2021-08-23 09:14:53 -04:00
|
|
|
//go:build linux
|
2021-05-25 19:48:54 -04:00
|
|
|
// +build linux
|
|
|
|
|
|
2015-02-19 20:21:42 -05:00
|
|
|
package bridge
|
|
|
|
|
|
2015-02-20 01:21:05 -05:00
|
|
|
import (
|
2015-05-14 02:23:45 -04:00
|
|
|
"errors"
|
2015-06-30 02:10:30 -04:00
|
|
|
"fmt"
|
2015-02-20 01:21:05 -05:00
|
|
|
"net"
|
2015-07-17 04:56:46 -04:00
|
|
|
"os"
|
2015-05-28 16:01:00 -04:00
|
|
|
"os/exec"
|
2015-07-23 16:00:36 -04:00
|
|
|
"path/filepath"
|
2015-05-22 13:56:36 -04:00
|
|
|
"strconv"
|
2015-04-10 14:59:05 -04:00
|
|
|
"sync"
|
2015-07-23 16:00:36 -04:00
|
|
|
"syscall"
|
2015-02-20 01:21:05 -05:00
|
|
|
|
2021-04-05 20:24:47 -04:00
|
|
|
"github.com/docker/docker/libnetwork/datastore"
|
|
|
|
|
"github.com/docker/docker/libnetwork/discoverapi"
|
|
|
|
|
"github.com/docker/docker/libnetwork/driverapi"
|
|
|
|
|
"github.com/docker/docker/libnetwork/iptables"
|
|
|
|
|
"github.com/docker/docker/libnetwork/netlabel"
|
|
|
|
|
"github.com/docker/docker/libnetwork/netutils"
|
|
|
|
|
"github.com/docker/docker/libnetwork/ns"
|
|
|
|
|
"github.com/docker/docker/libnetwork/options"
|
|
|
|
|
"github.com/docker/docker/libnetwork/osl"
|
|
|
|
|
"github.com/docker/docker/libnetwork/portmapper"
|
|
|
|
|
"github.com/docker/docker/libnetwork/types"
|
2017-07-26 17:18:31 -04:00
|
|
|
"github.com/sirupsen/logrus"
|
2015-04-13 14:40:42 -04:00
|
|
|
"github.com/vishvananda/netlink"
|
2015-02-20 01:21:05 -05:00
|
|
|
)
|
2015-02-19 20:21:42 -05:00
|
|
|
|
2015-02-22 20:24:22 -05:00
|
|
|
const (
|
2017-02-27 17:23:12 -05:00
|
|
|
networkType = "bridge"
|
|
|
|
|
vethPrefix = "veth"
|
|
|
|
|
vethLen = 7
|
|
|
|
|
defaultContainerVethPrefix = "eth"
|
|
|
|
|
maxAllocatePortAttempts = 10
|
2015-02-22 20:24:22 -05:00
|
|
|
)
|
2015-02-19 20:21:42 -05:00
|
|
|
|
2015-10-04 22:08:31 -04:00
|
|
|
const (
|
|
|
|
|
// DefaultGatewayV4AuxKey represents the default-gateway configured by the user
|
|
|
|
|
DefaultGatewayV4AuxKey = "DefaultGatewayIPv4"
|
|
|
|
|
// DefaultGatewayV6AuxKey represents the ipv6 default-gateway configured by the user
|
|
|
|
|
DefaultGatewayV6AuxKey = "DefaultGatewayIPv6"
|
|
|
|
|
)
|
|
|
|
|
|
2017-09-08 17:48:03 -04:00
|
|
|
type defaultBridgeNetworkConflict struct {
|
|
|
|
|
ID string
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func (d defaultBridgeNetworkConflict) Error() string {
|
|
|
|
|
return fmt.Sprintf("Stale default bridge network %s", d.ID)
|
|
|
|
|
}
|
|
|
|
|
|
2015-10-05 01:53:45 -04:00
|
|
|
type iptableCleanFunc func() error
|
|
|
|
|
type iptablesCleanFuncs []iptableCleanFunc
|
|
|
|
|
|
2015-05-22 13:56:36 -04:00
|
|
|
// configuration info for the "bridge" driver.
|
|
|
|
|
type configuration struct {
|
2015-06-11 21:12:00 -04:00
|
|
|
EnableIPForwarding bool
|
|
|
|
|
EnableIPTables bool
|
2020-07-18 13:48:03 -04:00
|
|
|
EnableIP6Tables bool
|
2015-06-11 21:12:00 -04:00
|
|
|
EnableUserlandProxy bool
|
2016-09-25 11:43:27 -04:00
|
|
|
UserlandProxyPath string
|
2015-05-06 01:51:26 -04:00
|
|
|
}
|
|
|
|
|
|
2015-05-22 13:56:36 -04:00
|
|
|
// networkConfiguration for network specific configuration
|
|
|
|
|
type networkConfiguration struct {
|
2017-02-27 17:23:12 -05:00
|
|
|
ID string
|
|
|
|
|
BridgeName string
|
|
|
|
|
EnableIPv6 bool
|
|
|
|
|
EnableIPMasquerade bool
|
|
|
|
|
EnableICC bool
|
2018-12-23 19:05:20 -05:00
|
|
|
InhibitIPv4 bool
|
2017-02-27 17:23:12 -05:00
|
|
|
Mtu int
|
|
|
|
|
DefaultBindingIP net.IP
|
|
|
|
|
DefaultBridge bool
|
2019-09-25 01:08:25 -04:00
|
|
|
HostIP net.IP
|
2017-02-27 17:23:12 -05:00
|
|
|
ContainerIfacePrefix string
|
2015-10-05 17:53:25 -04:00
|
|
|
// Internal fields set after ipam data parsing
|
|
|
|
|
AddressIPv4 *net.IPNet
|
|
|
|
|
AddressIPv6 *net.IPNet
|
|
|
|
|
DefaultGatewayIPv4 net.IP
|
|
|
|
|
DefaultGatewayIPv6 net.IP
|
2015-10-08 17:59:47 -04:00
|
|
|
dbIndex uint64
|
|
|
|
|
dbExists bool
|
2016-01-06 08:06:23 -05:00
|
|
|
Internal bool
|
2016-06-27 23:42:50 -04:00
|
|
|
|
|
|
|
|
BridgeIfaceCreator ifaceCreator
|
2015-02-19 20:21:42 -05:00
|
|
|
}
|
|
|
|
|
|
2016-06-27 23:42:50 -04:00
|
|
|
// ifaceCreator represents how the bridge interface was created
|
|
|
|
|
type ifaceCreator int8
|
|
|
|
|
|
|
|
|
|
const (
|
|
|
|
|
ifaceCreatorUnknown ifaceCreator = iota
|
|
|
|
|
ifaceCreatedByLibnetwork
|
|
|
|
|
ifaceCreatedByUser
|
|
|
|
|
)
|
|
|
|
|
|
2015-05-22 13:56:36 -04:00
|
|
|
// endpointConfiguration represents the user specified configuration for the sandbox endpoint
|
|
|
|
|
type endpointConfiguration struct {
|
2015-12-07 17:45:51 -05:00
|
|
|
MacAddress net.HardwareAddr
|
2015-04-23 14:15:15 -04:00
|
|
|
}
|
|
|
|
|
|
2015-05-22 13:56:36 -04:00
|
|
|
// containerConfiguration represents the user specified configuration for a container
|
|
|
|
|
type containerConfiguration struct {
|
2015-05-05 16:46:11 -04:00
|
|
|
ParentEndpoints []string
|
|
|
|
|
ChildEndpoints []string
|
2015-04-30 17:52:46 -04:00
|
|
|
}
|
|
|
|
|
|
2017-05-21 22:25:52 -04:00
|
|
|
// connectivityConfiguration represents the user specified configuration regarding the external connectivity
|
2015-12-07 17:45:51 -05:00
|
|
|
type connectivityConfiguration struct {
|
|
|
|
|
PortBindings []types.PortBinding
|
|
|
|
|
ExposedPorts []types.TransportPort
|
|
|
|
|
}
|
|
|
|
|
|
2015-04-13 14:40:42 -04:00
|
|
|
type bridgeEndpoint struct {
|
2015-07-02 01:00:48 -04:00
|
|
|
id string
|
2016-06-10 11:30:56 -04:00
|
|
|
nid string
|
2015-06-04 23:21:23 -04:00
|
|
|
srcName string
|
|
|
|
|
addr *net.IPNet
|
|
|
|
|
addrv6 *net.IPNet
|
2015-05-05 20:33:08 -04:00
|
|
|
macAddress net.HardwareAddr
|
2015-05-22 13:56:36 -04:00
|
|
|
config *endpointConfiguration // User specified parameters
|
|
|
|
|
containerConfig *containerConfiguration
|
2015-12-07 17:45:51 -05:00
|
|
|
extConnConfig *connectivityConfiguration
|
2015-05-20 16:28:46 -04:00
|
|
|
portMapping []types.PortBinding // Operation port bindings
|
2016-06-10 11:30:56 -04:00
|
|
|
dbIndex uint64
|
|
|
|
|
dbExists bool
|
2015-04-13 14:40:42 -04:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
type bridgeNetwork struct {
|
2015-10-05 01:53:45 -04:00
|
|
|
id string
|
|
|
|
|
bridge *bridgeInterface // The bridge's L3 interface
|
|
|
|
|
config *networkConfiguration
|
|
|
|
|
endpoints map[string]*bridgeEndpoint // key: endpoint id
|
|
|
|
|
portMapper *portmapper.PortMapper
|
2017-11-28 16:15:55 -05:00
|
|
|
portMapperV6 *portmapper.PortMapper
|
2015-10-05 01:53:45 -04:00
|
|
|
driver *driver // The network's driver
|
|
|
|
|
iptCleanFuncs iptablesCleanFuncs
|
2015-04-13 14:40:42 -04:00
|
|
|
sync.Mutex
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
type driver struct {
|
2017-11-28 16:15:55 -05:00
|
|
|
config *configuration
|
|
|
|
|
natChain *iptables.ChainInfo
|
|
|
|
|
filterChain *iptables.ChainInfo
|
|
|
|
|
isolationChain1 *iptables.ChainInfo
|
|
|
|
|
isolationChain2 *iptables.ChainInfo
|
|
|
|
|
natChainV6 *iptables.ChainInfo
|
|
|
|
|
filterChainV6 *iptables.ChainInfo
|
|
|
|
|
isolationChain1V6 *iptables.ChainInfo
|
|
|
|
|
isolationChain2V6 *iptables.ChainInfo
|
|
|
|
|
networks map[string]*bridgeNetwork
|
|
|
|
|
store datastore.DataStore
|
|
|
|
|
nlh *netlink.Handle
|
|
|
|
|
configNetwork sync.Mutex
|
2015-04-13 14:40:42 -04:00
|
|
|
sync.Mutex
|
|
|
|
|
}
|
2015-03-05 14:04:07 -05:00
|
|
|
|
Make driver packages register themselves via DriverCallback
In the present code, each driver package provides a `New()` method
which constructs a driver of its type, which is then registered with
the controller.
