Merge pull request #89 from netfoundry/v0.9.8-release-candidate

Modified startup scripts for router and controller deployments

Author: r-caamano

CHANGELOG.md

@@ -5,6 +5,13 @@ All notable changes to this project will be documented in this file. The format
 ---
 ###
 
+# [0.9.8] - 2025-2-4
+
+- Modified start_ebpf_router.py and start_ebpf_controller.py scripts so that if the user_rules.sh file
+  exists it can override the default port settings set based on the respective config file.
+  
+###
+
 # [0.9.7] - 2024-12-16
 
 - added debug option to the pr worklow for checking version tested

files/scripts/start_ebpf_controller.py

@@ -377,7 +377,7 @@ def set_local_rules(ip):
 else:
     print("Missing /opt/openziti/etc/ebpf_config.json can't set ebpf interface config")
     sys.exit(1)
-
+lanIp = get_if_ip(lanIf)
 ingress_object_file = '/opt/openziti/bin/zfw_tc_ingress.o'
 egress_object_file = '/opt/openziti/bin/zfw_tc_outbound_track.o'
 status = subprocess.run(['/opt/openziti/bin/zfw', '-L', '-E'], stdout=subprocess.DEVNULL, stderr=subprocess.DEVNULL)
@@ -427,6 +427,9 @@ def set_local_rules(ip):
                     continue
                 else:
                     print("Attached " + egress_object_file + " to " + e)
+    
+    if(len(lanIp)):
+        set_local_rules(lanIp)
     if(os.path.exists("/opt/openziti/bin/user/user_rules.sh")):
         print("Adding user defined rules")
         os.system("/opt/openziti/bin/user/user_rules.sh")
@@ -470,6 +473,8 @@ def set_local_rules(ip):
                     print("Cant attach " + e + " to tc egress with " + egress_object_file)
                 else:
                     print("Attached " + egress_object_file + " to " + e)
+    if(len(lanIp)):
+        set_local_rules(lanIp)
     if(os.path.exists("/opt/openziti/bin/user/user_rules.sh")):
         print("Adding user defined rules!")
         os.system("/opt/openziti/bin/user/user_rules.sh")

files/scripts/start_ebpf_router.py

@@ -317,7 +317,7 @@ def set_local_rules(resolver):
 else:
     print("Missing /opt/openziti/etc/ebpf_config.json can't set ebpf interface config")
     sys.exit(1)
-
+resolver = get_if_ip(lanIf)
 ingress_object_file = '/opt/openziti/bin/zfw_tc_ingress.o'
 egress_object_file = '/opt/openziti/bin/zfw_tc_outbound_track.o'
 status = subprocess.run(['/opt/openziti/bin/zfw', '-L', '-E'], stdout=subprocess.DEVNULL, stderr=subprocess.DEVNULL)
@@ -365,6 +365,8 @@ def set_local_rules(resolver):
                     continue
                 else:
                     print("Attached " + egress_object_file + " to " + e)
+    if(len(resolver)):
+        set_local_rules(resolver)
     if(os.path.exists("/opt/openziti/bin/user/user_rules.sh")):
         print("Adding user defined rules")
         os.system("/opt/openziti/bin/user/user_rules.sh")
@@ -408,13 +410,12 @@ def set_local_rules(resolver):
                     print("Cant attach " + e + " to tc egress with " + egress_object_file)
                 else:
                     print("Attached " + egress_object_file + " to " + e)
+    if(len(resolver)):
+        set_local_rules(resolver)
     if(os.path.exists("/opt/openziti/bin/user/user_rules.sh")):
         print("Adding user defined rules!")
         os.system("/opt/openziti/bin/user/user_rules.sh")
 
-resolver = get_if_ip(lanIf)
-if(len(resolver)):
-    set_local_rules(resolver)
 if(os.path.exists('/etc/systemd/system/ziti-router.service') and router_config):
     unconfigured = os.system("grep -r 'ExecStartPre\=\-\/opt/openziti\/bin\/start_ebpf_router.py' /etc/systemd/system/ziti-router.service")
     if(unconfigured):

src/zfw.c

@@ -263,7 +263,7 @@ char *direction_string;
 char *masq_interface;
 char check_alt[IF_NAMESIZE];
 
-const char *argp_program_version = "0.9.7";
+const char *argp_program_version = "0.9.8";
 struct ring_buffer *ring_buffer;
 
 __u32 if_list[MAX_IF_LIST_ENTRIES];

src/zfw_monitor.c

@@ -87,7 +87,7 @@ char check_alt[IF_NAMESIZE];
 char doc[] = "zfw_monitor -- ebpf firewall monitor tool";
 const char *rb_map_path = "/sys/fs/bpf/tc/globals/rb_map";
 const char *tproxy_map_path = "/sys/fs/bpf/tc/globals/zt_tproxy_map";
-const char *argp_program_version = "0.9.7";
+const char *argp_program_version = "0.9.8";
 union bpf_attr rb_map;
 int rb_fd = -1;