-
Notifications
You must be signed in to change notification settings - Fork 16
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Linux: Manage routes in a routing table dedicated to ZET. #892
base: main
Are you sure you want to change the base?
Conversation
b069d8b
to
70b0a69
Compare
This change has ZET preferring to manage routes in route table 90 (the decimal code for 'Z'). Rules are configured within the route policy database to utilize the ZET routing table. The rule has preference 23141 (The decimal code for 'Ze'). Excluded routes are managed using the 'throw' route type. When a matching throw route is encountered, the route lookup process immediately terminates, and the routing process proceeds to the next policy rule with lower priority. |
d1bee89
to
c645395
Compare
35c9126
to
9b864ff
Compare
Signed-off-by: Tom Carroll <[email protected]>
6d7251e
to
9b7f884
Compare
Resolve interface differences between `iproute2` and `BusyBox` related to ip-rule behavior by implementing a minimal rtnetlink library. This enables direct management of rule insertion into the Routing Policy Database (RPDB). Signed-off-by: Tom Carroll <[email protected]>
ZET routes are managed in a dedicated routing table, distinct from `main` and `default`. The routing policy database is configured to prefer the routes managed in the ZET table over those stored in the main and default routing tables. This approach provides isolation, and thus additional security for ZET routes. Signed-off-by: Tom Carroll <[email protected]> Remove bypass. Squash with second. Signed-off-by: Tom Carroll <[email protected]> Use rtnetlink Signed-off-by: Tom Carroll <[email protected]>
Override `tls_uv`'s `tlsuv_socket` function to set the `SO_MARK` option on the created socket. Signed-off-by: Tom Carroll <[email protected]>
Introduces a customizable hook to allow overriding the default socket creation process for `hosted` sockets. Signed-off-by: Tom Carroll <[email protected]>
Implements setting the SO_MARK option for sockets designated for the `hosted` services. Signed-off-by: Tom Carroll <[email protected]>
9b7f884
to
78fa829
Compare
Linux has the capability to support multiple routing tables. So let's manage ZET routes in a dedicated routing table, distinct from main and default. The routing policy database is configured to prefer the routes managed in the ZET table over those stored in the main and default routing tables. This approach provides isolation, and thus additional security for ZET routes.
This serves two purposes: