diff options
Diffstat (limited to 'vendor/github.com')
12 files changed, 680 insertions, 25 deletions
diff --git a/vendor/github.com/checkpoint-restore/checkpointctl/LICENSE b/vendor/github.com/checkpoint-restore/checkpointctl/LICENSE new file mode 100644 index 000000000..8dada3eda --- /dev/null +++ b/vendor/github.com/checkpoint-restore/checkpointctl/LICENSE @@ -0,0 +1,201 @@ + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "{}" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright {yyyy} {name of copyright owner} + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. diff --git a/vendor/github.com/checkpoint-restore/checkpointctl/lib/metadata.go b/vendor/github.com/checkpoint-restore/checkpointctl/lib/metadata.go new file mode 100644 index 000000000..1c74903ad --- /dev/null +++ b/vendor/github.com/checkpoint-restore/checkpointctl/lib/metadata.go @@ -0,0 +1,221 @@ +// SPDX-License-Identifier: Apache-2.0 + +package metadata + +import ( + "encoding/json" + "fmt" + "io/ioutil" + "net" + "os" + "path/filepath" + "time" + + cnitypes "github.com/containernetworking/cni/pkg/types/current" + spec "github.com/opencontainers/runtime-spec/specs-go" + "github.com/pkg/errors" +) + +type CheckpointedPod struct { + PodUID string `json:"io.kubernetes.pod.uid,omitempty"` + ID string `json:"SandboxID,omitempty"` + Name string `json:"io.kubernetes.pod.name,omitempty"` + TerminationGracePeriod int64 `json:"io.kubernetes.pod.terminationGracePeriod,omitempty"` + Namespace string `json:"io.kubernetes.pod.namespace,omitempty"` + ConfigSource string `json:"kubernetes.io/config.source,omitempty"` + ConfigSeen string `json:"kubernetes.io/config.seen,omitempty"` + Manager string `json:"io.container.manager,omitempty"` + Containers []CheckpointedContainer `json:"Containers"` + HostIP string `json:"hostIP,omitempty"` + PodIP string `json:"podIP,omitempty"` + PodIPs []string `json:"podIPs,omitempty"` +} + +type CheckpointedContainer struct { + Name string `json:"io.kubernetes.container.name,omitempty"` + ID string `json:"id,omitempty"` + TerminationMessagePath string `json:"io.kubernetes.container.terminationMessagePath,omitempty"` + TerminationMessagePolicy string `json:"io.kubernetes.container.terminationMessagePolicy,omitempty"` + RestartCounter int32 `json:"io.kubernetes.container.restartCount,omitempty"` + TerminationMessagePathUID string `json:"terminationMessagePathUID,omitempty"` + Image string `json:"Image"` +} + +type CheckpointMetadata struct { + Version int `json:"version"` + CheckpointedPods []CheckpointedPod +} + +const ( + // kubelet archive + CheckpointedPodsFile = "checkpointed.pods" + // container archive + ConfigDumpFile = "config.dump" + SpecDumpFile = "spec.dump" + NetworkStatusFile = "network.status" + CheckpointDirectory = "checkpoint" + RootFsDiffTar = "rootfs-diff.tar" + DeletedFilesFile = "deleted.files" + // pod archive + PodOptionsFile = "pod.options" + PodDumpFile = "pod.dump" +) + +type CheckpointType int + +const ( + // The checkpoint archive contains a kubelet checkpoint + // One or multiple pods and kubelet metadata (checkpointed.pods) + Kubelet CheckpointType = iota + // The checkpoint archive contains one pod including one or multiple containers + Pod + // The checkpoint archive contains a single container + Container + Unknown +) + +// This is a reduced copy of what Podman uses to store