However, this is not suitable for the `drivers/remote` package, since
it does not provide a (singleton) driver, but a mechanism for drivers
to be added dynamically. As a result, the implementation is oddly
dual-purpose, and a spurious `"remote"` driver is added to the
controller's list of available drivers.
Instead, it is better to provide the registration callback to each
package and let it register its own driver or drivers. That way, the
singleton driver packages can construct one and register it, and the
remote package can hook the callback up with whatever the dynamic
driver mechanism turns out to be.
NB there are some method signature changes; in particular to
controller.New, which can return an error if the built-in driver
packages fail to initialise.
Signed-off-by: Michael Bridgen <mikeb@squaremobius.net>
2015-05-11 08:46:29 -04:00
|
|
|
// New constructs a new bridge driver
|
2015-09-18 17:00:36 -04:00
|
|
|
func newDriver() *driver {
|
2015-09-04 01:11:45 -04:00
|
|
|
return &driver{networks: map[string]*bridgeNetwork{}, config: &configuration{}}
|
Make driver packages register themselves via DriverCallback
In the present code, each driver package provides a `New()` method
which constructs a driver of its type, which is then registered with
the controller.
However, this is not suitable for the `drivers/remote` package, since
it does not provide a (singleton) driver, but a mechanism for drivers
to be added dynamically. As a result, the implementation is oddly
dual-purpose, and a spurious `"remote"` driver is added to the
controller's list of available drivers.
Instead, it is better to provide the registration callback to each
package and let it register its own driver or drivers. That way, the
singleton driver packages can construct one and register it, and the
remote package can hook the callback up with whatever the dynamic
driver mechanism turns out to be.
NB there are some method signature changes; in particular to
controller.New, which can return an error if the built-in driver
packages fail to initialise.
Signed-off-by: Michael Bridgen <mikeb@squaremobius.net>
2015-05-11 08:46:29 -04:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Init registers a new instance of bridge driver
|
2015-09-18 17:00:36 -04:00
|
|
|
func Init(dc driverapi.DriverCallback, config map[string]interface{}) error {
|
|
|
|
|
d := newDriver()
|
|
|
|
|
if err := d.configure(config); err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
|
2015-06-06 13:21:51 -04:00
|
|
|
c := driverapi.Capability{
|
2017-04-07 16:31:44 -04:00
|
|
|
DataScope: datastore.LocalScope,
|
|
|
|
|
ConnectivityScope: datastore.LocalScope,
|
2015-06-06 13:21:51 -04:00
|
|
|
}
|
2015-09-18 17:00:36 -04:00
|
|
|
return dc.RegisterDriver(networkType, d, c)
|
2015-02-22 20:24:22 -05:00
|
|
|
}
|
|
|
|
|
|
2015-05-06 01:51:26 -04:00
|
|
|
// Validate performs a static validation on the network configuration parameters.
|
2015-04-24 18:13:44 -04:00
|
|
|
// Whatever can be assessed a priori before attempting any programming.
|
2015-05-22 13:56:36 -04:00
|
|
|
func (c *networkConfiguration) Validate() error {
|
2015-04-24 18:13:44 -04:00
|
|
|
if c.Mtu < 0 {
|
2015-05-14 17:56:15 -04:00
|
|
|
return ErrInvalidMtu(c.Mtu)
|
2015-04-24 18:13:44 -04:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// If bridge v4 subnet is specified
|
|
|
|
|
if c.AddressIPv4 != nil {
|
|
|
|
|
// If default gw is specified, it must be part of bridge subnet
|
|
|
|
|
if c.DefaultGatewayIPv4 != nil {
|
|
|
|
|
if !c.AddressIPv4.Contains(c.DefaultGatewayIPv4) {
|
2015-05-14 17:56:15 -04:00
|
|
|
return &ErrInvalidGateway{}
|
2015-04-24 18:13:44 -04:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2015-10-05 17:53:25 -04:00
|
|
|
// If default v6 gw is specified, AddressIPv6 must be specified and gw must belong to AddressIPv6 subnet
|
|
|
|
|
if c.EnableIPv6 && c.DefaultGatewayIPv6 != nil {
|
|
|
|
|
if c.AddressIPv6 == nil || !c.AddressIPv6.Contains(c.DefaultGatewayIPv6) {
|
|
|
|
|
return &ErrInvalidGateway{}
|
|
|
|
|
}
|
|
|
|
|
}
|
2015-04-24 18:13:44 -04:00
|
|
|
return nil
|
|
|
|
|
}
|
|
|
|
|
|
2015-06-08 22:23:24 -04:00
|
|
|
// Conflicts check if two NetworkConfiguration objects overlap
|
2015-10-05 17:53:25 -04:00
|
|
|
func (c *networkConfiguration) Conflicts(o *networkConfiguration) error {
|
2015-05-21 16:13:19 -04:00
|
|
|
if o == nil {
|
2016-11-21 20:29:53 -05:00
|
|
|
return errors.New("same configuration")
|
2015-05-21 16:13:19 -04:00
|
|
|
}
|
|
|
|
|
|
2016-02-23 16:44:38 -05:00
|
|
|
// Also empty, because only one network with empty name is allowed
|
2015-05-21 16:13:19 -04:00
|
|
|
if c.BridgeName == o.BridgeName {
|
2016-11-21 20:29:53 -05:00
|
|
|
return errors.New("networks have same bridge name")
|
2015-05-21 16:13:19 -04:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// They must be in different subnets
|
2015-06-08 11:24:43 -04:00
|
|
|
if (c.AddressIPv4 != nil && o.AddressIPv4 != nil) &&
|
2015-05-21 16:13:19 -04:00
|
|
|
(c.AddressIPv4.Contains(o.AddressIPv4.IP) || o.AddressIPv4.Contains(c.AddressIPv4.IP)) {
|
2016-11-21 20:29:53 -05:00
|
|
|
return errors.New("networks have overlapping IPv4")
|
2015-10-05 17:53:25 -04:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// They must be in different v6 subnets
|
|
|
|
|
if (c.AddressIPv6 != nil && o.AddressIPv6 != nil) &&
|
|
|
|
|
(c.AddressIPv6.Contains(o.AddressIPv6.IP) || o.AddressIPv6.Contains(c.AddressIPv6.IP)) {
|
2016-11-21 20:29:53 -05:00
|
|
|
return errors.New("networks have overlapping IPv6")
|
2015-05-21 16:13:19 -04:00
|
|
|
}
|
|
|
|
|
|
2015-10-05 17:53:25 -04:00
|
|
|
return nil
|
2015-05-21 16:13:19 -04:00
|
|
|
}
|
|
|
|
|
|
2015-10-06 15:08:54 -04:00
|
|
|
func (c *networkConfiguration) fromLabels(labels map[string]string) error {
|
2015-05-24 14:45:07 -04:00
|
|
|
var err error
|
2015-10-06 15:08:54 -04:00
|
|
|
for label, value := range labels {
|
|
|
|
|
switch label {
|
|
|
|
|
case BridgeName:
|
|
|
|
|
c.BridgeName = value
|
|
|
|
|
case netlabel.DriverMTU:
|
|
|
|
|
if c.Mtu, err = strconv.Atoi(value); err != nil {
|
|
|
|
|
return parseErr(label, value, err.Error())
|
2015-05-22 13:56:36 -04:00
|
|
|
}
|
2015-10-06 15:08:54 -04:00
|
|
|
case netlabel.EnableIPv6:
|
|
|
|
|
if c.EnableIPv6, err = strconv.ParseBool(value); err != nil {
|
|
|
|
|
return parseErr(label, value, err.Error())
|
2015-05-22 13:56:36 -04:00
|
|
|
}
|
2015-10-06 15:08:54 -04:00
|
|
|
case EnableIPMasquerade:
|
|
|
|
|
if c.EnableIPMasquerade, err = strconv.ParseBool(value); err != nil {
|
|
|
|
|
return parseErr(label, value, err.Error())
|
2015-05-22 13:56:36 -04:00
|
|
|
}
|
2015-10-06 15:08:54 -04:00
|
|
|
case EnableICC:
|
|
|
|
|
if c.EnableICC, err = strconv.ParseBool(value); err != nil {
|
|
|
|
|
return parseErr(label, value, err.Error())
|
2015-05-22 13:56:36 -04:00
|
|
|
}
|
2018-12-23 19:05:20 -05:00
|
|
|
case InhibitIPv4:
|
|
|
|
|
if c.InhibitIPv4, err = strconv.ParseBool(value); err != nil {
|
|
|
|
|
return parseErr(label, value, err.Error())
|
|
|
|
|
}
|
2015-10-06 15:08:54 -04:00
|
|
|
case DefaultBridge:
|
|
|
|
|
if c.DefaultBridge, err = strconv.ParseBool(value); err != nil {
|
|
|
|
|
return parseErr(label, value, err.Error())
|
2015-05-22 13:56:36 -04:00
|
|
|
}
|
2015-10-06 15:08:54 -04:00
|
|
|
case DefaultBindingIP:
|
|
|
|
|
if c.DefaultBindingIP = net.ParseIP(value); c.DefaultBindingIP == nil {
|
|
|
|
|
return parseErr(label, value, "nil ip")
|
2015-05-22 13:56:36 -04:00
|
|
|
}
|
2017-02-27 17:23:12 -05:00
|
|
|
case netlabel.ContainerIfacePrefix:
|
|
|
|
|
c.ContainerIfacePrefix = value
|
2019-09-25 01:08:25 -04:00
|
|
|
case netlabel.HostIP:
|
|
|
|
|
