func testBridgeSimpleSetup(t *testing.T, nsPrefix string, br *netlink.Bridge) ( *netlink.Bridge, []*netlink.Veth, []netns.NsHandle, func()) { links, nets, cleanup := testNetnsPair(t, nsPrefix) if br == nil { br = &netlink.Bridge{ LinkAttrs: netlink.LinkAttrs{ Name: "br0", }, } if err := netlink.LinkAdd(br); err != nil { cleanup() t.Fatal(err) } } cleanup2 := func() { netlink.LinkDel(br) cleanup() } if err := netlink.LinkSetMaster(links[0], br); err != nil { cleanup2() t.Fatal(err) } if err := netlink.LinkSetMaster(links[1], br); err != nil { cleanup2() t.Fatal(err) } if err := netlink.LinkSetUp(br); err != nil { cleanup2() t.Fatal(err) } return br, links, nets, cleanup2 }
// Wire up a tap interface for communicating with the guest. Returns the name // of the created tap interface. func wireTapInterface(config *netConfig) string { // Drop link on eth0 before configuring anything eth0, err := netlink.LinkByName("eth0") if err != nil { log.Fatalf("LinkByName(eth0): %v", err) } if err := netlink.LinkSetDown(eth0); err != nil { log.Fatalf("LinkSetDown(eth0): %v", err) } // Flush any L3 addresses on eth0 if err := flushAddresses(eth0); err != nil { log.Fatalf("flushAddresses(eth0): %v", err) } // Generate and set random MAC address for eth0 eth0Addr := generateHardwareAddr() if err := netlink.LinkSetHardwareAddr(eth0, eth0Addr); err != nil { log.Fatalf("LinkSetHardwareAddr(eth0): %v", err) } // Create "tap0" (interface to guest) tap0Attrs := netlink.NewLinkAttrs() tap0Attrs.Name = "tap0" tap0 := &netlink.Tuntap{tap0Attrs, netlink.TUNTAP_MODE_TAP} if err := netlink.LinkAdd(tap0); err != nil { log.Fatalf("LinkAdd(tap0): %v", err) } // Create a new bridge, br0 and add eth0 and tap0 to it br0Attrs := netlink.NewLinkAttrs() br0Attrs.Name = "br0" br0 := &netlink.Bridge{br0Attrs} if err := netlink.LinkAdd(br0); err != nil { log.Fatalf("LinkAdd(br0): %v", err) } if err := netlink.LinkSetMaster(eth0, br0); err != nil { log.Fatalf("LinkSetMaster(eth0, br0): %v", err) } if err := netlink.LinkSetMaster(tap0, br0); err != nil { log.Fatalf("LinkSetMaster(tap0, br0): %v", err) } // Set all links up if err := netlink.LinkSetUp(tap0); err != nil { log.Fatalf("LinkSetUp(tap0): %v", err) } if err := netlink.LinkSetUp(eth0); err != nil { log.Fatalf("LinkSetUp(eth0): %v", err) } if err := netlink.LinkSetUp(br0); err != nil { log.Fatalf("LinkSetUp(br0): %v", err) } return tap0Attrs.Name }
// attach a container network interface to an external network func (v *veth) attach(n *configs.Network) (err error) { brl, err := netlink.LinkByName(n.Bridge) if err != nil { return err } br, ok := brl.(*netlink.Bridge) if !ok { return fmt.Errorf("Wrong device type %T", brl) } host, err := netlink.LinkByName(n.HostInterfaceName) if err != nil { return err } if err := netlink.LinkSetMaster(host, br); err != nil { return err } if err := netlink.LinkSetMTU(host, n.Mtu); err != nil { return err } if n.HairpinMode { if err := netlink.LinkSetHairpin(host, true); err != nil { return err } } if err := netlink.LinkSetUp(host); err != nil { return err } return nil }
func endpointCreate() { hostIfName := "myveth0" containerIfName := "myveth1" veth, err := netlink.LinkByName("myveth0") if err == nil && veth != nil { return } veth = &netlink.Veth{ LinkAttrs: netlink.LinkAttrs{Name: hostIfName, TxQLen: 0}, PeerName: containerIfName} if err := netlink.LinkAdd(veth); err != nil { panic(err) } la := netlink.NewLinkAttrs() la.Name = "mycbridge" mybridge := &netlink.Bridge{la} err = netlink.LinkSetMaster(veth, mybridge) if err != nil { panic(err) } err = netlink.LinkSetUp(veth) if err != nil { panic(err) } }
