fix(ip rule): use NewRule() for all rule creations

It has proven to be tricky to insert new rules without calling the
designated NewRule() function from the netlink library. Usually attempts
will fail with an operation not supported message.

This improves the reliability of rule insertion.

Author: aauren

pkg/controllers/proxy/linux_networking.go

@@ -566,11 +566,12 @@ func (ln *linuxNetworking) setupRoutesForExternalIPForDSR(serviceInfoMap service
 				"error please report because something has gone very wrong) due to: %v", err)
 		}
 
-		nRule := &netlink.Rule{
-			Priority: defaultDSRPolicyRulePriority,
-			Src:      defaultPrefixCIDR,
-			Table:    externalIPRouteTableID,
-		}
+		nRule := netlink.NewRule()
+		nRule.Family = nFamily
+		nRule.Priority = defaultDSRPolicyRulePriority
+		nRule.Src = defaultPrefixCIDR
+		nRule.Table = externalIPRouteTableID
+
 		rules, err := netlink.RuleListFiltered(nFamily, nRule,
 			netlink.RT_FILTER_TABLE|netlink.RT_FILTER_SRC|netlink.RT_FILTER_PRIORITY)
 		if err != nil {
@@ -581,10 +582,10 @@ func (ln *linuxNetworking) setupRoutesForExternalIPForDSR(serviceInfoMap service
 		if len(rules) < 1 {
 			err = netlink.RuleAdd(nRule)
 			if err != nil {
-				klog.Infof("Failed to add policy rule `ip rule add prio 32765 from all lookup external_ip` due to %v",
-					err)
-				return fmt.Errorf("failed to add policy rule `ip rule add prio 32765 from all lookup external_ip` "+
-					"due to %v", err)
+				klog.Infof("Failed to add policy rule (equivalent to `ip rule add prio %d from %s lookup "+
+					"%d`) due to %v", defaultDSRPolicyRulePriority, defaultPrefixCIDR, externalIPRouteTableID, err)
+				return fmt.Errorf("failed to add policy rule (equivalent to `ip rule add prio %d from %s lookup "+
+					"%d`) due to %v", defaultDSRPolicyRulePriority, defaultPrefixCIDR, externalIPRouteTableID, err)
 			}
 		}
 

pkg/controllers/proxy/network_services_controller.go

@@ -1747,11 +1747,10 @@ func routeVIPTrafficToDirector(fwmark string, family v1.IPFamily) error {
 		return fmt.Errorf("failed to convert fwmark to uint32: %v", err)
 	}
 
-	nRule := &netlink.Rule{
-		Mark:     uFWMark,
-		Table:    customDSRRouteTableID,
-		Priority: defaultTrafficDirectorRulePriority,
-	}
+	nRule := netlink.NewRule()
+	nRule.Mark = uFWMark
+	nRule.Table = customDSRRouteTableID
+	nRule.Priority = defaultTrafficDirectorRulePriority
 
 	routes, err := netlink.RuleListFiltered(nFamily, nRule, netlink.RT_FILTER_MARK|netlink.RT_FILTER_TABLE)
 	if err != nil {

pkg/routes/pbr.go

@@ -46,11 +46,11 @@ func ipRuleAbstraction(ipFamily int, ipOp int, cidr string) error {
 		return fmt.Errorf("failed to parse CIDR: %s", err.Error())
 	}
 
-	nRule := &netlink.Rule{
-		Family: ipFamily,
-		Src:    nSrc,
-		Table:  CustomTableID,
-	}
+	nRule := netlink.NewRule()
+	nRule.Family = ipFamily
+	nRule.Src = nSrc
+	nRule.Table = CustomTableID
+
 	rules, err := netlink.RuleListFiltered(ipFamily, nRule, netlink.RT_FILTER_SRC)
 	if err != nil {
 		return fmt.Errorf("failed to list rules: %s", err.Error())