// Setup creates a new networking namespace and executes network plugins to
// set up networking. It returns in the new pod namespace
func Setup(podRoot string, podID types.UUID, fps []ForwardedPort, netList common.NetList, localConfig, flavor string, debug bool) (*Networking, error) {
stderr = log.New(os.Stderr, "networking", debug)
if flavor == "kvm" {
return kvmSetup(podRoot, podID, fps, netList, localConfig)
}
// Create namespace for Pod and write path to a file
podNS, err := ns.NewNS()
if err != nil {
return nil, err
}
// TODO(jonboulle): currently podRoot is _always_ ".", and behaviour in other
// circumstances is untested. This should be cleaned up.
n := Networking{
podEnv: podEnv{
podRoot: podRoot,
podID: podID,
netsLoadList: netList,
localConfig: localConfig,
podNS: podNS,
},
}
n.nets, err = n.loadNets()
if err != nil {
return nil, errwrap.Wrap(errors.New("error loading network definitions"), err)
}
if err := n.setupNets(n.nets); err != nil {
return nil, err
}
if len(fps) > 0 {
if err = n.enableDefaultLocalnetRouting(); err != nil {
return nil, err
}
podIP, err := n.GetForwardableNetPodIP()
if err != nil {
return nil, err
}
if err := n.forwardPorts(fps, podIP); err != nil {
n.unforwardPorts()
return nil, err
}
}
// Switch to the podNS
if err := podNS.Set(); err != nil {
return nil, err
}
if err = loUp(); err != nil {
return nil, err
}
return &n, nil
}
// podNSCreate creates the network namespace and saves a reference to its path.
// NewNS will bind-mount the namespace in /run/netns, so we write that filename
// to disk.
func (e *podEnv) podNSCreate() error {
podNS, err := ns.NewNS()
if err != nil {
return err
}
e.podNS = podNS
if err := e.podNSPathSave(); err != nil {
return err
}
return nil
}
stat := &unix.Stat_t{}
err := unix.Fstat(fd, stat)
return stat.Ino, err
}
var _ = Describe("Linux namespace operations", func() {
Describe("WithNetNS", func() {
var (
originalNetNS ns.NetNS
targetNetNS ns.NetNS
)
BeforeEach(func() {
var err error
originalNetNS, err = ns.NewNS()
Expect(err).NotTo(HaveOccurred())
targetNetNS, err = ns.NewNS()
Expect(err).NotTo(HaveOccurred())
})
AfterEach(func() {
Expect(targetNetNS.Close()).To(Succeed())
Expect(originalNetNS.Close()).To(Succeed())
})
It("executes the callback within the target network namespace", func() {
expectedInode, err := getInodeNS(targetNetNS)
Expect(err).NotTo(HaveOccurred())
"github.com/containernetworking/cni/pkg/skel"
"github.com/containernetworking/cni/pkg/testutils"
"github.com/vishvananda/netlink"
. "github.com/onsi/ginkgo"
. "github.com/onsi/gomega"
)
var _ = Describe("ptp Operations", func() {
var originalNS ns.NetNS
BeforeEach(func() {
// Create a new NetNS so we don't modify the host
var err error
originalNS, err = ns.NewNS()
Expect(err).NotTo(HaveOccurred())
})
AfterEach(func() {
Expect(originalNS.Close()).To(Succeed())
})
It("configures and deconfigures a ptp link with ADD/DEL", func() {
const IFNAME = "ptp0"
conf := `{
"name": "mynet",
"type": "ptp",
"ipMasq": true,
"mtu": 5000,
containerNetNS ns.NetNS
ifaceCounter int = 0
hostVeth netlink.Link
containerVeth netlink.Link
hostVethName string
containerVethName string
ip4one = net.ParseIP("1.1.1.1")
ip4two = net.ParseIP("1.1.1.2")
originalRandReader = rand.Reader
)
BeforeEach(func() {
var err error
hostNetNS, err = ns.NewNS()
Expect(err).NotTo(HaveOccurred())
containerNetNS, err = ns.NewNS()
Expect(err).NotTo(HaveOccurred())
fakeBytes := make([]byte, 20)
//to be reset in AfterEach block
rand.Reader = bytes.NewReader(fakeBytes)
_ = containerNetNS.Do(func(ns.NetNS) error {
defer GinkgoRecover()
hostVeth, containerVeth, err = ip.SetupVeth(fmt.Sprintf(ifaceFormatString, ifaceCounter), mtu, hostNetNS)
if err != nil {
return err
"github.com/onsi/gomega/gexec"
)
var _ = Describe("Loopback", func() {
var (
networkNS ns.NetNS
containerID string
command *exec.Cmd
environ []string
)
BeforeEach(func() {
command = exec.Command(pathToLoPlugin)
var err error
networkNS, err = ns.NewNS()
Expect(err).NotTo(HaveOccurred())
environ = []string{
fmt.Sprintf("CNI_CONTAINERID=%s", containerID),
fmt.Sprintf("CNI_NETNS=%s", networkNS.Path()),
fmt.Sprintf("CNI_IFNAME=%s", "this is ignored"),
fmt.Sprintf("CNI_ARGS=%s", "none"),
fmt.Sprintf("CNI_PATH=%s", "/some/test/path"),
}
command.Stdin = strings.NewReader("this doesn't matter")
})
AfterEach(func() {
Expect(networkNS.Close()).To(Succeed())
})
func CreateContainer(netconf string, k8sName string) (container_id, netnspath string, session *gexec.Session, contVeth netlink.Link, contAddr []netlink.Addr, contRoutes []netlink.Route, err error) {
targetNs, err := ns.NewNS()
if err != nil {
return "", "", nil, nil, nil, nil, err
}
// Create a random "container ID"
netnspath = targetNs.Path()
netnsname := path.Base(netnspath)
container_id = netnsname[:10]
err = targetNs.Do(func(_ ns.NetNS) error {
lo, err := netlink.LinkByName("lo")
if err != nil {
return err
}
err = netlink.LinkSetUp(lo)
return err
return nil
})
// Set up the env for running the CNI plugin
//TODO pass in the env properly
var k8s_env = ""
if k8sName != "" {
k8s_env = fmt.Sprintf("CNI_ARGS=\"K8S_POD_NAME=%s;K8S_POD_NAMESPACE=test;K8S_POD_INFRA_CONTAINER_ID=whatever\"", k8sName)
}
cni_env := fmt.Sprintf("CNI_COMMAND=ADD CNI_CONTAINERID=%s CNI_NETNS=%s CNI_IFNAME=eth0 CNI_PATH=dist %s", container_id, netnspath, k8s_env)
// Run the CNI plugin passing in the supplied netconf
//TODO - Get rid of this PLUGIN thing and use netconf instead
subProcess := exec.Command("bash", "-c", fmt.Sprintf("%s dist/%s", cni_env, os.Getenv("PLUGIN")), netconf)
stdin, err := subProcess.StdinPipe()
if err != nil {
panic("some error found")
}
io.WriteString(stdin, netconf)
io.WriteString(stdin, "\n")
stdin.Close()
session, err = gexec.Start(subProcess, ginkgo.GinkgoWriter, ginkgo.GinkgoWriter)
session.Wait(5)
err = targetNs.Do(func(_ ns.NetNS) error {
contVeth, err = netlink.LinkByName("eth0")
if err != nil {
return err
}
contAddr, err = netlink.AddrList(contVeth, syscall.AF_INET)
if err != nil {
return err
}
contRoutes, err = netlink.RouteList(contVeth, syscall.AF_INET)
if err != nil {
return err
}
return nil
})
return
}