if c.HostIP = net.ParseIP(value); c.HostIP == nil {
|
|
|
|
|
return parseErr(label, value, "nil ip")
|
|
|
|
|
}
|
2015-05-22 13:56:36 -04:00
|
|
|
}
|
|
|
|
|
}
|
2015-10-04 22:08:31 -04:00
|
|
|
|
2015-05-22 13:56:36 -04:00
|
|
|
return nil
|
|
|
|
|
}
|
|
|
|
|
|
2015-10-06 15:08:54 -04:00
|
|
|
func parseErr(label, value, errString string) error {
|
|
|
|
|
return types.BadRequestErrorf("failed to parse %s value: %v (%s)", label, value, errString)
|
|
|
|
|
}
|
|
|
|
|
|
2015-10-05 01:53:45 -04:00
|
|
|
func (n *bridgeNetwork) registerIptCleanFunc(clean iptableCleanFunc) {
|
|
|
|
|
n.iptCleanFuncs = append(n.iptCleanFuncs, clean)
|
|
|
|
|
}
|
|
|
|
|
|
2017-11-28 16:15:55 -05:00
|
|
|
func (n *bridgeNetwork) getDriverChains(version iptables.IPVersion) (*iptables.ChainInfo, *iptables.ChainInfo, *iptables.ChainInfo, *iptables.ChainInfo, error) {
|
2015-06-11 21:12:00 -04:00
|
|
|
n.Lock()
|
|
|
|
|
defer n.Unlock()
|
|
|
|
|
|
|
|
|
|
if n.driver == nil {
|
2016-11-02 13:14:09 -04:00
|
|
|
return nil, nil, nil, nil, types.BadRequestErrorf("no driver found")
|
2015-06-11 21:12:00 -04:00
|
|
|
}
|
|
|
|
|
|
2017-11-28 16:15:55 -05:00
|
|
|
if version == iptables.IPv6 {
|
|
|
|
|
return n.driver.natChainV6, n.driver.filterChainV6, n.driver.isolationChain1V6, n.driver.isolationChain2V6, nil
|
|
|
|
|
}
|
|
|
|
|
|
2016-11-02 13:14:09 -04:00
|
|
|
return n.driver.natChain, n.driver.filterChain, n.driver.isolationChain1, n.driver.isolationChain2, nil
|
2015-06-11 21:12:00 -04:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func (n *bridgeNetwork) getNetworkBridgeName() string {
|
|
|
|
|
n.Lock()
|
|
|
|
|
config := n.config
|
|
|
|
|
n.Unlock()
|
|
|
|
|
|
|
|
|
|
return config.BridgeName
|
|
|
|
|
}
|
|
|
|
|
|
2015-07-02 01:00:48 -04:00
|
|
|
func (n *bridgeNetwork) getEndpoint(eid string) (*bridgeEndpoint, error) {
|
2015-04-20 07:23:04 -04:00
|
|
|
n.Lock()
|
|
|
|
|
defer n.Unlock()
|
|
|
|
|
|
|
|
|
|
if eid == "" {
|
2015-04-28 01:57:36 -04:00
|
|
|
return nil, InvalidEndpointIDError(eid)
|
2015-04-20 07:23:04 -04:00
|
|
|
}
|
|
|
|
|
|
2015-04-28 01:57:36 -04:00
|
|
|
if ep, ok := n.endpoints[eid]; ok {
|
|
|
|
|
return ep, nil
|
2015-04-20 07:23:04 -04:00
|
|
|
}
|
|
|
|
|
|
2015-04-28 01:57:36 -04:00
|
|
|
return nil, nil
|
2015-04-20 07:23:04 -04:00
|
|
|
}
|
|
|
|
|
|
2015-06-02 21:40:55 -04:00
|
|
|
// Install/Removes the iptables rules needed to isolate this network
|
|
|
|
|
// from each of the other networks
|
2020-10-31 12:59:46 -04:00
|
|
|
func (n *bridgeNetwork) isolateNetwork(enable bool) error {
|
2015-06-02 21:40:55 -04:00
|
|
|
n.Lock()
|
2016-01-06 08:06:23 -05:00
|
|
|
thisConfig := n.config
|
2015-06-02 21:40:55 -04:00
|
|
|
n.Unlock()
|
|
|
|
|
|
2016-01-06 08:06:23 -05:00
|
|
|
if thisConfig.Internal {
|
|
|
|
|
return nil
|
|
|
|
|
}
|
|
|
|
|
|
2016-11-02 13:14:09 -04:00
|
|
|
// Install the rules to isolate this network against each of the other networks
|
2020-07-21 11:56:35 -04:00
|
|
|
if n.driver.config.EnableIP6Tables {
|
|
|
|
|
err := setINC(iptables.IPv6, thisConfig.BridgeName, enable)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2020-07-22 09:06:19 -04:00
|
|
|
if n.driver.config.EnableIPTables {
|
|
|
|
|
return setINC(iptables.IPv4, thisConfig.BridgeName, enable)
|
|
|
|
|
}
|
|
|
|
|
return nil
|
2015-06-02 21:40:55 -04:00
|
|
|
}
|
|
|
|
|
|
2015-09-18 17:00:36 -04:00
|
|
|
func (d *driver) configure(option map[string]interface{}) error {
|
2015-10-28 22:07:10 -04:00
|
|
|
var (
|
2017-11-28 16:15:55 -05:00
|
|
|
config *configuration
|
|
|
|
|
err error
|
|
|
|
|
natChain *iptables.ChainInfo
|
|
|
|
|
filterChain *iptables.ChainInfo
|
|
|
|
|
isolationChain1 *iptables.ChainInfo
|
|
|
|
|
isolationChain2 *iptables.ChainInfo
|
|
|
|
|
natChainV6 *iptables.ChainInfo
|
|
|
|
|
filterChainV6 *iptables.ChainInfo
|
|
|
|
|
isolationChain1V6 *iptables.ChainInfo
|
|
|
|
|
isolationChain2V6 *iptables.ChainInfo
|
2015-10-28 22:07:10 -04:00
|
|
|
)
|
2015-04-15 01:25:42 -04:00
|
|
|
|
2015-05-06 02:41:20 -04:00
|
|
|
genericData, ok := option[netlabel.GenericData]
|
2015-09-04 01:11:45 -04:00
|
|
|
if !ok || genericData == nil {
|
|
|
|
|
return nil
|
|
|
|
|
}
|
2015-04-15 01:25:42 -04:00
|
|
|
|
2015-09-04 01:11:45 -04:00
|
|
|
switch opt := genericData.(type) {
|
|
|
|
|
case options.Generic:
|
|
|
|
|
opaqueConfig, err := options.GenerateFromModel(opt, &configuration{})
|
|
|
|
|
if err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
config = opaqueConfig.(*configuration)
|
|
|
|
|
case *configuration:
|
|
|
|
|
config = opt
|
|
|
|
|
default:
|
|
|
|
|
return &ErrInvalidDriverConfig{}
|
2015-04-24 18:13:44 -04:00
|
|
|
}
|
|
|
|
|
|
2020-07-21 12:38:34 -04:00
|
|
|
if config.EnableIPTables || config.EnableIP6Tables {
|
2016-03-21 16:40:43 -04:00
|
|
|
if _, err := os.Stat("/proc/sys/net/bridge"); err != nil {
|
|
|
|
|
if out, err := exec.Command("modprobe", "-va", "bridge", "br_netfilter").CombinedOutput(); err != nil {
|
|
|
|
|
logrus.Warnf("Running modprobe bridge br_netfilter failed with message: %s, error: %v", out, err)
|
|
|
|
|
}
|
|
|
|
|
}
|
2020-07-21 12:38:34 -04:00
|
|
|
}
|
2017-11-28 16:15:55 -05:00
|
|
|
|
2020-07-21 12:38:34 -04:00
|
|
|
if config.EnableIPTables {
|
2017-11-28 16:15:55 -05:00
|
|
|
removeIPChains(iptables.IPv4)
|
|
|
|
|
|
|
|
|
|
natChain, filterChain, isolationChain1, isolationChain2, err = setupIPChains(config, iptables.IPv4)
|
2015-09-04 01:11:45 -04:00
|
|
|
if err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
2017-11-28 16:15:55 -05:00
|
|
|
|
2016-02-11 13:26:54 -05:00
|
|
|
// Make sure on firewall reload, first thing being re-played is chains creation
|
2017-11-28 16:15:55 -05:00
|
|
|
iptables.OnReloaded(func() {
|
|
|
|
|
logrus.Debugf("Recreating iptables chains on firewall reload")
|
2021-05-27 20:15:56 -04:00
|
|
|
if _, _, _, _, err := setupIPChains(config, iptables.IPv4); err != nil {
|
|
|
|
|
logrus.WithError(err).Error("Error reloading iptables chains")
|
|
|
|
|
}
|
2017-11-28 16:15:55 -05:00
|
|
|
})
|
2020-07-21 12:38:34 -04:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if config.EnableIP6Tables {
|
|
|
|
|
removeIPChains(iptables.IPv6)
|
|
|
|
|
|
|
|
|
|
natChainV6, filterChainV6, isolationChain1V6, isolationChain2V6, err = setupIPChains(config, iptables.IPv6)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return err
|
2020-07-19 10:07:22 -04:00
|
|
|
}
|
2020-07-21 12:38:34 -04:00
|
|
|
|
|
|
|
|
// Make sure on firewall reload, first thing being re-played is chains creation
|
|
|
|
|
iptables.OnReloaded(func() {
|
|
|
|
|
logrus.Debugf("Recreating ip6tables chains on firewall reload")
|
2021-05-27 20:15:56 -04:00
|
|
|
if _, _, _, _, err := setupIPChains(config, iptables.IPv6); err != nil {
|
|
|
|
|
logrus.WithError(err).Error("Error reloading ip6tables chains")
|
|
|
|
|
}
|
2020-07-21 12:38:34 -04:00
|
|
|
})
|
2015-05-06 01:51:26 -04:00
|
|
|
}
|
|
|
|
|
|
2016-10-28 16:54:52 -04:00
|
|
|
if config.EnableIPForwarding {
|
2020-07-19 10:07:22 -04:00
|
|
|
err = setupIPForwarding(config.EnableIPTables, config.EnableIP6Tables)
|
2016-10-28 16:54:52 -04:00
|
|
|
if err != nil {
|
|
|
|
|
logrus.Warn(err)
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2015-10-28 22:07:10 -04:00
|
|
|
d.Lock()
|
|
|
|
|
d.natChain = natChain
|
|
|
|
|
d.filterChain = filterChain
|
2016-11-02 13:14:09 -04:00
|
|
|
d.isolationChain1 = isolationChain1
|
|
|
|
|
d.isolationChain2 = isolationChain2
|
2017-11-28 16:15:55 -05:00
|
|
|
d.natChainV6 = natChainV6
|
|
|
|
|
d.filterChainV6 = filterChainV6
|
|
|
|
|
d.isolationChain1V6 = isolationChain1V6
|
|
|
|
|
d.isolationChain2V6 = isolationChain2V6
|
2015-09-04 01:11:45 -04:00