checkpoint metadata +type ContainerConfig struct { + ID string `json:"id"` + Name string `json:"name"` + RootfsImageName string `json:"rootfsImageName,omitempty"` + OCIRuntime string `json:"runtime,omitempty"` + CreatedTime time.Time `json:"createdTime"` +} + +// This is metadata stored inside of a Pod checkpoint archive +type CheckpointedPodOptions struct { + Version int `json:"version"` + Containers []string `json:"containers,omitempty"` + MountLabel string `json:"mountLabel"` + ProcessLabel string `json:"processLabel"` +} + +func DetectCheckpointArchiveType(checkpointDirectory string) (CheckpointType, error) { + _, err := os.Stat(filepath.Join(checkpointDirectory, CheckpointedPodsFile)) + if err != nil && !os.IsNotExist(err) { + return Unknown, errors.Wrapf(err, "Failed to access %q\n", CheckpointedPodsFile) + } + if os.IsNotExist(err) { + return Container, nil + } + + return Kubelet, nil +} + +func ReadContainerCheckpointSpecDump(checkpointDirectory string) (*spec.Spec, string, error) { + var specDump spec.Spec + specDumpFile, err := ReadJSONFile(&specDump, checkpointDirectory, SpecDumpFile) + + return &specDump, specDumpFile, err +} + +func ReadContainerCheckpointConfigDump(checkpointDirectory string) (*ContainerConfig, string, error) { + var containerConfig ContainerConfig + configDumpFile, err := ReadJSONFile(&containerConfig, checkpointDirectory, ConfigDumpFile) + + return &containerConfig, configDumpFile, err +} + +func ReadContainerCheckpointDeletedFiles(checkpointDirectory string) ([]string, string, error) { + var deletedFiles []string + deletedFilesFile, err := ReadJSONFile(&deletedFiles, checkpointDirectory, DeletedFilesFile) + + return deletedFiles, deletedFilesFile, err +} + +func ReadContainerCheckpointNetworkStatus(checkpointDirectory string) ([]*cnitypes.Result, string, error) { + var networkStatus []*cnitypes.Result + networkStatusFile, err := ReadJSONFile(&networkStatus, checkpointDirectory, NetworkStatusFile) + + return networkStatus, networkStatusFile, err +} + +func ReadKubeletCheckpoints(checkpointsDirectory string) (*CheckpointMetadata, string, error) { + var checkpointMetadata CheckpointMetadata + checkpointMetadataPath, err := ReadJSONFile(&checkpointMetadata, checkpointsDirectory, CheckpointedPodsFile) + + return &checkpointMetadata, checkpointMetadataPath, err +} + +func GetIPFromNetworkStatus(networkStatus []*cnitypes.Result) net.IP { + if len(networkStatus) == 0 { + return nil + } + // Take the first IP address + if len(networkStatus[0].IPs) == 0 { + return nil + } + IP := networkStatus[0].IPs[0].Address.IP + + return IP +} + +func GetMACFromNetworkStatus(networkStatus []*cnitypes.Result) net.HardwareAddr { + if len(networkStatus) == 0 { + return nil + } + // Take the first device with a defined sandbox + if len(networkStatus[0].Interfaces) == 0 { + return nil + } + var MAC net.HardwareAddr + MAC = nil + for _, n := range networkStatus[0].Interfaces { + if n.Sandbox != "" { + MAC, _ = net.ParseMAC(n.Mac) + + break + } + } + + return MAC +} + +// WriteJSONFile marshalls and writes the given data to a JSON file +func WriteJSONFile(v interface{}, dir, file string) (string, error) { + fileJSON, err := json.MarshalIndent(v, "", " ") + if err != nil { + return "", errors.Wrapf(err, "Error marshalling JSON") + } + file = filepath.Join(dir, file) + if err := ioutil.WriteFile(file, fileJSON, 