func testBridgeSimpleSetup(t *testing.T, nsPrefix string, br *netlink.Bridge) (
*netlink.Bridge, []*netlink.Veth, []netns.NsHandle, func()) {
links, nets, cleanup := testNetnsPair(t, nsPrefix)
if br == nil {
br = &netlink.Bridge{
LinkAttrs: netlink.LinkAttrs{
Name: "br0",
},
}
if err := netlink.LinkAdd(br); err != nil {
cleanup()
t.Fatal(err)
}
}
cleanup2 := func() {
netlink.LinkDel(br)
cleanup()
}
if err := netlink.LinkSetMaster(links[0], br); err != nil {
cleanup2()
t.Fatal(err)
}
if err := netlink.LinkSetMaster(links[1], br); err != nil {
cleanup2()
t.Fatal(err)
}
if err := netlink.LinkSetUp(br); err != nil {
cleanup2()
t.Fatal(err)
}
return br, links, nets, cleanup2
}
// Wire up a tap interface for communicating with the guest. Returns the name
// of the created tap interface.
func wireTapInterface(config *netConfig) string {
// Drop link on eth0 before configuring anything
eth0, err := netlink.LinkByName("eth0")
if err != nil {
log.Fatalf("LinkByName(eth0): %v", err)
}
if err := netlink.LinkSetDown(eth0); err != nil {
log.Fatalf("LinkSetDown(eth0): %v", err)
}
// Flush any L3 addresses on eth0
if err := flushAddresses(eth0); err != nil {
log.Fatalf("flushAddresses(eth0): %v", err)
}
// Generate and set random MAC address for eth0
eth0Addr := generateHardwareAddr()
if err := netlink.LinkSetHardwareAddr(eth0, eth0Addr); err != nil {
log.Fatalf("LinkSetHardwareAddr(eth0): %v", err)
}
// Create "tap0" (interface to guest)
tap0Attrs := netlink.NewLinkAttrs()
tap0Attrs.Name = "tap0"
tap0 := &netlink.Tuntap{tap0Attrs, netlink.TUNTAP_MODE_TAP}
if err := netlink.LinkAdd(tap0); err != nil {
log.Fatalf("LinkAdd(tap0): %v", err)
}
// Create a new bridge, br0 and add eth0 and tap0 to it
br0Attrs := netlink.NewLinkAttrs()
br0Attrs.Name = "br0"
br0 := &netlink.Bridge{br0Attrs}
if err := netlink.LinkAdd(br0); err != nil {
log.Fatalf("LinkAdd(br0): %v", err)
}
if err := netlink.LinkSetMaster(eth0, br0); err != nil {
log.Fatalf("LinkSetMaster(eth0, br0): %v", err)
}
if err := netlink.LinkSetMaster(tap0, br0); err != nil {
log.Fatalf("LinkSetMaster(tap0, br0): %v", err)
}
// Set all links up
if err := netlink.LinkSetUp(tap0); err != nil {
log.Fatalf("LinkSetUp(tap0): %v", err)
}
if err := netlink.LinkSetUp(eth0); err != nil {
log.Fatalf("LinkSetUp(eth0): %v", err)
}
if err := netlink.LinkSetUp(br0); err != nil {
log.Fatalf("LinkSetUp(br0): %v", err)
}
return tap0Attrs.Name
}
// attach a container network interface to an external network
func (v *veth) attach(n *configs.Network) (err error) {
brl, err := netlink.LinkByName(n.Bridge)
if err != nil {
return err
}
br, ok := brl.(*netlink.Bridge)
if !ok {
return fmt.Errorf("Wrong device type %T", brl)
}
host, err := netlink.LinkByName(n.HostInterfaceName)
if err != nil {
return err
}
if err := netlink.LinkSetMaster(host, br); err != nil {
return err
}
if err := netlink.LinkSetMTU(host, n.Mtu); err != nil {
return err
}
if n.HairpinMode {
if err := netlink.LinkSetHairpin(host, true); err != nil {
return err
}
}
if err := netlink.LinkSetUp(host); err != nil {
return err
}
return nil
}
func endpointCreate() {
hostIfName := "myveth0"
containerIfName := "myveth1"
veth, err := netlink.LinkByName("myveth0")
if err == nil && veth != nil {
return
}
veth = &netlink.Veth{
LinkAttrs: netlink.LinkAttrs{Name: hostIfName, TxQLen: 0},
PeerName: containerIfName}
if err := netlink.LinkAdd(veth); err != nil {
panic(err)
}
la := netlink.NewLinkAttrs()
la.Name = "mycbridge"
mybridge := &netlink.Bridge{la}
err = netlink.LinkSetMaster(veth, mybridge)
if err != nil {
panic(err)
}
err = netlink.LinkSetUp(veth)
if err != nil {
panic(err)
}
}
func setupVeth(netns string, br *netlink.Bridge, ifName string, mtu int, hairpinMode bool) error {
var hostVethName string
err := ns.WithNetNSPath(netns, false, func(hostNS *os.File) error {