func setupVeth(netns string, br *netlink.Bridge, ifName string, mtu int, hairpinMode bool) error { var hostVethName string err := ns.WithNetNSPath(netns, false, func(hostNS *os.File) error { // create the veth pair in the container and move host end into host netns hostVeth, _, err := ip.SetupVeth(ifName, mtu, hostNS) if err != nil { return err } hostVethName = hostVeth.Attrs().Name return nil }) if err != nil { return err } // need to lookup hostVeth again as its index has changed during ns move hostVeth, err := netlink.LinkByName(hostVethName) if err != nil { return fmt.Errorf("failed to lookup %q: %v", hostVethName, err) } // connect host veth end to the bridge if err = netlink.LinkSetMaster(hostVeth, br); err != nil { return fmt.Errorf("failed to connect %q to bridge %v: %v", hostVethName, br.Attrs().Name, err) } // set hairpin mode if err = netlink.LinkSetHairpin(hostVeth, hairpinMode); err != nil { return fmt.Errorf("failed to setup hairpin mode for %v: %v", hostVethName, err) } return nil }
func setInterfaceMaster(iface netlink.Link, i *nwIface) error { if i.DstMaster() == "" { return nil } return netlink.LinkSetMaster(iface, &netlink.Bridge{ LinkAttrs: netlink.LinkAttrs{Name: i.DstMaster()}}) }
func (driver *driver) joinEndpoint(w http.ResponseWriter, r *http.Request) { var j join if err := json.NewDecoder(r.Body).Decode(&j); err != nil { sendError(w, "Could not decode JSON encode payload", http.StatusBadRequest) return } Log.Debugf("Join request: %+v", &j) endID := j.EndpointID // create and attach local name to the bridge local := vethPair(endID[:5]) if err := netlink.LinkAdd(local); err != nil { Log.Error(err) errorResponsef(w, "could not create veth pair") return } var bridge *netlink.Bridge if maybeBridge, err := netlink.LinkByName(WeaveBridge); err != nil { Log.Error(err) errorResponsef(w, `bridge "%s" not present`, WeaveBridge) return } else { var ok bool if bridge, ok = maybeBridge.(*netlink.Bridge); !ok { Log.Errorf("%s is %+v", WeaveBridge, maybeBridge) errorResponsef(w, `device "%s" not a bridge`, WeaveBridge) return } } if netlink.LinkSetMaster(local, bridge) != nil || netlink.LinkSetUp(local) != nil { errorResponsef(w, `unable to bring veth up`) return } ifname := &iface{ SrcName: local.PeerName, DstPrefix: "ethwe", ID: 0, } res := &joinResponse{ InterfaceNames: []*iface{ifname}, } if driver.nameserver != "" { routeToDNS := &staticRoute{ Destination: driver.nameserver + "/32", RouteType: types.CONNECTED, NextHop: "", InterfaceID: 0, } res.StaticRoutes = []*staticRoute{routeToDNS} } objectResponse(w, res) Log.Infof("Join endpoint %s:%s to %s", j.NetworkID, j.EndpointID, j.SandboxKey) }
func (Bridge) Add(bridge, slaveIf *net.Interface) error { netlinkMu.Lock() defer netlinkMu.Unlock() master, err := netlink.LinkByName(bridge.Name) if err != nil { return err } slave, err := netlink.LinkByName(slaveIf.Name) if err != nil { return err } return netlink.LinkSetMaster(slave, master.(*netlink.Bridge)) }
func (b *Bridge) AddLink(link netlink.Link) error { existing, err := netlink.LinkByName(b.name) if err != nil { return err } if bridge, ok := existing.(*netlink.Bridge); ok { if link.Attrs().MasterIndex != bridge.Index { return netlink.LinkSetMaster(link, bridge) } } else { return fmt.Errorf("%s is not a bridge", b.name) } return nil }
func (driver *driver) JoinEndpoint(j *api.JoinRequest) (response *api.JoinResponse, error error) { endID := j.EndpointID // create and attach local name to the bridge local := vethPair(endID[:5]) if err := netlink.LinkAdd(local); err != nil { error = fmt.Errorf("could not create veth pair: %s", err) return } var bridge *netlink.Bridge if maybeBridge, err := netlink.LinkByName(WeaveBridge); err != nil { err = fmt.Errorf(`bridge "%s" not present`, WeaveBridge) return } else { var ok bool if bridge, ok = maybeBridge.(*netlink.Bridge); !ok { Log.Errorf("%s is %+v", WeaveBridge, maybeBridge) err = fmt.Errorf(`device "%s" not a bridge`, WeaveBridge) return } } if netlink.LinkSetMaster(local, bridge) != nil || netlink.LinkSetUp(local) != nil { error = fmt.Errorf(`unable to bring veth up`) return } ifname := &api.InterfaceName{ SrcName: local.PeerName, DstPrefix: "ethwe", } response = &api.JoinResponse{ InterfaceName: ifname, } if driver.nameserver != "" { routeToDNS := api.StaticRoute{ Destination: driver.nameserver + "/32", RouteType: types.CONNECTED, NextHop: "", } response.StaticRoutes = []api.StaticRoute{routeToDNS} } Log.Infof("Join endpoint %s:%s to %s", j.NetworkID, j.EndpointID, j.SandboxKey) return }
