-
Notifications
You must be signed in to change notification settings - Fork 784
Description
First off, thanks for putting together this library! kube-router has been benefiting from it for quite a while now!
While leaning deeper into using this library, I noticed that RuleListFiltered doesn't appear to work when attempting to filter by Src (RT_FILTER_SRC) or Dst (RT_FILTER_DST). After looking around a bit, it seems like when these are set to a default route (0.0.0.0/0
or ::/0
), the netlink user-space returns a nil value for these attributes.
Additionally, I noticed that this appears to be at least a little expected by the library as the String()
function actually has special handling for nil values and converts them to all
: https://github.com/vishvananda/netlink/blob/main/rule.go#L35C1-L43C3
Anyway, I was working around this upstream, by applying special handling to filtered requests where the filter of rule.Src
represents a default route and it occurred to me that I ought to check to see if there was interest from this project in just upstreaming the work and potentially fixing this for all users of the library.
So I guess my questions are as follows:
- Is what I mentioned here expected functionality? Or should it be considered a bug with the way the library integrates with the netlink userspace?
- If it is expected functionality, would there be interest in me submitting a PR that would attempt to fix filtering by checking to see if the Src or Dst filter represents a default route and then matching against a nil value?
Activity
aauren commentedon May 6, 2025
If it helps, I've created a little test snippet that shows the problem:
When run the output looks as follows:
The output of
ip rule list
after running the above test is:$ ip rule list 0: from all lookup local 32765: from all lookup kube-router-external 32765: from 127.0.0.99 lookup kube-router-external 32766: from all lookup main 32767: from all lookup default
As you can see, when the rule source is set to
0.0.0.0/0
it will get added, but afterwards is still not found whenRuleListFiltered
runs again. However, when the source is set to something other than the default route, then it finds the route as intended.fix: add proper nil rule src handling
fix: add proper nil rule src handling
fix: add proper nil rule src handling
fix: add proper nil rule src handling