2021-05-25 19:48:54 -04:00
|
|
|
// +build linux
|
|
|
|
|
2015-06-10 17:24:19 -04:00
|
|
|
package overlay
|
|
|
|
|
|
|
|
import (
|
|
|
|
"fmt"
|
2015-09-18 15:54:08 -04:00
|
|
|
"net"
|
2016-06-15 16:07:52 -04:00
|
|
|
"syscall"
|
2015-06-10 17:24:19 -04:00
|
|
|
|
2021-04-05 20:24:47 -04:00
|
|
|
"github.com/docker/docker/libnetwork/driverapi"
|
|
|
|
"github.com/docker/docker/libnetwork/ns"
|
|
|
|
"github.com/docker/docker/libnetwork/types"
|
2016-05-18 23:44:50 -04:00
|
|
|
"github.com/gogo/protobuf/proto"
|
2017-07-26 17:18:31 -04:00
|
|
|
"github.com/sirupsen/logrus"
|
2015-06-10 17:24:19 -04:00
|
|
|
)
|
|
|
|
|
|
|
|
// Join method is invoked when a Sandbox is attached to an endpoint.
|
2015-07-02 01:00:48 -04:00
|
|
|
func (d *driver) Join(nid, eid string, sboxKey string, jinfo driverapi.JoinInfo, options map[string]interface{}) error {
|
2015-06-10 17:24:19 -04:00
|
|
|
if err := validateID(nid, eid); err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
|
|
|
|
n := d.network(nid)
|
|
|
|
if n == nil {
|
|
|
|
return fmt.Errorf("could not find network with id %s", nid)
|
|
|
|
}
|
|
|
|
|
|
|
|
ep := n.endpoint(eid)
|
|
|
|
if ep == nil {
|
|
|
|
return fmt.Errorf("could not find endpoint with id %s", eid)
|
|
|
|
}
|
|
|
|
|
2016-06-06 21:17:10 -04:00
|
|
|
if n.secure && len(d.keys) == 0 {
|
|
|
|
return fmt.Errorf("cannot join secure network: encryption keys not present")
|
|
|
|
}
|
|
|
|
|
2016-06-15 16:07:52 -04:00
|
|
|
nlh := ns.NlHandle()
|
|
|
|
|
|
|
|
if n.secure && !nlh.SupportsNetlinkFamily(syscall.NETLINK_XFRM) {
|
|
|
|
return fmt.Errorf("cannot join secure network: required modules to install IPSEC rules are missing on host")
|
|
|
|
}
|
|
|
|
|
2015-09-29 02:06:57 -04:00
|
|
|
s := n.getSubnetforIP(ep.addr)
|
|
|
|
if s == nil {
|
|
|
|
return fmt.Errorf("could not find subnet for endpoint %s", eid)
|
|
|
|
}
|
|
|
|
|
|
|
|
if err := n.obtainVxlanID(s); err != nil {
|
|
|
|
return fmt.Errorf("couldn't get vxlan id for %q: %v", s.subnetIP.String(), err)
|
|
|
|
}
|
|
|
|
|
2018-05-04 14:33:00 -04:00
|
|
|
if err := n.joinSandbox(s, false, true); err != nil {
|
2015-10-03 19:11:50 -04:00
|
|
|
return fmt.Errorf("network sandbox join failed: %v", err)
|
2015-06-10 17:24:19 -04:00
|
|
|
}
|
|
|
|
|
|
|
|
sbox := n.sandbox()
|
|
|
|
|
2016-01-27 15:25:28 -05:00
|
|
|
overlayIfName, containerIfName, err := createVethPair()
|
2015-06-10 17:24:19 -04:00
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
|
2016-03-07 17:59:29 -05:00
|
|
|
ep.ifName = containerIfName
|
2016-01-06 16:30:03 -05:00
|
|
|
|
2017-09-07 14:25:06 -04:00
|
|
|
if err = d.writeEndpointToStore(ep); err != nil {
|
2018-07-05 16:33:01 -04:00
|
|
|
return fmt.Errorf("failed to update overlay endpoint %.7s to local data store: %v", ep.id, err)
|
2016-06-08 01:54:28 -04:00
|
|
|
}
|
|
|
|
|
2015-09-02 11:31:45 -04:00
|
|
|
// Set the container interface and its peer MTU to 1450 to allow
|
|
|
|
// for 50 bytes vxlan encap (inner eth header(14) + outer IP(20) +
|
|
|
|
// outer UDP(8) + vxlan header(8))
|
2016-07-02 03:02:41 -04:00
|
|
|
mtu := n.maxMTU()
|
|
|
|
|
2016-05-16 14:51:40 -04:00
|
|
|
veth, err := nlh.LinkByName(overlayIfName)
|
2015-09-02 11:31:45 -04:00
|
|
|
if err != nil {
|
2016-01-27 15:25:28 -05:00
|
|
|
return fmt.Errorf("cound not find link by name %s: %v", overlayIfName, err)
|
2015-09-02 11:31:45 -04:00
|
|
|
}
|
2016-07-02 03:02:41 -04:00
|
|
|
err = nlh.LinkSetMTU(veth, mtu)
|
2015-09-02 11:31:45 -04:00
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
|
2017-09-07 14:25:06 -04:00
|
|
|
if err = sbox.AddInterface(overlayIfName, "veth",
|
2015-09-29 02:06:57 -04:00
|
|
|
sbox.InterfaceOptions().Master(s.brName)); err != nil {
|
2015-06-10 17:24:19 -04:00
|
|
|
return fmt.Errorf("could not add veth pair inside the network sandbox: %v", err)
|
|
|
|
}
|
|
|
|
|
2016-05-16 14:51:40 -04:00
|
|
|
veth, err = nlh.LinkByName(containerIfName)
|
2015-06-10 17:24:19 -04:00
