2017-02-11 03:15:53 +03:00
|
|
|
// Copyright 2017 Microsoft. All rights reserved.
|
|
|
|
|
// MIT License
|
|
|
|
|
|
2016-09-22 01:39:25 +03:00
|
|
|
package network
|
|
|
|
|
|
|
|
|
|
import (
|
2018-05-17 03:02:09 +03:00
|
|
|
"crypto/sha1"
|
|
|
|
|
"encoding/hex"
|
2016-09-22 01:39:25 +03:00
|
|
|
"fmt"
|
|
|
|
|
"net"
|
2018-08-19 00:50:49 +03:00
|
|
|
"strings"
|
2016-09-22 01:39:25 +03:00
|
|
|
|
2023-11-01 22:50:35 +03:00
|
|
|
"github.com/Azure/azure-container-networking/cns"
|
2021-10-16 00:28:37 +03:00
|
|
|
"github.com/Azure/azure-container-networking/netio"
|
2018-08-19 00:50:49 +03:00
|
|
|
"github.com/Azure/azure-container-networking/netlink"
|
2021-10-16 00:28:37 +03:00
|
|
|
"github.com/Azure/azure-container-networking/network/networkutils"
|
2021-09-20 22:04:35 +03:00
|
|
|
"github.com/Azure/azure-container-networking/ovsctl"
|
2021-10-16 00:28:37 +03:00
|
|
|
"github.com/Azure/azure-container-networking/platform"
|
2023-09-16 03:14:44 +03:00
|
|
|
"go.uber.org/zap"
|
2016-09-22 01:39:25 +03:00
|
|
|
)
|
|
|
|
|
|
|
|
|
|
const (
|
2017-07-15 21:03:56 +03:00
|
|
|
// Common prefix for all types of host network interface names.
|
|
|
|
|
commonInterfacePrefix = "az"
|
|
|
|
|
|
2016-09-22 01:39:25 +03:00
|
|
|
// Prefix for host virtual network interface names.
|
2018-05-17 03:02:09 +03:00
|
|
|
hostVEthInterfacePrefix = commonInterfacePrefix + "v"
|
2016-09-22 01:39:25 +03:00
|
|
|
)
|
|
|
|
|
|
2021-09-21 02:58:18 +03:00
|
|
|
type AzureHNSEndpointClient interface{}
|
|
|
|
|
|
2018-05-17 03:02:09 +03:00
|
|
|
func generateVethName(key string) string {
|
|
|
|
|
h := sha1.New()
|
|
|
|
|
h.Write([]byte(key))
|
|
|
|
|
return hex.EncodeToString(h.Sum(nil))[:11]
|
|
|
|
|
}
|
|
|
|
|
|
2021-06-12 00:01:42 +03:00
|
|
|
func ConstructEndpointID(containerID string, _ string, ifName string) (string, string) {
|
2018-07-25 03:46:46 +03:00
|
|
|
if len(containerID) > 8 {
|
|
|
|
|
containerID = containerID[:8]
|
|
|
|
|
} else {
|
2023-09-16 03:14:44 +03:00
|
|
|
logger.Info("Container ID is not greater than 8 ID", zap.String("containerID", containerID))
|
2018-07-25 03:46:46 +03:00
|
|
|
return "", ""
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
infraEpName := containerID + "-" + ifName
|
|
|
|
|
|
|
|
|
|
return infraEpName, ""
|
|
|
|
|
}
|
|
|
|
|
|
2017-02-11 03:15:53 +03:00
|
|
|
// newEndpointImpl creates a new endpoint in the network.
|
2023-04-13 11:43:44 +03:00
|
|
|
func (nw *network) newEndpointImpl(
|
|
|
|
|
_ apipaClient,
|
|
|
|
|
nl netlink.NetlinkInterface,
|
|
|
|
|
plc platform.ExecClient,
|
|
|
|
|
netioCli netio.NetIOInterface,
|
2023-11-01 22:50:35 +03:00
|
|
|
testEpClient EndpointClient,
|
|
|
|
|
nsc NamespaceClientInterface,
|
2023-12-14 20:27:17 +03:00
|
|
|
iptc ipTablesClient,
|
2023-11-01 22:50:35 +03:00
|
|
|
epInfo []*EndpointInfo,
|
2023-04-13 11:43:44 +03:00
|
|
|
) (*endpoint, error) {
|
2023-11-01 22:50:35 +03:00
|
|
|
var (
|
|
|
|
|
err error
|
|
|
|
|
hostIfName string
|
|
|
|
|
contIfName string
|
|
|
|
|
localIP string
|
|
|
|
|
vlanid = 0
|
|
|
|
|
defaultEpInfo = epInfo[0]
|
|
|
|
|
containerIf *net.Interface
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
if nw.Endpoints[defaultEpInfo.Id] != nil {
|
|
|
|
|
logger.Info("[net] Endpoint already exists.")
|
2017-12-28 22:47:46 +03:00
|
|
|
err = errEndpointExists
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
|
2023-11-01 22:50:35 +03:00
|
|
|
if defaultEpInfo.Data != nil {
|
|
|
|
|
if _, ok := defaultEpInfo.Data[VlanIDKey]; ok {
|
|
|
|
|
vlanid = defaultEpInfo.Data[VlanIDKey].(int)
|
2018-07-06 21:45:47 +03:00
|
|
|
}
|
2019-07-17 03:09:34 +03:00
|
|
|
|
2023-11-01 22:50:35 +03:00
|
|
|
if _, ok := defaultEpInfo.Data[LocalIPKey]; ok {
|
|
|
|
|
localIP = defaultEpInfo.Data[LocalIPKey].(string)
|
2019-07-17 03:09:34 +03:00
|
|
|
}
|
2018-07-06 21:45:47 +03:00
|
|
|
}
|
|
|
|
|
|
2023-11-01 22:50:35 +03:00
|
|
|
if _, ok := defaultEpInfo.Data[OptVethName]; ok {
|
|
|
|
|
key := defaultEpInfo.Data[OptVethName].(string)
|
2023-09-16 03:14:44 +03:00
|
|
|
logger.Info("Generate veth name based on the key provided", zap.String("key", key))
|
2018-05-17 03:02:09 +03:00
|
|
|
vethname := generateVethName(key)
|
|
|
|
|
hostIfName = fmt.Sprintf("%s%s", hostVEthInterfacePrefix, vethname)
|
|
|
|
|
contIfName = fmt.Sprintf("%s%s2", hostVEthInterfacePrefix, vethname)
|
|
|
|
|
} else {
|
|
|
|
|
// Create a veth pair.
|
2023-09-16 03:14:44 +03:00
|
|
|
logger.Info("Generate veth name based on endpoint id")
|
2023-11-01 22:50:35 +03:00
|
|
|
hostIfName = fmt.Sprintf("%s%s", hostVEthInterfacePrefix, defaultEpInfo.Id[:7])
|
|
|
|
|
contIfName = fmt.Sprintf("%s%s-2", hostVEthInterfacePrefix, defaultEpInfo.Id[:7])
|
2018-05-17 03:02:09 +03:00
|
|
|
}
|
2016-09-22 01:39:25 +03:00
|
|
|
|
2023-11-01 22:50:35 +03:00
|
|
|
ep := &endpoint{
|
|
|
|
|
Id: defaultEpInfo.Id,
|
|
|
|
|
IfName: contIfName, // container veth pair name. In cnm, we won't rename this and docker expects veth name.
