summaryrefslogtreecommitdiff
path: root/libpod
diff options
context:
space:
mode:
authorDoug Rabson <dfr@rabson.org>2022-09-07 16:03:37 +0100
committerDoug Rabson <dfr@rabson.org>2022-09-12 16:28:47 +0100
commitd014dca81f485f66eb66d426411e0faee7c8629b (patch)
tree95b6980706db383458b6c79b91577cd13c4120c3 /libpod
parent1dd0eb4679a0e24bca8e72257e8225b03afddb23 (diff)
downloadpodman-d014dca81f485f66eb66d426411e0faee7c8629b.tar.gz
podman-d014dca81f485f66eb66d426411e0faee7c8629b.tar.bz2
podman-d014dca81f485f66eb66d426411e0faee7c8629b.zip
libpod: Move isBridgeNetMode and reloadContainerNetwork to networking_common.go
[NO NEW TESTS NEEDED] Signed-off-by: Doug Rabson <dfr@rabson.org>
Diffstat (limited to 'libpod')
-rw-r--r--libpod/networking_common.go69
-rw-r--r--libpod/networking_freebsd.go68
-rw-r--r--libpod/networking_linux.go68
3 files changed, 69 insertions, 136 deletions
diff --git a/libpod/networking_common.go b/libpod/networking_common.go
index 5d0b64f10..d6e06152e 100644
--- a/libpod/networking_common.go
+++ b/libpod/networking_common.go
@@ -5,9 +5,12 @@ package libpod
import (
"fmt"
+ "regexp"
"github.com/containers/common/libnetwork/types"
"github.com/containers/common/pkg/machine"
+ "github.com/containers/podman/v4/libpod/define"
+ "github.com/containers/podman/v4/pkg/namespaces"
"github.com/sirupsen/logrus"
)
@@ -128,3 +131,69 @@ func (r *Runtime) teardownCNI(ctr *Container) error {
}
return nil
}
+
+// isBridgeNetMode checks if the given network mode is bridge.
+// It returns nil when it is set to bridge and an error otherwise.
+func isBridgeNetMode(n namespaces.NetworkMode) error {
+ if !n.IsBridge() {
+ return fmt.Errorf("%q is not supported: %w", n, define.ErrNetworkModeInvalid)
+ }
+ return nil
+}
+
+// Reload only works with containers with a configured network.
+// It will tear down, and then reconfigure, the network of the container.
+// This is mainly used when a reload of firewall rules wipes out existing
+// firewall configuration.
+// Efforts will be made to preserve MAC and IP addresses, but this only works if
+// the container only joined a single CNI network, and was only assigned a
+// single MAC or IP.
+// Only works on root containers at present, though in the future we could
+// extend this to stop + restart slirp4netns
+func (r *Runtime) reloadContainerNetwork(ctr *Container) (map[string]types.StatusBlock, error) {
+ if ctr.state.NetNS == nil {
+ return nil, fmt.Errorf("container %s network is not configured, refusing to reload: %w", ctr.ID(), define.ErrCtrStateInvalid)
+ }
+ if err := isBridgeNetMode(ctr.config.NetMode); err != nil {
+ return nil, err
+ }
+ logrus.Infof("Going to reload container %s network", ctr.ID())
+
+ err := r.teardownCNI(ctr)
+ if err != nil {
+ // teardownCNI will error if the iptables rules do not exists and this is the case after
+ // a firewall reload. The purpose of network reload is to recreate the rules if they do
+ // not exists so we should not log this specific error as error. This would confuse users otherwise.
+ // iptables-legacy and iptables-nft will create different errors make sure to match both.
+ b, rerr := regexp.MatchString("Couldn't load target `CNI-[a-f0-9]{24}':No such file or directory|Chain 'CNI-[a-f0-9]{24}' does not exist", err.Error())
+ if rerr == nil && !b {
+ logrus.Error(err)
+ } else {
+ logrus.Info(err)
+ }
+ }
+
+ networkOpts, err := ctr.networks()
+ if err != nil {
+ return nil, err
+ }
+
+ // Set the same network settings as before..
+ netStatus := ctr.getNetworkStatus()
+ for network, perNetOpts := range networkOpts {
+ for name, netInt := range netStatus[network].Interfaces {
+ perNetOpts.InterfaceName = name
+ perNetOpts.StaticMAC = netInt.MacAddress
+ for _, netAddress := range netInt.Subnets {
+ perNetOpts.StaticIPs = append(perNetOpts.StaticIPs, netAddress.IPNet.IP)
+ }
+ // Normally interfaces have a length of 1, only for some special cni configs we could get more.
+ // For now just use the first interface to get the ips this should be good enough for most cases.
+ break
+ }
+ networkOpts[network] = perNetOpts
+ }
+ ctr.perNetworkOpts = networkOpts
+
+ return r.configureNetNS(ctr, ctr.state.NetNS)
+}
diff --git a/libpod/networking_freebsd.go b/libpod/networking_freebsd.go
index 3833154c5..7b6ea0d1e 100644
--- a/libpod/networking_freebsd.go
+++ b/libpod/networking_freebsd.go
@@ -11,14 +11,12 @@ import (
"net"
"os/exec"
"path/filepath"
- "regexp"
"sort"
"github.com/containers/buildah/pkg/jail"
"github.com/containers/common/libnetwork/types"
"github.com/containers/podman/v4/libpod/define"
"github.com/containers/podman/v4/libpod/events"
- "github.com/containers/podman/v4/pkg/namespaces"
"github.com/containers/podman/v4/pkg/util"
"github.com/containers/storage/pkg/lockfile"
"github.com/sirupsen/logrus"
@@ -213,72 +211,6 @@ func (r *Runtime) teardownNetNS(ctr *Container) error {
return nil
}
-// isBridgeNetMode checks if the given network mode is bridge.
-// It returns nil when it is set to bridge and an error otherwise.
-func isBridgeNetMode(n namespaces.NetworkMode) error {
- if !n.IsBridge() {
- return fmt.Errorf("%q is not supported: %w", n, define.ErrNetworkModeInvalid)
- }
- return nil
-}
-
-// Reload only works with containers with a configured network.
-// It will tear down, and then reconfigure, the network of the container.
-// This is mainly used when a reload of firewall rules wipes out existing
-// firewall configuration.
-// Efforts will be made to preserve MAC and IP addresses, but this only works if
-// the container only joined a single CNI network, and was only assigned a
-// single MAC or IP.
-// Only works on root containers at present, though in the future we could
-// extend this to stop + restart slirp4netns
-func (r *Runtime) reloadContainerNetwork(ctr *Container) (map[string]types.StatusBlock, error) {
- if ctr.state.NetNS == nil {
- return nil, fmt.Errorf("container %s network is not configured, refusing to reload: %w", ctr.ID(), define.ErrCtrStateInvalid)
- }
- if err := isBridgeNetMode(ctr.config.NetMode); err != nil {
- return nil, err
- }
- logrus.Infof("Going to reload container %s network", ctr.ID())
-
- err := r.teardownCNI(ctr)
- if err != nil {
- // teardownCNI will error if the iptables rules do not exists and this is the case after
- // a firewall reload. The purpose of network reload is to recreate the rules if they do
- // not exists so we should not log this specific error as error. This would confuse users otherwise.
- // iptables-legacy and iptables-nft will create different errors make sure to match both.
- b, rerr := regexp.MatchString("Couldn't load target `CNI-[a-f0-9]{24}':No such file or directory|Chain 'CNI-[a-f0-9]{24}' does not exist", err.Error())
- if rerr == nil && !b {
- logrus.Error(err)
- } else {
- logrus.Info(err)
- }
- }
-
- networkOpts, err := ctr.networks()
- if err != nil {
- return nil, err
- }
-
- // Set the same network settings as before..
- netStatus := ctr.getNetworkStatus()
- for network, perNetOpts := range networkOpts {
- for name, netInt := range netStatus[network].Interfaces {
- perNetOpts.InterfaceName = name
- perNetOpts.StaticMAC = netInt.MacAddress
- for _, netAddress := range netInt.Subnets {
- perNetOpts.StaticIPs = append(perNetOpts.StaticIPs, netAddress.IPNet.IP)
- }
- // Normally interfaces have a length of 1, only for some special cni configs we could get more.
- // For now just use the first interface to get the ips this should be good enough for most cases.
