Beispiel #1
0
func (dev *vxlanDevice) DelL3(n neigh) error {
	log.Infof("calling NeighDel: %v, %v", n.IP, n.MAC)
	return netlink.NeighDel(&netlink.Neigh{
		LinkIndex:    dev.link.Index,
		State:        netlink.NUD_PERMANENT,
		Type:         syscall.RTN_UNICAST,
		IP:           n.IP.ToIP(),
		HardwareAddr: n.MAC,
	})
}
Beispiel #2
0
func (dev *vxlanDevice) DelL2(n neigh) error {
	log.Infof("calling NeighDel: %v, %v", n.IP, n.MAC)
	return netlink.NeighDel(&netlink.Neigh{
		LinkIndex:    dev.link.Index,
		Family:       syscall.AF_BRIDGE,
		Flags:        netlink.NTF_SELF,
		IP:           n.IP.ToIP(),
		HardwareAddr: n.MAC,
	})
}
func (n *networkNamespace) DeleteNeighbor(dstIP net.IP, dstMac net.HardwareAddr) error {
	nh := n.findNeighbor(dstIP, dstMac)
	if nh == nil {
		return fmt.Errorf("could not find the neighbor entry to delete")
	}

	return nsInvoke(n.nsPath(), func(nsFD int) error { return nil }, func(callerFD int) error {
		var iface netlink.Link

		if nh.linkDst != "" {
			var err error
			iface, err = netlink.LinkByName(nh.linkDst)
			if err != nil {
				return fmt.Errorf("could not find interface with destination name %s: %v",
					nh.linkDst, err)
			}
		}

		nlnh := &netlink.Neigh{
			IP:     dstIP,
			State:  netlink.NUD_PERMANENT,
			Family: nh.family,
		}

		if nlnh.Family > 0 {
			nlnh.HardwareAddr = dstMac
			nlnh.Flags = netlink.NTF_SELF
		}

		if nh.linkDst != "" {
			nlnh.LinkIndex = iface.Attrs().Index
		}

		if err := netlink.NeighDel(nlnh); err != nil {
			return fmt.Errorf("could not delete neighbor entry: %v", err)
		}

		for i, nh := range n.neighbors {
			if nh.dstIP.Equal(dstIP) && bytes.Equal(nh.dstMac, dstMac) {
				n.neighbors = append(n.neighbors[:i], n.neighbors[i+1:]...)
			}
		}

		return nil
	})
}
Beispiel #4
0
func (d *driver) DeleteEndpoint(nid, eid string) error {
	var err error

	defer osl.InitOSContext()()

	// Get the network handler and make sure it exists
	d.Lock()
	n, ok := d.networks[nid]
	d.Unlock()

	if !ok {
		return types.InternalMaskableErrorf("network %s does not exist", nid)
	}
	if n == nil {
		return driverapi.ErrNoNetwork(nid)
	}

	// Sanity Check
	n.Lock()
	if n.id != nid {
		n.Unlock()
		return InvalidNetworkIDError(nid)
	}
	n.Unlock()

	// Check endpoint id and if an endpoint is actually there
	ep, err := n.getEndpoint(eid)
	if err != nil {
		return err
	}
	if ep == nil {
		return EndpointNotFoundError(eid)
	}

	// Remove it
	n.Lock()
	delete(n.endpoints, eid)
	n.Unlock()

	// On failure make sure to set back ep in n.endpoints, but only
	// if it hasn't been taken over already by some other thread.
	defer func() {
		if err != nil {
			n.Lock()
			if _, ok := n.endpoints[eid]; !ok {
				n.endpoints[eid] = ep
			}
			n.Unlock()
		}
	}()

	// Remove port mappings. Do not stop endpoint delete on unmap failure
	n.releasePorts(ep)

	if ep.config != nil {
		for _, port := range ep.config.ExposedPorts {
			rule := []string{
				"-p", port.Proto.String(),
				"-d", ep.addrv6.String(),
				"--dport", strconv.Itoa(int(port.Port)),
				"-j", "ACCEPT",
			}
			if iptables.Exists(iptables.IP6Tables, iptables.Filter, DockerChain, rule...) {
				delete := append(
					[]string{
						string(iptables.Delete),
						DockerChain,
					},
					rule...,
				)
				iptables.Raw(iptables.IP6Tables, delete...)
			}
		}
	}

	// Try removal of neighbor proxy. Discard error: it is a best effort.
	// Also make sure defer does not see this error either.
	if n.config.NDPProxyInterface != "" && n.config.EnableIPv6 {
		link, err := netlink.LinkByName(n.config.NDPProxyInterface)
		if err == nil {
			neighbor := netlink.Neigh{
				LinkIndex:    link.Attrs().Index,
				Family:       netlink.FAMILY_V6,
				State:        netlink.NUD_PERMANENT,
				Type:         netlink.NDA_UNSPEC,
				Flags:        netlink.NTF_PROXY,
				IP:           ep.addrv6.IP,
				HardwareAddr: ep.macAddress,
			}
			netlink.NeighDel(&neighbor)
		}
	}

	// Try removal of link. Discard error: it is a best effort.
	// Also make sure defer does not see this error either.
	if link, err := netlink.LinkByName(ep.srcName); err == nil {
		netlink.LinkDel(link)
	}

	return nil
}