|
|
|
if err != nil {
|
2016-01-27 15:25:28 -05:00
|
|
|
return fmt.Errorf("could not find link by name %s: %v", containerIfName, err)
|
2015-06-10 17:24:19 -04:00
|
|
|
}
|
2016-07-02 03:02:41 -04:00
|
|
|
err = nlh.LinkSetMTU(veth, mtu)
|
2015-09-02 11:31:45 -04:00
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
}
|
2015-06-10 17:24:19 -04:00
|
|
|
|
2017-09-07 14:25:06 -04:00
|
|
|
if err = nlh.LinkSetHardwareAddr(veth, ep.mac); err != nil {
|
2015-10-03 19:11:50 -04:00
|
|
|
return fmt.Errorf("could not set mac address (%v) to the container interface: %v", ep.mac, err)
|
2015-06-10 17:24:19 -04:00
|
|
|
}
|
|
|
|
|
2015-10-01 01:40:26 -04:00
|
|
|
for _, sub := range n.subnets {
|
|
|
|
if sub == s {
|
|
|
|
continue
|
|
|
|
}
|
2017-09-07 14:25:06 -04:00
|
|
|
if err = jinfo.AddStaticRoute(sub.subnetIP, types.NEXTHOP, s.gwIP.IP); err != nil {
|
2016-11-01 00:26:14 -04:00
|
|
|
logrus.Errorf("Adding subnet %s static route in network %q failed\n", s.subnetIP, n.id)
|
2015-10-01 01:40:26 -04:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2015-09-09 19:06:35 -04:00
|
|
|
if iNames := jinfo.InterfaceName(); iNames != nil {
|
2016-01-27 15:25:28 -05:00
|
|
|
err = iNames.SetNames(containerIfName, "eth")
|
2015-09-09 19:06:35 -04:00
|
|
|
if err != nil {
|
|
|
|
return err
|
2015-06-10 17:24:19 -04:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2017-08-14 12:20:55 -04:00
|
|
|
d.peerAdd(nid, eid, ep.addr.IP, ep.addr.Mask, ep.mac, net.ParseIP(d.advertiseAddress), false, false, true)
|
2016-04-28 19:54:47 -04:00
|
|
|
|
2017-09-07 14:25:06 -04:00
|
|
|
if err = d.checkEncryption(nid, nil, n.vxlanID(s), true, true); err != nil {
|
2016-11-01 00:26:14 -04:00
|
|
|
logrus.Warn(err)
|
2016-06-06 21:17:10 -04:00
|
|
|
}
|
|
|
|
|
2016-05-18 23:44:50 -04:00
|
|
|
buf, err := proto.Marshal(&PeerRecord{
|
|
|
|
EndpointIP: ep.addr.String(),
|
|
|
|
EndpointMAC: ep.mac.String(),
|
2016-07-19 21:17:30 -04:00
|
|
|
TunnelEndpointIP: d.advertiseAddress,
|
2016-05-18 23:44:50 -04:00
|
|
|
})
|
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
|
|
|
|
if err := jinfo.AddTableEntry(ovPeerTable, eid, buf); err != nil {
|
2016-11-01 00:26:14 -04:00
|
|
|
logrus.Errorf("overlay: Failed adding table entry to joininfo: %v", err)
|
2016-04-28 19:54:47 -04:00
|
|
|
}
|
|
|
|
|
2015-10-02 15:20:29 -04:00
|
|
|
d.pushLocalEndpointEvent("join", nid, eid)
|
2015-06-10 17:24:19 -04:00
|
|
|
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
|
2017-03-02 02:57:37 -05:00
|
|
|
func (d *driver) DecodeTableEntry(tablename string, key string, value []byte) (string, map[string]string) {
|
|
|
|
if tablename != ovPeerTable {
|
|
|
|
logrus.Errorf("DecodeTableEntry: unexpected table name %s", tablename)
|
|
|
|
return "", nil
|
|
|
|
}
|
|
|
|
|
|
|
|
var peer PeerRecord
|
|
|
|
if err := proto.Unmarshal(value, &peer); err != nil {
|
|
|
|
logrus.Errorf("DecodeTableEntry: failed to unmarshal peer record for key %s: %v", key, err)
|
|
|
|
return "", nil
|
|
|
|
}
|
|
|
|
|
|
|
|
return key, map[string]string{
|
|
|
|
"Host IP": peer.TunnelEndpointIP,
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2016-04-28 19:54:47 -04:00
|
|
|
func (d *driver) EventNotify(etype driverapi.EventType, nid, tableName, key string, value []byte) {
|
|
|
|
if tableName != ovPeerTable {
|
2016-11-01 00:26:14 -04:00
|
|
|
logrus.Errorf("Unexpected table notification for table %s received", tableName)
|
2016-04-28 19:54:47 -04:00
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
eid := key
|
2016-05-18 23:44:50 -04:00
|
|
|
|
|
|
|
var peer PeerRecord
|
|
|
|
if err := proto.Unmarshal(value, &peer); err != nil {
|
2016-11-01 00:26:14 -04:00
|
|
|
logrus.Errorf("Failed to unmarshal peer record: %v", err)
|
2016-04-28 19:54:47 -04:00
|
|
|
return
|
|
|
|
}
|
|
|
|
|
2016-06-07 01:58:28 -04:00
|
|
|
// Ignore local peers. We already know about them and they
|
|
|
|
// should not be added to vxlan fdb.