// create the veth pair in the container and move host end into host netns
hostVeth, _, err := ip.SetupVeth(ifName, mtu, hostNS)
if err != nil {
return err
}
hostVethName = hostVeth.Attrs().Name
return nil
})
if err != nil {
return err
}
// need to lookup hostVeth again as its index has changed during ns move
hostVeth, err := netlink.LinkByName(hostVethName)
if err != nil {
return fmt.Errorf("failed to lookup %q: %v", hostVethName, err)
}
// connect host veth end to the bridge
if err = netlink.LinkSetMaster(hostVeth, br); err != nil {
return fmt.Errorf("failed to connect %q to bridge %v: %v", hostVethName, br.Attrs().Name, err)
}
// set hairpin mode
if err = netlink.LinkSetHairpin(hostVeth, hairpinMode); err != nil {
return fmt.Errorf("failed to setup hairpin mode for %v: %v", hostVethName, err)
}
return nil
}
func setInterfaceMaster(iface netlink.Link, i *nwIface) error {
if i.DstMaster() == "" {
return nil
}
return netlink.LinkSetMaster(iface, &netlink.Bridge{
LinkAttrs: netlink.LinkAttrs{Name: i.DstMaster()}})
}
func (driver *driver) joinEndpoint(w http.ResponseWriter, r *http.Request) {
var j join
if err := json.NewDecoder(r.Body).Decode(&j); err != nil {
sendError(w, "Could not decode JSON encode payload", http.StatusBadRequest)
return
}
Log.Debugf("Join request: %+v", &j)
endID := j.EndpointID
// create and attach local name to the bridge
local := vethPair(endID[:5])
if err := netlink.LinkAdd(local); err != nil {
Log.Error(err)
errorResponsef(w, "could not create veth pair")
return
}
var bridge *netlink.Bridge
if maybeBridge, err := netlink.LinkByName(WeaveBridge); err != nil {
Log.Error(err)
errorResponsef(w, `bridge "%s" not present`, WeaveBridge)
return
} else {
var ok bool
if bridge, ok = maybeBridge.(*netlink.Bridge); !ok {
Log.Errorf("%s is %+v", WeaveBridge, maybeBridge)
errorResponsef(w, `device "%s" not a bridge`, WeaveBridge)
return
}
}
if netlink.LinkSetMaster(local, bridge) != nil || netlink.LinkSetUp(local) != nil {
errorResponsef(w, `unable to bring veth up`)
return
}
ifname := &iface{
SrcName: local.PeerName,
DstPrefix: "ethwe",
ID: 0,
}
res := &joinResponse{
InterfaceNames: []*iface{ifname},
}
if driver.nameserver != "" {
routeToDNS := &staticRoute{
Destination: driver.nameserver + "/32",
RouteType: types.CONNECTED,
NextHop: "",
InterfaceID: 0,
}
res.StaticRoutes = []*staticRoute{routeToDNS}
}
objectResponse(w, res)
Log.Infof("Join endpoint %s:%s to %s", j.NetworkID, j.EndpointID, j.SandboxKey)
}
func (Bridge) Add(bridge, slaveIf *net.Interface) error {
netlinkMu.Lock()
defer netlinkMu.Unlock()
master, err := netlink.LinkByName(bridge.Name)
if err != nil {
return err
}
slave, err := netlink.LinkByName(slaveIf.Name)
if err != nil {
return err
}
return netlink.LinkSetMaster(slave, master.(*netlink.Bridge))
}
func (b *Bridge) AddLink(link netlink.Link) error {
existing, err := netlink.LinkByName(b.name)
if err != nil {
return err
}
if bridge, ok := existing.(*netlink.Bridge); ok {
if link.Attrs().MasterIndex != bridge.Index {
return netlink.LinkSetMaster(link, bridge)
}
} else {
return fmt.Errorf("%s is not a bridge", b.name)
}
return nil
}
func (driver *driver) JoinEndpoint(j *api.JoinRequest) (response *api.JoinResponse, error error) {
endID := j.EndpointID
// create and attach local name to the bridge
local := vethPair(endID[:5])
if err := netlink.LinkAdd(local); err != nil {
error = fmt.Errorf("could not create veth pair: %s", err)
return
}
var bridge *netlink.Bridge
if maybeBridge, err := netlink.LinkByName(WeaveBridge); err != nil {
err = fmt.Errorf(`bridge "%s" not present`, WeaveBridge)
return
} else {
var ok bool
if bridge, ok = maybeBridge.(*netlink.Bridge); !ok {
Log.Errorf("%s is %+v", WeaveBridge, maybeBridge)
err = fmt.Errorf(`device "%s" not a bridge`, WeaveBridge)
return
}
}
if netlink.LinkSetMaster(local, bridge) != nil || netlink.LinkSetUp(local) != nil {