func addToBridge(ifaceName, bridgeName string) error { link, err := netlink.LinkByName(ifaceName) if err != nil { return fmt.Errorf("could not find interface %s: %v", ifaceName, err) } if err = netlink.LinkSetMaster(link, &netlink.Bridge{LinkAttrs: netlink.LinkAttrs{Name: bridgeName}}); err != nil { logrus.Debugf("Failed to add %s to bridge via netlink.Trying ioctl: %v", ifaceName, err) iface, err := net.InterfaceByName(ifaceName) if err != nil { return fmt.Errorf("could not find network interface %s: %v", ifaceName, err) } master, err := net.InterfaceByName(bridgeName) if err != nil { return fmt.Errorf("could not find bridge %s: %v", bridgeName, err) } return ioctlAddToBridge(iface, master) } return nil }
func (n *networks) createLink(config networkConfig) error { //Link creation starts from checking if current vlan interface exists if _, err := netlink.LinkByName(config.LinkName); err != nil { //Try creating the link la := netlink.NewLinkAttrs() la.Name = config.LinkName la.ParentIndex = n.parent.Attrs().Index vl := &netlink.Vlan{la, config.Vlan} if err := netlink.LinkAdd(vl); err != nil { return ErrNetlinkError{"create vlan iface", err} } if err := netlink.LinkSetUp(vl); err != nil { return ErrNetlinkError{"bring vlan iface up", err} } } //Now check if bridge exists if _, err := netlink.LinkByName(config.BridgeName); err != nil { //Try creating the bridge la := netlink.NewLinkAttrs() la.Name = config.BridgeName br := &netlink.Bridge{la} if err := netlink.LinkAdd(br); err != nil { return ErrNetlinkError{"create bridge", err} } //Link bridge to new interface if li, err := netlink.LinkByName(config.LinkName); err != nil { netlink.LinkDel(br) return ErrNetlinkError{"find iface by name (" + config.LinkName + ")", err} } else if err := netlink.LinkSetMaster(li, br); err != nil { netlink.LinkDel(br) return ErrNetlinkError{"set bridge master", err} } if err := netlink.LinkSetUp(br); err != nil { return ErrNetlinkError{"bring bridge up", err} } } return nil }
func (*nl) LinkSetMaster(slave netlink.Link, master *netlink.Bridge) error { return netlink.LinkSetMaster(slave, master) }
func (v *veth) detach(n *configs.Network) (err error) { return netlink.LinkSetMaster(&netlink.Device{netlink.LinkAttrs{Name: n.HostInterfaceName}}, nil) }
// kvmSetup prepare new Networking to be used in kvm environment based on tuntap pair interfaces // to allow communication with virtual machine created by lkvm tool func kvmSetup(podRoot string, podID types.UUID, fps []ForwardedPort, netList common.NetList, localConfig string) (*Networking, error) { network := Networking{ podEnv: podEnv{ podRoot: podRoot, podID: podID, netsLoadList: netList, localConfig: localConfig, }, } var e error network.nets, e = network.loadNets() if e != nil { return nil, errwrap.Wrap(errors.New("error loading network definitions"), e) } for i, n := range network.nets { if n.conf.Type == "flannel" { if err := kvmTransformFlannelNetwork(&n); err != nil { return nil, errwrap.Wrap(errors.New("cannot transform flannel network into basic network"), err) } } switch n.conf.Type { case "ptp": link, err := setupTapDevice(podID) if err != nil { return nil, err } ifName := link.Attrs().Name n.runtime.IfName = ifName err = kvmSetupNetAddressing(&network, n, ifName) if err != nil { return nil, err } // add address to host tap device err = ensureHasAddr( link, &net.IPNet{ IP: n.runtime.IP4.Gateway, Mask: net.IPMask(n.runtime.Mask), }, ) if err != nil { return nil, errwrap.Wrap(fmt.Errorf("cannot add address to host tap device %q", ifName), err) } if err := removeAllRoutesOnLink(link); err != nil { return nil, errwrap.Wrap(fmt.Errorf("cannot remove route on host tap device %q", ifName), err) } if err := addRoute(link, n.runtime.IP); err != nil { return