Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[client] Set up sysctl and routing table name only if routing rules are available #2933

Merged
merged 1 commit into from
Nov 25, 2024
Merged

[client] Set up sysctl and routing table name only if routing rules are available #2933

merged 1 commit into from
Nov 25, 2024

Conversation

lixmal
Copy link
Contributor

@lixmal lixmal commented Nov 22, 2024
edited
Loading

Describe your changes

	rules := getSetupRules()
	for _, rule := range rules {
		if err := addRule(rule); err != nil {
			if errors.Is(err, syscall.EOPNOTSUPP) {
				log.Warnf("Rule operations are not supported, falling back to the legacy routing setup")
				setIsLegacy(true)
				return r.setupRefCounter(initAddresses, stateManager)
			}
			return nil, nil, fmt.Errorf("%s: %w", rule.description, err)
		}
	}

This code could fall back to the exclusion route setup in which case we never clean up previously set up sysctl opts. This PR moves the sysctl setup to after the fallback detection

Issue ticket number and link

Checklist

  • Is it a bug fix
  • Is a typo/documentation fix
  • Is a feature enhancement
  • It is a refactor
  • Created tests that fail without the change (if possible)
  • Extended the README / documentation, if necessary

@sonarqubecloud SonarQubeCloud
Copy link

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@lixmal lixmal merged commit f1625b3 into main Nov 25, 2024
21 checks passed
@lixmal lixmal deleted the sysctl-after-fallback branch November 25, 2024 14:12
hurricanehrndz added a commit to hurricanehrndz/netbird that referenced this pull request Nov 29, 2024
@hurricanehrndz
Merge remote-tracking branch 'upstream/main' into poc_DNS_on_peer_sta…
5d12e64 
…te_change

* upstream/main: (55 commits)
  [client] Account different policiy rules for routes firewall rules (netbirdio#2939)
  Add guide when signing key is not found (netbirdio#2942)
  [tests] Enable benchmark tests on github actions (netbirdio#2961)
  [management] Add performance test for login and sync calls (netbirdio#2960)
  [management] refactor to use account object instead of separate db calls for peer update (netbirdio#2957)
  [client] Code cleaning in net pkg and fix exit node feature on Android(netbirdio#2932)
  [management] Refactor nameserver groups to use store methods (netbirdio#2888)
  [management] Refactor DNS settings to use store methods (netbirdio#2883)
  [management] Refactor policy to use store methods (netbirdio#2878)
  [management] Refactor posture check to use store methods (netbirdio#2874)
  [client] Allow routing to fallback to exclusion routes if rules are not supported (netbirdio#2909)
  [client] Set up sysctl and routing table name only if routing rules are available (netbirdio#2933)
  [client] Test nftables for incompatible iptables rules (netbirdio#2948)
  [client] Don't return error in userspace mode without firewall (netbirdio#2924)
  Import time package (netbirdio#2940)
  [misc] Renew slack link (netbirdio#2938)
  [relay] Refactor initial Relay connection (netbirdio#2800)
  [management] Fix getSetupKey call (netbirdio#2927)
  [client] Fix allow netbird rule verdict (netbirdio#2925)
  [management] Add activity events to group propagation flow (netbirdio#2916)
  ...
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@pappz pappz pappz approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@lixmal @pappz