error = fmt.Errorf(`unable to bring veth up`)
return
}
ifname := &api.InterfaceName{
SrcName: local.PeerName,
DstPrefix: "ethwe",
}
response = &api.JoinResponse{
InterfaceName: ifname,
}
if driver.nameserver != "" {
routeToDNS := api.StaticRoute{
Destination: driver.nameserver + "/32",
RouteType: types.CONNECTED,
NextHop: "",
}
response.StaticRoutes = []api.StaticRoute{routeToDNS}
}
Log.Infof("Join endpoint %s:%s to %s", j.NetworkID, j.EndpointID, j.SandboxKey)
return
}
func addToBridge(ifaceName, bridgeName string) error {
link, err := netlink.LinkByName(ifaceName)
if err != nil {
return fmt.Errorf("could not find interface %s: %v", ifaceName, err)
}
if err = netlink.LinkSetMaster(link,
&netlink.Bridge{LinkAttrs: netlink.LinkAttrs{Name: bridgeName}}); err != nil {
logrus.Debugf("Failed to add %s to bridge via netlink.Trying ioctl: %v", ifaceName, err)
iface, err := net.InterfaceByName(ifaceName)
if err != nil {
return fmt.Errorf("could not find network interface %s: %v", ifaceName, err)
}
master, err := net.InterfaceByName(bridgeName)
if err != nil {
return fmt.Errorf("could not find bridge %s: %v", bridgeName, err)
}
return ioctlAddToBridge(iface, master)
}
return nil
}
func (n *networks) createLink(config networkConfig) error {
//Link creation starts from checking if current vlan interface exists
if _, err := netlink.LinkByName(config.LinkName); err != nil {
//Try creating the link
la := netlink.NewLinkAttrs()
la.Name = config.LinkName
la.ParentIndex = n.parent.Attrs().Index
vl := &netlink.Vlan{la, config.Vlan}
if err := netlink.LinkAdd(vl); err != nil {
return ErrNetlinkError{"create vlan iface", err}
}
if err := netlink.LinkSetUp(vl); err != nil {
return ErrNetlinkError{"bring vlan iface up", err}
}
}
//Now check if bridge exists
if _, err := netlink.LinkByName(config.BridgeName); err != nil {
//Try creating the bridge
la := netlink.NewLinkAttrs()
la.Name = config.BridgeName
br := &netlink.Bridge{la}
if err := netlink.LinkAdd(br); err != nil {
return ErrNetlinkError{"create bridge", err}
}
//Link bridge to new interface
if li, err := netlink.LinkByName(config.LinkName); err != nil {
netlink.LinkDel(br)
return ErrNetlinkError{"find iface by name (" + config.LinkName + ")", err}
} else if err := netlink.LinkSetMaster(li, br); err != nil {
netlink.LinkDel(br)
return ErrNetlinkError{"set bridge master", err}
}
if err := netlink.LinkSetUp(br); err != nil {
return ErrNetlinkError{"bring bridge up", err}
}
}
return nil
}
func (*nl) LinkSetMaster(slave netlink.Link, master *netlink.Bridge) error {
return netlink.LinkSetMaster(slave, master)
}
func (v *veth) detach(n *configs.Network) (err error) {
return netlink.LinkSetMaster(&netlink.Device{netlink.LinkAttrs{Name: n.HostInterfaceName}}, nil)
}
// kvmSetup prepare new Networking to be used in kvm environment based on tuntap pair interfaces
// to allow communication with virtual machine created by lkvm tool
func kvmSetup(podRoot string, podID types.UUID, fps []ForwardedPort, netList common.NetList, localConfig string) (*Networking, error) {
network := Networking{
podEnv: podEnv{
podRoot: podRoot,
podID: podID,
netsLoadList: netList,
localConfig: localConfig,
},
}
var e error
network.nets, e = network.loadNets()
if e != nil {
return nil, errwrap.Wrap(errors.New("error loading network definitions"), e)
}
for i, n := range network.nets {
if n.conf.Type == "flannel" {
if err := kvmTransformFlannelNetwork(&n); err != nil {
return nil, errwrap.Wrap(errors.New("cannot transform flannel network into basic network"), err)
}
}
switch n.conf.Type {
case "ptp":
link, err := setupTapDevice(podID)
if err != nil {
return nil, err
}
ifName := link.Attrs().Name
n.runtime.IfName = ifName
err = kvmSetupNetAddressing(&network, n, ifName)
if err != nil {
return nil, err
}
// add address to host tap device
