sbr: Move source interface rule creation out of ipCfg loop

The outbound interface rule does not reference anything from ipCfg so should not be in the loop. Signed-off-by: Neil Cook <[email protected]>
containernetworking · Mar 4, 2025 · 299385f · 299385f
1 parent 421da89
commit 299385f
Showing 1 changed file with 12 additions and 11 deletions.
diff --git a/plugins/meta/sbr/main.go b/plugins/meta/sbr/main.go
@@ -259,17 +259,6 @@ func doRoutes(ipCfgs []*current.IPConfig, iface string) error {
 			return fmt.Errorf("Failed to add src rule: %v", err)
 		}
 
-		// Only add an interface rule if there is 1 IP address configured on the interface
-		if len(ipCfgs) == 1 {
-			interfaceRule := netlink.NewRule()
-			interfaceRule.Table = table
-			log.Printf("Interface to use %s", iface)
-			interfaceRule.OifName = iface
-
-			if err = netlink.RuleAdd(interfaceRule); err != nil {
-				return fmt.Errorf("Failed to add interface rule: %v", err)
-			}
-		}
 		// Add a default route, since this may have been removed by previous
 		// plugin.
 		if ipCfg.Gateway != nil {
@@ -330,6 +319,18 @@ func doRoutes(ipCfgs []*current.IPConfig, iface string) error {
 		table = getNextTableID(rules, routes, table)
 	}
 
+	// Add an interface rule, only if there is a single IP address configured on the interface
+	if len(ipCfgs) == 1 {
+		interfaceRule := netlink.NewRule()
+		interfaceRule.Table = table
+		log.Printf("Interface to use %s", iface)
+		interfaceRule.OifName = iface
+
+		if err = netlink.RuleAdd(interfaceRule); err != nil {
+			return fmt.Errorf("Failed to add interface rule: %v", err)
+		}
+	}
+
 	// Delete all the interface routes in the default routing table, which were
 	// copied to source based routing tables.
 	// Not deleting them while copying to accommodate for multiple ipCfgs from