|
|
|
|
|
HostIfName: hostIfName,
|
|
|
|
|
InfraVnetIP: defaultEpInfo.InfraVnetIP,
|
|
|
|
|
LocalIP: localIP,
|
|
|
|
|
IPAddresses: defaultEpInfo.IPAddresses,
|
|
|
|
|
DNS: defaultEpInfo.DNS,
|
|
|
|
|
VlanID: vlanid,
|
|
|
|
|
EnableSnatOnHost: defaultEpInfo.EnableSnatOnHost,
|
|
|
|
|
EnableInfraVnet: defaultEpInfo.EnableInfraVnet,
|
|
|
|
|
EnableMultitenancy: defaultEpInfo.EnableMultiTenancy,
|
|
|
|
|
AllowInboundFromHostToNC: defaultEpInfo.AllowInboundFromHostToNC,
|
|
|
|
|
AllowInboundFromNCToHost: defaultEpInfo.AllowInboundFromNCToHost,
|
|
|
|
|
NetworkNameSpace: defaultEpInfo.NetNsPath,
|
|
|
|
|
ContainerID: defaultEpInfo.ContainerID,
|
|
|
|
|
PODName: defaultEpInfo.PODName,
|
|
|
|
|
PODNameSpace: defaultEpInfo.PODNameSpace,
|
|
|
|
|
Routes: defaultEpInfo.Routes,
|
|
|
|
|
SecondaryInterfaces: make(map[string]*InterfaceInfo),
|
|
|
|
|
}
|
|
|
|
|
if nw.extIf != nil {
|
|
|
|
|
ep.Gateways = []net.IP{nw.extIf.IPv4Gateway}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
for _, epInfo := range epInfo {
|
|
|
|
|
// testEpClient is non-nil only when the endpoint is created for the unit test
|
|
|
|
|
// resetting epClient to testEpClient in loop to use the test endpoint client if specified
|
|
|
|
|
epClient := testEpClient
|
|
|
|
|
if epClient == nil {
|
|
|
|
|
//nolint:gocritic
|
|
|
|
|
if vlanid != 0 {
|
|
|
|
|
if nw.Mode == opModeTransparentVlan {
|
|
|
|
|
logger.Info("Transparent vlan client")
|
|
|
|
|
if _, ok := epInfo.Data[SnatBridgeIPKey]; ok {
|
|
|
|
|
nw.SnatBridgeIP = epInfo.Data[SnatBridgeIPKey].(string)
|
|
|
|
|
}
|
2023-12-14 20:27:17 +03:00
|
|
|
epClient = NewTransparentVlanEndpointClient(nw, epInfo, hostIfName, contIfName, vlanid, localIP, nl, plc, nsc, iptc)
|
2023-11-01 22:50:35 +03:00
|
|
|
} else {
|
|
|
|
|
logger.Info("OVS client")
|
|
|
|
|
if _, ok := epInfo.Data[SnatBridgeIPKey]; ok {
|
|
|
|
|
nw.SnatBridgeIP = epInfo.Data[SnatBridgeIPKey].(string)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
epClient = NewOVSEndpointClient(
|
|
|
|
|
nw,
|
|
|
|
|
epInfo,
|
|
|
|
|
hostIfName,
|
|
|
|
|
contIfName,
|
|
|
|
|
vlanid,
|
|
|
|
|
localIP,
|
|
|
|
|
nl,
|
|
|
|
|
ovsctl.NewOvsctl(),
|
2023-12-14 20:27:17 +03:00
|
|
|
plc,
|
|
|
|
|
iptc)
|
2023-04-13 11:43:44 +03:00
|
|
|
}
|
2023-11-01 22:50:35 +03:00
|
|
|
} else if nw.Mode != opModeTransparent {
|
|
|
|
|
logger.Info("Bridge client")
|
|
|
|
|
epClient = NewLinuxBridgeEndpointClient(nw.extIf, hostIfName, contIfName, nw.Mode, nl, plc)
|
|
|
|
|
} else if epInfo.NICType == cns.DelegatedVMNIC {
|
|
|
|
|
logger.Info("Secondary client")
|
2023-11-04 02:32:40 +03:00
|
|
|
epClient = NewSecondaryEndpointClient(nl, netioCli, plc, nsc, ep)
|
2023-04-13 11:43:44 +03:00
|
|
|
} else {
|
2023-11-01 22:50:35 +03:00
|
|
|
logger.Info("Transparent client")
|
2023-11-04 02:32:40 +03:00
|
|
|
epClient = NewTransparentEndpointClient(nw.extIf, hostIfName, contIfName, nw.Mode, nl, netioCli, plc)
|
feat: Add native linux endpoint client to prep removing OVS (#1471)
* Native Endpoint Client Add Endpoints
* AddEndpointRules, ConfigureContainerInterfacesAndRoutes
* Changed interface names, log statements
nw.extIf.Name > eth0 (eth0)
eth0.vlanid > eth0.X (eth0.1)
%s%s hostIfName > vnet (A1veth0)
%s%s-2 contIfName > container (B1veth0)
* Renaming, using lib to set ns
* Namespace "path" is /var/run/netns/<NS>
* Loopback set up, Remove auto kernel subnet route
* Cannot set link to up if it's in another NS
* Multiple containers on same VNET NS
* Delete Endpoint routes on Delete
* Minimizing netns usage
* Moving NS Exec Code
* Further minimized netns.Set usage
* Moved helper methods down, drafted tests
* Removed DevName from Route Info, more tests
* Test existing vnet ns, delete endpoint
* NetNS interface for testing
* Separated tests by namespace
* Endpoints delete if they cannot be moved into NS
* Namespace netns tests
* Added Native Client to deleteEndpointImpl
* Deletion of Endpoints Impl and Tests
* Cleaned code (Tests ok)
* Moved mock/netns to package (Tests ok)
* Fixing Netns (wip)
Moved netnsinterface to consumer package (network).
Removed "Netns" from "NewNetns" and "NewMockNetns" as it is unambiguous.
Changed uintptr to int and casted the int to uintptr when needed later.
* Using errors.Wrap for error context (wip)
* Removed sentence case (wip)
* Removing variable predeclaration
* Removed NewNativeEndpointClient
Directly instantiating struct because nothing special happens in NewNativeEndpointClient
* Removed generics from ExecuteInNS
* Removed uintptr from mocknetns, tests compile
Forgot to remove uintptr from mocknetns
* Fix tests, lint
* Fixes from linter
Works on VMSS
* Replacing references to ethX with vlan veth
* Removed unnecessary log
* Removed unnecessary mac, fix tests
* Mockns method name enum
* Unable to use GetNetworkInterfaceByName due to NS
If I use GetNetworkInterface, I need to be in the vnet NS, but that means I will need to call ExecuteInNS, which causes tests to fail.
* Fixes from linter
* Assume if NS exists, vlan veth exists
Tests ok
* Fixes for Linter
* Fix delete tests
* Fix delete tests bug
* Go mod tidy for linting
Hopefully this fixes the windows lint error
* No lint on vishvananda netns
Maybe this will fix the windows linter?
* Build linux only for netns package
Maybe this fixes the linter error?
* Remove nolint to see if linter fails
* Moved netns interface to caller, generalized tests
Tests ok, Native ok
* Typos
* Reordered if statement, unwrapped arp
Tests ok, ping ok, wget ok
* Renamed veth, fixed logs
* Made deleteEndpoints logic clearer, renamed error
* Renamed eth0 to primaryHostIfName, vlanEth to vlanIf
2022-08-03 00:54:10 +03:00
|
|
|
}
|
|
|
|
|
}
|
2016-09-22 01:39:25 +03:00
|
|
|
|
2023-11-01 22:50:35 +03:00
|
|
|
//nolint:gocritic
|
|
|
|
|
defer func(client EndpointClient, contIfName string) {
|
|
|
|
|
// Cleanup on failure.
|
|
|
|
|
if err != nil {
|
|
|
|
|
logger.Error("CNI error. Delete Endpoint and rules that are created", zap.Error(err), zap.String("contIfName", contIfName))
|
|
|
|
|
if containerIf != nil {
|
|
|
|
|
client.DeleteEndpointRules(ep)
|
|
|
|
|
}
|
|
|
|
|
// set deleteHostVeth to true to cleanup host veth interface if created
|
|
|
|
|
//nolint:errcheck // ignore error
|
|
|
|
|
client.DeleteEndpoints(ep)
|
2018-07-06 21:45:47 +03:00
|
|
|
}
|
2023-11-01 22:50:35 +03:00
|
|
|
}(epClient, contIfName)
|
2017-08-17 00:13:46 +03:00
|
|
|
|
2023-11-01 22:50:35 +03:00
|
|
|
// wrapping endpoint client commands in anonymous func so that namespace can be exit and closed before the next loop
|
|
|
|
|
//nolint:wrapcheck // ignore wrap check
|
|
|
|
|
err = func() error {
|
|
|
|
|
if epErr := epClient.AddEndpoints(epInfo); epErr != nil {
|
|
|
|
|
return epErr
|
2018-07-06 21:45:47 +03:00
|
|
|
}
|
2016-09-22 01:39:25 +03:00
|
|
|
|
2023-11-01 22:50:35 +03:00
|
|
|
if epInfo.NICType == cns.InfraNIC {
|
|
|
|
|
var epErr error
|
|
|
|
|
containerIf, epErr = netioCli.GetNetworkInterfaceByName(contIfName)
|
|
|
|
|
if epErr != nil {
|
|
|
|
|
return epErr
|
|
|
|
|
}
|
|
|
|
|
ep.MacAddress = containerIf.HardwareAddr
|
2023-04-13 11:43:44 +03:00
|
|
|
}
|
2016-09-22 01:39:25 +03:00
|
|
|
|
2023-11-01 22:50:35 +03:00
|
|
|
// Setup rules for IP addresses on the container interface.
|
|
|
|
|
if epErr := epClient.AddEndpointRules(epInfo); epErr != nil {
|
|
|
|
|
return epErr
|
|
|
|
|
}
|
2016-09-22 01:39:25 +03:00
|
|
|
|
2023-11-01 22:50:35 +03:00
|
|
|
// If a network namespace for the container interface is specified...
|
|
|
|
|
if epInfo.NetNsPath != "" {
|
|
|
|
|
// Open the network namespace.
|
|
|
|
|
logger.Info("Opening netns", zap.Any("NetNsPath", epInfo.NetNsPath))
|
|
|
|
|
ns, epErr := nsc.OpenNamespace(epInfo.NetNsPath)
|
|
|
|
|
if epErr != nil {
|
|
|
|
|
return epErr
|
|
|
|
|
}
|
|
|
|
|
defer ns.Close()
|
2016-09-22 01:39:25 +03:00
|
|
|
|
2023-11-01 22:50:35 +03:00
|
|
|
if epErr := epClient.MoveEndpointsToContainerNS(epInfo, ns.GetFd()); epErr != nil {
|
|
|
|
|
return epErr
|
|
|
|
|
}
|
2016-11-23 02:28:57 +03:00
|
|
|
|
2023-11-01 22:50:35 +03:00
|
|
|
// Enter the container network namespace.
|
|
|
|
|
logger.Info("Entering netns", zap.Any("NetNsPath", epInfo.NetNsPath))
|
|
|
|
|
if epErr := ns.Enter(); epErr != nil {
|
|
|
|
|
return epErr
|
|
|
|
|
}
|
2016-11-23 02:28:57 +03:00
|
|
|
|
2023-11-01 22:50:35 +03:00
|
|
|
// Return to host network namespace.
|
|
|
|
|
defer func() {
|
|
|
|
|
logger.Info("Exiting netns", zap.Any("NetNsPath", epInfo.NetNsPath))
|
|
|
|
|
if epErr := ns.Exit(); epErr != nil {
|
|
|
|
|
logger.Error("Failed to exit netns with", zap.Error(epErr))
|
|
|
|
|
}
|
|
|
|
|
}()
|
|
|
|
|
}
|
2017-08-17 00:13:46 +03:00
|
|
|
|
2023-11-01 22:50:35 +03:00
|
|
|
if epInfo.IPV6Mode != "" {
|
|
|
|
|
// Enable ipv6 setting in container
|
|
|
|
|
logger.Info("Enable ipv6 setting in container.")
|
|
|
|
|
nuc := networkutils.NewNetworkUtils(nl, plc)
|
|
|
|
|
if epErr := nuc.UpdateIPV6Setting(0); epErr != nil {
|
|
|
|
|
return fmt.Errorf("Enable ipv6 in container failed:%w", epErr)
|
|
|
|
|
}
|
2017-08-17 00:13:46 +03:00
|
|
|
}
|
2016-11-23 02:28:57 +03:00
|
|
|
|
2023-11-01 22:50:35 +03:00
|
|
|
// If a name for the container interface is specified...
|
|
|
|
|
if epInfo.IfName != "" {
|
|
|
|
|
if epErr := epClient.SetupContainerInterfaces(epInfo); epErr != nil {
|
|
|
|
|
return epErr
|
|
|
|
|
}
|
|
|
|
|
}
|
2021-10-16 00:28:37 +03:00
|
|
|
|
2023-11-01 22:50:35 +03:00
|
|
|
return epClient.ConfigureContainerInterfacesAndRoutes(epInfo)
|
|
|
|
|
}()
|
|
|
|
|
if err != nil {
|
2017-08-17 00:13:46 +03:00
|
|
|
return nil, err
|
2016-11-22 23:31:48 +03:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2016-09-22 01:39:25 +03:00
|
|
|
return ep, nil
|
|
|
|
|
}
|
|
|
|
|
|
2017-02-11 03:15:53 +03:00
|
|
|
// deleteEndpointImpl deletes an existing endpoint from the network.
|
2023-12-14 20:27:17 +03:00
|
|
|
func (nw *network) deleteEndpointImpl(nl netlink.NetlinkInterface, plc platform.ExecClient, epClient EndpointClient, nioc netio.NetIOInterface, nsc NamespaceClientInterface,
|
|
|
|
|
iptc ipTablesClient, ep *endpoint,
|
|
|
|
|
) error {
|
2016-12-08 02:56:19 +03:00
|
|
|
// Delete the veth pair by deleting one of the peer interfaces.
|
|
|
|
|
// Deleting the host interface is more convenient since it does not require
|
|
|
|
|
// entering the container netns and hence works both for CNI and CNM.
|
feat: Add SNAT bridge to Native, decouple SNAT bridge (#1506)
* Native Endpoint Client Add Endpoints
* AddEndpointRules, ConfigureContainerInterfacesAndRoutes
* Changed interface names, log statements
nw.extIf.Name > eth0 (eth0)
eth0.vlanid > eth0.X (eth0.1)
%s%s hostIfName > vnet (A1veth0)
%s%s-2 contIfName > container (B1veth0)
* Renaming, using lib to set ns
* Namespace "path" is /var/run/netns/<NS>
* Loopback set up, Remove auto kernel subnet route
* Cannot set link to up if it's in another NS
* Multiple containers on same VNET NS
* Delete Endpoint routes on Delete
* Minimizing netns usage
* Moving NS Exec Code
* Further minimized netns.Set usage
* Moved helper methods down, drafted tests
* Removed DevName from Route Info, more tests
* Test existing vnet ns, delete endpoint
* NetNS interface for testing
* Separated tests by namespace
* Endpoints delete if they cannot be moved into NS
* Namespace netns tests
* Added Native Client to deleteEndpointImpl
* Deletion of Endpoints Impl and Tests
* Cleaned code (Tests ok)
* Moved mock/netns to package (Tests ok)
* Fixing Netns (wip)
Moved netnsinterface to consumer package (network).
Removed "Netns" from "NewNetns" and "NewMockNetns" as it is unambiguous.
Changed uintptr to int and casted the int to uintptr when needed later.
* Using errors.Wrap for error context (wip)
* Removed sentence case (wip)
* Removing variable predeclaration
* Removed NewNativeEndpointClient
Directly instantiating struct because nothing special happens in NewNativeEndpointClient
* Removed generics from ExecuteInNS
* Removed uintptr from mocknetns, tests compile
Forgot to remove uintptr from mocknetns
* Fix tests, lint
* Fixes from linter
Works on VMSS
* Replacing references to ethX with vlan veth
* Removed unnecessary log
* Removed unnecessary mac, fix tests
* Mockns method name enum
* Unable to use GetNetworkInterfaceByName due to NS
If I use GetNetworkInterface, I need to be in the vnet NS, but that means I will need to call ExecuteInNS, which causes tests to fail.
* Fixes from linter
* Assume if NS exists, vlan veth exists
Tests ok
* Fixes for Linter
* Snat refactor
* Fix delete tests
* Fix delete tests bug
* More snat refactor
* Breaking, prepping for Native Snat
Delete native endpoint snat route linux to remove errors and in theory, ovs should work fine again.
* Go mod tidy for linting
Hopefully this fixes the windows lint error
* Add fields to native endpoint client for snat
* Using New() func to create Native Client
Creation of the native endpoint client is too complicated to directly instantiate.
* Snat defaults
* Insert SNAT entry points
* Native Snat error handling
* Breaking, decouple ovsctl from snat
Proposed Solution implementation
Moved ovsctlClient.AddPortOnOVSBridge to ovs_endpoint_snatroute_linux.go. Removed ovsctlclient from NewSnatClient. Removed ovsctlClient from testing file.
* Delete unecessary ovssnat files
* No lint on vishvananda netns
Maybe this will fix the windows linter?
* Build linux only for netns package
Maybe this fixes the linter error?
* Remove nolint to see if linter fails
* Breaking, removed bridgeName
bridgeName refers to the OVS Switch I believe
* If native uses snat bridge, should also get IP
* Breaking, Decouple or Wrap snat route
* Check to see if snat triggered
* Snat behaviors specific to ovs/native
* Pass the pointer
Add/Delete ok
* Renaming to make consts public
* Breaking, moving ovs specific parts of snat to ovs
* Remove enable infra vnet (Tests ok)
Tested:
Allow Host to NC only
Allow NC to Host only
Allow both
Wget
Ping between containers
Warning: Enable snat is still hard coded to true!!!
* Move add port to after exists() check
* Moved netns interface to caller, generalized tests
Tests ok, Native ok
* Typos
* Reordered if statement, unwrapped arp
Tests ok, ping ok, wget ok
* Linted, wrapping errors
* Go fumpt entire network package
* Code markers removed, clean (Tests ok)
OVS & Native:
- Ping between two containers same VM, no packets on bridge
- Ping between two containers diff VM, no packets on bridge
- Ping other container not in vnet, no packets on bridge
- Ping snat to container, packets on bridge
- Ping container to snat, packets on bridge
- Tcpdump confirmed on azSnatBr
- Deletion of containers deletes appropriate interfaces
* Renamed veth, fixed logs
* Made deleteEndpoints logic clearer, renamed error
* Renamed eth0 to primaryHostIfName, vlanEth to vlanIf
* Deleted debug log
* Corrected merge (hardware addr) (Tests ok)
* Renamed vlan veth to hostExtIf_vlanID, Disabled RA
eth0.2 makes disable RA look for a folder eth0 and then another sub folder "2". ("eth0/2") However, it should look for a folder named "eth0.2" literally. To solve this, we change the naming scheme to use an underscore instead. (Tests ok)
* Renamed Native to TransparentVlan
Confirmed basic functionality on VM with correct mode
* Make file updated
* Create azure-windows-multitenancy-transparent-vlan.conflist
* Unified snat err format
* Rename to transparent-vlan
* Route table support added to local netlink
* Moved SNAT to end of function
* Defer deleting vlan interface on failure
2022-08-10 23:50:26 +03:00
|
|
|
|
2023-04-13 11:43:44 +03:00
|
|
|
// epClient is nil only for unit test.
|
|
|
|
|
if epClient == nil {
|
|
|
|
|
//nolint:gocritic
|
|
|
|
|
if ep.VlanID != 0 {
|
|
|
|
|
epInfo := ep.getInfo()
|
|
|
|
|
if nw.Mode == opModeTransparentVlan {
|
2023-09-16 03:14:44 +03:00
|
|
|
logger.Info("Transparent vlan client")
|
2023-12-14 20:27:17 +03:00
|
|
|
epClient = NewTransparentVlanEndpointClient(nw, epInfo, ep.HostIfName, "", ep.VlanID, ep.LocalIP, nl, plc, nsc, iptc)
|
2023-04-13 11:43:44 +03:00
|
|
|
|
|
|
|
|
} else {
|
2023-12-14 20:27:17 +03:00
|
|
|
epClient = NewOVSEndpointClient(nw, epInfo, ep.HostIfName, "", ep.VlanID, ep.LocalIP, nl, ovsctl.NewOvsctl(), plc, iptc)
|
2023-04-13 11:43:44 +03:00
|
|
|
}
|
|
|
|
|
} else if nw.Mode != opModeTransparent {
|
|
|
|
|
epClient = NewLinuxBridgeEndpointClient(nw.extIf, ep.HostIfName, "", nw.Mode, nl, plc)
|
feat: Add native linux endpoint client to prep removing OVS (#1471)
* Native Endpoint Client Add Endpoints
* AddEndpointRules, ConfigureContainerInterfacesAndRoutes
* Changed interface names, log statements
nw.extIf.Name > eth0 (eth0)
eth0.vlanid > eth0.X (eth0.1)
%s%s hostIfName > vnet (A1veth0)
%s%s-2 contIfName > container (B1veth0)
* Renaming, using lib to set ns
* Namespace "path" is /var/run/netns/<NS>
* Loopback set up, Remove auto kernel subnet route
* Cannot set link to up if it's in another NS
* Multiple containers on same VNET NS
* Delete Endpoint routes on Delete
* Minimizing netns usage
* Moving NS Exec Code
* Further minimized netns.Set usage
* Moved helper methods down, drafted tests
* Removed DevName from Route Info, more tests
* Test existing vnet ns, delete endpoint
* NetNS interface for testing
* Separated tests by namespace
* Endpoints delete if they cannot be moved into NS
* Namespace netns tests
* Added Native Client to deleteEndpointImpl
* Deletion of Endpoints Impl and Tests
* Cleaned code (Tests ok)
* Moved mock/netns to package (Tests ok)
* Fixing Netns (wip)
Moved netnsinterface to consumer package (network).