|
|
|
d.config = config
|
2015-10-28 22:07:10 -04:00
|
|
|
d.Unlock()
|
|
|
|
|
|
|
|
|
|
err = d.initStore(option)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
|
2015-04-15 01:25:42 -04:00
|
|
|
return nil
|
|
|
|
|
}
|
|
|
|
|
|
2015-07-02 01:00:48 -04:00
|
|
|
func (d *driver) getNetwork(id string) (*bridgeNetwork, error) {
|
2015-05-04 16:33:53 -04:00
|
|
|
d.Lock()
|
|
|
|
|
defer d.Unlock()
|
2015-05-21 16:13:19 -04:00
|
|
|
|
|
|
|
|
if id == "" {
|
|
|
|
|
return nil, types.BadRequestErrorf("invalid network id: %s", id)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if nw, ok := d.networks[id]; ok {
|
|
|
|
|
return nw, nil
|
|
|
|
|
}
|
|
|
|
|
|
2015-06-24 12:26:46 -04:00
|
|
|
return nil, types.NotFoundErrorf("network not found: %s", id)
|
2015-05-01 20:14:04 -04:00
|
|
|
}
|
|
|
|
|
|
2015-05-24 14:45:07 -04:00
|
|
|
func parseNetworkGenericOptions(data interface{}) (*networkConfiguration, error) {
|
|
|
|
|
var (
|
|
|
|
|
err error
|
|
|
|
|
config *networkConfiguration
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
switch opt := data.(type) {
|
|
|
|
|
case *networkConfiguration:
|
|
|
|
|
config = opt
|
2015-10-06 15:08:54 -04:00
|
|
|
case map[string]string:
|
2015-05-24 19:48:29 -04:00
|
|
|
config = &networkConfiguration{
|
|
|
|
|
EnableICC: true,
|
|
|
|
|
EnableIPMasquerade: true,
|
|
|
|
|
}
|
2015-10-06 15:08:54 -04:00
|
|
|
err = config.fromLabels(opt)
|
2015-05-24 14:45:07 -04:00
|
|
|
case options.Generic:
|
|
|
|
|
var opaqueConfig interface{}
|
|
|
|
|
if opaqueConfig, err = options.GenerateFromModel(opt, config); err == nil {
|
|
|
|
|
config = opaqueConfig.(*networkConfiguration)
|
|
|
|
|
}
|
|
|
|
|
default:
|
|
|
|
|
err = types.BadRequestErrorf("do not recognize network configuration format: %T", opt)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return config, err
|
|
|
|
|
}
|
|
|
|
|
|
2015-10-04 22:08:31 -04:00
|
|
|
func (c *networkConfiguration) processIPAM(id string, ipamV4Data, ipamV6Data []driverapi.IPAMData) error {
|
|
|
|
|
if len(ipamV4Data) > 1 || len(ipamV6Data) > 1 {
|
2016-02-23 16:44:38 -05:00
|
|
|
return types.ForbiddenErrorf("bridge driver doesn't support multiple subnets")
|
2015-10-04 22:08:31 -04:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if len(ipamV4Data) == 0 {
|
|
|
|
|
return types.BadRequestErrorf("bridge network %s requires ipv4 configuration", id)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if ipamV4Data[0].Gateway != nil {
|
|
|
|
|
c.AddressIPv4 = types.GetIPNetCopy(ipamV4Data[0].Gateway)
|
|
|
|
|
}
|
|
|
|
|
|
2015-10-05 17:53:25 -04:00
|
|
|
if gw, ok := ipamV4Data[0].AuxAddresses[DefaultGatewayV4AuxKey]; ok {
|
2015-10-04 22:08:31 -04:00
|
|
|
c.DefaultGatewayIPv4 = gw.IP
|
|
|
|
|
}
|
|
|
|
|
|
2015-10-05 17:53:25 -04:00
|
|
|
if len(ipamV6Data) > 0 {
|
2015-11-06 02:50:10 -05:00
|
|
|
c.AddressIPv6 = ipamV6Data[0].Pool
|
|
|
|
|
|
2015-10-05 17:53:25 -04:00
|
|
|
if ipamV6Data[0].Gateway != nil {
|
|
|
|
|
c.AddressIPv6 = types.GetIPNetCopy(ipamV6Data[0].Gateway)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if gw, ok := ipamV6Data[0].AuxAddresses[DefaultGatewayV6AuxKey]; ok {
|
|
|
|
|
c.DefaultGatewayIPv6 = gw.IP
|
|
|
|
|
}
|
2015-10-04 22:08:31 -04:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return nil
|
|
|
|
|
}
|
|
|
|
|
|
2015-09-24 06:47:25 -04:00
|
|
|
func parseNetworkOptions(id string, option options.Generic) (*networkConfiguration, error) {
|
2015-10-06 15:08:54 -04:00
|
|
|
var (
|
|
|
|
|
err error
|
|
|
|
|
config = &networkConfiguration{}
|
|
|
|
|
)
|
2015-05-06 01:51:26 -04:00
|
|
|
|
2015-05-24 14:45:07 -04:00
|
|
|
// Parse generic label first, config will be re-assigned
|
|
|
|
|
if genData, ok := option[netlabel.GenericData]; ok && genData != nil {
|
|
|
|
|
if config, err = parseNetworkGenericOptions(genData); err != nil {
|
|
|
|
|
return nil, err
|
2015-05-06 01:51:26 -04:00
|
|
|
}
|
2015-05-22 13:56:36 -04:00
|
|
|
}
|
2015-05-06 01:51:26 -04:00
|
|
|
|
2015-05-24 14:45:07 -04:00
|
|
|
// Process well-known labels next
|
2015-10-06 15:08:54 -04:00
|
|
|
if val, ok := option[netlabel.EnableIPv6]; ok {
|
|
|
|
|
config.EnableIPv6 = val.(bool)
|
2015-05-06 02:41:20 -04:00
|
|
|
}
|
|
|
|
|
|
2015-12-21 20:29:39 -05:00
|
|
|
if val, ok := option[netlabel.Internal]; ok {
|
|
|
|
|
if internal, ok := val.(bool); ok && internal {
|
2016-01-06 08:06:23 -05:00
|
|
|
config.Internal = true
|
2015-12-21 20:29:39 -05:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2015-05-24 14:45:07 -04:00
|
|
|
// Finally validate the configuration
|
|
|
|
|
if err = config.Validate(); err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
|
2021-05-27 20:15:56 -04:00
|
|
|
if config.BridgeName == "" && !config.DefaultBridge {
|
2015-09-24 06:47:25 -04:00
|
|
|
config.BridgeName = "br-" + id[:12]
|
|
|
|
|
}
|
2015-10-08 17:59:47 -04:00
|
|
|
|
2016-06-27 23:42:50 -04:00
|
|
|
exists, err := bridgeInterfaceExists(config.BridgeName)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if !exists {
|
|
|
|
|
config.BridgeIfaceCreator = ifaceCreatedByLibnetwork
|
|
|
|
|
} else {
|
|
|
|
|
config.BridgeIfaceCreator = ifaceCreatedByUser
|
|
|
|
|
}
|
|
|
|
|
|
2015-10-08 17:59:47 -04:00
|
|
|
config.ID = id
|
2015-05-06 01:51:26 -04:00
|
|
|
return config, nil
|
|
|
|
|
}
|
|
|
|
|
|
2015-06-02 21:40:55 -04:00
|
|
|
// Return a slice of networks over which caller can iterate safely
|
|
|
|
|
func (d *driver) getNetworks() []*bridgeNetwork {
|
|
|
|
|
d.Lock()
|
|
|
|
|
defer d.Unlock()
|
|
|
|
|
|
|
|
|
|
ls := make([]*bridgeNetwork, 0, len(d.networks))
|
|
|
|
|
for _, nw := range d.networks {
|
|
|
|
|
ls = append(ls, nw)
|
|
|
|
|
}
|
|
|
|
|
return ls
|
|
|
|
|
}
|
|
|
|
|
|
2016-02-26 14:54:35 -05:00
|
|
|
func (d *driver) NetworkAllocate(id string, option map[string]string, ipV4Data, ipV6Data []driverapi.IPAMData) (map[string]string, error) {
|
2016-02-26 14:53:13 -05:00
|
|
|
return nil, types.NotImplementedErrorf("not implemented")
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func (d *driver) NetworkFree(id string) error {
|
|
|
|
|
return types.NotImplementedErrorf("not implemented")
|
|
|
|
|
}
|
|
|
|
|
|
2016-04-18 22:55:39 -04:00
|
|
|
func (d *driver) EventNotify(etype driverapi.EventType, nid, tableName, key string, value []byte) {
|
|
|
|
|
}
|
|
|
|
|
|
2017-03-02 02:57:37 -05:00
|
|
|
func (d *driver) DecodeTableEntry(tablename string, key string, value []byte) (string, map[string]string) {
|
|
|
|
|
return "", nil
|
|
|
|
|
}
|
|
|
|
|
|
2015-04-23 13:49:57 -04:00
|
|
|
// Create a new network using bridge plugin
|
2016-04-18 22:55:39 -04:00
|
|
|
func (d *driver) CreateNetwork(id string, option map[string]interface{}, nInfo driverapi.NetworkInfo, ipV4Data, ipV6Data []driverapi.IPAMData) error {
|
2016-03-02 00:29:41 -05:00
|
|
|
if len(ipV4Data) == 0 || ipV4Data[0].Pool.String() == "0.0.0.0/0" {
|
|
|
|
|
return types.BadRequestErrorf("ipv4 pool is empty")
|
|
|
|
|
}
|
2015-04-20 07:23:04 -04:00
|
|
|
// Sanity checks
|
2015-06-02 21:40:55 -04:00
|
|
|
d.Lock()
|
2015-05-21 16:13:19 -04:00
|
|
|
if _, ok := d.networks[id]; ok {
|
2015-04-13 14:40:42 -04:00
|
|
|
d.Unlock()
|
2015-05-21 16:13:19 -04:00
|
|
|
return types.ForbiddenErrorf("network %s exists", id)
|
|
|
|
|
}
|
2015-06-02 21:40:55 -04:00
|
|
|
d.Unlock()
|
2015-05-21 16:13:19 -04:00
|
|
|
|
2016-07-29 14:21:10 -04:00
|
|
|
// Parse and validate the config. It should not be conflict with existing networks' config
|
2015-09-24 06:47:25 -04:00
|
|
|
config, err := parseNetworkOptions(id, option)
|
2015-05-21 16:13:19 -04:00
|
|
|
if err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
