// Leave method is invoked when a Sandbox detaches from an endpoint. func (d *driver) Leave(nid, eid string) error { if err := validateID(nid, eid); err != nil { return err } n := d.network(nid) if n == nil { return fmt.Errorf("could not find network with id %s", nid) } ep := n.endpoint(eid) if ep == nil { return types.InternalMaskableErrorf("could not find endpoint with id %s", eid) } if d.notifyCh != nil { d.notifyCh <- ovNotify{ action: "leave", nw: n, ep: ep, } } n.leaveSandbox() if err := d.checkEncryption(nid, nil, 0, true, false); err != nil { log.Warn(err) } return nil }
func (d *driver) DeleteNetwork(nid string) error { n, err := d.getNetwork(nid) if err != nil { return types.InternalMaskableErrorf("%s", err) } n.Lock() config := n.config n.Unlock() // Cannot remove network if endpoints are still present if len(n.endpoints) != 0 { return fmt.Errorf("network %s has active endpoint", n.id) } _, err = hcsshim.HNSNetworkRequest("DELETE", config.HnsID, "") if err != nil { return err } d.Lock() delete(d.networks, nid) d.Unlock() return nil }
// Leave method is invoked when a Sandbox detaches from an endpoint. func (d *driver) Leave(nid, eid string) error { if err := validateID(nid, eid); err != nil { return err } n := d.network(nid) if n == nil { return fmt.Errorf("could not find network with id %s", nid) } ep := n.endpoint(eid) if ep == nil { return types.InternalMaskableErrorf("could not find endpoint with id %s", eid) } if d.notifyCh != nil { d.notifyCh <- ovNotify{ action: "leave", nid: nid, eid: eid, } } n.leaveSandbox() return nil }
// Leave method is invoked when a Sandbox detaches from an endpoint. func (d *driver) Leave(nid, eid string) error { defer osl.InitOSContext()() network, err := d.getNetwork(nid) if err != nil { return types.InternalMaskableErrorf("%s", err) } endpoint, err := network.getEndpoint(eid) if err != nil { return err } if endpoint == nil { return EndpointNotFoundError(eid) } if !network.config.EnableICC { if err = d.link(network, endpoint, false); err != nil { return err } } return nil }
func (d *driver) DeleteEndpoint(nid, eid string) error { var err error defer osl.InitOSContext()() // Get the network handler and make sure it exists d.Lock() n, ok := d.networks[nid] d.Unlock() if !ok { return types.InternalMaskableErrorf("network %s does not exist", nid) } if n == nil { return driverapi.ErrNoNetwork(nid) } // Sanity Check n.Lock() if n.id != nid { n.Unlock() return InvalidNetworkIDError(nid) } n.Unlock() // Check endpoint id and if an endpoint is actually there ep, err := n.getEndpoint(eid) if err != nil { return err } if ep == nil { return EndpointNotFoundError(eid) } // Remove it n.Lock() delete(n.endpoints, eid) n.Unlock() // On failure make sure to set back ep in n.endpoints, but only // if it hasn't been taken over already by some other thread. defer func() { if err != nil { n.Lock() if _, ok := n.endpoints[eid]; !ok { n.endpoints[eid] = ep } n.Unlock() } }() // Try removal of link. Discard error: it is a best effort. // Also make sure defer does not see this error either. if link, err := netlink.LinkByName(ep.srcName); err == nil { netlink.LinkDel(link) } return nil }
func (d *driver) DeleteEndpoint(nid, eid string) error { var err error // Get the network handler and make sure it exists d.Lock() n, ok := d.networks[nid] d.Unlock() if !ok { return types.InternalMaskableErrorf("network %s does not exist", nid) } if n == nil { return driverapi.ErrNoNetwork(nid) } // Sanity Check n.Lock() if n.id != nid { n.Unlock() return InvalidNetworkIDError(nid) } n.Unlock() // Check endpoint id and if an endpoint is actually there ep, err := n.getEndpoint(eid) if err != nil { return err } if ep == nil { return EndpointNotFoundError(eid) } // Remove it n.Lock() delete(n.endpoints, eid) n.Unlock() // On failure make sure to set back ep in n.endpoints, but only // if it hasn't been taken over already by some other thread. defer func() { if err != nil { n.Lock() if _, ok := n.endpoints[eid]; !ok { n.endpoints[eid] = ep } n.Unlock() } }() err = n.releasePorts(ep) if err != nil { logrus.Warn(err) } return nil }
func (d *driver) DeleteNetwork(nid string) error { var err error defer osl.InitOSContext()() // Get network handler and remove it from driver d.Lock() n, ok := d.networks[nid] d.Unlock() if !ok { return types.InternalMaskableErrorf("network %s does not exist", nid) } n.Lock() config := n.config n.Unlock() d.Lock() delete(d.networks, nid) d.Unlock() // On failure set network handler back in driver, but // only if is not already taken over by some other thread defer func() { if err != nil { d.Lock() if _, ok := d.networks[nid]; !ok { d.networks[nid] = n } d.Unlock() } }() // Sanity check if n == nil { err = driverapi.ErrNoNetwork(nid) return err } // We only delete the bridge when it's not the default bridge. This is keep the backward compatible behavior. if !config.DefaultBridge { if err := d.nlh.LinkDel(n.bridge.Link); err != nil { logrus.Warnf("Failed to remove bridge interface %s on network %s delete: %v", config.BridgeName, nid, err) } } // clean all relevant iptables rules for _, cleanFunc := range n.iptCleanFuncs { if errClean := cleanFunc(); errClean != nil { logrus.Warnf("Failed to clean iptables rules for bridge network: %v", errClean) } } return d.storeDelete(config) }
// Leave method is invoked when a Sandbox detaches from an endpoint. func (d *driver) Leave(nid, eid string) error { network, err := d.getNetwork(nid) if err != nil { return types.InternalMaskableErrorf("%s", err) } // Ensure that the endpoint exists _, err = network.getEndpoint(eid) if err != nil { return err } // This is just a stub for now return nil }
// Leave method is invoked when a Sandbox detaches from an endpoint. func (d *driver) Leave(nid, eid string) error { network, err := d.getNetwork(nid) if err != nil { return types.InternalMaskableErrorf("%s", err) } endpoint, err := network.getEndpoint(eid) if err != nil { return err } if endpoint == nil { return EndpointNotFoundError(eid) } return nil }
func (aSpace *addrSpace) updatePoolDBOnAdd(k SubnetKey, nw *net.IPNet, ipr *AddressRange, pdf bool) (func() error, error) { aSpace.Lock() defer aSpace.Unlock() // Check if already allocated if p, ok := aSpace.subnets[k]; ok { if pdf { return nil, types.InternalMaskableErrorf("predefined pool %s is already reserved", nw) } aSpace.incRefCount(p, 1) return func() error { return nil }, nil } // If master pool, check for overlap if ipr == nil { if aSpace.contains(k.AddressSpace, nw) { return nil, ipamapi.ErrPoolOverlap } // This is a new master pool, add it along with corresponding bitmask aSpace.subnets[k] = &PoolData{Pool: nw, RefCount: 1} return func() error { return aSpace.alloc.insertBitMask(k, nw) }, nil } // This is a new non-master pool p := &PoolData{ ParentKey: SubnetKey{AddressSpace: k.AddressSpace, Subnet: k.Subnet}, Pool: nw, Range: ipr, RefCount: 1, } aSpace.subnets[k] = p // Look for parent pool pp, ok := aSpace.subnets[p.ParentKey] if ok { aSpace.incRefCount(pp, 1) return func() error { return nil }, nil } // Parent pool does not exist, add it along with corresponding bitmask aSpace.subnets[p.ParentKey] = &PoolData{Pool: nw, RefCount: 1} return func() error { return aSpace.alloc.insertBitMask(p.ParentKey, nw) }, nil }
func (d *driver) DeleteNetwork(nid types.UUID) error { var err error // Get network handler and remove it from driver d.Lock() n, ok := d.networks[nid] if !ok { d.Unlock() return types.InternalMaskableErrorf("network %s does not exist", nid) } delete(d.networks, nid) d.Unlock() // On failure set network handler back in driver, but // only if is not already taken over by some other thread defer func() { if err != nil { d.Lock() if _, ok := d.networks[nid]; !ok { d.networks[nid] = n } d.Unlock() } }() // Sanity check if n == nil { err = driverapi.ErrNoNetwork(nid) return err } // Cannot remove network if endpoints are still present if len(n.endpoints) != 0 { err = ActiveEndpointsError(n.id) return err } // Programming err = netlink.LinkDel(n.bridge.Link) return err }