nil, errwrap.Wrap(errors.New("cannot add on host direct route to pod"), err) } case "bridge": config := BridgeNetConf{ NetConf: NetConf{ MTU: defaultMTU, }, BrName: defaultBrName, } if err := json.Unmarshal(n.confBytes, &config); err != nil { return nil, errwrap.Wrap(fmt.Errorf("error parsing %q result", n.conf.Name), err) } br, err := ensureBridgeIsUp(config.BrName, config.MTU) if err != nil { return nil, errwrap.Wrap(errors.New("error in time of bridge setup"), err) } link, err := setupTapDevice(podID) if err != nil { return nil, errwrap.Wrap(errors.New("can not setup tap device"), err) } err = netlink.LinkSetMaster(link, br) if err != nil { rErr := tuntap.RemovePersistentIface(n.runtime.IfName, tuntap.Tap) if rErr != nil { stderr.PrintE("warning: could not cleanup tap interface", rErr) } return nil, errwrap.Wrap(errors.New("can not add tap interface to bridge"), err) } ifName := link.Attrs().Name n.runtime.IfName = ifName err = kvmSetupNetAddressing(&network, n, ifName) if err != nil { return nil, err } if config.IsGw { err = ensureHasAddr( br, &net.IPNet{ IP: n.runtime.IP4.Gateway, Mask: net.IPMask(n.runtime.Mask), }, ) if err != nil { return nil, errwrap.Wrap(fmt.Errorf("cannot add address to host bridge device %q", br.Name), err) } } case "macvlan": config := MacVTapNetConf{} if err := json.Unmarshal(n.confBytes, &config); err != nil { return nil, errwrap.Wrap(fmt.Errorf("error parsing %q result", n.conf.Name), err) } link, err := setupMacVTapDevice(podID, config) if err != nil { return nil, err } ifName := link.Attrs().Name n.runtime.IfName = ifName err = kvmSetupNetAddressing(&network, n, ifName) if err != nil { return nil, err } default: return nil, fmt.Errorf("network %q have unsupported type: %q", n.conf.Name, n.conf.Type) } if n.conf.IPMasq { chain := getChainName(podID.String(), n.conf.Name) if err := ip.SetupIPMasq(&net.IPNet{ IP: n.runtime.IP, Mask: net.IPMask(n.runtime.Mask), }, chain); err != nil { return nil, err } } network.nets[i] = n } err := network.forwardPorts(fps, network.GetDefaultIP()) if err != nil { return nil, err } return &network, nil }
// kvmSetup prepare new Networking to be used in kvm environment based on tuntap pair interfaces // to allow communication with virtual machine created by lkvm tool func kvmSetup(podRoot string, podID types.UUID, fps []ForwardedPort, netList common.NetList, localConfig string) (*Networking, error) { network := Networking{ podEnv: podEnv{ podRoot: podRoot, podID: podID, netsLoadList: netList, localConfig: localConfig, }, } var e error // If there's a network set as default in CNI configuration defaultGatewaySet := false _, defaultNet, err := net.ParseCIDR("0.0.0.0/0") if err != nil { return nil, errwrap.Wrap(errors.New("error when parsing net address"), err) } network.nets, e = network.loadNets() if e != nil { return nil, errwrap.Wrap(errors.New("error loading network definitions"), e) } for i, n := range network.nets { if n.conf.Type == "flannel" { if err := kvmTransformFlannelNetwork(&n); err != nil { return nil, errwrap.Wrap(errors.New("cannot transform flannel network into basic network"), err) } } switch n.conf.Type { case "ptp": link, err := setupTapDevice(podID) if err != nil { return nil, err } ifName := link.Attrs().Name n.runtime.IfName = ifName err = kvmSetupNetAddressing(&network, n, ifName) if err != nil { return nil, err } // add address to host tap device err = ensureHasAddr( link, &net.IPNet{ IP: n.runtime.IP4.Gateway, Mask: net.IPMask(n.runtime.Mask), }, ) if err != nil { return nil, errwrap.Wrap(fmt.Errorf("cannot add address to host tap device %q", ifName), err) } if err := removeAllRoutesOnLink(link); err != nil { return nil, errwrap.Wrap(fmt.Errorf("cannot remove route on host tap device %q", ifName), err) } if err := addRoute(link, n.runtime.IP); err != nil { return nil, errwrap.Wrap(errors.New("cannot add on host direct route to pod"), err) } case "bridge": config := BridgeNetConf{ NetConf: NetConf{ MTU: defaultMTU, }, BrName: defaultBrName, } if err := json.Unmarshal(n.confBytes, &config); err != nil { return nil, errwrap.Wrap(fmt.Errorf("error parsing %q result", n.conf.Name), err) } br, err := ensureBridgeIsUp(config.BrName, config.MTU) if err != nil { return nil, errwrap.Wrap(errors.New("error in time of bridge setup"), err) } link, err := setupTapDevice(podID) if err != nil { return nil, errwrap.Wrap(errors.New("can not setup tap device"), err) } err = netlink.LinkSetMaster(link, br) if err != nil { rErr := tuntap.RemovePersistentIface(n.runtime.IfName, tuntap.Tap) if rErr != nil { stderr.PrintE("warning: could not cleanup tap interface", rErr) } return nil, errwrap.Wrap(errors.New("can not add tap interface to bridge"), err) } ifName := link.Attrs().Name n.runtime.IfName = ifName err = kvmSetupNetAddressing(&network, n, ifName) if err != nil { return nil, err } if n.conf.IsDefaultGateway { n.runtime.IP4.Routes = append( n.runtime.IP4.Routes, cnitypes.Route{Dst: *defaultNet, GW: n.runtime.IP4.Gateway}, ) defaultGatewaySet = true config.IsGw = true } if config.IsGw { err = ensureHasAddr( br, &net.IPNet{ IP: n.runtime.IP4.Gateway, Mask: net.IPMask(n.runtime.Mask), }, ) if err != nil { return nil, errwrap.Wrap(fmt.Errorf("cannot add address to host bridge device %q", br.Name), err) } } case "macvlan": config := MacVTapNetConf{} if err := json.Unmarshal(n.confBytes, &config); err != nil { return nil, errwrap.Wrap(fmt.Errorf("error parsing %q result", n.conf.Name), err) } link, err := setupMacVTapDevice(podID, config, i) if err != nil { return nil, err } ifName := link.Attrs().Name n.runtime.IfName = ifName err = kvmSetupNetAddressing(&network, n, ifName) if err != nil { return nil, err } default: return nil, fmt.Errorf("network %q have unsupported type: %q", n.conf.Name, n.conf.Type) } // Check if there's any other network set as default gateway if defaultGatewaySet { for _, route := range n.runtime.IP4.Routes { if (defaultNet.String() == route.Dst.String()) && !n.conf.IsDefaultGateway { return nil, fmt.Errorf("flannel config enables default gateway and IPAM sets default gateway via %q", n.runtime.IP4.Gateway) } } } if n.conf.IPMasq { chain := cniutils.FormatChainName(n.conf.Name, podID.String()) comment := cniutils.FormatChainName(n.conf.Name, podID.String()) if err := ip.SetupIPMasq(&net.IPNet{ IP: n.runtime.IP, Mask: net.IPMask(n.runtime.Mask), }, chain, comment); err != nil { return nil, err } } network.nets[i] = n } podIP, err := network.GetForwardableNetPodIP() if err != nil { return nil, err } if err := network.forwardPorts(fps, podIP); err != nil { return nil, err } return &network, nil }
// kvmSetup prepare new Networking to be used in kvm environment based on tuntap pair interfaces // to allow communication with virtual machine created by lkvm tool func kvmSetup(podRoot string, podID types.UUID, fps []ForwardedPort, netList common.NetList, localConfig string, noDNS bool) (*Networking, error) { network := Networking{ podEnv: podEnv{ podRoot: podRoot, podID: podID, netsLoadList: netList, localConfig: localConfig, }, } var e error // If there's a network set as default in CNI configuration defaultGatewaySet := false _, defaultNet, err := net.ParseCIDR("0.0.0.0/0") if err != nil { return nil, errwrap.Wrap(errors.New("error when parsing net address"), err) } network.nets, e = network.loadNets() if e != nil { return nil, errwrap.Wrap(errors.New("error loading network definitions"), e) } // did stage0 already make /etc/rkt-resolv.conf (i.e. --dns passed) resolvPath := filepath.Join(common.Stage1RootfsPath(podRoot), "etc/rkt-resolv.conf") _, err = os.Stat(resolvPath) if err != nil && !os.IsNotExist(err) { return nil, errwrap.Wrap(fmt.Errorf("error statting /etc/rkt-resolv.conf"), err) } podHasResolvConf := err == nil for i, n := range network.nets { if n.conf.Type == "flannel" { if err := kvmTransformFlannelNetwork(&n); err != nil { return nil, errwrap.Wrap(errors.New("cannot transform