err = ensureHasAddr(
link,
&net.IPNet{
IP: n.runtime.IP4.Gateway,
Mask: net.IPMask(n.runtime.Mask),
},
)
if err != nil {
return nil, errwrap.Wrap(fmt.Errorf("cannot add address to host tap device %q", ifName), err)
}
if err := removeAllRoutesOnLink(link); err != nil {
return nil, errwrap.Wrap(fmt.Errorf("cannot remove route on host tap device %q", ifName), err)
}
if err := addRoute(link, n.runtime.IP); err != nil {
return nil, errwrap.Wrap(errors.New("cannot add on host direct route to pod"), err)
}
case "bridge":
config := BridgeNetConf{
NetConf: NetConf{
MTU: defaultMTU,
},
BrName: defaultBrName,
}
if err := json.Unmarshal(n.confBytes, &config); err != nil {
return nil, errwrap.Wrap(fmt.Errorf("error parsing %q result", n.conf.Name), err)
}
br, err := ensureBridgeIsUp(config.BrName, config.MTU)
if err != nil {
return nil, errwrap.Wrap(errors.New("error in time of bridge setup"), err)
}
link, err := setupTapDevice(podID)
if err != nil {
return nil, errwrap.Wrap(errors.New("can not setup tap device"), err)
}
err = netlink.LinkSetMaster(link, br)
if err != nil {
rErr := tuntap.RemovePersistentIface(n.runtime.IfName, tuntap.Tap)
if rErr != nil {
stderr.PrintE("warning: could not cleanup tap interface", rErr)
}
return nil, errwrap.Wrap(errors.New("can not add tap interface to bridge"), err)
}
ifName := link.Attrs().Name
n.runtime.IfName = ifName
err = kvmSetupNetAddressing(&network, n, ifName)
if err != nil {
return nil, err
}
if config.IsGw {
err = ensureHasAddr(
br,
&net.IPNet{
IP: n.runtime.IP4.Gateway,
Mask: net.IPMask(n.runtime.Mask),
},
)
if err != nil {
return nil, errwrap.Wrap(fmt.Errorf("cannot add address to host bridge device %q", br.Name), err)
}
}
case "macvlan":
config := MacVTapNetConf{}
if err := json.Unmarshal(n.confBytes, &config); err != nil {
return nil, errwrap.Wrap(fmt.Errorf("error parsing %q result", n.conf.Name), err)
}
link, err := setupMacVTapDevice(podID, config)
if err != nil {
return nil, err
}
ifName := link.Attrs().Name
n.runtime.IfName = ifName
err = kvmSetupNetAddressing(&network, n, ifName)
if err != nil {
return nil, err
}
default:
return nil, fmt.Errorf("network %q have unsupported type: %q", n.conf.Name, n.conf.Type)
}
if n.conf.IPMasq {
chain := getChainName(podID.String(), n.conf.Name)
if err := ip.SetupIPMasq(&net.IPNet{
IP: n.runtime.IP,
Mask: net.IPMask(n.runtime.Mask),
}, chain); err != nil {
return nil, err
}
}
network.nets[i] = n
}
err := network.forwardPorts(fps, network.GetDefaultIP())
if err != nil {
return nil, err
}
return &network, nil
}
// kvmSetup prepare new Networking to be used in kvm environment based on tuntap pair interfaces
// to allow communication with virtual machine created by lkvm tool
func kvmSetup(podRoot string, podID types.UUID, fps []ForwardedPort, netList common.NetList, localConfig string) (*Networking, error) {
network := Networking{
podEnv: podEnv{
podRoot: podRoot,
podID: podID,
netsLoadList: netList,
localConfig: localConfig,
},
}
var e error
// If there's a network set as default in CNI configuration
defaultGatewaySet := false
_, defaultNet, err := net.ParseCIDR("0.0.0.0/0")
if err != nil {
return nil, errwrap.Wrap(errors.New("error when parsing net address"), err)
}
network.nets, e = network.loadNets()
if e != nil {
return nil, errwrap.Wrap(errors.New("error loading network definitions"), e)
}
for i, n := range network.nets {
if n.conf.Type == "flannel" {
if err := kvmTransformFlannelNetwork(&n); err != nil {
return nil, errwrap.Wrap(errors.New("cannot transform flannel network into basic network"), err)
}
}
switch n.conf.Type {
case "ptp":
link, err := setupTapDevice(podID)
if err != nil {
return nil, err
}
ifName := link.Attrs().Name
n.runtime.IfName = ifName
err = kvmSetupNetAddressing(&network, n, ifName)
if err != nil {
return nil, err
}
// add address to host tap device