2015-10-04 22:08:31 -04:00
|
|
|
|
2017-09-08 17:48:03 -04:00
|
|
|
if err = config.processIPAM(id, ipV4Data, ipV6Data); err != nil {
|
2015-10-04 22:08:31 -04:00
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
|
2017-09-08 17:48:03 -04:00
|
|
|
// start the critical section, from this point onward we are dealing with the list of networks
|
|
|
|
|
// so to be consistent we cannot allow that the list changes
|
|
|
|
|
d.configNetwork.Lock()
|
|
|
|
|
defer d.configNetwork.Unlock()
|
|
|
|
|
|
|
|
|
|
// check network conflicts
|
|
|
|
|
if err = d.checkConflict(config); err != nil {
|
|
|
|
|
nerr, ok := err.(defaultBridgeNetworkConflict)
|
|
|
|
|
if !ok {
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
// Got a conflict with a stale default network, clean that up and continue
|
|
|
|
|
logrus.Warn(nerr)
|
2021-05-27 20:15:56 -04:00
|
|
|
if err := d.deleteNetwork(nerr.ID); err != nil {
|
|
|
|
|
logrus.WithError(err).Debug("Error while cleaning up network on conflict")
|
|
|
|
|
}
|
2017-09-08 17:48:03 -04:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// there is no conflict, now create the network
|
2015-10-08 17:59:47 -04:00
|
|
|
if err = d.createNetwork(config); err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return d.storeUpdate(config)
|
|
|
|
|
}
|
|
|
|
|
|
2017-09-08 17:48:03 -04:00
|
|
|
func (d *driver) checkConflict(config *networkConfiguration) error {
|
2015-06-02 21:40:55 -04:00
|
|
|
networkList := d.getNetworks()
|
2017-09-08 17:48:03 -04:00
|
|
|
for _, nw := range networkList {
|
2015-06-08 22:23:24 -04:00
|
|
|
nw.Lock()
|
|
|
|
|
nwConfig := nw.config
|
|
|
|
|
nw.Unlock()
|
2015-10-05 17:53:25 -04:00
|
|
|
if err := nwConfig.Conflicts(config); err != nil {
|
2018-08-24 20:43:12 -04:00
|
|
|
if nwConfig.DefaultBridge {
|
2016-06-16 03:14:24 -04:00
|
|
|
// We encountered and identified a stale default network
|
2017-09-08 17:48:03 -04:00
|
|
|
// We must delete it as libnetwork is the source of truth
|
2016-06-16 03:14:24 -04:00
|
|
|
// The default network being created must be the only one
|
|
|
|
|
// This can happen only from docker 1.12 on ward
|
2017-09-08 17:48:03 -04:00
|
|
|
logrus.Infof("Found stale default bridge network %s (%s)", nwConfig.ID, nwConfig.BridgeName)
|
|
|
|
|
return defaultBridgeNetworkConflict{nwConfig.ID}
|
2016-06-16 03:14:24 -04:00
|
|
|
}
|
2017-09-08 17:48:03 -04:00
|
|
|
|
|
|
|
|
return types.ForbiddenErrorf("cannot create network %s (%s): conflicts with network %s (%s): %s",
|
|
|
|
|
config.ID, config.BridgeName, nwConfig.ID, nwConfig.BridgeName, err.Error())
|
2015-05-21 16:13:19 -04:00
|
|
|
}
|
2015-04-13 14:40:42 -04:00
|
|
|
}
|
2017-09-08 17:48:03 -04:00
|
|
|
return nil
|
|
|
|
|
}
|
|
|
|
|
|
2018-06-30 23:56:50 -04:00
|
|
|
func (d *driver) createNetwork(config *networkConfiguration) (err error) {
|
2017-09-08 17:48:03 -04:00
|
|
|
defer osl.InitOSContext()()
|
|
|
|
|
|
|
|
|
|
// Initialize handle when needed
|
|
|
|
|
d.Lock()
|
|
|
|
|
if d.nlh == nil {
|
|
|
|
|
d.nlh = ns.NlHandle()
|
|
|
|
|
}
|
|
|
|
|
d.Unlock()
|
|
|
|
|
|
|
|
|
|
// Create or retrieve the bridge L3 interface
|
|
|
|
|
bridgeIface, err := newInterface(d.nlh, config)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
2015-04-20 07:23:04 -04:00
|
|
|
|
|
|
|
|
// Create and set network handler in driver
|
2015-06-01 16:14:29 -04:00
|
|
|
network := &bridgeNetwork{
|
2017-11-28 16:15:55 -05:00
|
|
|
id: config.ID,
|
|
|
|
|
endpoints: make(map[string]*bridgeEndpoint),
|
|
|
|
|
config: config,
|
|
|
|
|
portMapper: portmapper.New(d.config.UserlandProxyPath),
|
|
|
|
|
portMapperV6: portmapper.New(d.config.UserlandProxyPath),
|
|
|
|
|
bridge: bridgeIface,
|
|
|
|
|
driver: d,
|
2015-06-01 16:14:29 -04:00
|
|
|
}
|
2015-06-02 21:40:55 -04:00
|
|
|
|
|
|
|
|
d.Lock()
|
2015-10-08 17:59:47 -04:00
|
|
|
d.networks[config.ID] = network
|
2015-04-13 14:40:42 -04:00
|
|
|
d.Unlock()
|
2015-04-20 07:23:04 -04:00
|
|
|
|
|
|
|
|
// On failure make sure to reset driver network handler to nil
|
2015-04-13 14:40:42 -04:00
|
|
|
defer func() {
|
|
|
|
|
if err != nil {
|
|
|
|
|
d.Lock()
|
2015-10-08 17:59:47 -04:00
|
|
|
delete(d.networks, config.ID)
|
2015-04-13 14:40:42 -04:00
|
|
|
d.Unlock()
|
|
|
|
|
}
|
|
|
|
|
}()
|
|
|
|
|
|
2017-09-08 17:48:03 -04:00
|
|
|
// Add inter-network communication rules.
|
2015-06-02 21:40:55 -04:00
|
|
|
setupNetworkIsolationRules := func(config *networkConfiguration, i *bridgeInterface) error {
|
2020-10-31 12:59:46 -04:00
|
|
|
if err := network.isolateNetwork(true); err != nil {
|
|
|
|
|
if err = network.isolateNetwork(false); err != nil {
|
2015-07-29 08:15:02 -04:00
|
|
|
logrus.Warnf("Failed on removing the inter-network iptables rules on cleanup: %v", err)
|
2015-05-21 16:13:19 -04:00
|
|
|
}
|
2015-07-29 08:15:02 -04:00
|
|
|
return err
|
|
|
|
|
}
|
2017-09-08 17:48:03 -04:00
|
|
|
// register the cleanup function
|
2015-10-05 01:53:45 -04:00
|
|
|
network.registerIptCleanFunc(func() error {
|
2020-10-31 12:59:46 -04:00
|
|
|
return network.isolateNetwork(false)
|
2015-10-05 01:53:45 -04:00
|
|
|
})
|
2015-07-29 08:15:02 -04:00
|
|
|
return nil
|
2015-05-21 16:13:19 -04:00
|
|
|
}
|
|
|
|
|
|
2015-04-20 07:23:04 -04:00
|
|
|
// Prepare the bridge setup configuration
|
2015-04-15 01:25:42 -04:00
|
|
|
bridgeSetup := newBridgeSetup(config, bridgeIface)
|
2015-02-22 20:24:22 -05:00
|
|
|
|
|
|
|
|
// If the bridge interface doesn't exist, we need to start the setup steps
|
|
|
|
|
// by creating a new device and assigning it an IPv4 address.
|
2015-04-13 14:40:42 -04:00
|
|
|
bridgeAlreadyExists := bridgeIface.exists()
|
2015-02-22 20:24:22 -05:00
|
|
|
if !bridgeAlreadyExists {
|
2015-03-04 16:25:43 -05:00
|
|
|
bridgeSetup.queueStep(setupDevice)
|
2020-04-03 19:23:18 -04:00
|
|
|
bridgeSetup.queueStep(setupDefaultSysctl)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// For the default bridge, set expected sysctls
|
|
|
|
|
if config.DefaultBridge {
|
|
|
|
|
bridgeSetup.queueStep(setupDefaultSysctl)
|
2015-02-22 20:24:22 -05:00
|
|
|
}
|
|
|
|
|
|
2015-05-03 16:23:52 -04:00
|
|
|
// Even if a bridge exists try to setup IPv4.
|
|
|
|
|
bridgeSetup.queueStep(setupBridgeIPv4)
|
|
|
|
|
|
2015-10-05 17:53:25 -04:00
|
|
|
enableIPv6Forwarding := d.config.EnableIPForwarding && config.AddressIPv6 != nil
|
2015-05-28 19:30:36 -04:00
|
|
|
|
2015-05-04 05:54:19 -04:00
|
|
|
// Conditionally queue setup steps depending on configuration values.
|
2015-02-22 20:58:52 -05:00
|
|
|
for _, step := range []struct {
|
2015-02-22 20:24:22 -05:00
|
|
|
Condition bool
|
2015-03-04 16:25:43 -05:00
|
|
|
Fn setupStep
|
2015-02-22 20:24:22 -05:00
|
|
|
}{
|
|
|
|
|
// Enable IPv6 on the bridge if required. We do this even for a
|
|
|
|
|
// previously existing bridge, as it may be here from a previous
|
|
|
|
|
// installation where IPv6 wasn't supported yet and needs to be
|
|
|
|
|
// assigned an IPv6 link-local address.
|
2015-03-04 16:25:43 -05:00
|
|
|
{config.EnableIPv6, setupBridgeIPv6},
|
2015-02-22 20:24:22 -05:00
|
|
|
|
|
|
|
|
// We ensure that the bridge has the expectedIPv4 and IPv6 addresses in
|
|
|
|
|
// the case of a previously existing device.
|
2018-12-23 19:05:20 -05:00
|
|
|
{bridgeAlreadyExists && !config.InhibitIPv4, setupVerifyAndReconcile},
|
2015-02-22 20:24:22 -05:00
|
|
|
|
2015-05-28 19:30:36 -04:00
|
|
|
// Enable IPv6 Forwarding
|
|
|
|
|
{enableIPv6Forwarding, setupIPv6Forwarding},
|
|
|
|
|
|
2018-05-29 05:07:06 -04:00
|
|
|
// Setup Loopback Addresses Routing
|
|
|
|
|
{!d.config.EnableUserlandProxy, setupLoopbackAddressesRouting},
|
2015-05-18 19:49:12 -04:00
|
|
|
|
2015-02-22 20:24:22 -05:00
|
|
|
// Setup IPTables.
