flow: -1,
},
RuleAdd: netlink.RuleAdd,
RuleDel: netlink.RuleDel,
RuleList: netlink.RuleList,
},
IPRuleConfig{
Rule: netlink.Rule{
IifName: localNetdev,
Table: unix.RT_TABLE_MAIN,
Priority: localRulePriority,
SuppressIfgroup: -1,
SuppressPrefixlen: -1,
Mark: -1,
Mask: -1,
Goto: -1,
Flow: -1,
},
RuleAdd: netlink.RuleAdd,
RuleDel: netlink.RuleDel,
RuleList: netlink.RuleList,
},
IPRuleConfig{
Rule: netlink.Rule{
IifName: defaultNetdev,
Invert: true,
Table: customRouteTable,
Priority: policyRoutingRulePriority,
SuppressIfgroup: -1,
SuppressPrefixlen: -1,
Mark: -1,
Mask: -1,
Goto: -1,
Flow: -1,
},
RuleAdd: netlink.RuleAdd,
RuleDel: netlink.RuleDel,
RuleList: netlink.RuleList,
},
}
}