Removed "Netns" from "NewNetns" and "NewMockNetns" as it is unambiguous.
Changed uintptr to int and casted the int to uintptr when needed later.
* Using errors.Wrap for error context (wip)
* Removed sentence case (wip)
* Removing variable predeclaration
* Removed NewNativeEndpointClient
Directly instantiating struct because nothing special happens in NewNativeEndpointClient
* Removed generics from ExecuteInNS
* Removed uintptr from mocknetns, tests compile
Forgot to remove uintptr from mocknetns
* Fix tests, lint
* Fixes from linter
Works on VMSS
* Replacing references to ethX with vlan veth
* Removed unnecessary log
* Removed unnecessary mac, fix tests
* Mockns method name enum
* Unable to use GetNetworkInterfaceByName due to NS
If I use GetNetworkInterface, I need to be in the vnet NS, but that means I will need to call ExecuteInNS, which causes tests to fail.
* Fixes from linter
* Assume if NS exists, vlan veth exists
Tests ok
* Fixes for Linter
* Fix delete tests
* Fix delete tests bug
* Go mod tidy for linting
Hopefully this fixes the windows lint error
* No lint on vishvananda netns
Maybe this will fix the windows linter?
* Build linux only for netns package
Maybe this fixes the linter error?
* Remove nolint to see if linter fails
* Moved netns interface to caller, generalized tests
Tests ok, Native ok
* Typos
* Reordered if statement, unwrapped arp
Tests ok, ping ok, wget ok
* Renamed veth, fixed logs
* Made deleteEndpoints logic clearer, renamed error
* Renamed eth0 to primaryHostIfName, vlanEth to vlanIf
2022-08-03 00:54:10 +03:00
|
|
|
} else {
|
2023-11-01 22:50:35 +03:00
|
|
|
if len(ep.SecondaryInterfaces) > 0 {
|
2023-11-04 02:32:40 +03:00
|
|
|
epClient = NewSecondaryEndpointClient(nl, nioc, plc, nsc, ep)
|
2023-11-01 22:50:35 +03:00
|
|
|
epClient.DeleteEndpointRules(ep)
|
|
|
|
|
//nolint:errcheck // ignore error
|
|
|
|
|
epClient.DeleteEndpoints(ep)
|
|
|
|
|
}
|
|
|
|
|
|
2023-11-04 02:32:40 +03:00
|
|
|
epClient = NewTransparentEndpointClient(nw.extIf, ep.HostIfName, "", nw.Mode, nl, nioc, plc)
|
feat: Add native linux endpoint client to prep removing OVS (#1471)
* Native Endpoint Client Add Endpoints
* AddEndpointRules, ConfigureContainerInterfacesAndRoutes
* Changed interface names, log statements
nw.extIf.Name > eth0 (eth0)
eth0.vlanid > eth0.X (eth0.1)
%s%s hostIfName > vnet (A1veth0)
%s%s-2 contIfName > container (B1veth0)
* Renaming, using lib to set ns
* Namespace "path" is /var/run/netns/<NS>
* Loopback set up, Remove auto kernel subnet route
* Cannot set link to up if it's in another NS
* Multiple containers on same VNET NS
* Delete Endpoint routes on Delete
* Minimizing netns usage
* Moving NS Exec Code
* Further minimized netns.Set usage
* Moved helper methods down, drafted tests
* Removed DevName from Route Info, more tests
* Test existing vnet ns, delete endpoint
* NetNS interface for testing
* Separated tests by namespace
* Endpoints delete if they cannot be moved into NS
* Namespace netns tests
* Added Native Client to deleteEndpointImpl
* Deletion of Endpoints Impl and Tests
* Cleaned code (Tests ok)
* Moved mock/netns to package (Tests ok)
* Fixing Netns (wip)
Moved netnsinterface to consumer package (network).
Removed "Netns" from "NewNetns" and "NewMockNetns" as it is unambiguous.
Changed uintptr to int and casted the int to uintptr when needed later.
* Using errors.Wrap for error context (wip)
* Removed sentence case (wip)
* Removing variable predeclaration
* Removed NewNativeEndpointClient
Directly instantiating struct because nothing special happens in NewNativeEndpointClient
* Removed generics from ExecuteInNS
* Removed uintptr from mocknetns, tests compile
Forgot to remove uintptr from mocknetns
* Fix tests, lint
* Fixes from linter
Works on VMSS
* Replacing references to ethX with vlan veth
* Removed unnecessary log
* Removed unnecessary mac, fix tests
* Mockns method name enum
* Unable to use GetNetworkInterfaceByName due to NS
If I use GetNetworkInterface, I need to be in the vnet NS, but that means I will need to call ExecuteInNS, which causes tests to fail.
* Fixes from linter
* Assume if NS exists, vlan veth exists
Tests ok
* Fixes for Linter
* Fix delete tests
* Fix delete tests bug
* Go mod tidy for linting
Hopefully this fixes the windows lint error
* No lint on vishvananda netns
Maybe this will fix the windows linter?
* Build linux only for netns package
Maybe this fixes the linter error?
