Change RuleList Family to FAMILY_V4 to ensure conflict routes cleanup

[BSWANG]

kernel return incomplete rules on FAMILY_ALL.
Then container rule clean up will miss the conflict routes.
Cause system rule leak.

use FAMILY_V4 will return complete ip rule.
relate kernel commit: torvalds/linux@c454673

// ip rule count limit by cb->args[0]:
  list_for_each_entry_rcu(ops, &net->rules_ops, list) {
    if (idx < cb->args[0] || !try_module_get(ops->owner))
      goto skip;

    if (dump_rules(skb, cb, ops) < 0)
      break;

    cb->args[1] = 0;
skip:
    idx++;
  }

Signed-off-by: bingshen.wbs [email protected]

[BSWANG]

v1.0.10.204-g8f40263-aliyun

[BSWANG]

清理现有的，重启节点或者使用如下脚本清理：

# 声明现在存在的pod的对应关系
declare -A existIPs=()

# 添加现在存在的pod
for existIP in `ip route | grep cali | awk '{print $1}'`; do
    existIPs["$existIP"]="1"
done

# 添加现在存在的pod
for existIPInRule in `ip rule | grep '2048:' | grep -v '\[detached\]' | awk '{print $3}'`; do
    existIPs["$existIPInRule"]="1"
done

# 清理to规则
for ruleIP in `ip rule | grep '512:' | awk '{print $5}'`; do
    echo $ruleIP -- ${existIPs["$ruleIP"]}
    if [[ ${existIPs["$ruleIP"]} == "1" ]]; then
        echo "exists"
        existIPs["$ruleIP"]="0"
    else
        echo "deleting $ruleIP"
        ip rule del from all to $ruleIP lookup main pref 512
    fi
done

# 清理from规则
ip rule | grep '\[detached\]' | awk '{print $5}' | xargs -n1 ip rule delete iif