err = ensureHasAddr(
link,
&net.IPNet{
IP: n.runtime.IP4.Gateway,
Mask: net.IPMask(n.runtime.Mask),
},
)
if err != nil {
return nil, errwrap.Wrap(fmt.Errorf("cannot add address to host tap device %q", ifName), err)
}
if err := removeAllRoutesOnLink(link); err != nil {
return nil, errwrap.Wrap(fmt.Errorf("cannot remove route on host tap device %q", ifName), err)
}
if err := addRoute(link, n.runtime.IP); err != nil {
return nil, errwrap.Wrap(errors.New("cannot add on host direct route to pod"), err)
}
case "bridge":
config := BridgeNetConf{
NetConf: NetConf{
MTU: defaultMTU,
},
BrName: defaultBrName,
}
if err := json.Unmarshal(n.confBytes, &config); err != nil {
return nil, errwrap.Wrap(fmt.Errorf("error parsing %q result", n.conf.Name), err)
}
br, err := ensureBridgeIsUp(config.BrName, config.MTU)
if err != nil {
return nil, errwrap.Wrap(errors.New("error in time of bridge setup"), err)
}
link, err := setupTapDevice(podID)
if err != nil {
return nil, errwrap.Wrap(errors.New("can not setup tap device"), err)
}
err = netlink.LinkSetMaster(link, br)
if err != nil {
rErr := tuntap.RemovePersistentIface(n.runtime.IfName, tuntap.Tap)
if rErr != nil {
stderr.PrintE("warning: could not cleanup tap interface", rErr)
}
return nil, errwrap.Wrap(errors.New("can not add tap interface to bridge"), err)
}
ifName := link.Attrs().Name
n.runtime.IfName = ifName
err = kvmSetupNetAddressing(&network, n, ifName)
if err != nil {
return nil, err
}
if n.conf.IsDefaultGateway {
n.runtime.IP4.Routes = append(
n.runtime.IP4.Routes,
cnitypes.Route{Dst: *defaultNet, GW: n.runtime.IP4.Gateway},
)
defaultGatewaySet = true
config.IsGw = true
}
if config.IsGw {
err = ensureHasAddr(
br,
&net.IPNet{
IP: n.runtime.IP4.Gateway,
Mask: net.IPMask(n.runtime.Mask),
},
)
if err != nil {
return nil, errwrap.Wrap(fmt.Errorf("cannot add address to host bridge device %q", br.Name), err)
}
}
case "macvlan":
config := MacVTapNetConf{}
if err := json.Unmarshal(n.confBytes, &config); err != nil {
return nil, errwrap.Wrap(fmt.Errorf("error parsing %q result", n.conf.Name), err)
}
link, err := setupMacVTapDevice(podID, config, i)
if err != nil {
return nil, err
}
ifName := link.Attrs().Name
n.runtime.IfName = ifName
err = kvmSetupNetAddressing(&network, n, ifName)
if err != nil {
return nil, err
}
default:
return nil, fmt.Errorf("network %q have unsupported type: %q", n.conf.Name, n.conf.Type)
}
// Check if there's any other network set as default gateway
if defaultGatewaySet {
for _, route := range n.runtime.IP4.Routes {
if (defaultNet.String() == route.Dst.String()) && !n.conf.IsDefaultGateway {
return nil, fmt.Errorf("flannel config enables default gateway and IPAM sets default gateway via %q", n.runtime.IP4.Gateway)
}
}
}
if n.conf.IPMasq {
chain := cniutils.FormatChainName(n.conf.Name, podID.String())
comment := cniutils.FormatChainName(n.conf.Name, podID.String())
if err := ip.SetupIPMasq(&net.IPNet{
IP: n.runtime.IP,
Mask: net.IPMask(n.runtime.Mask),
}, chain, comment); err != nil {
return nil, err
}
}
network.nets[i] = n
}
podIP, err := network.GetForwardableNetPodIP()
if err != nil {
return nil, err
}
if err := network.forwardPorts(fps, podIP); err != nil {
return nil, err
}
return &network, nil
}
// kvmSetup prepare new Networking to be used in kvm environment based on tuntap pair interfaces
// to allow communication with virtual machine created by lkvm tool
func kvmSetup(podRoot string, podID types.UUID, fps []ForwardedPort, netList common.NetList, localConfig string, noDNS bool) (*Networking, error) {
network := Networking{
podEnv: podEnv{
podRoot: podRoot,
podID: podID,
netsLoadList: netList,
localConfig: localConfig,
},
}
var e error
// If there's a network set as default in CNI configuration
defaultGatewaySet := false
_, defaultNet, err := net.ParseCIDR("0.0.0.0/0")
if err != nil {