* Remove nolint to see if linter fails
* Moved netns interface to caller, generalized tests
Tests ok, Native ok
* Typos
* Reordered if statement, unwrapped arp
Tests ok, ping ok, wget ok
* Renamed veth, fixed logs
* Made deleteEndpoints logic clearer, renamed error
* Renamed eth0 to primaryHostIfName, vlanEth to vlanIf
2022-08-03 00:54:10 +03:00
|
|
|
}
|
2016-12-08 02:56:19 +03:00
|
|
|
}
|
2016-09-22 01:39:25 +03:00
|
|
|
|
2018-07-06 21:45:47 +03:00
|
|
|
epClient.DeleteEndpointRules(ep)
|
2023-04-13 11:43:44 +03:00
|
|
|
// deleteHostVeth set to false not to delete veth as CRI will remove network namespace and
|
|
|
|
|
// veth will get removed as part of that.
|
|
|
|
|
//nolint:errcheck // ignore error
|
2023-04-18 00:26:00 +03:00
|
|
|
epClient.DeleteEndpoints(ep)
|
2016-09-22 01:39:25 +03:00
|
|
|
|
2017-08-03 06:29:37 +03:00
|
|
|
return nil
|
|
|
|
|
}
|
|
|
|
|
|
2017-05-17 23:36:57 +03:00
|
|
|
// getInfoImpl returns information about the endpoint.
|
|
|
|
|
func (ep *endpoint) getInfoImpl(epInfo *EndpointInfo) {
|
|
|
|
|
}
|
2018-08-19 00:50:49 +03:00
|
|
|
|
2021-10-16 00:28:37 +03:00
|
|
|
func addRoutes(nl netlink.NetlinkInterface, netioshim netio.NetIOInterface, interfaceName string, routes []RouteInfo) error {
|
2018-08-19 00:50:49 +03:00
|
|
|
ifIndex := 0
|
|
|
|
|
|
|
|
|
|
for _, route := range routes {
|
|
|
|
|
if route.DevName != "" {
|
2021-10-16 00:28:37 +03:00
|
|
|
devIf, _ := netioshim.GetNetworkInterfaceByName(route.DevName)
|
2018-08-19 00:50:49 +03:00
|
|
|
ifIndex = devIf.Index
|
|
|
|
|
} else {
|
2021-10-16 00:28:37 +03:00
|
|
|
interfaceIf, err := netioshim.GetNetworkInterfaceByName(interfaceName)
|
|
|
|
|
if err != nil {
|
2023-09-16 03:14:44 +03:00
|
|
|
logger.Error("Interface not found with", zap.Error(err))
|
2021-10-16 00:28:37 +03:00
|
|
|
return fmt.Errorf("addRoutes failed: %w", err)
|
|
|
|
|
}
|
2018-08-19 00:50:49 +03:00
|
|
|
ifIndex = interfaceIf.Index
|
|
|
|
|
}
|
|
|
|
|
|
2021-09-20 21:57:12 +03:00
|
|
|
family := netlink.GetIPAddressFamily(route.Gw)
|
2020-04-16 08:30:48 +03:00
|
|
|
if route.Gw == nil {
|
2021-09-20 21:57:12 +03:00
|
|
|
family = netlink.GetIPAddressFamily(route.Dst.IP)
|
2020-04-16 08:30:48 +03:00
|
|
|
}
|
|
|
|
|
|
2018-08-19 00:50:49 +03:00
|
|
|
nlRoute := &netlink.Route{
|
2020-04-16 08:30:48 +03:00
|
|
|
Family: family,
|
2018-08-19 00:50:49 +03:00
|
|
|
Dst: &route.Dst,
|
|
|
|
|
Gw: route.Gw,
|
|
|
|
|
LinkIndex: ifIndex,
|
2020-04-16 08:30:48 +03:00
|
|
|
Priority: route.Priority,
|
2021-01-19 21:48:11 +03:00
|
|
|
Protocol: route.Protocol,
|
|
|
|
|
Scope: route.Scope,
|
feat: Add SNAT bridge to Native, decouple SNAT bridge (#1506)
* Native Endpoint Client Add Endpoints
* AddEndpointRules, ConfigureContainerInterfacesAndRoutes
* Changed interface names, log statements
nw.extIf.Name > eth0 (eth0)
eth0.vlanid > eth0.X (eth0.1)
%s%s hostIfName > vnet (A1veth0)
%s%s-2 contIfName > container (B1veth0)
* Renaming, using lib to set ns
* Namespace "path" is /var/run/netns/<NS>
* Loopback set up, Remove auto kernel subnet route
* Cannot set link to up if it's in another NS
* Multiple containers on same VNET NS
* Delete Endpoint routes on Delete
* Minimizing netns usage
* Moving NS Exec Code
* Further minimized netns.Set usage
* Moved helper methods down, drafted tests
* Removed DevName from Route Info, more tests
* Test existing vnet ns, delete endpoint
* NetNS interface for testing
* Separated tests by namespace
* Endpoints delete if they cannot be moved into NS
* Namespace netns tests
* Added Native Client to deleteEndpointImpl
* Deletion of Endpoints Impl and Tests
* Cleaned code (Tests ok)
* Moved mock/netns to package (Tests ok)
* Fixing Netns (wip)
Moved netnsinterface to consumer package (network).
Removed "Netns" from "NewNetns" and "NewMockNetns" as it is unambiguous.
Changed uintptr to int and casted the int to uintptr when needed later.
* Using errors.Wrap for error context (wip)
* Removed sentence case (wip)
* Removing variable predeclaration
* Removed NewNativeEndpointClient
Directly instantiating struct because nothing special happens in NewNativeEndpointClient
* Removed generics from ExecuteInNS
* Removed uintptr from mocknetns, tests compile
Forgot to remove uintptr from mocknetns
* Fix tests, lint
* Fixes from linter
Works on VMSS
* Replacing references to ethX with vlan veth
* Removed unnecessary log
* Removed unnecessary mac, fix tests
* Mockns method name enum
* Unable to use GetNetworkInterfaceByName due to NS
If I use GetNetworkInterface, I need to be in the vnet NS, but that means I will need to call ExecuteInNS, which causes tests to fail.
* Fixes from linter
* Assume if NS exists, vlan veth exists
Tests ok
* Fixes for Linter
* Snat refactor
* Fix delete tests
* Fix delete tests bug
* More snat refactor
* Breaking, prepping for Native Snat
Delete native endpoint snat route linux to remove errors and in theory, ovs should work fine again.
* Go mod tidy for linting
Hopefully this fixes the windows lint error
* Add fields to native endpoint client for snat
* Using New() func to create Native Client
Creation of the native endpoint client is too complicated to directly instantiate.
* Snat defaults
* Insert SNAT entry points
* Native Snat error handling
* Breaking, decouple ovsctl from snat
Proposed Solution implementation
Moved ovsctlClient.AddPortOnOVSBridge to ovs_endpoint_snatroute_linux.go. Removed ovsctlclient from NewSnatClient. Removed ovsctlClient from testing file.
* Delete unecessary ovssnat files
* No lint on vishvananda netns
Maybe this will fix the windows linter?
* Build linux only for netns package
Maybe this fixes the linter error?
* Remove nolint to see if linter fails
* Breaking, removed bridgeName
bridgeName refers to the OVS Switch I believe
* If native uses snat bridge, should also get IP
* Breaking, Decouple or Wrap snat route
* Check to see if snat triggered
* Snat behaviors specific to ovs/native
* Pass the pointer
Add/Delete ok
* Renaming to make consts public
* Breaking, moving ovs specific parts of snat to ovs
* Remove enable infra vnet (Tests ok)
Tested:
Allow Host to NC only
Allow NC to Host only
Allow both
Wget
Ping between containers
Warning: Enable snat is still hard coded to true!!!
