// SetupDevice create a new bridge interface/ func setupDevice(config *networkConfiguration, i *bridgeInterface) error { var setMac bool // We only attempt to create the bridge when the requested device name is // the default one. if config.BridgeName != DefaultBridgeName && !config.AllowNonDefaultBridge { return NonDefaultBridgeExistError(config.BridgeName) } // Set the bridgeInterface netlink.Bridge. i.Link = &netlink.Bridge{ LinkAttrs: netlink.LinkAttrs{ Name: config.BridgeName, }, } // Only set the bridge's MAC address if the kernel version is > 3.3, as it // was not supported before that. kv, err := kernel.GetKernelVersion() if err == nil && (kv.Kernel >= 3 && kv.Major >= 3) { setMac = true } return bri.CreateBridge(config.BridgeName, setMac) }
func createBridge(name, network, natIface string) (*Bridge, error) { ipAddr, ipNet, err := net.ParseCIDR(network) if err != nil { return nil, err } if err := netlink.CreateBridge(name, true); err != nil { return nil, err } iface, err := net.InterfaceByName(name) if err != nil { return nil, err } if err := netlink.NetworkLinkAddIp(iface, ipAddr, ipNet); err != nil { return nil, err } if err := netlink.NetworkLinkUp(iface); err != nil { return nil, err } if err := ioutil.WriteFile("/proc/sys/net/ipv4/ip_forward", []byte("1\n"), 0644); err != nil { return nil, err } if err := setupIPTables(name, natIface); err != nil { return nil, err } return &Bridge{name, iface, ipAddr, ipNet}, nil }
func createBridgeIface(name string) error { kv, err := kernel.GetKernelVersion() // only set the bridge's mac address if the kernel version is > 3.3 // before that it was not supported setBridgeMacAddr := err == nil && (kv.Kernel >= 3 && kv.Major >= 3) log.Debugf("setting bridge mac address = %v", setBridgeMacAddr) return netlink.CreateBridge(name, setBridgeMacAddr) }
func idempotentlyCreateBridge(name string) (intf *net.Interface, err error) { intfs, listErr := net.Interfaces() if listErr != nil { return nil, fmt.Errorf("devices: list bridges: %s", listErr) } if intf, ok := findBridgeIntf(intfs, name); ok { return intf, nil } if err := retry.Run(func() error { return netlink.CreateBridge(name, true) }); err != nil { return nil, err } return net.InterfaceByName(name) }
func createBridge(name, network, natIface string) (*Bridge, error) { ipAddr, ipNet, err := net.ParseCIDR(network) if err != nil { return nil, err } if err := netlink.CreateBridge(name, true); err != nil { return nil, err } iface, err := net.InterfaceByName(name) if err != nil { return nil, err } // We need to explicitly assign the MAC address to avoid it changing to a lower value // See: https://github.com/flynn/flynn/issues/223 b := random.Bytes(5) mac := fmt.Sprintf("fe:%02x:%02x:%02x:%02x:%02x", b[0], b[1], b[2], b[3], b[4]) if err := netlink.NetworkSetMacAddress(iface, mac); err != nil { return nil, err } if err := netlink.NetworkLinkAddIp(iface, ipAddr, ipNet); err != nil { return nil, err } if err := netlink.NetworkLinkUp(iface); err != nil { return nil, err } if err := ioutil.WriteFile("/proc/sys/net/ipv4/ip_forward", []byte("1\n"), 0644); err != nil { return nil, err } if err := setupIPTables(name, natIface); err != nil { return nil, err } bridge := &Bridge{ name: name, iface: iface, ipAddr: ipAddr, ipNet: ipNet, alloc: ipallocator.New(), } bridge.alloc.RequestIP(ipNet, ipAddr) return bridge, nil }
// ConfigureNetworking is called once during host startup and sets up the local // bridge and forwarding rules for containers. func (l *LibcontainerBackend) ConfigureNetworking(config *host.NetworkConfig) error { log := l.logger.New("fn", "ConfigureNetworking") var err error l.bridgeAddr, l.bridgeNet, err = net.ParseCIDR(config.Subnet) if err != nil { return err } l.ipalloc.RequestIP(l.bridgeNet, l.bridgeAddr) err = netlink.CreateBridge(l.bridgeName, false) bridgeExists := os.IsExist(err) if err != nil && !bridgeExists { return err } bridge, err := net.InterfaceByName(l.bridgeName) if err != nil { return err } if !bridgeExists { // We need to explicitly assign the MAC address to avoid it changing to a lower value // See: https://github.com/flynn/flynn/issues/223 b := random.Bytes(5) bridgeMAC := fmt.Sprintf("fe:%02x:%02x:%02x:%02x:%02x", b[0], b[1], b[2], b[3], b[4]) if err := netlink.NetworkSetMacAddress(bridge, bridgeMAC); err != nil { return err } } currAddrs, err := bridge.Addrs() if err != nil { return err } setIP := true for _, addr := range currAddrs { ip, net, _ := net.ParseCIDR(addr.String()) if ip.Equal(l.bridgeAddr) && net.String() == l.bridgeNet.String() { setIP = false } else { if err := netlink.NetworkLinkDelIp(bridge, ip, net); err != nil { return err } } } if setIP { if err := netlink.NetworkLinkAddIp(bridge, l.bridgeAddr, l.bridgeNet); err != nil { return err } } if err := netlink.NetworkLinkUp(bridge); err != nil { return err } // enable IP forwarding if err := ioutil.WriteFile("/proc/sys/net/ipv4/ip_forward", []byte("1\n"), 0644); err != nil { return err } // Set up iptables for outbound traffic masquerading from containers to the // rest of the network. if err := iptables.EnableOutboundNAT(l.bridgeName, l.bridgeNet.String()); err != nil { return err } // Read DNS config, discoverd uses the nameservers dnsConf, err := dns.ClientConfigFromFile("/etc/resolv.conf") if err != nil { return err } config.Resolvers = dnsConf.Servers // Write a resolv.conf to be bind-mounted into containers pointing at the // future discoverd DNS listener if err := os.MkdirAll("/etc/flynn", 0755); err != nil { return err } var resolvSearch string if len(dnsConf.Search) > 0 { resolvSearch = fmt.Sprintf("search %s\n", strings.Join(dnsConf.Search, " ")) } if err := ioutil.WriteFile("/etc/flynn/resolv.conf", []byte(fmt.Sprintf("%snameserver %s\n", resolvSearch, l.bridgeAddr.String())), 0644); err != nil { return err } l.resolvConf = "/etc/flynn/resolv.conf" // Allocate IPs for running jobs l.containersMtx.Lock() defer l.containersMtx.Unlock() for _, container := range l.containers { if !container.job.Config.HostNetwork { if _, err := l.ipalloc.RequestIP(l.bridgeNet, container.IP); err != nil { log.Error("error requesting ip", "job.id", container.job.ID, "err", err) } } } close(l.networkConfigured) return nil }