return nil, errwrap.Wrap(errors.New("error when parsing net address"), err)
}
network.nets, e = network.loadNets()
if e != nil {
return nil, errwrap.Wrap(errors.New("error loading network definitions"), e)
}
// did stage0 already make /etc/rkt-resolv.conf (i.e. --dns passed)
resolvPath := filepath.Join(common.Stage1RootfsPath(podRoot), "etc/rkt-resolv.conf")
_, err = os.Stat(resolvPath)
if err != nil && !os.IsNotExist(err) {
return nil, errwrap.Wrap(fmt.Errorf("error statting /etc/rkt-resolv.conf"), err)
}
podHasResolvConf := err == nil
for i, n := range network.nets {
if n.conf.Type == "flannel" {
if err := kvmTransformFlannelNetwork(&n); err != nil {
return nil, errwrap.Wrap(errors.New("cannot transform flannel network into basic network"), err)
}
}
switch n.conf.Type {
case "ptp":
link, err := setupTapDevice(podID)
if err != nil {
return nil, err
}
ifName := link.Attrs().Name
n.runtime.IfName = ifName
err = kvmSetupNetAddressing(&network, n, ifName)
if err != nil {
return nil, err
}
// add address to host tap device
err = ensureHasAddr(
link,
&net.IPNet{
IP: n.runtime.IP4.Gateway,
Mask: net.IPMask(n.runtime.Mask),
},
)
if err != nil {
return nil, errwrap.Wrap(fmt.Errorf("cannot add address to host tap device %q", ifName), err)
}
if err := removeAllRoutesOnLink(link); err != nil {
return nil, errwrap.Wrap(fmt.Errorf("cannot remove route on host tap device %q", ifName), err)
}
if err := addRoute(link, n.runtime.IP); err != nil {
return nil, errwrap.Wrap(errors.New("cannot add on host direct route to pod"), err)
}
case "bridge":
config := BridgeNetConf{
NetConf: NetConf{
MTU: defaultMTU,
},
BrName: defaultBrName,
}
if err := json.Unmarshal(n.confBytes, &config); err != nil {
return nil, errwrap.Wrap(fmt.Errorf("error parsing %q result", n.conf.Name), err)
}
br, err := ensureBridgeIsUp(config.BrName, config.MTU)
if err != nil {
return nil, errwrap.Wrap(errors.New("error in time of bridge setup"), err)
}
link, err := setupTapDevice(podID)
if err != nil {
return nil, errwrap.Wrap(errors.New("can not setup tap device"), err)
}
err = netlink.LinkSetMaster(link, br)
if err != nil {
rErr := tuntap.RemovePersistentIface(n.runtime.IfName, tuntap.Tap)
if rErr != nil {
stderr.PrintE("warning: could not cleanup tap interface", rErr)
}
return nil, errwrap.Wrap(errors.New("can not add tap interface to bridge"), err)
}
ifName := link.Attrs().Name
n.runtime.IfName = ifName
err = kvmSetupNetAddressing(&network, n, ifName)
if err != nil {
return nil, err
}
if n.conf.IsDefaultGateway {
n.runtime.IP4.Routes = append(
n.runtime.IP4.Routes,
cnitypes.Route{Dst: *defaultNet, GW: n.runtime.IP4.Gateway},
)
defaultGatewaySet = true
config.IsGw = true
}
if config.IsGw {
err = ensureHasAddr(
br,
&net.IPNet{
IP: n.runtime.IP4.Gateway,
Mask: net.IPMask(n.runtime.Mask),
},
)
if err != nil {
return nil, errwrap.Wrap(fmt.Errorf("cannot add address to host bridge device %q", br.Name), err)
}
}
case "macvlan":
config := MacVTapNetConf{}
if err := json.Unmarshal(n.confBytes, &config); err != nil {
return nil, errwrap.Wrap(fmt.Errorf("error parsing %q result", n.conf.Name), err)
}
link, err := setupMacVTapDevice(podID, config, i)
if err != nil {
return nil, err
}
ifName := link.Attrs().Name
n.runtime.IfName = ifName
err = kvmSetupNetAddressing(&network, n, ifName)
if err != nil {
return nil, err
}
default:
return nil, fmt.Errorf("network %q have unsupported type: %q", n.conf.Name, n.conf.Type)
}
// Check if there's any other network set as default gateway
if defaultGatewaySet {
for _, route := range n.runtime.IP4.Routes {
if (defaultNet.String() == route.Dst.String()) && !n.conf.IsDefaultGateway {
return nil, fmt.Errorf("flannel config enables default gateway and IPAM sets default gateway via %q", n.runtime.IP4.Gateway)
}
}
}
// Generate rkt-resolv.conf if it's not already there.
