kedge/internal/cni/tunnel.go

package cni

import (
	"fmt"
	"net"

	"github.com/vishvananda/netlink"

	"github.com/guildhouse-co/kedge/internal/topology"
)

// attachOverlayRoutes programs routes on the host to direct overlay-destined
// traffic from the veth through the WireGuard tunnel interface.
func attachOverlayRoutes(hostVeth string, routes []SubnetRoute, topo *topology.MeshTopology) error {
	if len(routes) == 0 {
		return nil
	}

	for _, route := range routes {
		tunnelIfName := route.Via // e.g., "wg0"
		tunnelLink, err := netlink.LinkByName(tunnelIfName)
		if err != nil {
			return fmt.Errorf("tunnel interface %s not found for route %s: %w", tunnelIfName, route.Dst, err)
		}

		_, dst, err := net.ParseCIDR(route.Dst)
		if err != nil {
			return fmt.Errorf("invalid overlay CIDR %s: %w", route.Dst, err)
		}

		// Add route on host: dst → tunnel interface.
		r := &netlink.Route{
			LinkIndex: tunnelLink.Attrs().Index,
			Dst:       dst,
		}
		if err := netlink.RouteReplace(r); err != nil {
			return fmt.Errorf("failed to add overlay route %s via %s: %w", route.Dst, tunnelIfName, err)
		}
	}

	return nil
}