- break
- }
- networkOpts[network] = perNetOpts
- }
- ctr.perNetworkOpts = networkOpts
-
- return r.configureNetNS(ctr, ctr.state.NetNS)
-}
-
func getContainerNetIO(ctr *Container) (*LinkStatistics64, error) {
if ctr.state.NetNS == nil {
// If NetNS is nil, it was set as none, and no netNS
diff --git a/libpod/networking_linux.go b/libpod/networking_linux.go
index fc9084c10..d442b3fe0 100644
--- a/libpod/networking_linux.go
+++ b/libpod/networking_linux.go
@@ -13,7 +13,6 @@ import (
"os"
"os/exec"
"path/filepath"
- "regexp"
"sort"
"strconv"
"strings"
@@ -30,7 +29,6 @@ import (
"github.com/containers/podman/v4/libpod/define"
"github.com/containers/podman/v4/libpod/events"
"github.com/containers/podman/v4/pkg/errorhandling"
- "github.com/containers/podman/v4/pkg/namespaces"
"github.com/containers/podman/v4/pkg/rootless"
"github.com/containers/podman/v4/utils"
"github.com/containers/storage/pkg/lockfile"
@@ -743,72 +741,6 @@ func getContainerNetNS(ctr *Container) (string, *Container, error) {
return "", nil, nil
}
-// isBridgeNetMode checks if the given network mode is bridge.
-// It returns nil when it is set to bridge and an error otherwise.
-func isBridgeNetMode(n namespaces.NetworkMode) error {
- if !n.IsBridge() {
- return fmt.Errorf("%q is not supported: %w", n, define.ErrNetworkModeInvalid)
- }
- return nil
-}
-
-// Reload only works with containers with a configured network.
-// It will tear down, and then reconfigure, the network of the container.
-// This is mainly used when a reload of firewall rules wipes out existing
-// firewall configuration.
-// Efforts will be made to preserve MAC and IP addresses, but this only works if
-// the container only joined a single CNI network, and was only assigned a
-// single MAC or IP.
-// Only works on root containers at present, though in the future we could
-// extend this to stop + restart slirp4netns
-func (r *Runtime) reloadContainerNetwork(ctr *Container) (map[string]types.StatusBlock, error) {
- if ctr.state.NetNS == nil {
- return nil, fmt.Errorf("container %s network is not configured, refusing to reload: %w", ctr.ID(), define.ErrCtrStateInvalid)
- }
- if err := isBridgeNetMode(ctr.config.NetMode); err != nil {
- return nil, err
- }
- logrus.Infof("Going to reload container %s network", ctr.ID())
-
- err := r.teardownCNI(ctr)
- if err != nil {
- // teardownCNI will error if the iptables rules do not exists and this is the case after
- // a firewall reload. The purpose of network reload is to recreate the rules if they do
- // not exists so we should not log this specific error as error. This would confuse users otherwise.
- // iptables-legacy and iptables-nft will create different errors make sure to match both.
- b, rerr := regexp.MatchString("Couldn't load target `CNI-[a-f0-9]{24}':No such file or directory|Chain 'CNI-[a-f0-9]{24}' does not exist", err.Error())
- if rerr == nil && !b {
- logrus.Error(err)
- } else {
- logrus.Info(err)
- }
- }
-
- networkOpts, err := ctr.networks()
- if err != nil {
- return nil, err
- }
-
- // Set the same network settings as before..
- netStatus := ctr.getNetworkStatus()
- for network, perNetOpts := range networkOpts {
- for name, netInt := range netStatus[network].Interfaces {
- perNetOpts.InterfaceName = name
- perNetOpts.StaticMAC = netInt.MacAddress
- for _, netAddress := range netInt.Subnets {
- perNetOpts.StaticIPs = append(perNetOpts.StaticIPs, netAddress.IPNet.IP)
- }
- // Normally interfaces have a length of 1, only for some special cni configs we could get more.
- // For now just use the first interface to get the ips this should be good enough for most cases.
- break
- }
- networkOpts[network] = perNetOpts
- }
- ctr.perNetworkOpts = networkOpts
-
- return r.configureNetNS(ctr, ctr.state.NetNS)
-}
-
// TODO (5.0): return the statistics per network interface
// This would allow better compat with docker.
func getContainerNetIO(ctr *Container) (*netlink.LinkStatistics, error) {