// The first network plugin that supplies a non-empty
// DNS response will win, unless noDNS is true (--dns passed to rkt run)
if !common.IsDNSZero(&n.runtime.DNS) && !noDNS {
if !podHasResolvConf {
err := ioutil.WriteFile(
resolvPath,
[]byte(common.MakeResolvConf(n.runtime.DNS, "Generated by rkt from network "+n.conf.Name)),
0644)
if err != nil {
return nil, errwrap.Wrap(fmt.Errorf("error creating resolv.conf"), err)
}
podHasResolvConf = true
} else {
stderr.Printf("Warning: network %v plugin specified DNS configuration, but DNS already supplied", n.conf.Name)
}
}
if n.conf.IPMasq {
chain := cniutils.FormatChainName(n.conf.Name, podID.String())
comment := cniutils.FormatComment(n.conf.Name, podID.String())
if err := ip.SetupIPMasq(&net.IPNet{
IP: n.runtime.IP,
Mask: net.IPMask(n.runtime.Mask),
}, chain, comment); err != nil {
return nil, err
}
}
network.nets[i] = n
}
podIP, err := network.GetForwardableNetPodIP()
if err != nil {
return nil, err
}
if err := network.forwardPorts(fps, podIP); err != nil {
return nil, err
}
return &network, nil
}
func (e *endpoints) create(eid string, ifInfo *driverapi.EndpointInterface, niConfig networkConfig) (err error) {
ep := endpoint{}
// Generate a name for what will be the host side pipe interface
hostIfName, err := netutils.GenerateIfaceName(vethPrefix, vethLen)
if err != nil {
return err
}
// Generate a name for what will be the sandbox side pipe interface
containerIfName, err := netutils.GenerateIfaceName(vethPrefix, vethLen)
if err != nil {
return err
}
// Generate and add the interface pipe host <-> sandbox
veth := &netlink.Veth{
LinkAttrs: netlink.LinkAttrs{Name: hostIfName, TxQLen: 0},
PeerName: containerIfName,
}
if err = netlink.LinkAdd(veth); err != nil {
return types.InternalErrorf("failed to add the host (%s) <=> sandbox (%s) pair interfaces: %v", hostIfName, containerIfName, err)
}
// Get the host side pipe interface handler
host, err := netlink.LinkByName(hostIfName)
if err != nil {
return types.InternalErrorf("failed to find host side interface %s: %v", hostIfName, err)
}
defer func() {
if err != nil {
netlink.LinkDel(host)
}
}()
// Get the sandbox side pipe interface handler
sbox, err := netlink.LinkByName(containerIfName)
if err != nil {
return types.InternalErrorf("failed to find sandbox side interface %s: %v", containerIfName, err)
}
defer func() {
if err != nil {
netlink.LinkDel(sbox)
}
}()
// Add bridge inherited attributes to pipe interfaces
if niConfig.Mtu != 0 {
err = netlink.LinkSetMTU(host, niConfig.Mtu)
if err != nil {
return types.InternalErrorf("failed to set MTU on host interface %s: %v", hostIfName, err)
}
err = netlink.LinkSetMTU(sbox, niConfig.Mtu)
if err != nil {
return types.InternalErrorf("failed to set MTU on sandbox interface %s: %v", containerIfName, err)
}
}
// Attach host side pipe interface into the bridge
br, err := netlink.LinkByName(niConfig.BridgeName)
if err != nil {
return types.InternalErrorf("failed to find bridge by name %s: %v", niConfig.BridgeName, err)
}
if err = netlink.LinkSetMaster(host, br.(*netlink.Bridge)); err != nil {
return fmt.Errorf("adding interface %s to bridge %s failed: %v", hostIfName, niConfig.BridgeName, err)
}
// Create the sandbox side pipe interface
ep.ifname = containerIfName
ep.addr, _, err = net.ParseCIDR(ifInfo.Address)
if err != nil {
return fmt.Errorf("ipv4 adress unparseable")
}
/*
_, ep.addrv6, err = net.ParseCIDR(ifInfo.AddressIPv6)
if err != nil {
return fmt.Errorf("ipv6 adress unparseable")
}
*/
if ifInfo.MacAddress != "" {
ep.mac, err = net.ParseMAC(ifInfo.MacAddress)
if err != nil {
return fmt.Errorf("mac adress unparseable")
}
// Down the interface before configuring mac address.
if err = netlink.LinkSetDown(sbox); err != nil {
return fmt.Errorf("could not set link down for container interface %s: %v", containerIfName, err)
}
err = netlink.LinkSetHardwareAddr(sbox, ep.mac)
if err != nil {
return fmt.Errorf("could not set mac address for container interface %s: %v", containerIfName, err)
}
if err = netlink.LinkSetUp(sbox); err != nil {
return fmt.Errorf("could not set link up for container interface %s: %v", containerIfName, err)
}
} else {
// Get existing mac address from interface
ep.mac = sbox.Attrs().HardwareAddr
}
// Up the host interface after finishing all netlink configuration
if err = netlink.LinkSetUp(host); err != nil {
return fmt.Errorf("could not set link up for host interface %s: %v", hostIfName, err)
}
if ep.addrv6 == nil && niConfig.EnableIPv6 {
return fmt.Errorf("IPV6 is not supported. Go and code it yourself.")