|
2020-07-21 10:40:18 -04:00
|
|
|
{d.config.EnableIPTables, network.setupIP4Tables},
|
|
|
|
|
|
|
|
|
|
// Setup IP6Tables.
|
2020-12-10 21:19:12 -05:00
|
|
|
{config.EnableIPv6 && d.config.EnableIP6Tables, network.setupIP6Tables},
|
2015-02-22 20:24:22 -05:00
|
|
|
|
2020-12-10 09:45:38 -05:00
|
|
|
// We want to track firewalld configuration so that
|
|
|
|
|
// if it is started/reloaded, the rules can be applied correctly
|
2015-06-11 21:12:00 -04:00
|
|
|
{d.config.EnableIPTables, network.setupFirewalld},
|
2020-07-21 10:40:18 -04:00
|
|
|
// same for IPv6
|
2020-12-10 21:19:12 -05:00
|
|
|
{config.EnableIPv6 && d.config.EnableIP6Tables, network.setupFirewalld6},
|
2015-07-24 13:20:48 -04:00
|
|
|
|
2015-04-24 18:13:44 -04:00
|
|
|
// Setup DefaultGatewayIPv4
|
|
|
|
|
{config.DefaultGatewayIPv4 != nil, setupGatewayIPv4},
|
|
|
|
|
|
|
|
|
|
// Setup DefaultGatewayIPv6
|
|
|
|
|
{config.DefaultGatewayIPv6 != nil, setupGatewayIPv6},
|
2015-06-02 21:40:55 -04:00
|
|
|
|
|
|
|
|
// Add inter-network communication rules.
|
2015-06-11 21:12:00 -04:00
|
|
|
{d.config.EnableIPTables, setupNetworkIsolationRules},
|
2015-07-08 10:15:08 -04:00
|
|
|
|
2020-12-10 09:45:38 -05:00
|
|
|
// Configure bridge networking filtering if ICC is off and IP tables are enabled
|
2015-06-11 21:12:00 -04:00
|
|
|
{!config.EnableICC && d.config.EnableIPTables, setupBridgeNetFiltering},
|
2015-02-22 20:58:52 -05:00
|
|
|
} {
|
2015-02-22 20:24:22 -05:00
|
|
|
if step.Condition {
|
2015-03-04 16:25:43 -05:00
|
|
|
bridgeSetup.queueStep(step.Fn)
|
2015-02-22 20:24:22 -05:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Apply the prepared list of steps, and abort at the first error.
|
2015-03-04 16:25:43 -05:00
|
|
|
bridgeSetup.queueStep(setupDeviceUp)
|
2017-09-08 17:48:03 -04:00
|
|
|
return bridgeSetup.apply()
|
2015-04-13 14:40:42 -04:00
|
|
|
}
|
|
|
|
|
|
2015-07-02 01:00:48 -04:00
|
|
|
func (d *driver) DeleteNetwork(nid string) error {
|
2017-09-08 17:48:03 -04:00
|
|
|
|
|
|
|
|
d.configNetwork.Lock()
|
|
|
|
|
defer d.configNetwork.Unlock()
|
|
|
|
|
|
|
|
|
|
return d.deleteNetwork(nid)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func (d *driver) deleteNetwork(nid string) error {
|
2015-04-13 14:40:42 -04:00
|
|
|
var err error
|
2015-04-20 07:23:04 -04:00
|
|
|
|
2015-08-31 14:55:58 -04:00
|
|
|
defer osl.InitOSContext()()
|
2015-04-20 07:23:04 -04:00
|
|
|
// Get network handler and remove it from driver
|
2015-04-13 14:40:42 -04:00
|
|
|
d.Lock()
|
2015-05-21 16:13:19 -04:00
|
|
|
n, ok := d.networks[nid]
|
2015-06-08 22:23:24 -04:00
|
|
|
d.Unlock()
|
|
|
|
|
|
2015-05-21 16:13:19 -04:00
|
|
|
if !ok {
|
|
|
|
|
return types.InternalMaskableErrorf("network %s does not exist", nid)
|
|
|
|
|
}
|
2015-06-08 11:24:43 -04:00
|
|
|
|
2015-06-08 22:23:24 -04:00
|
|
|
n.Lock()
|
|
|
|
|
config := n.config
|
|
|
|
|
n.Unlock()
|
|
|
|
|
|
2016-10-13 22:15:20 -04:00
|
|
|
// delele endpoints belong to this network
|
|
|
|
|
for _, ep := range n.endpoints {
|
|
|
|
|
if err := n.releasePorts(ep); err != nil {
|
|
|
|
|
logrus.Warn(err)
|
|
|
|
|
}
|
|
|
|
|
if link, err := d.nlh.LinkByName(ep.srcName); err == nil {
|
2018-02-28 12:38:35 -05:00
|
|
|
if err := d.nlh.LinkDel(link); err != nil {
|
|
|
|
|
logrus.WithError(err).Errorf("Failed to delete interface (%s)'s link on endpoint (%s) delete", ep.srcName, ep.id)
|
|
|
|
|
}
|
2016-10-13 22:15:20 -04:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if err := d.storeDelete(ep); err != nil {
|
2018-07-05 16:33:01 -04:00
|
|
|
logrus.Warnf("Failed to remove bridge endpoint %.7s from store: %v", ep.id, err)
|
2016-10-13 22:15:20 -04:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2015-06-08 22:23:24 -04:00
|
|
|
d.Lock()
|
2015-05-21 16:13:19 -04:00
|
|
|
delete(d.networks, nid)
|
2015-04-13 14:40:42 -04:00
|
|
|
d.Unlock()
|
2015-04-20 07:23:04 -04:00
|
|
|
|
|
|
|
|
// On failure set network handler back in driver, but
|
|
|
|
|
// only if is not already taken over by some other thread
|
2015-04-13 14:40:42 -04:00
|
|
|
defer func() {
|
|
|
|
|
if err != nil {
|
|
|
|
|
d.Lock()
|
2015-05-21 16:13:19 -04:00
|
|
|
if _, ok := d.networks[nid]; !ok {
|
|
|
|
|
d.networks[nid] = n
|
2015-04-13 14:40:42 -04:00
|
|
|
}
|
|
|
|
|
d.Unlock()
|
|
|
|
|
}
|
|
|
|
|
}()
|
|
|
|
|
|
2016-06-27 23:42:50 -04:00
|
|
|
switch config.BridgeIfaceCreator {
|
|
|
|
|
case ifaceCreatedByLibnetwork, ifaceCreatorUnknown:
|
|
|
|
|
// We only delete the bridge if it was created by the bridge driver and
|
|
|
|
|
// it is not the default one (to keep the backward compatible behavior.)
|
|
|
|
|
if !config.DefaultBridge {
|
|
|
|
|
if err := d.nlh.LinkDel(n.bridge.Link); err != nil {
|
|
|
|
|
logrus.Warnf("Failed to remove bridge interface %s on network %s delete: %v", config.BridgeName, nid, err)
|
|
|
|
|
}
|
2015-11-05 14:59:12 -05:00
|
|
|
}
|
2016-06-27 23:42:50 -04:00
|
|
|
case ifaceCreatedByUser:
|
|
|
|
|
// Don't delete the bridge interface if it was not created by libnetwork.
|
2015-10-08 17:59:47 -04:00
|
|
|
}
|
|
|
|
|
|
2015-10-05 01:53:45 -04:00
|
|
|
// clean all relevant iptables rules
|
|
|
|
|
for _, cleanFunc := range n.iptCleanFuncs {
|
|
|
|
|
if errClean := cleanFunc(); errClean != nil {
|
|
|
|
|
logrus.Warnf("Failed to clean iptables rules for bridge network: %v", errClean)
|
|
|
|
|
}
|
|
|
|
|
}
|
2015-10-08 17:59:47 -04:00
|
|
|
return d.storeDelete(config)
|
2015-04-13 14:40:42 -04:00
|
|
|
}
|
|
|
|
|
|
2016-05-16 14:51:40 -04:00
|
|
|
func addToBridge(nlh *netlink.Handle, ifaceName, bridgeName string) error {
|
|
|
|
|
link, err := nlh.LinkByName(ifaceName)
|
2015-06-30 02:10:30 -04:00
|
|
|
if err != nil {
|
|
|
|
|
return fmt.Errorf("could not find interface %s: %v", ifaceName, err)
|
|
|
|
|
}
|
2016-05-16 14:51:40 -04:00
|
|
|
if err = nlh.LinkSetMaster(link,
|
2015-07-30 09:02:23 -04:00
|
|
|
&netlink.Bridge{LinkAttrs: netlink.LinkAttrs{Name: bridgeName}}); err != nil {
|
|
|
|
|
logrus.Debugf("Failed to add %s to bridge via netlink.Trying ioctl: %v", ifaceName, err)
|
|
|
|
|
iface, err := net.InterfaceByName(ifaceName)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return fmt.Errorf("could not find network interface %s: %v", ifaceName, err)
|
|
|
|
|
}
|
2015-06-30 02:10:30 -04:00
|
|
|
|
2015-07-30 09:02:23 -04:00
|
|
|
master, err := net.InterfaceByName(bridgeName)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return fmt.Errorf("could not find bridge %s: %v", bridgeName, err)
|
|
|
|
|
}
|
2015-06-30 02:10:30 -04:00
|
|
|
|
2015-07-30 09:02:23 -04:00
|
|
|
return ioctlAddToBridge(iface, master)
|
|
|
|
|
}
|
|
|
|
|
return nil
|
2015-06-30 02:10:30 -04:00
|
|
|
}
|
|
|
|
|
|
2016-05-16 14:51:40 -04:00
|
|
|
func setHairpinMode(nlh *netlink.Handle, link netlink.Link, enable bool) error {
|
|
|
|
|
err := nlh.LinkSetHairpin(link, enable)
|
2015-07-23 16:00:36 -04:00
|
|
|
if err != nil && err != syscall.EINVAL {
|
|
|
|
|
// If error is not EINVAL something else went wrong, bail out right away
|
|
|
|
|
return fmt.Errorf("unable to set hairpin mode on %s via netlink: %v",
|
|
|
|
|
link.Attrs().Name, err)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Hairpin mode successfully set up
|
|
|
|
|
if err == nil {
|
|
|
|
|
return nil
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// The netlink method failed with EINVAL which is probably because of an older
|
|
|
|
|
// kernel. Try one more time via the sysfs method.