* Move add port to after exists() check
* Moved netns interface to caller, generalized tests
Tests ok, Native ok
* Typos
* Reordered if statement, unwrapped arp
Tests ok, ping ok, wget ok
* Linted, wrapping errors
* Go fumpt entire network package
* Code markers removed, clean (Tests ok)
OVS & Native:
- Ping between two containers same VM, no packets on bridge
- Ping between two containers diff VM, no packets on bridge
- Ping other container not in vnet, no packets on bridge
- Ping snat to container, packets on bridge
- Ping container to snat, packets on bridge
- Tcpdump confirmed on azSnatBr
- Deletion of containers deletes appropriate interfaces
* Renamed veth, fixed logs
* Made deleteEndpoints logic clearer, renamed error
* Renamed eth0 to primaryHostIfName, vlanEth to vlanIf
* Deleted debug log
* Corrected merge (hardware addr) (Tests ok)
* Renamed vlan veth to hostExtIf_vlanID, Disabled RA
eth0.2 makes disable RA look for a folder eth0 and then another sub folder "2". ("eth0/2") However, it should look for a folder named "eth0.2" literally. To solve this, we change the naming scheme to use an underscore instead. (Tests ok)
* Renamed Native to TransparentVlan
Confirmed basic functionality on VM with correct mode
* Make file updated
* Create azure-windows-multitenancy-transparent-vlan.conflist
* Unified snat err format
* Rename to transparent-vlan
* Route table support added to local netlink
* Moved SNAT to end of function
* Defer deleting vlan interface on failure
2022-08-10 23:50:26 +03:00
|
|
|
Table: route.Table,
|
2018-08-19 00:50:49 +03:00
|
|
|
}
|
|
|
|
|
|
2023-09-16 03:14:44 +03:00
|
|
|
logger.Info("Adding IP route to link", zap.Any("route", route), zap.String("interfaceName", interfaceName))
|
2021-09-20 21:57:12 +03:00
|
|
|
if err := nl.AddIPRoute(nlRoute); err != nil {
|
2018-08-19 00:50:49 +03:00
|
|
|
if !strings.Contains(strings.ToLower(err.Error()), "file exists") {
|
|
|
|
|
return err
|
|
|
|
|
} else {
|
2023-09-16 03:14:44 +03:00
|
|
|
logger.Info("route already exists")
|
2018-08-19 00:50:49 +03:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return nil
|
|
|
|
|
}
|
|
|
|
|
|
2021-10-16 00:28:37 +03:00
|
|
|
func deleteRoutes(nl netlink.NetlinkInterface, netioshim netio.NetIOInterface, interfaceName string, routes []RouteInfo) error {
|
2018-08-19 00:50:49 +03:00
|
|
|
ifIndex := 0
|
|
|
|
|
|
|
|
|
|
for _, route := range routes {
|
|
|
|
|
if route.DevName != "" {
|
2021-10-16 00:28:37 +03:00
|
|
|
devIf, _ := netioshim.GetNetworkInterfaceByName(route.DevName)
|
2019-01-10 05:29:22 +03:00
|
|
|
if devIf == nil {
|
2023-09-16 03:14:44 +03:00
|
|
|
logger.Info("Not deleting route. Interface doesn't exist", zap.String("interfaceName", interfaceName))
|
2019-01-10 05:29:22 +03:00
|
|
|
continue
|
|
|
|
|
}
|
|
|
|
|
|
2018-08-19 00:50:49 +03:00
|
|
|
ifIndex = devIf.Index
|
2023-04-18 00:26:00 +03:00
|
|
|
} else if interfaceName != "" {
|
2021-10-16 00:28:37 +03:00
|
|
|
interfaceIf, _ := netioshim.GetNetworkInterfaceByName(interfaceName)
|
2019-01-10 05:29:22 +03:00
|
|
|
if interfaceIf == nil {
|
2023-09-16 03:14:44 +03:00
|
|
|
logger.Info("Not deleting route. Interface doesn't exist", zap.String("interfaceName", interfaceName))
|
2019-01-10 05:29:22 +03:00
|
|
|
continue
|
|
|
|
|
}
|
2018-08-19 00:50:49 +03:00
|
|
|
ifIndex = interfaceIf.Index
|
|
|
|
|
}
|
2023-04-18 00:26:00 +03:00
|
|
|
|
2021-10-16 00:28:37 +03:00
|
|
|
family := netlink.GetIPAddressFamily(route.Gw)
|
|
|
|
|
if route.Gw == nil {
|
|
|
|
|
family = netlink.GetIPAddressFamily(route.Dst.IP)
|
|
|
|
|
}
|
2018-08-19 00:50:49 +03:00
|
|
|
|
|
|
|
|
nlRoute := &netlink.Route{
|
2021-10-16 00:28:37 +03:00
|
|
|
Family: family,
|
2018-08-19 00:50:49 +03:00
|
|
|
Dst: &route.Dst,
|
|
|
|
|
LinkIndex: ifIndex,
|
2023-04-18 00:26:00 +03:00
|
|
|
Gw: route.Gw,
|
2021-01-19 21:48:11 +03:00
|
|
|
Protocol: route.Protocol,
|
|
|
|
|
Scope: route.Scope,
|
2018-08-19 00:50:49 +03:00
|
|
|
}
|
|
|
|
|
|
2023-09-16 03:14:44 +03:00
|
|
|
logger.Info("Deleting IP route from link", zap.Any("route", route), zap.String("interfaceName", interfaceName))
|
2021-09-20 21:57:12 +03:00
|
|
|
if err := nl.DeleteIPRoute(nlRoute); err != nil {
|
2018-08-19 00:50:49 +03:00
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return nil
|
|
|
|
|
}
|
2018-10-29 21:10:27 +03:00
|
|
|
|
|
|
|
|
// updateEndpointImpl updates an existing endpoint in the network.
|
2021-09-20 21:57:12 +03:00
|
|
|
func (nm *networkManager) updateEndpointImpl(nw *network, existingEpInfo *EndpointInfo, targetEpInfo *EndpointInfo) (*endpoint, error) {
|
2018-10-29 21:10:27 +03:00
|
|
|
var ep *endpoint
|
|
|
|
|
|
|
|
|
|
existingEpFromRepository := nw.Endpoints[existingEpInfo.Id]
|
2023-09-16 03:14:44 +03:00
|
|
|
logger.Info("[updateEndpointImpl] Going to retrieve endpoint with Id to update", zap.String("id", existingEpInfo.Id))
|
2018-10-29 21:10:27 +03:00
|
|
|
if existingEpFromRepository == nil {
|
2023-09-16 03:14:44 +03:00
|
|
|
logger.Info("[updateEndpointImpl] Endpoint cannot be updated as it does not exist")
|
2023-11-01 22:50:35 +03:00
|
|
|
return nil, errEndpointNotFound
|
2018-10-29 21:10:27 +03:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
netns := existingEpFromRepository.NetworkNameSpace
|
|
|
|
|
// Network namespace for the container interface has to be specified
|
|
|
|
|
if netns != "" {
|
|
|
|
|
// Open the network namespace.
|
2023-09-16 03:14:44 +03:00
|
|
|
logger.Info("[updateEndpointImpl] Opening netns", zap.Any("netns", netns))
|
2023-11-01 22:50:35 +03:00
|
|
|
ns, err := nm.nsClient.OpenNamespace(netns)
|
2018-10-29 21:10:27 +03:00
|
|
|
if err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
defer ns.Close()
|
|
|
|
|
|
|
|
|
|
// Enter the container network namespace.
|
2023-09-16 03:14:44 +03:00
|
|
|
logger.Info("[updateEndpointImpl] Entering netns", zap.Any("netns", netns))
|
2018-10-29 21:10:27 +03:00
|
|
|
if err = ns.Enter(); err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Return to host network namespace.