}
e.add(eid, ep)
Log.Debugf("ep data at join: ip: %v, mac: %v", ep.addr, ep.mac)
broadcastChange(br, ep)
return nil
}
func (d *driver) CreateEndpoint(nid, eid types.UUID, epInfo driverapi.EndpointInfo, epOptions map[string]interface{}) error {
var (
ipv6Addr *net.IPNet
err error
)
if epInfo == nil {
return errors.New("invalid endpoint info passed")
}
if len(epInfo.Interfaces()) != 0 {
return errors.New("non empty interface list passed to bridge(local) driver")
}
// Get the network handler and make sure it exists
d.Lock()
n := d.network
config := n.config
d.Unlock()
if n == nil {
return driverapi.ErrNoNetwork(nid)
}
// Sanity check
n.Lock()
if n.id != nid {
n.Unlock()
return InvalidNetworkIDError(nid)
}
n.Unlock()
// Check if endpoint id is good and retrieve correspondent endpoint
ep, err := n.getEndpoint(eid)
if err != nil {
return err
}
// Endpoint with that id exists either on desired or other sandbox
if ep != nil {
return driverapi.ErrEndpointExists(eid)
}
// Try to convert the options to endpoint configuration
epConfig, err := parseEndpointOptions(epOptions)
if err != nil {
return err
}
// Create and add the endpoint
n.Lock()
endpoint := &bridgeEndpoint{id: eid, config: epConfig}
n.endpoints[eid] = endpoint
n.Unlock()
// On failure make sure to remove the endpoint
defer func() {
if err != nil {
n.Lock()
delete(n.endpoints, eid)
n.Unlock()
}
}()
// Generate a name for what will be the host side pipe interface
name1, err := generateIfaceName()
if err != nil {
return err
}
// Generate a name for what will be the sandbox side pipe interface
name2, err := generateIfaceName()
if err != nil {
return err
}
// Generate and add the interface pipe host <-> sandbox
veth := &netlink.Veth{
LinkAttrs: netlink.LinkAttrs{Name: name1, TxQLen: 0},
PeerName: name2}
if err = netlink.LinkAdd(veth); err != nil {
return err
}
// Get the host side pipe interface handler
host, err := netlink.LinkByName(name1)
if err != nil {
return err
}
defer func() {
if err != nil {
netlink.LinkDel(host)
}
}()
// Get the sandbox side pipe interface handler
sbox, err := netlink.LinkByName(name2)
if err != nil {
return err
}
defer func() {
if err != nil {
netlink.LinkDel(sbox)
}
}()
// Add bridge inherited attributes to pipe interfaces
if config.Mtu != 0 {
err = netlink.LinkSetMTU(host, config.Mtu)
if err != nil {
return err
}
err = netlink.LinkSetMTU(sbox, config.Mtu)
if err != nil {
return err
}
}
// Attach host side pipe interface into the bridge
if err = netlink.LinkSetMaster(host,
&netlink.Bridge{LinkAttrs: netlink.LinkAttrs{Name: config.BridgeName}}); err != nil {
return err
}
if !config.EnableUserlandProxy {
err = netlink.LinkSetHairpin(host, true)
if err != nil {
return err
}
}
// v4 address for the sandbox side pipe interface
ip4, err := ipAllocator.RequestIP(n.bridge.bridgeIPv4, nil)
if err != nil {
return err
}
ipv4Addr := &net.IPNet{IP: ip4, Mask: n.bridge.bridgeIPv4.Mask}
// Set the sbox's MAC. If specified, use the one configured by user, otherwise generate one based on IP.
mac := electMacAddress(epConfig, ip4)
err = netlink.LinkSetHardwareAddr(sbox, mac)
if err != nil {
return err
}
endpoint.macAddress = mac
// v6 address for the sandbox side pipe interface
ipv6Addr = &net.IPNet{}
if config.EnableIPv6 {
var ip6 net.IP
network := n.bridge.bridgeIPv6
if config.FixedCIDRv6 != nil {
network = config.FixedCIDRv6
}
ones, _ := network.Mask.Size()
if ones <= 80 {
ip6 = make(net.IP, len(network.IP))
copy(ip6, network.IP)
for i, h := range mac {
ip6[i+10] = h
}
}
ip6, err := ipAllocator.RequestIP(network, ip6)
if err != nil {
return err
}
ipv6Addr = &net.IPNet{IP: ip6, Mask: network.Mask}
}
// Create the sandbox side pipe interface
intf := &sandbox.Interface{}
intf.SrcName = name2
intf.DstName = containerVethPrefix
intf.Address = ipv4Addr
if config.EnableIPv6 {
intf.AddressIPv6 = ipv6Addr
}
// Store the interface in endpoint, this is needed for cleanup on DeleteEndpoint()
endpoint.intf = intf
err = epInfo.AddInterface(ifaceID, endpoint.macAddress, *ipv4Addr, *ipv6Addr)
if err != nil {
return err
}
// Program any required port mapping and store them in the endpoint
endpoint.portMapping, err = allocatePorts(epConfig, intf, config.DefaultBindingIP, config.EnableUserlandProxy)
if err != nil {
return err
}
return nil
}