extern/netbird
1
0
Fork 0
mirror of https://github.com/netbirdio/netbird.git synced 2024-11-21 23:53:14 +01:00
Code Issues Packages Projects Releases Wiki Activity

[client] Remove legacy forwarding rules in userspace mode (#2782)

Browse Source
This commit is contained in:
Viktor Liu 2024-10-28 12:29:29 +01:00 committed by GitHub
parent 46e37fa04c
commit 940f8b4547
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
4 changed files with 11 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
client/firewall/iptables/router_linux.go
View File

@ -296,6 +296,8 @@ func (r *router) RemoveAllLegacyRouteRules() error {
} }
if err := r.iptablesClient.DeleteIfExists(tableFilter, chainRTFWD, rule...); err != nil { if err := r.iptablesClient.DeleteIfExists(tableFilter, chainRTFWD, rule...); err != nil {
merr = multierror.Append(merr, fmt.Errorf("remove legacy forwarding rule: %v", err)) merr = multierror.Append(merr, fmt.Errorf("remove legacy forwarding rule: %v", err))
} else {
delete(r.rules, k)
} }
} }

18
client/firewall/nftables/manager_linux.go
View File

@ -230,23 +230,7 @@ func (m *Manager) AllowNetbird() error {
// SetLegacyManagement sets the route manager to use legacy management // SetLegacyManagement sets the route manager to use legacy management
func (m *Manager) SetLegacyManagement(isLegacy bool) error { func (m *Manager) SetLegacyManagement(isLegacy bool) error {
oldLegacy := m.router.legacyManagement return firewall.SetLegacyManagement(m.router, isLegacy)
if oldLegacy != isLegacy {
m.router.legacyManagement = isLegacy
log.Debugf("Set legacy management to %v", isLegacy)
}
// client reconnected to a newer mgmt, we need to cleanup the legacy rules
if !isLegacy && oldLegacy {
if err := m.router.RemoveAllLegacyRouteRules(); err != nil {
return fmt.Errorf("remove legacy routing rules: %v", err)
}
log.Debugf("Legacy routing rules removed")
}
return nil
} }
// Reset firewall to the default state // Reset firewall to the default state

3
client/firewall/nftables/router_linux.go
View File

@ -551,7 +551,10 @@ func (r *router) RemoveAllLegacyRouteRules() error {
} }
if err := r.conn.DelRule(rule); err != nil { if err := r.conn.DelRule(rule); err != nil {
merr = multierror.Append(merr, fmt.Errorf("remove legacy forwarding rule: %v", err)) merr = multierror.Append(merr, fmt.Errorf("remove legacy forwarding rule: %v", err))
} else {
delete(r.rules, k)
} }
} }
return nberrors.FormatErrorOrNil(merr) return nberrors.FormatErrorOrNil(merr)
} }

7
client/firewall/uspfilter/uspfilter.go
View File

@ -237,8 +237,11 @@ func (m *Manager) DeletePeerRule(rule firewall.Rule) error {
} }
// SetLegacyManagement doesn't need to be implemented for this manager // SetLegacyManagement doesn't need to be implemented for this manager
func (m *Manager) SetLegacyManagement(_ bool) error { func (m *Manager) SetLegacyManagement(isLegacy bool) error {
return nil if m.nativeFirewall == nil {
return errRouteNotSupported
}
return m.nativeFirewall.SetLegacyManagement(isLegacy)
} }
// Flush doesn't need to be implemented for this manager // Flush doesn't need to be implemented for this manager