diff --git a/bpf/init.sh b/bpf/init.sh index 179743414dd1a..308ab7b6e97cc 100755 --- a/bpf/init.sh +++ b/bpf/init.sh @@ -103,8 +103,7 @@ function move_local_rules() function setup_proxy_rules() { - # Any packet from an ingress proxy uses a separate routing table that routes - # the packet back to the cilium host device. + # TODO(brb): remove $PROXY_RT_TABLE -related code in v1.15 from_ingress_rulespec="fwmark 0xA00/0xF00 pref 10 lookup $PROXY_RT_TABLE" # Any packet to an ingress or egress proxy uses a separate routing table @@ -118,27 +117,16 @@ function setup_proxy_rules() if [ -z "$(ip -4 rule list $to_proxy_rulespec)" ]; then ip -4 rule add $to_proxy_rulespec fi - if [ "$ENDPOINT_ROUTES" = "true" ]; then - if [ ! -z "$(ip -4 rule list $from_ingress_rulespec)" ]; then - ip -4 rule delete $from_ingress_rulespec - fi - else - if [ -z "$(ip -4 rule list $from_ingress_rulespec)" ]; then - ip -4 rule add $from_ingress_rulespec - fi - fi + + ip -4 rule delete $from_ingress_rulespec || true fi # Traffic to the host proxy is local ip route replace table $TO_PROXY_RT_TABLE local 0.0.0.0/0 dev lo - # Traffic from ingress proxy goes to Cilium address space via the cilium host device - if [ "$ENDPOINT_ROUTES" = "true" ]; then - ip route delete table $PROXY_RT_TABLE $IP4_HOST/32 dev $HOST_DEV1 2>/dev/null || true - ip route delete table $PROXY_RT_TABLE default via $IP4_HOST 2>/dev/null || true - else - ip route replace table $PROXY_RT_TABLE $IP4_HOST/32 dev $HOST_DEV1 - ip route replace table $PROXY_RT_TABLE default via $IP4_HOST - fi + + # The $PROXY_RT_TABLE is no longer in use, so delete it + ip route delete table $PROXY_RT_TABLE $IP4_HOST/32 dev $HOST_DEV1 2>/dev/null || true + ip route delete table $PROXY_RT_TABLE default via $IP4_HOST 2>/dev/null || true else ip -4 rule del $to_proxy_rulespec 2> /dev/null || true ip -4 rule del $from_ingress_rulespec 2> /dev/null || true