netfoundry · r-caamano · Jan 29, 2024 · Jan 29, 2024
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -3,6 +3,15 @@
 All notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
 ---
+# [0.5.8] - 2024-01-28
+
+###
+
+-- Modified start_ebpf_router to include a conditional when adding the rules for the ziti-router resolver. 
+   If the ip address of the ziti-router's resolver in the config.yml is set to 100.127.255.254 which is the 
+   ip that NetFoundry uses when setting up AWS Gateway load balancing the -r option is now added in order to 
+   automatically assign the address back to the loopback.  This change was required due to the addition of the -r flag in the zfw -F -r command used to ensure all ziti zfw rules/routes are deleted before restarting ziti-router.service. 
+
 
 # [0.5.7] - 2024-01-21
 

diff --git a/files/scripts/start_ebpf_router.py b/files/scripts/start_ebpf_router.py
@@ -110,7 +110,11 @@ def add_resolver_rules():
                                                 lan_ip = addr_array[1].split('//')[1]
                                                 if((int(port) > 0)):
                                                     os.system('/opt/openziti/bin/zfw -I -c ' + lan_ip + ' -m ' + lan_mask + ' -l ' + port + ' -h ' + port + ' -t 0  -p tcp')
-                                                    os.system('/opt/openziti/bin/zfw -I -c ' + lan_ip + ' -m ' + lan_mask + ' -l ' + port + ' -h ' + port + ' -t 0  -p udp')
+                                                    if(lan_ip == '100.127.255.254'):
+                                                        #special case for NF AWS Gateway loadbalance via DNS over GENEVE using 100.127.255.254 on loopback so add route on loopback
+                                                        os.system('/opt/openziti/bin/zfw -I -c ' + lan_ip + ' -m ' + lan_mask + ' -l ' + port + ' -h ' + port + ' -t 0  -p udp -r')
+                                                    else:
+                                                        os.system('/opt/openziti/bin/zfw -I -c ' + lan_ip + ' -m ' + lan_mask + ' -l ' + port + ' -h ' + port + ' -t 0  -p udp')
                                             except Exception as e:
                                                 print(e)
                                                 pass

diff --git a/src/zfw.c b/src/zfw.c
@@ -152,7 +152,7 @@ char *tc_interface;
 char *log_file_name;
 char *object_file;
 char *direction_string;
-const char *argp_program_version = "0.5.7";
+const char *argp_program_version = "0.5.8";
 struct ring_buffer *ring_buffer;
 
 __u8 if_list[MAX_IF_LIST_ENTRIES];