|
2016-07-19 21:17:30 -04:00
|
|
|
if peer.TunnelEndpointIP == d.advertiseAddress {
|
2016-06-07 01:58:28 -04:00
|
|
|
return
|
|
|
|
}
|
|
|
|
|
2016-05-18 23:44:50 -04:00
|
|
|
addr, err := types.ParseCIDR(peer.EndpointIP)
|
2016-04-28 19:54:47 -04:00
|
|
|
if err != nil {
|
2016-11-01 00:26:14 -04:00
|
|
|
logrus.Errorf("Invalid peer IP %s received in event notify", peer.EndpointIP)
|
2016-04-28 19:54:47 -04:00
|
|
|
return
|
|
|
|
}
|
|
|
|
|
2016-05-18 23:44:50 -04:00
|
|
|
mac, err := net.ParseMAC(peer.EndpointMAC)
|
2016-04-28 19:54:47 -04:00
|
|
|
if err != nil {
|
2016-11-01 00:26:14 -04:00
|
|
|
logrus.Errorf("Invalid mac %s received in event notify", peer.EndpointMAC)
|
2016-04-28 19:54:47 -04:00
|
|
|
return
|
|
|
|
}
|
|
|
|
|
2016-05-18 23:44:50 -04:00
|
|
|
vtep := net.ParseIP(peer.TunnelEndpointIP)
|
2016-04-28 19:54:47 -04:00
|
|
|
if vtep == nil {
|
2016-11-01 00:26:14 -04:00
|
|
|
logrus.Errorf("Invalid VTEP %s received in event notify", peer.TunnelEndpointIP)
|
2016-04-28 19:54:47 -04:00
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
if etype == driverapi.Delete {
|
2017-09-05 13:43:20 -04:00
|
|
|
d.peerDelete(nid, eid, addr.IP, addr.Mask, mac, vtep, false)
|
2016-04-28 19:54:47 -04:00
|
|
|
return
|
|
|
|
}
|
|
|
|
|
2017-08-14 12:20:55 -04:00
|
|
|
d.peerAdd(nid, eid, addr.IP, addr.Mask, mac, vtep, false, false, false)
|
2016-04-28 19:54:47 -04:00
|
|
|
}
|
|
|
|
|
2015-06-10 17:24:19 -04:00
|
|
|
// Leave method is invoked when a Sandbox detaches from an endpoint.
|
2015-07-02 01:00:48 -04:00
|
|
|
func (d *driver) Leave(nid, eid string) error {
|
2015-06-10 17:24:19 -04:00
|
|
|
if err := validateID(nid, eid); err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
|
|
|
|
n := d.network(nid)
|
|
|
|
if n == nil {
|
|
|
|
return fmt.Errorf("could not find network with id %s", nid)
|
|
|
|
}
|
|
|
|
|
2015-10-29 20:16:52 -04:00
|
|
|
ep := n.endpoint(eid)
|
|
|
|
|
|
|
|
if ep == nil {
|
|
|
|
return types.InternalMaskableErrorf("could not find endpoint with id %s", eid)
|
|
|
|
}
|
|
|
|
|
2015-10-24 11:51:15 -04:00
|
|
|
if d.notifyCh != nil {
|
|
|
|
d.notifyCh <- ovNotify{
|
|
|
|
action: "leave",
|
2016-03-29 14:19:23 -04:00
|
|
|
nw: n,
|
|
|
|
ep: ep,
|
2015-10-24 11:51:15 -04:00
|
|
|
}
|
2015-06-10 17:24:19 -04:00
|
|
|
}
|
|
|
|
|
2017-09-05 13:43:20 -04:00
|
|
|
d.peerDelete(nid, eid, ep.addr.IP, ep.addr.Mask, ep.mac, net.ParseIP(d.advertiseAddress), true)
|
2016-06-06 21:17:10 -04:00
|
|
|
|
2017-09-07 14:25:06 -04:00
|
|
|
n.leaveSandbox()
|
|
|
|
|
2015-06-10 17:24:19 -04:00
|
|
|
return nil
|
|
|
|
}
|