flannel network into basic network"), err) } } switch n.conf.Type { case "ptp": link, err := setupTapDevice(podID) if err != nil { return nil, err } ifName := link.Attrs().Name n.runtime.IfName = ifName err = kvmSetupNetAddressing(&network, n, ifName) if err != nil { return nil, err } // add address to host tap device err = ensureHasAddr( link, &net.IPNet{ IP: n.runtime.IP4.Gateway, Mask: net.IPMask(n.runtime.Mask), }, ) if err != nil { return nil, errwrap.Wrap(fmt.Errorf("cannot add address to host tap device %q", ifName), err) } if err := removeAllRoutesOnLink(link); err != nil { return nil, errwrap.Wrap(fmt.Errorf("cannot remove route on host tap device %q", ifName), err) } if err := addRoute(link, n.runtime.IP); err != nil { return nil, errwrap.Wrap(errors.New("cannot add on host direct route to pod"), err) } case "bridge": config := BridgeNetConf{ NetConf: NetConf{ MTU: defaultMTU, }, BrName: defaultBrName, } if err := json.Unmarshal(n.confBytes, &config); err != nil { return nil, errwrap.Wrap(fmt.Errorf("error parsing %q result", n.conf.Name), err) } br, err := ensureBridgeIsUp(config.BrName, config.MTU) if err != nil { return nil, errwrap.Wrap(errors.New("error in time of bridge setup"), err) } link, err := setupTapDevice(podID) if err != nil { return nil, errwrap.Wrap(errors.New("can not setup tap device"), err) } err = netlink.LinkSetMaster(link, br) if err != nil { rErr := tuntap.RemovePersistentIface(n.runtime.IfName, tuntap.Tap) if rErr != nil { stderr.PrintE("warning: could not cleanup tap interface", rErr) } return nil, errwrap.Wrap(errors.New("can not add tap interface to bridge"), err) } ifName := link.Attrs().Name n.runtime.IfName = ifName err = kvmSetupNetAddressing(&network, n, ifName) if err != nil { return nil, err } if n.conf.IsDefaultGateway { n.runtime.IP4.Routes = append( n.runtime.IP4.Routes, cnitypes.Route{Dst: *defaultNet, GW: n.runtime.IP4.Gateway}, ) defaultGatewaySet = true config.IsGw = true } if config.IsGw { err = ensureHasAddr( br, &net.IPNet{ IP: n.runtime.IP4.Gateway, Mask: net.IPMask(n.runtime.Mask), }, ) if err != nil { return nil, errwrap.Wrap(fmt.Errorf("cannot add address to host bridge device %q", br.Name), err) } } case "macvlan": config := MacVTapNetConf{} if err := json.Unmarshal(n.confBytes, &config); err != nil { return nil, errwrap.Wrap(fmt.Errorf("error parsing %q result", n.conf.Name), err) } link, err := setupMacVTapDevice(podID, config, i) if err != nil { return nil, err } ifName := link.Attrs().Name n.runtime.IfName = ifName err = kvmSetupNetAddressing(&network, n, ifName) if err != nil { return nil, err } default: return nil, fmt.Errorf("network %q have unsupported type: %q", n.conf.Name, n.conf.Type) } // Check if there's any other network set as default gateway if defaultGatewaySet { for _, route := range n.runtime.IP4.Routes { if (defaultNet.String() == route.Dst.String()) && !n.conf.IsDefaultGateway { return nil, fmt.Errorf("flannel config enables default gateway and IPAM sets default gateway via %q", n.runtime.IP4.Gateway) } } } // Generate rkt-resolv.conf if it's not already there. // The first network plugin that supplies a non-empty // DNS response will win, unless noDNS is true (--dns passed to rkt run) if !common.IsDNSZero(&n.runtime.DNS) && !noDNS { if !podHasResolvConf { err := ioutil.WriteFile( resolvPath, []byte(common.MakeResolvConf(n.runtime.DNS, "Generated by rkt from network "+n.conf.Name)), 0644) if err != nil { return nil, errwrap.Wrap(fmt.Errorf("error creating resolv.conf"), err) } podHasResolvConf = true } else { stderr.Printf("Warning: network %v plugin specified DNS configuration, but DNS already supplied", n.conf.Name) } } if n.conf.IPMasq { chain := cniutils.FormatChainName(n.conf.Name, podID.String()) comment := cniutils.FormatComment(n.conf.Name, podID.String()) if err := ip.SetupIPMasq(&net.IPNet{ IP: n.runtime.IP, Mask: net.IPMask(n.runtime.Mask), }, chain, comment); err != nil { return nil, err } } network.nets[i] = n } podIP, err := network.GetForwardableNetPodIP() if err != nil { return nil, err } if err := network.forwardPorts(fps, podIP); err != nil { return nil, err } return &network, nil }