|
|
|
|
|
path := filepath.Join("/sys/class/net", link.Attrs().Name, "brport/hairpin_mode")
|
|
|
|
|
|
|
|
|
|
var val []byte
|
|
|
|
|
if enable {
|
|
|
|
|
val = []byte{'1', '\n'}
|
|
|
|
|
} else {
|
|
|
|
|
val = []byte{'0', '\n'}
|
|
|
|
|
}
|
|
|
|
|
|
2021-08-24 06:10:50 -04:00
|
|
|
if err := os.WriteFile(path, val, 0644); err != nil {
|
2015-07-23 16:00:36 -04:00
|
|
|
return fmt.Errorf("unable to set hairpin mode on %s via sysfs: %v", link.Attrs().Name, err)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return nil
|
|
|
|
|
}
|
|
|
|
|
|
2015-10-03 19:11:50 -04:00
|
|
|
func (d *driver) CreateEndpoint(nid, eid string, ifInfo driverapi.InterfaceInfo, epOptions map[string]interface{}) error {
|
2015-08-31 14:55:58 -04:00
|
|
|
defer osl.InitOSContext()()
|
|
|
|
|
|
2015-10-03 19:11:50 -04:00
|
|
|
if ifInfo == nil {
|
|
|
|
|
return errors.New("invalid interface info passed")
|
2015-05-14 02:23:45 -04:00
|
|
|
}
|
|
|
|
|
|
2015-04-20 07:23:04 -04:00
|
|
|
// Get the network handler and make sure it exists
|
2015-04-13 14:40:42 -04:00
|
|
|
d.Lock()
|
2015-05-21 16:13:19 -04:00
|
|
|
n, ok := d.networks[nid]
|
2015-06-11 21:12:00 -04:00
|
|
|
dconfig := d.config
|
2015-06-08 22:23:24 -04:00
|
|
|
d.Unlock()
|
|
|
|
|
|
2015-05-21 16:13:19 -04:00
|
|
|
if !ok {
|
|
|
|
|
return types.NotFoundErrorf("network %s does not exist", nid)
|
|
|
|
|
}
|
2015-04-13 14:40:42 -04:00
|
|
|
if n == nil {
|
2015-05-14 17:56:15 -04:00
|
|
|
return driverapi.ErrNoNetwork(nid)
|
2015-04-13 14:40:42 -04:00
|
|
|
}
|
|
|
|
|
|
2015-04-20 07:23:04 -04:00
|
|
|
// Sanity check
|
2015-04-13 14:40:42 -04:00
|
|
|
n.Lock()
|
|
|
|
|
if n.id != nid {
|
|
|
|
|
n.Unlock()
|
2015-05-14 02:23:45 -04:00
|
|
|
return InvalidNetworkIDError(nid)
|
2015-04-13 14:40:42 -04:00
|
|
|
}
|
2015-04-20 07:23:04 -04:00
|
|
|
n.Unlock()
|
2015-04-13 14:40:42 -04:00
|
|
|
|
2015-04-20 07:23:04 -04:00
|
|
|
// Check if endpoint id is good and retrieve correspondent endpoint
|
2015-04-28 01:57:36 -04:00
|
|
|
ep, err := n.getEndpoint(eid)
|
2015-04-20 07:23:04 -04:00
|
|
|
if err != nil {
|
2015-05-14 02:23:45 -04:00
|
|
|
return err
|
2015-04-20 07:23:04 -04:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Endpoint with that id exists either on desired or other sandbox
|
|
|
|
|
if ep != nil {
|
2015-05-14 17:56:15 -04:00
|
|
|
return driverapi.ErrEndpointExists(eid)
|
2015-04-20 07:23:04 -04:00
|
|
|
}
|
|
|
|
|
|
2015-04-23 14:15:15 -04:00
|
|
|
// Try to convert the options to endpoint configuration
|
|
|
|
|
epConfig, err := parseEndpointOptions(epOptions)
|
|
|
|
|
if err != nil {
|
2015-05-14 02:23:45 -04:00
|
|
|
return err
|
2015-04-23 14:15:15 -04:00
|
|
|
}
|
|
|
|
|
|
2015-04-20 07:23:04 -04:00
|
|
|
// Create and add the endpoint
|
2015-04-28 01:57:36 -04:00
|
|
|
n.Lock()
|
2016-06-10 11:30:56 -04:00
|
|
|
endpoint := &bridgeEndpoint{id: eid, nid: nid, config: epConfig}
|
2015-04-28 01:57:36 -04:00
|
|
|
n.endpoints[eid] = endpoint
|
2015-04-13 14:40:42 -04:00
|
|
|
n.Unlock()
|
2015-04-20 07:23:04 -04:00
|
|
|
|
|
|
|
|
// On failure make sure to remove the endpoint
|
2015-04-13 14:40:42 -04:00
|
|
|
defer func() {
|
|
|
|
|
if err != nil {
|
|
|
|
|
n.Lock()
|
2015-04-28 01:57:36 -04:00
|
|
|
delete(n.endpoints, eid)
|
2015-04-13 14:40:42 -04:00
|
|
|
n.Unlock()
|
|
|
|
|
}
|
|
|
|
|
}()
|
|
|
|
|
|
2015-04-20 07:23:04 -04:00
|
|
|
// Generate a name for what will be the host side pipe interface
|
2016-05-16 14:51:40 -04:00
|
|
|
hostIfName, err := netutils.GenerateIfaceName(d.nlh, vethPrefix, vethLen)
|
2015-04-13 14:40:42 -04:00
|
|
|
if err != nil {
|
2015-05-14 02:23:45 -04:00
|
|
|
return err
|
2015-04-13 14:40:42 -04:00
|
|
|
}
|
|
|
|
|
|
2015-04-20 07:23:04 -04:00
|
|
|
// Generate a name for what will be the sandbox side pipe interface
|
2016-05-16 14:51:40 -04:00
|
|
|
containerIfName, err := netutils.GenerateIfaceName(d.nlh, vethPrefix, vethLen)
|
2015-04-13 14:40:42 -04:00
|
|
|
if err != nil {
|
2015-05-14 02:23:45 -04:00
|
|
|
return err
|
2015-04-13 14:40:42 -04:00
|
|
|
}
|
|
|
|
|
|
2015-04-20 07:23:04 -04:00
|
|
|
// Generate and add the interface pipe host <-> sandbox
|
2015-04-13 14:40:42 -04:00
|
|
|
veth := &netlink.Veth{
|
2015-06-30 02:10:30 -04:00
|
|
|
LinkAttrs: netlink.LinkAttrs{Name: hostIfName, TxQLen: 0},
|
|
|
|
|
PeerName: containerIfName}
|
2016-05-16 14:51:40 -04:00
|
|
|
if err = d.nlh.LinkAdd(veth); err != nil {
|
2015-07-02 01:00:48 -04:00
|
|
|
return types.InternalErrorf("failed to add the host (%s) <=> sandbox (%s) pair interfaces: %v", hostIfName, containerIfName, err)
|
2015-04-13 14:40:42 -04:00
|
|
|
}
|
|
|
|
|
|
2015-04-20 07:23:04 -04:00
|
|
|
// Get the host side pipe interface handler
|
2016-05-16 14:51:40 -04:00
|
|
|
host, err := d.nlh.LinkByName(hostIfName)
|
2015-04-13 14:40:42 -04:00
|
|
|
if err != nil {
|
2015-07-02 01:00:48 -04:00
|
|
|
return types.InternalErrorf("failed to find host side interface %s: %v", hostIfName, err)
|
2015-04-13 14:40:42 -04:00
|
|
|
}
|
|
|
|
|
defer func() {
|
|
|
|
|
if err != nil {
|
2018-02-28 12:38:35 -05:00
|
|
|
if err := d.nlh.LinkDel(host); err != nil {
|
|
|
|
|
logrus.WithError(err).Warnf("Failed to delete host side interface (%s)'s link", hostIfName)
|
|
|
|
|
}
|
2015-04-13 14:40:42 -04:00
|
|
|
}
|
|
|
|
|
}()
|
|
|
|
|
|
2015-04-20 07:23:04 -04:00
|
|
|
// Get the sandbox side pipe interface handler
|
2016-05-16 14:51:40 -04:00
|
|
|
sbox, err := d.nlh.LinkByName(containerIfName)
|
2015-04-13 14:40:42 -04:00
|
|
|
if err != nil {
|
2015-07-02 01:00:48 -04:00
|
|
|
return types.InternalErrorf("failed to find sandbox side interface %s: %v", containerIfName, err)
|
2015-02-22 20:24:22 -05:00
|
|
|
}
|
2015-04-23 16:39:41 -04:00
|
|
|
defer func() {
|
|
|
|
|
if err != nil {
|
2018-02-28 12:38:35 -05:00
|
|
|
if err := d.nlh.LinkDel(sbox); err != nil {
|
|
|
|
|
logrus.WithError(err).Warnf("Failed to delete sandbox side interface (%s)'s link", containerIfName)
|
|
|
|
|
}
|
2015-04-23 16:39:41 -04:00
|
|
|
}
|
|
|
|
|
}()
|
2015-04-23 14:15:15 -04:00
|
|
|
|
2015-06-08 22:23:24 -04:00
|
|
|
n.Lock()
|
|
|
|
|
config := n.config
|
|
|
|
|
n.Unlock()
|
|
|
|
|
|
2015-04-23 16:39:41 -04:00
|
|
|
// Add bridge inherited attributes to pipe interfaces
|
|
|
|
|
if config.Mtu != 0 {
|
2016-05-16 14:51:40 -04:00
|
|
|
err = d.nlh.LinkSetMTU(host, config.Mtu)
|
2015-04-13 14:40:42 -04:00
|
|
|
if err != nil {
|
2015-07-02 01:00:48 -04:00
|
|
|
return types.InternalErrorf("failed to set MTU on host interface %s: %v", hostIfName, err)
|
2015-04-13 14:40:42 -04:00
|
|
|
}
|
2016-05-16 14:51:40 -04:00
|
|
|
err = d.nlh.LinkSetMTU(sbox, config.Mtu)
|
2015-04-23 16:39:41 -04:00
|
|
|
if err != nil {
|
2015-07-02 01:00:48 -04:00
|
|
|
return types.InternalErrorf("failed to set MTU on sandbox interface %s: %v", containerIfName, err)
|
2015-04-23 16:39:41 -04:00
|
|
|
}
|
|
|
|
|
}
|
2015-04-13 14:40:42 -04:00
|
|
|
|
2015-04-20 07:23:04 -04:00
|
|
|
// Attach host side pipe interface into the bridge
|
2016-05-16 14:51:40 -04:00
|
|
|
if err = addToBridge(d.nlh, hostIfName, config.BridgeName); err != nil {
|
2015-06-30 02:10:30 -04:00
|
|
|
return fmt.Errorf("adding interface %s to bridge %s failed: %v", hostIfName, config.BridgeName, err)
|
2015-04-13 14:40:42 -04:00
|
|
|
}
|
|
|
|
|
|
2015-06-11 21:12:00 -04:00
|
|
|
if !dconfig.EnableUserlandProxy {
|
2016-05-16 14:51:40 -04:00
|
|
|
err = setHairpinMode(d.nlh, host, true)
|
2015-06-11 19:53:20 -04:00
|
|
|
if err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2015-10-29 03:04:08 -04:00
|
|
|
// Store the sandbox side pipe interface parameters
|
2015-10-05 17:53:25 -04:00
|
|
|
endpoint.srcName = containerIfName
|
|
|
|
|
endpoint.macAddress = ifInfo.MacAddress()
|
|
|
|
|
endpoint.addr = ifInfo.Address()
|
|
|
|
|
endpoint.addrv6 = ifInfo.AddressIPv6()
|
2015-04-13 14:40:42 -04:00
|
|
|
|
2015-10-29 03:04:08 -04:00
|
|
|
// Set the sbox's MAC if not provided. If specified, use the one configured by user, otherwise generate one based on IP.