|
|
|
|
|
defer func() {
|
2023-09-16 03:14:44 +03:00
|
|
|
logger.Info("[updateEndpointImpl] Exiting netns", zap.Any("netns", netns))
|
2018-10-29 21:10:27 +03:00
|
|
|
if err := ns.Exit(); err != nil {
|
2023-09-16 03:14:44 +03:00
|
|
|
logger.Error("[updateEndpointImpl] Failed to exit netns with", zap.Error(err))
|
2018-10-29 21:10:27 +03:00
|
|
|
}
|
|
|
|
|
}()
|
|
|
|
|
} else {
|
2023-09-16 03:14:44 +03:00
|
|
|
logger.Info("[updateEndpointImpl] Endpoint cannot be updated as the network namespace does not exist: Epid", zap.String("id", existingEpInfo.Id),
|
|
|
|
|
zap.String("component", "updateEndpointImpl"))
|
2023-11-01 22:50:35 +03:00
|
|
|
return nil, errNamespaceNotFound
|
2018-10-29 21:10:27 +03:00
|
|
|
}
|
|
|
|
|
|
2023-09-16 03:14:44 +03:00
|
|
|
logger.Info("[updateEndpointImpl] Going to update routes in netns", zap.Any("netns", netns))
|
2023-11-01 22:50:35 +03:00
|
|
|
if err := nm.updateRoutes(existingEpInfo, targetEpInfo); err != nil {
|
2018-10-29 21:10:27 +03:00
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Create the endpoint object.
|
|
|
|
|
ep = &endpoint{
|
|
|
|
|
Id: existingEpInfo.Id,
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Update existing endpoint state with the new routes to persist
|
2021-07-08 21:30:59 +03:00
|
|
|
ep.Routes = append(ep.Routes, targetEpInfo.Routes...)
|
2018-10-29 21:10:27 +03:00
|
|
|
|
|
|
|
|
return ep, nil
|
|
|
|
|
}
|
|
|
|
|
|
2021-09-20 21:57:12 +03:00
|
|
|
func (nm *networkManager) updateRoutes(existingEp *EndpointInfo, targetEp *EndpointInfo) error {
|
2023-09-16 03:14:44 +03:00
|
|
|
logger.Info("Updating routes for the endpoint", zap.Any("existingEp", existingEp))
|
|
|
|
|
logger.Info("Target endpoint is", zap.Any("targetEp", targetEp))
|
2018-10-29 21:10:27 +03:00
|
|
|
|
|
|
|
|
existingRoutes := make(map[string]RouteInfo)
|
|
|
|
|
targetRoutes := make(map[string]RouteInfo)
|
|
|
|
|
var tobeDeletedRoutes []RouteInfo
|
|
|
|
|
var tobeAddedRoutes []RouteInfo
|
|
|
|
|
|
|
|
|
|
// we should not remove default route from container if it exists
|
|
|
|
|
// we do not support enable/disable snat for now
|
|
|
|
|
defaultDst := net.ParseIP("0.0.0.0")
|
|
|
|
|
|
2023-09-16 03:14:44 +03:00
|
|
|
logger.Info("Going to collect routes and skip default and infravnet routes if applicable.")
|
|
|
|
|
logger.Info("Key for default route", zap.String("route", defaultDst.String()))
|
2018-10-29 21:10:27 +03:00
|
|
|
|
|
|
|
|
infraVnetKey := ""
|
|
|
|
|
if targetEp.EnableInfraVnet {
|
|
|
|
|
infraVnetSubnet := targetEp.InfraVnetAddressSpace
|
|
|
|
|
if infraVnetSubnet != "" {
|
|
|
|
|
infraVnetKey = strings.Split(infraVnetSubnet, "/")[0]
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2023-09-16 03:14:44 +03:00
|
|
|
logger.Info("Key for route to infra vnet", zap.String("infraVnetKey", infraVnetKey))
|
2018-10-29 21:10:27 +03:00
|
|
|
for _, route := range existingEp.Routes {
|
|
|
|
|
destination := route.Dst.IP.String()
|
2023-09-16 03:14:44 +03:00
|
|
|
logger.Info("Checking destination as to skip or not", zap.String("destination", destination))
|
2018-10-29 21:10:27 +03:00
|
|
|
isDefaultRoute := destination == defaultDst.String()
|
|
|
|
|
isInfraVnetRoute := targetEp.EnableInfraVnet && (destination == infraVnetKey)
|
|
|
|
|
if !isDefaultRoute && !isInfraVnetRoute {
|
|
|
|
|
existingRoutes[route.Dst.String()] = route
|
2023-09-16 03:14:44 +03:00
|
|
|
logger.Info("was skipped", zap.String("destination", destination))
|
2018-10-29 21:10:27 +03:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
for _, route := range targetEp.Routes {
|
|
|
|
|
targetRoutes[route.Dst.String()] = route
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
for _, existingRoute := range existingRoutes {
|
|
|
|
|
dst := existingRoute.Dst.String()
|
|
|
|
|
if _, ok := targetRoutes[dst]; !ok {
|
|
|
|
|
tobeDeletedRoutes = append(tobeDeletedRoutes, existingRoute)
|
2023-09-16 03:14:44 +03:00
|
|
|
logger.Info("Adding following route to the tobeDeleted list", zap.Any("existingRoute", existingRoute))
|
2018-10-29 21:10:27 +03:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
for _, targetRoute := range targetRoutes {
|
|
|
|
|
dst := targetRoute.Dst.String()
|
|
|
|
|
if _, ok := existingRoutes[dst]; !ok {
|
|
|
|
|
tobeAddedRoutes = append(tobeAddedRoutes, targetRoute)
|
2023-09-16 03:14:44 +03:00
|
|
|
logger.Info("Adding following route to the tobeAdded list", zap.Any("targetRoute", targetRoute))
|
2018-10-29 21:10:27 +03:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
2021-10-16 00:28:37 +03:00
|
|
|
err := deleteRoutes(nm.netlink, &netio.NetIO{}, existingEp.IfName, tobeDeletedRoutes)
|
2018-10-29 21:10:27 +03:00
|
|
|
if err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
|
2021-10-16 00:28:37 +03:00
|
|
|
err = addRoutes(nm.netlink, &netio.NetIO{}, existingEp.IfName, tobeAddedRoutes)
|
2018-10-29 21:10:27 +03:00
|
|
|
if err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
|
2023-09-16 03:14:44 +03:00
|
|
|
logger.Info("Successfully updated routes for the endpoint using target", zap.Any("existingEp", existingEp), zap.Any("targetEp", targetEp))
|
2018-10-29 21:10:27 +03:00
|
|
|
|
|
|
|
|
return nil
|
|
|
|
|
}
|
2019-01-05 03:19:36 +03:00
|
|
|
|
|
|
|
|
func getDefaultGateway(routes []RouteInfo) net.IP {
|
|
|
|
|
_, defDstIP, _ := net.ParseCIDR("0.0.0.0/0")
|
|
|
|
|
for _, route := range routes {
|
|
|
|
|
if route.Dst.String() == defDstIP.String() {
|
|
|
|
|
return route.Gw
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return nil
|
|
|
|
|
}
|