func (e *endpoints) create(eid string, ifInfo *driverapi.EndpointInterface, niConfig networkConfig) (err error) { ep := endpoint{} // Generate a name for what will be the host side pipe interface hostIfName, err := netutils.GenerateIfaceName(vethPrefix, vethLen) if err != nil { return err } // Generate a name for what will be the sandbox side pipe interface containerIfName, err := netutils.GenerateIfaceName(vethPrefix, vethLen) if err != nil { return err } // Generate and add the interface pipe host <-> sandbox veth := &netlink.Veth{ LinkAttrs: netlink.LinkAttrs{Name: hostIfName, TxQLen: 0}, PeerName: containerIfName, } if err = netlink.LinkAdd(veth); err != nil { return types.InternalErrorf("failed to add the host (%s) <=> sandbox (%s) pair interfaces: %v", hostIfName, containerIfName, err) } // Get the host side pipe interface handler host, err := netlink.LinkByName(hostIfName) if err != nil { return types.InternalErrorf("failed to find host side interface %s: %v", hostIfName, err) } defer func() { if err != nil { netlink.LinkDel(host) } }() // Get the sandbox side pipe interface handler sbox, err := netlink.LinkByName(containerIfName) if err != nil { return types.InternalErrorf("failed to find sandbox side interface %s: %v", containerIfName, err) } defer func() { if err != nil { netlink.LinkDel(sbox) } }() // Add bridge inherited attributes to pipe interfaces if niConfig.Mtu != 0 { err = netlink.LinkSetMTU(host, niConfig.Mtu) if err != nil { return types.InternalErrorf("failed to set MTU on host interface %s: %v", hostIfName, err) } err = netlink.LinkSetMTU(sbox, niConfig.Mtu) if err != nil { return types.InternalErrorf("failed to set MTU on sandbox interface %s: %v", containerIfName, err) } } // Attach host side pipe interface into the bridge br, err := netlink.LinkByName(niConfig.BridgeName) if err != nil { return types.InternalErrorf("failed to find bridge by name %s: %v", niConfig.BridgeName, err) } if err = netlink.LinkSetMaster(host, br.(*netlink.Bridge)); err != nil { return fmt.Errorf("adding interface %s to bridge %s failed: %v", hostIfName, niConfig.BridgeName, err) } // Create the sandbox side pipe interface ep.ifname = containerIfName ep.addr, _, err = net.ParseCIDR(ifInfo.Address) if err != nil { return fmt.Errorf("ipv4 adress unparseable") } /* _, ep.addrv6, err = net.ParseCIDR(ifInfo.AddressIPv6) if err != nil { return fmt.Errorf("ipv6 adress unparseable") } */ if ifInfo.MacAddress != "" { ep.mac, err = net.ParseMAC(ifInfo.MacAddress) if err != nil { return fmt.Errorf("mac adress unparseable") } // Down the interface before configuring mac address. if err = netlink.LinkSetDown(sbox); err != nil { return fmt.Errorf("could not set link down for container interface %s: %v", containerIfName, err) } err = netlink.LinkSetHardwareAddr(sbox, ep.mac) if err != nil { return fmt.Errorf("could not set mac address for container interface %s: %v", containerIfName, err) } if err = netlink.LinkSetUp(sbox); err != nil { return fmt.Errorf("could not set link up for container interface %s: %v", containerIfName, err) } } else { // Get existing mac address from interface ep.mac = sbox.Attrs().HardwareAddr } // Up the host interface after finishing all netlink configuration if err = netlink.LinkSetUp(host); err != nil { return fmt.Errorf("could not set link up for host interface %s: %v", hostIfName, err) } if ep.addrv6 == nil && niConfig.EnableIPv6 { return fmt.Errorf("IPV6 is not supported. Go and code it yourself.") } e.add(eid, ep) Log.Debugf("ep data at join: ip: %v, mac: %v", ep.addr, ep.mac) broadcastChange(br, ep) return nil }
