datapath/linux/routing: Fix replace rule to 0.0.0.0/0 for ENI

chapsuk · pchaigno · commit e3a93b184040 · 2024-09-25T12:30:36.000Z
Allows to use `ipv4-native-routing-cidr: 0.0.0.0/0` with ENI IPAM mode

Signed-off-by: Maxim Krasilnikov &lt;mak.krasilnikov@gmail.com&gt;
diff --git a/pkg/datapath/linux/routing/routing.go b/pkg/datapath/linux/routing/routing.go
@@ -88,11 +88,13 @@ func (info *RoutingInfo) Configure(ip net.IP, mtu int, compat bool, host bool) e
 	if info.Masquerade && info.IpamMode == ipamOption.IPAMENI {
 		// Lookup a VPC specific table for all traffic from an endpoint to the
 		// CIDR configured for the VPC on which the endpoint has the IP on.
+		// ReplaceRule function doesn't handle all zeros cidr and return `file exists` error,
+		// so we need to normalize the rule to cidr here and in Delete
 		for _, cidr := range info.IPv4CIDRs {
 			if err := route.ReplaceRule(route.Rule{
 				Priority: egressPriority,
 				From:     &ipWithMask,
-				To:       &cidr,
+				To:       normalizeRuleToCIDR(&cidr),
 				Table:    tableID,
 				Protocol: linux_defaults.RTProto,
 			}); err != nil {
@@ -206,7 +208,7 @@ func Delete(ip netip.Addr, compat bool) error {
 			egress := route.Rule{
 				Priority: priority,
 				From:     ipWithMask,
-				To:       cidr,
+				To:       normalizeRuleToCIDR(cidr),
 			}
 			if err := deleteRule(egress); err != nil {
 				return fmt.Errorf("unable to delete egress rule with ip %s: %w", ipWithMask.String(), err)
@@ -314,3 +316,11 @@ func retrieveIfIndexFromMAC(mac mac.MAC, mtu int) (int, error) {
 func computeTableIDFromIfaceNumber(num int) int {
 	return linux_defaults.RouteTableInterfacesOffset + num
 }
+
+// normalizeRuleToCIDR returns nil when passed cidr is zeroes only cidr
+func normalizeRuleToCIDR(cidr *net.IPNet) *net.IPNet {
+	if cidr.IP.IsUnspecified() {
+		return nil
+	}
+	return cidr
+}
diff --git a/pkg/datapath/linux/routing/routing_test.go b/pkg/datapath/linux/routing/routing_test.go
@@ -30,7 +30,7 @@ func TestConfigure(t *testing.T) {
 
 	ns1 := netns.NewNetNS(t)
 	ns1.Do(func() error {
-		ip, ri := getFakes(t, true)
+		ip, ri := getFakes(t, true, false)
 		masterMAC := ri.MasterIfMAC
 		ifaceCleanup := createDummyDevice(t, masterMAC)
 		defer ifaceCleanup()
@@ -41,7 +41,22 @@ func TestConfigure(t *testing.T) {
 
 	ns2 := netns.NewNetNS(t)
 	ns2.Do(func() error {
-		ip, ri := getFakes(t, false)
+		ip, ri := getFakes(t, false, false)
+		masterMAC := ri.MasterIfMAC
+		ifaceCleanup := createDummyDevice(t, masterMAC)
+		defer ifaceCleanup()
+
+		runConfigureThenDelete(t, ri, ip, 1500)
+		return nil
+	})
+}
+
+func TestConfigureZeros(t *testing.T) {
+	setupLinuxRoutingSuite(t)
+
+	ns1 := netns.NewNetNS(t)
+	ns1.Do(func() error {
+		ip, ri := getFakes(t, true, true)
 		masterMAC := ri.MasterIfMAC
 		ifaceCleanup := createDummyDevice(t, masterMAC)
 		defer ifaceCleanup()
@@ -54,7 +69,7 @@ func TestConfigure(t *testing.T) {
 func TestConfigureRouteWithIncompatibleIP(t *testing.T) {
 	setupLinuxRoutingSuite(t)
 
-	_, ri := getFakes(t, true)
+	_, ri := getFakes(t, true, false)
 	ipv6 := netip.MustParseAddr("fd00::2").AsSlice()
 	err := ri.Configure(ipv6, 1500, false, false)
 	require.Error(t, err)
@@ -73,7 +88,7 @@ func TestDeleteRouteWithIncompatibleIP(t *testing.T) {
 func TestDelete(t *testing.T) {
 	setupLinuxRoutingSuite(t)
 
-	fakeIP, fakeRoutingInfo := getFakes(t, true)
+	fakeIP, fakeRoutingInfo := getFakes(t, true, false)
 	masterMAC := fakeRoutingInfo.MasterIfMAC
 
 	tests := []struct {
@@ -235,7 +250,8 @@ func createDummyDevice(t *testing.T, macAddr mac.MAC) func() {
 
 // getFakes returns a fake IP simulating an Endpoint IP and RoutingInfo as test harnesses.
 // To create routing info with a list of CIDRs which the interface has access to, set withCIDR parameter to true
-func getFakes(t *testing.T, withCIDR bool) (netip.Addr, RoutingInfo) {
+// If withZeroCIDR is also set to true, the function will use the "0.0.0.0/0" CIDR block instead of other CIDR blocks.
+func getFakes(t *testing.T, withCIDR bool, withZeroCIDR bool) (netip.Addr, RoutingInfo) {
 	fakeGateway := netip.MustParseAddr("192.168.2.1")
 	fakeSubnet1CIDR := netip.MustParsePrefix("192.168.0.0/16")
 	fakeSubnet2CIDR := netip.MustParsePrefix("192.170.0.0/16")
@@ -245,9 +261,13 @@ func getFakes(t *testing.T, withCIDR bool) (netip.Addr, RoutingInfo) {
 
 	var fakeRoutingInfo *RoutingInfo
 	if withCIDR {
+		cidrs := []string{fakeSubnet1CIDR.String(), fakeSubnet2CIDR.String()}
+		if withZeroCIDR {
+			cidrs = []string{"0.0.0.0/0"}
+		}
 		fakeRoutingInfo, err = parse(
 			fakeGateway.String(),
-			[]string{fakeSubnet1CIDR.String(), fakeSubnet2CIDR.String()},
+			cidrs,
 			fakeMAC.String(),
 			"1",
 			ipamOption.IPAMENI,