func (d *driver) DeleteNetwork(nid string) error { var err error // Get network handler and remove it from driver d.Lock() n, ok := d.networks[nid] d.Unlock() if !ok { return types.InternalMaskableErrorf("network %s does not exist", nid) } d.Lock() delete(d.networks, nid) d.Unlock() // On failure set network handler back in driver, but // only if is not already taken over by some other thread defer func() { if err != nil { d.Lock() if _, ok := d.networks[nid]; !ok { d.networks[nid] = n } d.Unlock() } }() // Sanity check if n == nil { err = driverapi.ErrNoNetwork(nid) return err } // Cannot remove network if endpoints are still present if len(n.endpoints) != 0 { err = ActiveEndpointsError(n.id) return err } bridgeCleanup(n.config, true) logrus.Infof("Deleting bridge network: %s", nid[:12]) return d.storeDelete(n.config) }
func (d *driver) DeleteEndpoint(nid, eid string) error { n, err := d.getNetwork(nid) if err != nil { return types.InternalMaskableErrorf("%s", err) } ep, err := n.getEndpoint(eid) if err != nil { return err } n.Lock() delete(n.endpoints, eid) n.Unlock() _, err = hcsshim.HNSEndpointRequest("DELETE", ep.profileID, "") if err != nil { return err } return nil }
// Leave method is invoked when a Sandbox detaches from an endpoint. func (d *driver) Leave(nid, eid string) error { if err := validateID(nid, eid); err != nil { return err } n := d.network(nid) if n == nil { return fmt.Errorf("could not find network with id %s", nid) } ep := n.endpoint(eid) if ep == nil { return types.InternalMaskableErrorf("could not find endpoint with id %s", eid) } if d.notifyCh != nil { d.notifyCh <- ovNotify{ action: "leave", nid: nid, eid: eid, } } n.leaveSandbox() link, err := netlink.LinkByName(ep.ifName) if err != nil { log.Warnf("Failed to retrieve interface link for interface removal on endpoint leave: %v", err) return nil } if err := netlink.LinkDel(link); err != nil { log.Warnf("Failed to delete interface link on endpoint leave: %v", err) } return nil }
func (d *driver) DeleteNetwork(nid string) error { var err error defer osl.InitOSContext()() // Get network handler and remove it from driver d.Lock() n, ok := d.networks[nid] d.Unlock() if !ok { return types.InternalMaskableErrorf("network %s does not exist", nid) } n.Lock() config := n.config n.Unlock() d.Lock() delete(d.networks, nid) d.Unlock() // On failure set network handler back in driver, but // only if is not already taken over by some other thread defer func() { if err != nil { d.Lock() if _, ok := d.networks[nid]; !ok { d.networks[nid] = n } d.Unlock() } }() // Sanity check if n == nil { err = driverapi.ErrNoNetwork(nid) return err } // Cannot remove network if endpoints are still present if len(n.endpoints) != 0 { err = ActiveEndpointsError(n.id) return err } // In case of failures after this point, restore the network isolation rules nwList := d.getNetworks() defer func() { if err != nil { if err := n.isolateNetwork(nwList, true); err != nil { logrus.Warnf("Failed on restoring the inter-network iptables rules on cleanup: %v", err) } } }() // Remove inter-network communication rules. err = n.isolateNetwork(nwList, false) if err != nil { return err } // We only delete the bridge when it's not the default bridge. This is keep the backward compatible behavior. if !config.DefaultBridge { err = netlink.LinkDel(n.bridge.Link) } return d.storeDelete(config) }
func (d *driver) DeleteNetwork(nid string) error { var err error defer osl.InitOSContext()() // Get network handler and remove it from driver d.Lock() n, ok := d.networks[nid] d.Unlock() if !ok { return types.InternalMaskableErrorf("network %s does not exist", nid) } n.Lock() config := n.config n.Unlock() // delele endpoints belong to this network for _, ep := range n.endpoints { if err := n.releasePorts(ep); err != nil { logrus.Warn(err) } if link, err := d.nlh.LinkByName(ep.srcName); err == nil { d.nlh.LinkDel(link) } if err := d.storeDelete(ep); err != nil { logrus.Warnf("Failed to remove bridge endpoint %s from store: %v", ep.id[0:7], err) } } d.Lock() delete(d.networks, nid) d.Unlock() // On failure set network handler back in driver, but // only if is not already taken over by some other thread defer func() { if err != nil { d.Lock() if _, ok := d.networks[nid]; !ok { d.networks[nid] = n } d.Unlock() } }() // Sanity check if n == nil { err = driverapi.ErrNoNetwork(nid) return err } switch config.BridgeIfaceCreator { case ifaceCreatedByLibnetwork, ifaceCreatorUnknown: // We only delete