func (d *driver) CreateEndpoint(nid, eid types.UUID, epInfo driverapi.EndpointInfo, epOptions map[string]interface{}) error { var ( ipv6Addr *net.IPNet err error ) if epInfo == nil { return errors.New("invalid endpoint info passed") } if len(epInfo.Interfaces()) != 0 { return errors.New("non empty interface list passed to bridge(local) driver") } // Get the network handler and make sure it exists d.Lock() n := d.network config := n.config d.Unlock() if n == nil { return driverapi.ErrNoNetwork(nid) } // Sanity check n.Lock() if n.id != nid { n.Unlock() return InvalidNetworkIDError(nid) } n.Unlock() // Check if endpoint id is good and retrieve correspondent endpoint ep, err := n.getEndpoint(eid) if err != nil { return err } // Endpoint with that id exists either on desired or other sandbox if ep != nil { return driverapi.ErrEndpointExists(eid) } // Try to convert the options to endpoint configuration epConfig, err := parseEndpointOptions(epOptions) if err != nil { return err } // Create and add the endpoint n.Lock() endpoint := &bridgeEndpoint{id: eid, config: epConfig} n.endpoints[eid] = endpoint n.Unlock() // On failure make sure to remove the endpoint defer func() { if err != nil { n.Lock() delete(n.endpoints, eid) n.Unlock() } }() // Generate a name for what will be the host side pipe interface name1, err := generateIfaceName() if err != nil { return err } // Generate a name for what will be the sandbox side pipe interface name2, err := generateIfaceName() if err != nil { return err } // Generate and add the interface pipe host <-> sandbox veth := &netlink.Veth{ LinkAttrs: netlink.LinkAttrs{Name: name1, TxQLen: 0}, PeerName: name2} if err = netlink.LinkAdd(veth); err != nil { return err } // Get the host side pipe interface handler host, err := netlink.LinkByName(name1) if err != nil { return err } defer func() { if err != nil { netlink.LinkDel(host) } }() // Get the sandbox side pipe interface handler sbox, err := netlink.LinkByName(name2) if err != nil { return err } defer func() { if err != nil { netlink.LinkDel(sbox) } }() // Add bridge inherited attributes to pipe interfaces if config.Mtu != 0 { err = netlink.LinkSetMTU(host, config.Mtu) if err != nil { return err } err = netlink.LinkSetMTU(sbox, config.Mtu) if err != nil { return err } } // Attach host side pipe interface into the bridge if err = netlink.LinkSetMaster(host, &netlink.Bridge{LinkAttrs: netlink.LinkAttrs{Name: config.BridgeName}}); err != nil { return err } if !config.EnableUserlandProxy { err = netlink.LinkSetHairpin(host, true) if err != nil { return err } } // v4 address for the sandbox side pipe interface ip4, err := ipAllocator.RequestIP(n.bridge.bridgeIPv4, nil) if err != nil { return err } ipv4Addr := &net.IPNet{IP: ip4, Mask: n.bridge.bridgeIPv4.Mask} // Set the sbox's MAC. If specified, use the one configured by user, otherwise generate one based on IP. mac := electMacAddress(epConfig, ip4) err = netlink.LinkSetHardwareAddr(sbox, mac) if err != nil { return err } endpoint.macAddress = mac // v6 address for the sandbox side pipe interface ipv6Addr = &net.IPNet{} if config.EnableIPv6 { var ip6 net.IP network := n.bridge.bridgeIPv6 if config.FixedCIDRv6 != nil { network = config.FixedCIDRv6 } ones, _ := network.Mask.Size() if ones <= 80 { ip6 = make(net.IP, len(network.IP)) copy(ip6, network.IP) for i, h := range mac { ip6[i+10] = h } } ip6, err := ipAllocator.RequestIP(network, ip6) if err != nil { return err } ipv6Addr = &net.IPNet{IP: ip6, Mask: network.Mask} } // Create the sandbox side pipe interface intf := &sandbox.Interface{} intf.SrcName = name2 intf.DstName = containerVethPrefix intf.Address = ipv4Addr if config.EnableIPv6 { intf.AddressIPv6 = ipv6Addr } // Store the interface in endpoint, this is needed for cleanup on DeleteEndpoint() endpoint.intf = intf err = epInfo.AddInterface(ifaceID, endpoint.macAddress, *ipv4Addr, *ipv6Addr) if err != nil { return err } // Program any required port mapping and store them in the endpoint endpoint.portMapping, err = allocatePorts(epConfig, intf, config.DefaultBindingIP, config.EnableUserlandProxy) if err != nil { return err } return nil }