diff options
| author | Paul Holzinger <pholzing@redhat.com> | 2021-08-16 16:11:26 +0200 |
|---|---|---|
| committer | Paul Holzinger <pholzing@redhat.com> | 2021-09-15 20:00:20 +0200 |
| commit | 85e8fbf7f33717ef6a0d6cf9e2143b52c874c2de (patch) | |
| tree | 82b0c29102d2779c18ea8a6f10df5dc1139e3817 /vendor/github.com/containernetworking/plugins/pkg | |
| parent | 218f132fdf4939d9e0374ef860d534f19e71df54 (diff) | |
| download | podman-85e8fbf7f33717ef6a0d6cf9e2143b52c874c2de.tar.gz podman-85e8fbf7f33717ef6a0d6cf9e2143b52c874c2de.tar.bz2 podman-85e8fbf7f33717ef6a0d6cf9e2143b52c874c2de.zip | |
Wire network interface into libpod
Make use of the new network interface in libpod.
This commit contains several breaking changes:
- podman network create only outputs the new network name and not file
path.
- podman network ls shows the network driver instead of the cni version
and plugins.
- podman network inspect outputs the new network struct and not the cni
conflist.
- The bindings and libpod api endpoints have been changed to use the new
network structure.
The container network status is stored in a new field in the state. The
status should be received with the new `c.getNetworkStatus`. This will
migrate the old status to the new format. Therefore old containers should
contine to work correctly in all cases even when network connect/
disconnect is used.
New features:
- podman network reload keeps the ip and mac for more than one network.
- podman container restore keeps the ip and mac for more than one
network.
- The network create compat endpoint can now use more than one ipam
config.
The man pages and the swagger doc are updated to reflect the latest
changes.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Diffstat (limited to 'vendor/github.com/containernetworking/plugins/pkg')
9 files changed, 0 insertions, 919 deletions
diff --git a/vendor/github.com/containernetworking/plugins/pkg/ip/addr_linux.go b/vendor/github.com/containernetworking/plugins/pkg/ip/addr_linux.go deleted file mode 100644 index b4db50b9a..000000000 --- a/vendor/github.com/containernetworking/plugins/pkg/ip/addr_linux.go +++ /dev/null @@ -1,68 +0,0 @@ -// Copyright 2017 CNI authors -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package ip - -import ( - "fmt" - "syscall" - "time" - - "github.com/vishvananda/netlink" -) - -const SETTLE_INTERVAL = 50 * time.Millisecond - -// SettleAddresses waits for all addresses on a link to leave tentative state. -// This is particularly useful for ipv6, where all addresses need to do DAD. -// There is no easy way to wait for this as an event, so just loop until the -// addresses are no longer tentative. -// If any addresses are still tentative after timeout seconds, then error. -func SettleAddresses(ifName string, timeout int) error { - link, err := netlink.LinkByName(ifName) - if err != nil { - return fmt.Errorf("failed to retrieve link: %v", err) - } - - deadline := time.Now().Add(time.Duration(timeout) * time.Second) - for { - addrs, err := netlink.AddrList(link, netlink.FAMILY_ALL) - if err != nil { - return fmt.Errorf("could not list addresses: %v", err) - } - - if len(addrs) == 0 { - return nil - } - - ok := true - for _, addr := range addrs { - if addr.Flags&(syscall.IFA_F_TENTATIVE|syscall.IFA_F_DADFAILED) > 0 { - ok = false - break // Break out of the `range addrs`, not the `for` - } - } - - if ok { - return nil - } - if time.Now().After(deadline) { - return fmt.Errorf("link %s still has tentative addresses after %d seconds", - ifName, - timeout) - } - - time.Sleep(SETTLE_INTERVAL) - } -} diff --git a/vendor/github.com/containernetworking/plugins/pkg/ip/cidr.go b/vendor/github.com/containernetworking/plugins/pkg/ip/cidr.go deleted file mode 