the bridge if it was created by the bridge driver and // it is not the default one (to keep the backward compatible behavior.) if !config.DefaultBridge { if err := d.nlh.LinkDel(n.bridge.Link); err != nil { logrus.Warnf("Failed to remove bridge interface %s on network %s delete: %v", config.BridgeName, nid, err) } } case ifaceCreatedByUser: // Don't delete the bridge interface if it was not created by libnetwork. } // clean all relevant iptables rules for _, cleanFunc := range n.iptCleanFuncs { if errClean := cleanFunc(); errClean != nil { logrus.Warnf("Failed to clean iptables rules for bridge network: %v", errClean) } } return d.storeDelete(config) }
func (d *driver) DeleteNetwork(nid types.UUID) error { var err error defer sandbox.InitOSContext()() // Get network handler and remove it from driver d.Lock() n, ok := d.networks[nid] d.Unlock() if !ok { return types.InternalMaskableErrorf("network %s does not exist", nid) } n.Lock() config := n.config n.Unlock() if config.BridgeName == DefaultBridgeName { return types.ForbiddenErrorf("default network of type \"%s\" cannot be deleted", networkType) } d.Lock() delete(d.networks, nid) d.Unlock() // On failure set network handler back in driver, but // only if is not already taken over by some other thread defer func() { if err != nil { d.Lock() if _, ok := d.networks[nid]; !ok { d.networks[nid] = n } d.Unlock() } }() // Sanity check if n == nil { err = driverapi.ErrNoNetwork(nid) return err } // Cannot remove network if endpoints are still present if len(n.endpoints) != 0 { err = ActiveEndpointsError(n.id) return err } // In case of failures after this point, restore the network isolation rules nwList := d.getNetworks() defer func() { if err != nil { if err := n.isolateNetwork(nwList, true); err != nil { logrus.Warnf("Failed on restoring the inter-network iptables rules on cleanup: %v", err) } } }() // Remove inter-network communication rules. err = n.isolateNetwork(nwList, false) if err != nil { return err } // Programming err = netlink.LinkDel(n.bridge.Link) return err }
func (d *driver) DeleteEndpoint(nid, eid string) error { var err error defer osl.InitOSContext()() // Get the network handler and make sure it exists d.Lock() n, ok := d.networks[nid] d.Unlock() if !ok { return types.InternalMaskableErrorf("network %s does not exist", nid) } if n == nil { return driverapi.ErrNoNetwork(nid) } // Sanity Check n.Lock() if n.id != nid { n.Unlock() return InvalidNetworkIDError(nid) } n.Unlock() // Check endpoint id and if an endpoint is actually there ep, err := n.getEndpoint(eid) if err != nil { return err } if ep == nil { return EndpointNotFoundError(eid) } // Remove it n.Lock() delete(n.endpoints, eid) n.Unlock() // On failure make sure to set back ep in n.endpoints, but only // if it hasn't been taken over already by some other thread. defer func() { if err != nil { n.Lock() if _, ok := n.endpoints[eid]; !ok { n.endpoints[eid] = ep } n.Unlock() } }() // Remove port mappings. Do not stop endpoint delete on unmap failure n.releasePorts(ep) if ep.config != nil { for _, port := range ep.config.ExposedPorts { rule := []string{ "-p", port.Proto.String(), "-d", ep.addrv6.String(), "--dport", strconv.Itoa(int(port.Port)), "-j", "ACCEPT", } if iptables.Exists(iptables.IP6Tables, iptables.Filter, DockerChain, rule...) { delete := append( []string{ string(iptables.Delete), DockerChain, }, rule..., ) iptables.Raw(iptables.IP6Tables, delete...) } } } // Try removal of neighbor proxy. Discard error: it is a best effort. // Also make sure defer does not see this error either. if n.config.NDPProxyInterface != "" && n.config.EnableIPv6 { link, err := netlink.LinkByName(n.config.NDPProxyInterface) if err == nil { neighbor := netlink.Neigh{ LinkIndex: link.Attrs().Index, Family: netlink.FAMILY_V6, State: netlink.NUD_PERMANENT, Type: netlink.NDA_UNSPEC, Flags: netlink.NTF_PROXY, IP: ep.addrv6.IP, HardwareAddr: ep.macAddress, } netlink.NeighDel(&neighbor) } } // Try removal of link. Discard error: it is a best effort. // Also make sure defer does not see this error either. if link, err := netlink.LinkByName(ep.srcName); err == nil { netlink.LinkDel(link) } return nil }