cilium-dbg: Don't fatal on XFRM rule deletion errors

This commit slightly changes the behavior of the "encrypt flush"
command in case of errors when trying to delete XFRM rules. The tool
currently lists rules, filters them based on user-given arguments, and
then deletes them. If an XFRM rule is deleted by the agent or the user
while we're filtering, the deletion will fail.

The current behavior in that case is to fatal. On busy clusters, that
might mean that we always fatal because XFRM states and policies are
constently added and removed.

This commit changes the behavior to proceed with subsequent deletions in
case one fails.

Signed-off-by: Paul Chaignon <[email protected]>

Author: pchaigno

cilium-dbg/cmd/encrypt_flush.go

@@ -5,6 +5,7 @@ package cmd
 
 import (
 	"fmt"
+	"os"
 	"strconv"
 	"strings"
 
@@ -82,18 +83,22 @@ func runXFRMFlush() {
 		}
 	}
 
+	nbDeleted := len(states)
 	for _, state := range states {
 		if err := netlink.XfrmStateDel(&state); err != nil {
-			Fatalf("Stopped XFRM states deletion due to error: %s", err)
+			fmt.Fprintf(os.Stderr, "Failed to delete XFRM state: %s", err)
+			nbDeleted--
 		}
 	}
-	fmt.Printf("Deleted %d XFRM states.\n", len(states))
+	fmt.Printf("Deleted %d XFRM states.\n", nbDeleted)
+	nbDeleted = len(policies)
 	for _, pol := range policies {
 		if err := netlink.XfrmPolicyDel(&pol); err != nil {
-			Fatalf("Stopped XFRM policies deletion due to error: %s", err)
+			fmt.Fprintf(os.Stderr, "Failed to delete XFRM policy: %s", err)
+			nbDeleted--
 		}
 	}
-	fmt.Printf("Deleted %d XFRM policies.\n", len(policies))
+	fmt.Printf("Deleted %d XFRM policies.\n", nbDeleted)
 }
 
 func parseNodeID(nodeID string) (uint16, error) {