Avoid losing system originated unsafe routes on reload (#1573)

2026-01-21 03:51:33 -08:00 · 2026-01-15 13:48:17 -06:00 · 2026-01-15 13:48:17 -06:00 · ac3bd9cdd0
commit ac3bd9cdd0
parent 88379b89f5
1 changed files with 17 additions and 0 deletions
--- a/overlay/tun_linux.go
+++ b/overlay/tun_linux.go
@ -10,6 +10,7 @@ import (
 	"net/netip"
 	"os"
 	"strings"
+	"sync"
 	"sync/atomic"
 	"time"
 	"unsafe"
@ -40,6 +41,11 @@ type tun struct {
 	useSystemRoutes           bool
 	useSystemRoutesBufferSize int

+	// These are routes learned from `tun.use_system_route_table`
+	// stored here to make it easier to restore them after a reload
+	routesFromSystem     map[netip.Prefix]routing.Gateways
+	routesFromSystemLock sync.Mutex
+
 	l *logrus.Logger
 }

@ -164,6 +170,13 @@ func (t *tun) reload(c *config.C, initial bool) error {
 		return err
 	}

+	// Bring along any routes learned from the system route table on reload
+	t.routesFromSystemLock.Lock()
+	for dst, gw := range t.routesFromSystem {
+		routeTree.Insert(dst, gw)
+	}
+	t.routesFromSystemLock.Unlock()
+
 	oldDefaultMTU := t.DefaultMTU
 	oldMaxMTU := t.MaxMTU
 	newDefaultMTU := c.GetInt("tun.mtu", DefaultMTU)
@ -673,14 +686,18 @@ func (t *tun) updateRoutes(r netlink.RouteUpdate) {

 	newTree := t.routeTree.Load().Clone()

+	t.routesFromSystemLock.Lock()
 	if r.Type == unix.RTM_NEWROUTE {
 		t.l.WithField("destination", dst).WithField("via", gateways).Info("Adding route")
+		t.routesFromSystem[dst] = gateways
 		newTree.Insert(dst, gateways)

 	} else {
 		t.l.WithField("destination", dst).WithField("via", gateways).Info("Removing route")
+		delete(t.routesFromSystem, dst)
 		newTree.Delete(dst)
 	}
+	t.routesFromSystemLock.Unlock()
 	t.routeTree.Store(newTree)
 }