0o600); err != nil { + return "", errors.Wrapf(err, "Error writing to %q", file) + } + + return file, nil +} + +func ReadJSONFile(v interface{}, dir, file string) (string, error) { + file = filepath.Join(dir, file) + content, err := ioutil.ReadFile(file) + if err != nil { + return "", errors.Wrapf(err, "failed to read %s", file) + } + if err = json.Unmarshal(content, v); err != nil { + return "", errors.Wrapf(err, "failed to unmarshal %s", file) + } + + return file, nil +} + +func WriteKubeletCheckpointsMetadata(checkpointMetadata *CheckpointMetadata, dir string) error { + _, err := WriteJSONFile(checkpointMetadata, dir, CheckpointedPodsFile) + + return err +} + +func ByteToString(b int64) string { + const unit = 1024 + if b < unit { + return fmt.Sprintf("%d B", b) + } + div, exp := int64(unit), 0 + for n := b / unit; n >= unit; n /= unit { + div *= unit + exp++ + } + + return fmt.Sprintf("%.1f %ciB", + float64(b)/float64(div), "KMGTPE"[exp]) +} diff --git a/vendor/github.com/cri-o/ocicni/pkg/ocicni/ocicni.go b/vendor/github.com/cri-o/ocicni/pkg/ocicni/ocicni.go index d9c1d37db..b38340126 100644 --- a/vendor/github.com/cri-o/ocicni/pkg/ocicni/ocicni.go +++ b/vendor/github.com/cri-o/ocicni/pkg/ocicni/ocicni.go @@ -198,6 +198,11 @@ func InitCNI(defaultNetName string, confDir string, binDirs ...string) (CNIPlugi return initCNI(nil, "", defaultNetName, confDir, binDirs...) } +// InitCNIWithCache works like InitCNI except that it takes the cni cache directory as third param. +func InitCNIWithCache(defaultNetName, confDir, cacheDir string, binDirs ...string) (CNIPlugin, error) { + return initCNI(nil, cacheDir, defaultNetName, confDir, binDirs...) +} + // Internal function to allow faking out exec functions for testing func initCNI(exec cniinvoke.Exec, cacheDir, defaultNetName string, confDir string, binDirs ...string) (CNIPlugin, error) { if confDir == "" { @@ -208,7 +213,7 @@ func initCNI(exec cniinvoke.Exec, cacheDir, defaultNetName string, confDir strin } plugin := &cniNetworkPlugin{ - cniConfig: libcni.NewCNIConfig(binDirs, exec), + cniConfig: libcni.NewCNIConfigWithCacheDir(binDirs, cacheDir, exec), defaultNetName: netName{ name: defaultNetName, // If defaultNetName is not assigned in initialization, @@ -275,13 +280,19 @@ func loadNetworks(confDir string, cni *libcni.CNIConfig) (map[string]*cniNetwork if strings.HasSuffix(confFile, ".conflist") { confList, err = libcni.ConfListFromFile(confFile) if err != nil { - logrus.Errorf("Error loading CNI config list file %s: %v", confFile, err) + // do not log ENOENT errors + if !os.IsNotExist(err) { + logrus.Errorf("Error loading CNI config list file %s: %v", confFile, err) + } continue } } else { conf, err := libcni.ConfFromFile(confFile) if err != nil { - logrus.Errorf("Error loading CNI config file %s: %v", confFile, err) + // do not log ENOENT errors + if !os.IsNotExist(err) { + logrus.Errorf("Error loading CNI config file %s: %v", confFile, err) + } continue } if conf.Network.Type == "" { @@ -468,7 +479,7 @@ func (plugin *cniNetworkPlugin) forEachNetwork(podNetwork *PodNetwork, fromCache } } - rt, err := buildCNIRuntimeConf(plugin.cacheDir, podNetwork, ifName, podNetwork.RuntimeConfig[network.Name]) + rt, err := buildCNIRuntimeConf(podNetwork, ifName, podNetwork.RuntimeConfig[network.Name]) if err != nil { logrus.Errorf("error building CNI runtime