100644 index 7acc2d47c..000000000 --- a/vendor/github.com/containernetworking/plugins/pkg/ip/cidr.go +++ /dev/null @@ -1,61 +0,0 @@ -// Copyright 2015 CNI authors -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package ip - -import ( - "math/big" - "net" -) - -// NextIP returns IP incremented by 1 -func NextIP(ip net.IP) net.IP { - i := ipToInt(ip) - return intToIP(i.Add(i, big.NewInt(1))) -} - -// PrevIP returns IP decremented by 1 -func PrevIP(ip net.IP) net.IP { - i := ipToInt(ip) - return intToIP(i.Sub(i, big.NewInt(1))) -} - -// Cmp compares two IPs, returning the usual ordering: -// a < b : -1 -// a == b : 0 -// a > b : 1 -func Cmp(a, b net.IP) int { - aa := ipToInt(a) - bb := ipToInt(b) - return aa.Cmp(bb) -} - -func ipToInt(ip net.IP) *big.Int { - if v := ip.To4(); v != nil { - return big.NewInt(0).SetBytes(v) - } - return big.NewInt(0).SetBytes(ip.To16()) -} - -func intToIP(i *big.Int) net.IP { - return net.IP(i.Bytes()) -} - -// Network masks off the host portion of the IP -func Network(ipn *net.IPNet) *net.IPNet { - return &net.IPNet{ - IP: ipn.IP.Mask(ipn.Mask), - Mask: ipn.Mask, - } -} diff --git a/vendor/github.com/containernetworking/plugins/pkg/ip/ipforward_linux.go b/vendor/github.com/containernetworking/plugins/pkg/ip/ipforward_linux.go deleted file mode 100644 index 8216a2c38..000000000 --- a/vendor/github.com/containernetworking/plugins/pkg/ip/ipforward_linux.go +++ /dev/null @@ -1,61 +0,0 @@ -// Copyright 2015 CNI authors -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package ip - -import ( - "bytes" - "io/ioutil" - - "github.com/containernetworking/cni/pkg/types/current" -) - -func EnableIP4Forward() error { - return echo1("/proc/sys/net/ipv4/ip_forward") -} - -func EnableIP6Forward() error { - return echo1("/proc/sys/net/ipv6/conf/all/forwarding") -} - -// EnableForward will enable forwarding for all configured -// address families -func EnableForward(ips []*current.IPConfig) error { - v4 := false - v6 := false - - for _, ip := range ips { - if ip.Version == "4" && !v4 { - if err := EnableIP4Forward(); err != nil { - return err - } - v4 = true - } else if ip.Version == "6" && !v6 { - if err := EnableIP6Forward(); err != nil { - return err - } - v6 = true - } - } - return nil -} - -func echo1(f string) error { - if content, err := ioutil.ReadFile(f); err == nil { - if bytes.Equal(bytes.TrimSpace(content), []byte("1")) { - return nil - } - } - return ioutil.WriteFile(f, []byte("1"), 0644) -} diff --git a/vendor/github.com/containernetworking/plugins/pkg/ip/ipmasq_linux.go b/vendor/github.com/containernetworking/plugins/pkg/ip/ipmasq_linux.go deleted file mode 100644 index cc640a605..000000000 --- a/vendor/github.com/containernetworking/plugins/pkg/ip/ipmasq_linux.go +++ /dev/null @@ -1,126 +0,0 @@ -// Copyright 2015 CNI authors -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package ip - -import ( - "fmt" - "net" - - "github.com/coreos/go-iptables/iptables" -) - -// SetupIPMasq installs iptables rules to masquerade traffic -// coming from ip of ipn and going outside of ipn -func SetupIPMasq(ipn *net.IPNet, chain string, comment string) error { - isV6 := ipn.IP.To4() == nil - - var ipt *iptables.IPTables - var err error - var multicastNet string - - if isV6 { - ipt, err = iptables.NewWithProtocol(iptables.ProtocolIPv6) - multicastNet = "ff00::/8" - } else { - ipt, err = iptables.NewWithProtocol(iptables.ProtocolIPv4) - multicastNet = "224.0.0.0/4" - } - if err != nil { - return fmt.Errorf("failed to locate iptables: %v", err) - } - - // Create chain if doesn't exist - exists := false - chains, err := ipt.ListChains("nat") - if err != nil { - return fmt.Errorf("failed to list chains: %v", err) - } - for _, ch := range chains { - if ch == chain { - exists = true - break - } - } - if !exists { - if err = ipt.NewChain("nat", chain); err != nil { - return err - } - } - - // Packets to this network should not be touched - if err := ipt.AppendUnique("nat", chain, "-d", ipn.String(), "-j", "ACCEPT", "-m", "comment", "--comment", comment); err != nil { - return err - } - - // Don't masquerade multicast - pods should be able to talk to other pods - // on the local network via multicast. - if err := ipt.AppendUnique("nat", chain, "!", "-d", multicastNet, "-j", "MASQUERADE", "-m", "comment", "--comment", comment); err != nil { - return err - } - - // Packets from the specific IP of this network will hit the chain - return ipt.AppendUnique("nat", "POSTROUTING", "-s", ipn.IP.String(), "-j", chain, "-m", "comment", "--comment", comment) -} - -// TeardownIPMasq undoes the effects of SetupIPMasq -func TeardownIPMasq(ipn *net.IPNet, chain string, comment string) error { - isV6 := ipn.IP.To4() == nil - - var ipt *iptables.IPTables - var err error - - if isV6 { - ipt, err = iptables.NewWithProtocol(iptables.ProtocolIPv6) - } else { - ipt, err = iptables.NewWithProtocol(iptables.ProtocolIPv4) - } - if err != nil { - return fmt.Errorf("failed to locate iptables: %v", err) - } - - err = ipt.Delete("nat", "POSTROUTING", "-s", ipn.IP.String(), "-j", chain, "-m", "comment", "--comment", comment) - if err != nil && !isNotExist(err) { - return err - } - - // for downward compatibility - err = ipt.Delete("nat", "POSTROUTING", "-s", ipn.String(), "-j", chain, "-m", "comment", "--comment", comment) - if err != nil && !isNotExist(err) { - return err - } - - err = ipt.ClearChain("nat", chain) - if err != nil && !isNotExist(err) { - return err - - } - - err = ipt.DeleteChain("nat", chain) - if err != nil && !isNotExist(err) { - return err - } - - return nil -} - -// isNotExist returnst true if the error is from iptables indicating -// that the target does not exist. -func isNotExist(err error) bool { - e, ok := err.(*iptables.Error) - if !ok { - return false - } - return e.IsNotExist() -} diff --git a/vendor/github.com/containernetworking/plugins/pkg/ip/link_linux.go b/vendor/github.com/containernetworking/plugins/pkg/ip/link_linux.go deleted file mode 100644 index f8781cf19..000000000 --- a/vendor/github.com/containernetworking/plugins/pkg/ip/link_linux.go +++ /dev/null @@ -1,293 +0,0 @@ -// Copyright 2015 CNI authors -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package ip - -import ( - "crypto/rand" - "errors" - "fmt" - "net" - "os" - - "github.com/safchain/ethtool" - "github.com/vishvananda/netlink" - - "github.com/containernetworking/plugins/pkg/ns" - "github.com/containernetworking/plugins/pkg/utils/hwaddr" - "github.com/containernetworking/plugins/pkg/utils/sysctl" -) - -var ( - ErrLinkNotFound = errors.New("link not found") -) - -func makeVethPair(name, peer string, mtu int) (netlink.Link, error) { - veth := &netlink.Veth{ - LinkAttrs: netlink.LinkAttrs{ - Name: name, - Flags: net.FlagUp, - MTU: mtu, - }, - PeerName: peer, - } - if err := netlink.LinkAdd(veth); err != nil { - return nil, err - } - // Re-fetch the link to get its creation-time parameters, e.g. index and mac - veth2, err := netlink.LinkByName(name) - if err != nil { - netlink.LinkDel(veth) // try and clean up the link if possible. - return nil, err - } - - return veth2, nil -} - -func peerExists(name string) bool { - if _, err := netlink.LinkByName(name); err != nil { - return false - } - return true -} - -func makeVeth(name, vethPeerName string, mtu int) (peerName string, veth netlink.Link, err error) { - for i := 0; i < 10; i++ { - if vethPeerName != "" { - peerName = vethPeerName - } else { - peerName, err = RandomVethName() - if err != nil { - return - } - } - - veth, err = makeVethPair(name, peerName, mtu) - switch { - case err == nil: - return - - case os.IsExist(err): - if peerExists(peerName) && vethPeerName == "" { - continue - } - err = fmt.Errorf("container veth name provided (%v) already exists", name) - return - - default: - err = fmt.Errorf("failed to make veth pair: %v", err) - return - } - } - - // should really never be hit - err = fmt.Errorf("failed to find a unique veth name") - return -} - -// RandomVethName returns string "veth" with random prefix (hashed from entropy) -func RandomVethName() (string, error) { - entropy := make([]byte, 4) - _, err := rand.Reader.Read(entropy) - if err != nil { - return "", fmt.Errorf("failed to generate random veth name: %v", err) - } - - // NetworkManager (recent versions) will ignore veth devices that start with "veth" - return fmt.Sprintf("veth%x", entropy), nil -} - -func RenameLink(curName, newName string) error { - link, err := netlink.LinkByName(curName) - if err == nil { - err = netlink.LinkSetName(link, newName) - } - return err -} - -func ifaceFromNetlinkLink(l netlink.Link) net.Interface { - a := l.Attrs() - return net.Interface{ - Index: a.Index, - MTU: a.MTU, - Name: a.Name, - HardwareAddr: a.HardwareAddr, - Flags: a.Flags, - } -} - -// SetupVethWithName sets up a pair of virtual ethernet devices. -// Call SetupVethWithName from inside the container netns. It will create both veth -// devices and move the host-side veth into the provided hostNS namespace. -// hostVethName: If hostVethName is not specified, the host-side veth name will use a random string. -// On success, SetupVethWithName returns (hostVeth, containerVeth, nil) -func SetupVethWithName(contVethName, hostVethName string, mtu int, hostNS ns.NetNS) (net.Interface, net.Interface, error) { - hostVethName, contVeth, err := makeVeth(contVethName, hostVethName, mtu) - if err != nil { - return net.Interface{}, net.Interface{}, err - } - - if err = netlink.LinkSetUp(contVeth); err != nil { - return net.Interface{}, net.Interface{}, fmt.Errorf("failed to set %q up: %v", contVethName, err) - } - - hostVeth, err := netlink.LinkByName(hostVethName) - if err != nil { - return net.Interface{}, net.Interface{}, fmt.Errorf("failed to lookup %q: %v", hostVethName, err) - } - - if err = netlink.LinkSetNsFd(hostVeth, int(hostNS.Fd())); err != nil { - return net.Interface{}, net.Interface{}, fmt.Errorf("failed to move veth to host netns: %v", err) - } - - err = hostNS.Do(func(_ ns.NetNS) error { - hostVeth, err = netlink.LinkByName(hostVethName) - if err != nil { - return fmt.Errorf("failed to lookup %q in %q: %v", hostVethName, hostNS.Path(), err) - } - - if err = netlink.LinkSetUp(hostVeth); err != nil { - return fmt.Errorf("failed to set %q up: %v", hostVethName, err) - } - - // we want to own the routes for this interface - _, _ = sysctl.Sysctl(fmt.Sprintf("net/ipv6/conf/%s/accept_ra", hostVethName), "0") - return nil - }) - if err != nil { - return net.Interface{}, net.Interface{}, err - } - return ifaceFromNetlinkLink(hostVeth), ifaceFromNetlinkLink(contVeth), nil -} - -// SetupVeth sets up a pair of virtual ethernet devices. -// Call SetupVeth from inside the container netns. It will create both veth -// devices and move the host-side veth into the provided hostNS namespace. -// On success, SetupVeth returns (hostVeth, containerVeth, nil) -func SetupVeth(contVethName string, mtu int, hostNS ns.NetNS) (net.Interface, net.Interface, error) { - return SetupVethWithName(contVethName, "", mtu, hostNS) -} - -// DelLinkByName removes an interface link. -func DelLinkByName(ifName string) error { - iface, err := netlink.LinkByName(ifName) - if err != nil { - if _, ok := err.