infra: override default route when running in a netns

[rjarry]

When grout runs inside a k8s pod, the default route installed by k8s has priority over grout's own default route (which uses metric UINT32_MAX). This causes TCP connections to fail over grout.

Detect when grout is running in a network namespace by comparing /proc/self/ns/net and /proc/1/ns/net inodes, and by checking if PID 1 is a known host init process (systemd, init, openrc-init). When a netns is detected (or forced via -n), install the default route with metric 0 and NLM_F_REPLACE to take over the existing one.

Link: #625

Overview

Adds automatic detection and handling of network namespaces to override the default route with metric 0 and NLM_F_REPLACE flag, addressing TCP connection failures when grout runs in Kubernetes pods where the default route has higher priority than grout's UINT32_MAX metric default route.

Changes

Network namespace detection (main/main.c)

• Implements is_in_netns() that compares inodes of /proc/self/ns/net and /proc/1/ns/net; if different, grout is in a distinct network namespace. When inodes match, further checks if PID 1's command name is one of the known host init processes (systemd, init, openrc-init); if not, assumes a network namespace.
• Automatically enables override_default_route when is_in_netns() returns true and the flag was not explicitly set via CLI.

CLI option (main/main.c, main/config.h, docs/grout.8.scdoc)

• Adds -n/--override-default-route command-line option to force override behavior.

Netlink behavior (modules/infra/control/netlink.c)

• When override_default_route is enabled and adding routes to RT_TABLE_MAIN: uses NLM_F_CREATE | NLM_F_REPLACE flags (allows replacement of existing routes).
• When override_default_route is disabled: uses NLM_F_CREATE | NLM_F_EXCL flags (original behavior).
• RTA_PRIORITY (metric UINT32_MAX) is set only when override_default_route is disabled; omitted when enabled to allow metric 0 to take precedence.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: fe0372ec-7b2a-4a35-a7d9-c0149edb4856

📥 Commits

Reviewing files that changed from the base of the PR and between fe0c7f9 and 7078050.

📒 Files selected for processing (4)

• docs/grout.8.scdoc
• main/config.h
• main/main.c
• modules/infra/control/netlink.c

---

📝 Walkthrough

Walkthrough

This PR introduces a -n/--override-default-route feature for managing default routes in network namespaces. The configuration schema is extended with a boolean flag, CLI argument parsing is added to accept the option explicitly, and automatic detection logic triggers the flag when running inside a network namespace. The implementation conditionally changes netlink request flags from exclusive creation to replacement mode and adjusts priority handling for affected routes, with corresponding man page documentation of the new behavior.

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}