config: %v", err) return err @@ -489,8 +500,15 @@ func (plugin *cniNetworkPlugin) forEachNetwork(podNetwork *PodNetwork, fromCache if cniNet == nil { cniNet, err = plugin.getNetwork(network.Name) if err != nil { - logrus.Errorf(err.Error()) - return err + // try to load the networks again + if err2 := plugin.syncNetworkConfig(); err2 != nil { + logrus.Error(err2) + return err + } + cniNet, err = plugin.getNetwork(network.Name) + if err != nil { + return err + } } } @@ -775,13 +793,12 @@ func (network *cniNetwork) deleteFromNetwork(ctx context.Context, rt *libcni.Run return nil } -func buildCNIRuntimeConf(cacheDir string, podNetwork *PodNetwork, ifName string, runtimeConfig RuntimeConfig) (*libcni.RuntimeConf, error) { +func buildCNIRuntimeConf(podNetwork *PodNetwork, ifName string, runtimeConfig RuntimeConfig) (*libcni.RuntimeConf, error) { logrus.Infof("Got pod network %+v", podNetwork) rt := &libcni.RuntimeConf{ ContainerID: podNetwork.ID, NetNS: podNetwork.NetNS, - CacheDir: cacheDir, IfName: ifName, Args: [][2]string{ {"IgnoreUnknown", "1"}, diff --git a/vendor/github.com/rootless-containers/rootlesskit/pkg/api/api.go b/vendor/github.com/rootless-containers/rootlesskit/pkg/api/api.go new file mode 100644 index 000000000..b6779bf70 --- /dev/null +++ b/vendor/github.com/rootless-containers/rootlesskit/pkg/api/api.go @@ -0,0 +1,36 @@ +package api + +import "net" + +const ( + // Version of the REST API, not implementation version. + // See openapi.yaml for the definition. + Version = "1.1.0" +) + +// ErrorJSON is returned with "application/json" content type and non-2XX status code +type ErrorJSON struct { + Message string `json:"message"` +} + +// Info is the structure returned by `GET /info` +type Info struct { + APIVersion string `json:"apiVersion"` // REST API version + Version string `json:"version"` // Implementation version + StateDir string `json:"stateDir"` + ChildPID int `json:"childPID"` + NetworkDriver *NetworkDriverInfo `json:"networkDriver,omitempty"` + PortDriver *PortDriverInfo `json:"portDriver,omitempty"` +} + +// NetworkDriverInfo in Info +type NetworkDriverInfo struct { + Driver string `json:"driver"` + DNS []net.IP `json:"dns,omitempty"` +} + +// PortDriverInfo in Info +type PortDriverInfo struct { + Driver string `json:"driver"` + Protos []string `json:"protos"` +} diff --git a/vendor/github.com/rootless-containers/rootlesskit/pkg/api/openapi.yaml b/vendor/github.com/rootless-containers/rootlesskit/pkg/api/openapi.yaml new file mode 100644 index 000000000..6a6550c33 --- /dev/null +++ b/vendor/github.com/rootless-containers/rootlesskit/pkg/api/openapi.yaml @@ -0,0 +1,161 @@ +# When you made a change to this YAML, please validate with https://editor.swagger.io +openapi: 3.0.3 +info: + version: 1.1.0 + title: RootlessKit API +servers: + - url: 'http://rootlesskit/v1' + description: Local UNIX socket server. The host part of the URL is ignored. +paths: +# /info: API >= 1.1.0 + /info: + get: + responses: + '200': + description: Info. Available since API 1.1.0. + content: + application/json: + schema: + $ref: '#/components/schemas/Info' + /ports: + get: + responses: + '200': + description: An array of PortStatus + content: + application/json: + schema: + $ref: '#/components/schemas/PortStatuses' + post: + requestBody: + required: true + content: + application/json: + schema: + $ref: '#/components/schemas/PortSpec' + responses: + '201': + description: PortStatus with ID + content: + application/json: + schema: + $ref: '#/components/schemas/PortStatus' + '/ports/{id}': + delete: + parameters: + - name: id + in: path + required: true + schema: + type: integer + format: int64 + responses: + '200': + description: Null response +components: + schemas: + Proto: + type: string + description: "protocol for listening. Corresponds to Go's net.Listen. The strings with \"4\" and \"6\" suffixes were introduced in API 1.1.0." + enum: + - tcp + - tcp4 + - tcp6 + - udp + - udp4 + - udp6 + - sctp + - sctp4 + - sctp6 + PortSpec: + required: + - proto + properties: + proto: + $ref: '#/components/schemas/Proto' + parentIP: + type: string + parentPort: + type: integer + format: int32 + minimum: 1 + maximum: 65535 + childIP: + type: string +# future version may support requests with parentPort<=0 for automatic port assignment + childPort: + type: integer + format: int32 + minimum: 1 + maximum: 65535 + PortStatus: + required: + - id + properties: + id: + type: integer + format: int64 + spec: + $ref: '#/components/schemas/PortSpec' + PortStatuses: + type: array + items: + $ref: '#/components/schemas/PortStatus' +# Info: API >= 1.1.0 + Info: + required: + - apiVersion + - version + - stateDir + - childPID + properties: + apiVersion: + type: string + description: "API version, without \"v\" prefix" + example: "1.1.0" + version: + type: string + description: "Implementation version, without \"v\" prefix" + example: "0.42.0-beta.1+dev" + stateDir: + type: string + description: "state dir" + example: "/run/user/1000/rootlesskit" + childPID: + type: integer + description: "child PID" + example: 10042 + networkDriver: + $ref: '#/components/schemas/NetworkDriverInfo' + portDriver: + $ref: '#/components/schemas/PortDriverInfo' + NetworkDriverInfo: + required: + - driver + properties: + driver: + type: string + description: "network driver. Empty when --net=host." + example: "slirp4netns" +# TODO: return TAP info + dns: + type: array + description: "DNS addresses" + items: + type: string + example: ["10.0.2.3"] + PortDriverInfo: + required: + - driver + - supportedProtos + properties: + driver: + type: string + description: "port driver" + example: "builtin" + protos: + type: array + description: "The supported protocol strings for listening ports" + example: ["tcp","udp"] + items: + $ref: '#/components/schemas/Proto' diff --git a/vendor/github.com/rootless-containers/rootlesskit/pkg/port/builtin/child/child.go b/vendor/github.com/rootless-containers/rootlesskit/pkg/port/builtin/child/child.go index fc249c2d9..05dc0303c 100644 --- a/vendor/github.com/rootless-containers/rootlesskit/pkg/port/builtin/child/child.go +++ b/vendor/github.com/rootless-containers/rootlesskit/pkg/port/builtin/child/child.go @@ -1,10 +1,11 @@ package child import ( - "fmt" "io" "net" "os" + "strconv" + "strings" "github.com/pkg/errors" "golang.org/x/sys/unix" @@ -101,10 +102,16 @@ func (d *childDriver) handleConnectInit(c *net.UnixConn, req *msg.Request) error func (d *childDriver) handleConnectRequest(c *net.UnixConn, req *msg.Request) error { switch req.Proto { case "tcp": + case "tcp4": + case "tcp6": case "udp": + case "udp4": + case "udp6": default: return errors.Errorf("unknown proto: %q", req.Proto) } + // dialProto does not need "4", "6" suffix + dialProto := strings.TrimSuffix(strings.TrimSuffix(req.Proto, "6"), "4") var dialer net.Dialer ip := req.IP if ip == "" { @@ -114,13 +121,9 @@ func (d *childDriver) handleConnectRequest(c *net.UnixConn, req *msg.Request) er if p == nil { return errors.Errorf("invalid IP: %q", ip) } - p = p.To4() - if p == nil { - return errors.Errorf("unsupported IP (v6?): %s", ip) - } ip = p.String() } - targetConn, err := dialer.Dial(req.Proto, fmt.Sprintf("%s:%d", ip, req.Port)) + targetConn, err := dialer.Dial(dialProto, net.JoinHostPort(ip, strconv.Itoa(req.Port))) if err != nil { return err } diff --git a/vendor/github.com/rootless-containers/rootlesskit/pkg/port/builtin/msg/msg.go b/vendor/github.com/rootless-containers/rootlesskit/pkg/port/builtin/msg/msg.go index a8c8e0385..a60d99bd9 100644 --- a/vendor/github.com/rootless-containers/rootlesskit/pkg/port/builtin/msg/msg.go +++ b/vendor/github.com/rootless-containers/rootlesskit/pkg/port/builtin/msg/msg.go @@ -19,7 +19,7 @@ const ( // Request and Response are encoded as JSON with uint32le length header. type Request struct { Type string // "init" or "connect" - Proto string // "tcp" or "udp" + Proto string // "tcp", "tcp4", "tcp6", "udp", "udp4", "udp6" IP string Port int } diff --git a/vendor/github.com/rootless-containers/rootlesskit/pkg/port/builtin/parent/parent.go b/vendor/github.com/rootless-containers/rootlesskit/pkg/port/builtin/parent/parent.go index f6e5e56ed..e7ce641e1 100644 --- a/vendor/github.com/rootless-containers/rootlesskit/pkg/port/builtin/parent/parent.go +++ b/vendor/github.com/rootless-containers/rootlesskit/pkg/port/builtin/parent/parent.go @@ -15,6 +15,7 @@ import ( "github.com/pkg/errors" + "github.com/rootless-containers/rootlesskit/pkg/api" "github.com/rootless-containers/rootlesskit/pkg/port" "github.com/rootless-containers/rootlesskit/pkg/port/builtin/msg" "github.com/rootless-containers/rootlesskit/pkg/port/builtin/opaque" @@ -56,6 +57,14 @@ type driver struct { nextID int } +func (d *driver) Info(ctx context.Context) (*api.PortDriverInfo, error) { + info := &api.PortDriverInfo{ + Driver: "builtin", + Protos: []string{"tcp", "tcp4", "tcp6", "udp", "udp4", "udp6"}, + } + return info, nil +} + func (d *driver) OpaqueForChild() map[string]string { return map[string]string{ opaque.SocketPath: d.socketPath, @@ -134,9 +143,9 @@ func (d *driver) AddPort(ctx context.Context, spec port.Spec) (*port.Status, err return nil // FIXME } switch spec.Proto { - case "tcp": + case "tcp", "tcp4", "tcp6": err = tcp.Run(d.socketPath, spec, routineStopCh, d.logWriter) - case "udp": + case "udp", "udp4", "udp6": err = udp.Run(d.socketPath, spec, routineStopCh, d.logWriter) default: // NOTREACHED diff --git a/vendor/github.com/rootless-containers/rootlesskit/pkg/port/builtin/parent/tcp/tcp.go b/vendor/github.com/rootless-containers/rootlesskit/pkg/port/builtin/parent/tcp/tcp.go index 9fb801162..7a7a167f1 100644 --- a/vendor/github.com/rootless-containers/rootlesskit/pkg/port/builtin/parent/tcp/tcp.go +++ b/vendor/github.com/rootless-containers/rootlesskit/pkg/port/builtin/parent/tcp/tcp.go @@ -13,7 +13,7 @@ import ( ) func Run(socketPath string, spec port.Spec, stopCh <-chan struct{}, logWriter io.Writer) error { - ln, err := net.Listen("tcp", net.JoinHostPort(spec.ParentIP, strconv.Itoa(spec.ParentPort))) + ln, err := net.Listen(spec.Proto, net.JoinHostPort(spec.ParentIP, strconv.Itoa(spec.ParentPort))) if err != nil { fmt.Fprintf(logWriter, "listen: %v\n", err) return err diff --git a/vendor/github.com/rootless-containers/rootlesskit/pkg/port/builtin/parent/udp/udp.go b/vendor/github.com/rootless-containers/rootlesskit/pkg/port/builtin/parent/udp/udp.go index fbff2b081..0080dd22c 100644 --- a/vendor/github.com/rootless-containers/rootlesskit/pkg/port/builtin/parent/udp/udp.go +++ b/vendor/github.com/rootless-containers/rootlesskit/pkg/port/builtin/parent/udp/udp.go @@ -14,11 +14,11 @@ import ( ) func Run(socketPath string, spec port.Spec, stopCh <-chan struct{}, logWriter io.Writer) error { - addr, err := net.ResolveUDPAddr("udp", net.JoinHostPort(spec.ParentIP, strconv.Itoa(spec.ParentPort))) + addr, err := net.ResolveUDPAddr(spec.Proto, net.JoinHostPort(spec.ParentIP, strconv.Itoa(spec.ParentPort))) if err != nil { return err } - c, err := net.ListenUDP("udp", addr) + c, err := net.ListenUDP(spec.Proto, addr) if err != nil { return err } diff --git a/vendor/github.com/rootless-containers/rootlesskit/pkg/port/port.go b/vendor/github.com/rootless-containers/rootlesskit/pkg/port/port.go index 41ec33487..c95bfc7c7 100644 --- a/vendor/github.com/rootless-containers/rootlesskit/pkg/port/port.go +++ b/vendor/github.com/rootless-containers/rootlesskit/pkg/port/port.go @@ -3,17 +3,20 @@ package port import ( "context" "net" + + "github.com/rootless-containers/rootlesskit/pkg/api" ) type Spec struct { - Proto string `json:"proto,omitempty"` // either "tcp" or "udp". in future "sctp" will be supported as well. - ParentIP string `json:"parentIP,omitempty"` // IPv4 address. can be empty (0.0.0.0). + // Proto is one of ["tcp", "tcp4", "tcp6", "udp", "udp4", "udp6"]. + // "tcp" may cause listening on both IPv4 and IPv6. (Corresponds to Go's net.Listen .) + Proto string `json:"proto,omitempty"` + ParentIP string `json:"parentIP,omitempty"` // IPv4 or IPv6 address. can be empty (0.0.0.0). ParentPort int `json:"parentPort,omitempty"` ChildPort int `json:"childPort,omitempty"` - // ChildIP is an IPv4 address. + // ChildIP is an IPv4 or IPv6 address. // Default values: // - builtin driver: 127.0.0.1 - // - socat driver: 127.0.0.1 // - slirp4netns driver: slirp4netns's child IP, e.g., 10.0.2.100 ChildIP string `json:"childIP,omitempty"` } @@ -41,6 +44,7 @@ type ChildContext struct { // ParentDriver is a driver for the parent process. type ParentDriver interface { Manager + Info(ctx context.Context) (*api.PortDriverInfo, error) // OpaqueForChild typically consists of socket path // for controlling child from parent OpaqueForChild() map[string]string diff --git a/vendor/github.com/rootless-containers/rootlesskit/pkg/port/portutil/portutil.go b/vendor/github.com/rootless-containers/rootlesskit/pkg/port/portutil/portutil.go index a885a76ca..937932642 100644 --- a/vendor/github.com/rootless-containers/rootlesskit/pkg/port/portutil/portutil.go +++ b/vendor/github.com/rootless-containers/rootlesskit/pkg/port/portutil/portutil.go @@ -152,7 +152,10 @@ func ValidatePortSpec(spec port.Spec, existingPorts map[int]*port.Status) error func validateProto(proto string) error { switch proto { - case "tcp", "udp", "sctp": + case + "tcp", "tcp4", "tcp6", + "udp", "udp4", "udp6", + "sctp", "sctp4", "sctp6": return nil default: return errors.Errorf("unknown proto: %q", proto) |