(netlink.LinkNotFoundError); ok { - return ErrLinkNotFound - } - return fmt.Errorf("failed to lookup %q: %v", ifName, err) - } - - if err = netlink.LinkDel(iface); err != nil { - return fmt.Errorf("failed to delete %q: %v", ifName, err) - } - - return nil -} - -// DelLinkByNameAddr remove an interface and returns its addresses -func DelLinkByNameAddr(ifName string) ([]*net.IPNet, error) { - iface, err := netlink.LinkByName(ifName) - if err != nil { - if _, ok := err.(netlink.LinkNotFoundError); ok { - return nil, ErrLinkNotFound - } - return nil, fmt.Errorf("failed to lookup %q: %v", ifName, err) - } - - addrs, err := netlink.AddrList(iface, netlink.FAMILY_ALL) - if err != nil { - return nil, fmt.Errorf("failed to get IP addresses for %q: %v", ifName, err) - } - - if err = netlink.LinkDel(iface); err != nil { - return nil, fmt.Errorf("failed to delete %q: %v", ifName, err) - } - - out := []*net.IPNet{} - for _, addr := range addrs { - if addr.IP.IsGlobalUnicast() { - out = append(out, addr.IPNet) - } - } - - return out, nil -} - -func SetHWAddrByIP(ifName string, ip4 net.IP, ip6 net.IP) error { - iface, err := netlink.LinkByName(ifName) - if err != nil { - return fmt.Errorf("failed to lookup %q: %v", ifName, err) - } - - switch { - case ip4 == nil && ip6 == nil: - return fmt.Errorf("neither ip4 or ip6 specified") - - case ip4 != nil: - { - hwAddr, err := hwaddr.GenerateHardwareAddr4(ip4, hwaddr.PrivateMACPrefix) - if err != nil { - return fmt.Errorf("failed to generate hardware addr: %v", err) - } - if err = netlink.LinkSetHardwareAddr(iface, hwAddr); err != nil { - return fmt.Errorf("failed to add hardware addr to %q: %v", ifName, err) - } - } - case ip6 != nil: - // TODO: IPv6 - } - - return nil -} - -// GetVethPeerIfindex returns the veth link object, the peer ifindex of the -// veth, or an error. This peer ifindex will only be valid in the peer's -// network namespace. -func GetVethPeerIfindex(ifName string) (netlink.Link, int, error) { - link, err := netlink.LinkByName(ifName) - if err != nil { - return nil, -1, fmt.Errorf("could not look up %q: %v", ifName, err) - } - if _, ok := link.(*netlink.Veth); !ok { - return nil, -1, fmt.Errorf("interface %q was not a veth interface", ifName) - } - - // veth supports IFLA_LINK (what vishvananda/netlink calls ParentIndex) - // on 4.1 and higher kernels - peerIndex := link.Attrs().ParentIndex - if peerIndex <= 0 { - // Fall back to ethtool for 4.0 and earlier kernels - e, err := ethtool.NewEthtool() - if err != nil { - return nil, -1, fmt.Errorf("failed to initialize ethtool: %v", err) - } - defer e.Close() - - stats, err := e.Stats(link.Attrs().Name) - if err != nil { - return nil, -1, fmt.Errorf("failed to request ethtool stats: %v", err) - } - n, ok := stats["peer_ifindex"] - if !ok { - return nil, -1, fmt.Errorf("failed to find 'peer_ifindex' in ethtool stats") - } - if n > 32767 || n == 0 { - return nil, -1, fmt.Errorf("invalid 'peer_ifindex' %d", n) - } - peerIndex = int(n) - } - - return link, peerIndex, nil -} diff --git a/vendor/github.com/containernetworking/plugins/pkg/ip/route_linux.go b/vendor/github.com/containernetworking/plugins/pkg/ip/route_linux.go deleted file mode 100644 index f5c0d0803..000000000 --- a/vendor/github.com/containernetworking/plugins/pkg/ip/route_linux.go +++ /dev/null @@ -1,47 +0,0 @@ -// Copyright 2015-2017 CNI authors -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package ip - -import ( - "net" - - "github.com/vishvananda/netlink" -) - -// AddRoute adds a universally-scoped route to a device. -func AddRoute(ipn *net.IPNet, gw net.IP, dev netlink.Link) error { - return netlink.RouteAdd(&netlink.Route{ - LinkIndex: dev.Attrs().Index, - Scope: netlink.SCOPE_UNIVERSE, - Dst: ipn, - Gw: gw, - }) -} - -// AddHostRoute adds a host-scoped route to a device. -func AddHostRoute(ipn *net.IPNet, gw net.IP, dev netlink.Link) error { - return netlink.RouteAdd(&netlink.Route{ - LinkIndex: dev.Attrs().Index, - Scope: netlink.SCOPE_HOST, - Dst: ipn, - Gw: gw, - }) -} - -// AddDefaultRoute sets the default route on the given gateway. -func AddDefaultRoute(gw net.IP, dev netlink.Link) error { - _, defNet, _ := net.ParseCIDR("0.0.0.0/0") - return AddRoute(defNet, gw, dev) -} diff --git a/vendor/github.com/containernetworking/plugins/pkg/ip/utils_linux.go b/vendor/github.com/containernetworking/plugins/pkg/ip/utils_linux.go deleted file mode 100644 index 7623c5e13..000000000 --- a/vendor/github.com/containernetworking/plugins/pkg/ip/utils_linux.go +++ /dev/null @@ -1,120 +0,0 @@ -// +build linux - -// Copyright 2016 CNI authors -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package ip - -import ( - "fmt" - "net" - - "github.com/containernetworking/cni/pkg/types" - "github.com/containernetworking/cni/pkg/types/current" - "github.com/vishvananda/netlink" -) - -func ValidateExpectedInterfaceIPs(ifName string, resultIPs []*current.IPConfig) error { - - // Ensure ips - for _, ips := range resultIPs { - ourAddr := netlink.Addr{IPNet: &ips.Address} - match := false - - link, err := netlink.LinkByName(ifName) - if err != nil { - return fmt.Errorf("Cannot find container link %v", ifName) - } - - addrList, err := netlink.AddrList(link, netlink.FAMILY_ALL) - if err != nil { - return fmt.Errorf("Cannot obtain List of IP Addresses") - } - - for _, addr := range addrList { - if addr.Equal(ourAddr) { - match = true - break - } - } - if match == false { - return fmt.Errorf("Failed to match addr %v on interface %v", ourAddr, ifName) - } - - // Convert the host/prefixlen to just prefix for route lookup. - _, ourPrefix, err := net.ParseCIDR(ourAddr.String()) - - findGwy := &netlink.Route{Dst: ourPrefix} - routeFilter := netlink.RT_FILTER_DST - var family int - - switch { - case ips.Version == "4": - family = netlink.FAMILY_V4 - case ips.Version == "6": - family = netlink.FAMILY_V6 - default: - return fmt.Errorf("Invalid IP Version %v for interface %v", ips.Version, ifName) - } - - gwy, err := netlink.RouteListFiltered(family, findGwy, routeFilter) - if err != nil { - return fmt.Errorf("Error %v trying to find Gateway %v for interface %v", err, ips.Gateway, ifName) - } - if gwy == nil { - return fmt.Errorf("Failed to find Gateway %v for interface %v", ips.Gateway, ifName) - } - } - - return nil -} - -func ValidateExpectedRoute(resultRoutes []*types.Route) error { - - // Ensure that each static route in prevResults is found in the routing table - for _, route := range resultRoutes { - find := &netlink.Route{Dst: &route.Dst, Gw: route.GW} - routeFilter := netlink.RT_FILTER_DST | netlink.RT_FILTER_GW - var family int - - switch { - case route.Dst.IP.To4() != nil: - family = netlink.FAMILY_V4 - // Default route needs Dst set to nil - if route.Dst.String() == "0.0.0.0/0" { - find = &netlink.Route{Dst: nil, Gw: route.GW} - routeFilter = netlink.RT_FILTER_DST - } - case len(route.Dst.IP) == net.IPv6len: - family = netlink.FAMILY_V6 - // Default route needs Dst set to nil - if route.Dst.String() == "::/0" { - find = &netlink.Route{Dst: nil, Gw: route.GW} - routeFilter = netlink.RT_FILTER_DST - } - default: - return fmt.Errorf("Invalid static route found %v", route) - } - - wasFound, err := netlink.RouteListFiltered(family, find, routeFilter) - if err != nil { - return fmt.Errorf("Expected Route %v not route table lookup error %v", route, err) - } - if wasFound == nil { - return fmt.Errorf("Expected Route %v not found in routing table", route) - } - } - - return nil -} diff --git a/vendor/github.com/containernetworking/plugins/pkg/utils/hwaddr/hwaddr.go b/vendor/github.com/containernetworking/plugins/pkg/utils/hwaddr/hwaddr.go deleted file mode 100644 index aaf3b8a02..000000000 --- a/vendor/github.com/containernetworking/plugins/pkg/utils/hwaddr/hwaddr.go +++ /dev/null @@ -1,63 +0,0 @@ -// Copyright 2016 CNI authors -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package hwaddr - -import ( - "fmt" - "net" -) - -const ( - ipRelevantByteLen = 4 - PrivateMACPrefixString = "0a:58" -) - -var ( - // private mac prefix safe to use - PrivateMACPrefix = []byte{0x0a, 0x58} -) - -type SupportIp4OnlyErr struct{ msg string } - -func (e SupportIp4OnlyErr) Error() string { return e.msg } - -type MacParseErr struct{ msg string } - -func (e MacParseErr) Error() string { return e.msg } - -type InvalidPrefixLengthErr struct{ msg string } - -func (e InvalidPrefixLengthErr) Error() string { return e.msg } - -// GenerateHardwareAddr4 generates 48 bit virtual mac addresses based on the IP4 input. -func GenerateHardwareAddr4(ip net.IP, prefix []byte) (net.HardwareAddr, error) { - switch { - - case ip.To4() == nil: - return nil, SupportIp4OnlyErr{msg: "GenerateHardwareAddr4 only supports valid IPv4 address as input"} - - case len(prefix) != len(PrivateMACPrefix): - return nil, InvalidPrefixLengthErr{msg: fmt.Sprintf( - "Prefix has length %d instead of %d", len(prefix), len(PrivateMACPrefix)), - } - } - - ipByteLen := len(ip) - return (net.HardwareAddr)( - append( - prefix, - ip[ipByteLen-ipRelevantByteLen:ipByteLen]...), - ), nil -} diff --git a/vendor/github.com/containernetworking/plugins/pkg/utils/sysctl/sysctl_linux.go b/vendor/github.com/containernetworking/plugins/pkg/utils/sysctl/sysctl_linux.go deleted file mode 100644 index 7ee47e1ce..000000000 --- a/vendor/github.com/containernetworking/plugins/pkg/utils/sysctl/sysctl_linux.go +++ /dev/null @@ -1,80 +0,0 @@ -// Copyright 2016 CNI authors -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package sysctl - -import ( - "fmt" - "io/ioutil" - "path/filepath" - "strings" -) - -// Sysctl provides a method to set/get values from /proc/sys - in linux systems -// new interface to set/get values of variables formerly handled by sysctl syscall -// If optional `params` have only one string value - this function will -// set this value into corresponding sysctl variable -func Sysctl(name string, params ...string) (string, error) { - if len(params) > 1 { - return "", fmt.Errorf("unexcepted additional parameters") - } else if len(params) == 1 { - return setSysctl(name, params[0]) - } - return getSysctl(name) -} - -func getSysctl(name string) (string, error) { - fullName := filepath.Join("/proc/sys", toNormalName(name)) - fullName = filepath.Clean(fullName) - data, err := ioutil.ReadFile(fullName) - if err != nil { - return "", err - } - - return string(data[:len(data)-1]), nil -} - -func setSysctl(name, value string) (string, error) { - fullName := filepath.Join("/proc/sys", toNormalName(name)) - fullName = filepath.Clean(fullName) - if err := ioutil.WriteFile(fullName, []byte(value), 0644); err != nil { - return "", err - } - - return getSysctl(name) -} - -// Normalize names by using slash as separator -// Sysctl names can use dots or slashes as separator: -// - if dots are used, dots and slashes are interchanged. -// - if slashes are used, slashes and dots are left intact. -// Separator in use is determined by first occurrence. -func toNormalName(name string) string { - interchange := false - for _, c := range name { - if c == '.' { - interchange = true - break - } - if c == '/' { - break - } - } - - if interchange { - r := strings.NewReplacer(".", "/", "/", ".") - return r.Replace(name) - } - return name -} |