|
2015-10-05 17:53:25 -04:00
|
|
|
if endpoint.macAddress == nil {
|
|
|
|
|
endpoint.macAddress = electMacAddress(epConfig, endpoint.addr.IP)
|
2015-10-29 03:04:08 -04:00
|
|
|
if err = ifInfo.SetMacAddress(endpoint.macAddress); err != nil {
|
2015-10-05 17:53:25 -04:00
|
|
|
return err
|
|
|
|
|
}
|
2015-10-04 22:08:31 -04:00
|
|
|
}
|
2015-06-10 17:21:24 -04:00
|
|
|
|
2015-06-30 14:08:16 -04:00
|
|
|
// Up the host interface after finishing all netlink configuration
|
2016-05-16 14:51:40 -04:00
|
|
|
if err = d.nlh.LinkSetUp(host); err != nil {
|
2015-06-30 14:08:16 -04:00
|
|
|
return fmt.Errorf("could not set link up for host interface %s: %v", hostIfName, err)
|
|
|
|
|
}
|
|
|
|
|
|
2015-10-05 17:53:25 -04:00
|
|
|
if endpoint.addrv6 == nil && config.EnableIPv6 {
|
|
|
|
|
var ip6 net.IP
|
|
|
|
|
network := n.bridge.bridgeIPv6
|
2015-11-06 02:50:10 -05:00
|
|
|
if config.AddressIPv6 != nil {
|
|
|
|
|
network = config.AddressIPv6
|
|
|
|
|
}
|
|
|
|
|
|
2015-10-05 17:53:25 -04:00
|
|
|
ones, _ := network.Mask.Size()
|
2015-11-06 02:50:10 -05:00
|
|
|
if ones > 80 {
|
|
|
|
|
err = types.ForbiddenErrorf("Cannot self generate an IPv6 address on network %v: At least 48 host bits are needed.", network)
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
ip6 = make(net.IP, len(network.IP))
|
|
|
|
|
copy(ip6, network.IP)
|
|
|
|
|
for i, h := range endpoint.macAddress {
|
|
|
|
|
ip6[i+10] = h
|
2015-10-05 17:53:25 -04:00
|
|
|
}
|
2015-04-20 07:23:04 -04:00
|
|
|
|
2015-10-05 17:53:25 -04:00
|
|
|
endpoint.addrv6 = &net.IPNet{IP: ip6, Mask: network.Mask}
|
2015-10-29 03:04:08 -04:00
|
|
|
if err = ifInfo.SetIPAddress(endpoint.addrv6); err != nil {
|
2015-10-05 17:53:25 -04:00
|
|
|
return err
|
|
|
|
|
}
|
2015-05-14 02:23:45 -04:00
|
|
|
}
|
|
|
|
|
|
2016-06-10 11:30:56 -04:00
|
|
|
if err = d.storeUpdate(endpoint); err != nil {
|
2018-07-05 16:33:01 -04:00
|
|
|
return fmt.Errorf("failed to save bridge endpoint %.7s to store: %v", endpoint.id, err)
|
2016-06-10 11:30:56 -04:00
|
|
|
}
|
|
|
|
|
|
2015-05-14 02:23:45 -04:00
|
|
|
return nil
|
2015-04-13 14:40:42 -04:00
|
|
|
}
|
|
|
|
|
|
2015-07-02 01:00:48 -04:00
|
|
|
func (d *driver) DeleteEndpoint(nid, eid string) error {
|
2015-04-13 14:40:42 -04:00
|
|
|
var err error
|
|
|
|
|
|
2015-08-31 14:55:58 -04:00
|
|
|
defer osl.InitOSContext()()
|
|
|
|
|
|
2015-04-20 07:23:04 -04:00
|
|
|
// Get the network handler and make sure it exists
|
2015-04-13 14:40:42 -04:00
|
|
|
d.Lock()
|
2015-05-21 16:13:19 -04:00
|
|
|
n, ok := d.networks[nid]
|
2015-06-08 22:23:24 -04:00
|
|
|
d.Unlock()
|
|
|
|
|
|
2015-05-21 16:13:19 -04:00
|
|
|
if !ok {
|
2015-10-16 19:11:55 -04:00
|
|
|
return types.InternalMaskableErrorf("network %s does not exist", nid)
|
2015-05-21 16:13:19 -04:00
|
|
|
}
|
2015-04-13 14:40:42 -04:00
|
|
|
if n == nil {
|
2015-05-14 17:56:15 -04:00
|
|
|
return driverapi.ErrNoNetwork(nid)
|
2015-04-13 14:40:42 -04:00
|
|
|
}
|
|
|
|
|
|
2015-04-20 07:23:04 -04:00
|
|
|
// Sanity Check
|
2015-04-13 14:40:42 -04:00
|
|
|
n.Lock()
|
|
|
|
|
if n.id != nid {
|
|
|
|
|
n.Unlock()
|
2015-04-16 22:47:12 -04:00
|
|
|
return InvalidNetworkIDError(nid)
|
2015-04-13 14:40:42 -04:00
|
|
|
}
|
2015-04-20 07:23:04 -04:00
|
|
|
n.Unlock()
|
2015-04-13 14:40:42 -04:00
|
|
|
|
2015-04-20 07:23:04 -04:00
|
|
|
// Check endpoint id and if an endpoint is actually there
|
2015-04-28 01:57:36 -04:00
|
|
|
ep, err := n.getEndpoint(eid)
|
2015-04-20 07:23:04 -04:00
|
|
|
if err != nil {
|
|
|
|
|
return err
|
2015-04-13 14:40:42 -04:00
|
|
|
}
|
2015-04-20 07:23:04 -04:00
|
|
|
if ep == nil {
|
|
|
|
|
return EndpointNotFoundError(eid)
|
2015-04-13 14:40:42 -04:00
|
|
|
}
|
|
|
|
|
|
2015-04-20 07:23:04 -04:00
|
|
|
// Remove it
|
|
|
|
|
n.Lock()
|
2015-04-28 01:57:36 -04:00
|
|
|
delete(n.endpoints, eid)
|
2015-04-13 14:40:42 -04:00
|
|
|
n.Unlock()
|
2015-04-20 07:23:04 -04:00
|
|
|
|
|
|
|
|
// On failure make sure to set back ep in n.endpoints, but only
|
|
|
|
|
// if it hasn't been taken over already by some other thread.
|
2015-04-13 14:40:42 -04:00
|
|
|
defer func() {
|
|
|
|
|
if err != nil {
|
|
|
|
|
n.Lock()
|
2015-04-28 01:57:36 -04:00
|
|
|
if _, ok := n.endpoints[eid]; !ok {
|
|
|
|
|
n.endpoints[eid] = ep
|
2015-04-13 14:40:42 -04:00
|
|
|
}
|
|
|
|
|
n.Unlock()
|
|
|
|
|
}
|
|
|
|
|
}()
|
2015-02-22 20:24:22 -05:00
|
|
|
|
2015-11-05 14:59:12 -05:00
|
|
|
// Try removal of link. Discard error: it is a best effort.
|
|
|
|
|
// Also make sure defer does not see this error either.
|
2016-05-16 14:51:40 -04:00
|
|
|
if link, err := d.nlh.LinkByName(ep.srcName); err == nil {
|
2018-02-28 12:38:35 -05:00
|
|
|
if err := d.nlh.LinkDel(link); err != nil {
|
|
|
|
|
logrus.WithError(err).Errorf("Failed to delete interface (%s)'s link on endpoint (%s) delete", ep.srcName, ep.id)
|
|
|
|
|
}
|
2015-04-20 07:23:04 -04:00
|
|
|
}
|
|
|
|
|
|
2016-06-10 11:30:56 -04:00
|
|
|
if err := d.storeDelete(ep); err != nil {
|
2018-07-05 16:33:01 -04:00
|
|
|
logrus.Warnf("Failed to remove bridge endpoint %.7s from store: %v", ep.id, err)
|
2016-06-10 11:30:56 -04:00
|
|
|
}
|
|
|
|
|
|
2015-04-13 14:40:42 -04:00
|
|
|
return nil
|
|
|
|
|
}
|
|
|
|
|
|
2015-07-02 01:00:48 -04:00
|
|
|
func (d *driver) EndpointOperInfo(nid, eid string) (map[string]interface{}, error) {
|
2015-05-04 14:49:53 -04:00
|
|
|
// Get the network handler and make sure it exists
|
|
|
|
|
d.Lock()
|
2015-05-21 16:13:19 -04:00
|
|
|
n, ok := d.networks[nid]
|
2015-06-08 22:23:24 -04:00
|
|
|
d.Unlock()
|
2015-05-21 16:13:19 -04:00
|
|
|
if !ok {
|
|
|
|
|
return nil, types.NotFoundErrorf("network %s does not exist", nid)
|
|
|
|
|
}
|
2015-05-04 14:49:53 -04:00
|
|
|
if n == nil {
|
2015-05-14 17:56:15 -04:00
|
|
|
return nil, driverapi.ErrNoNetwork(nid)
|
2015-05-04 14:49:53 -04:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Sanity check
|
|
|
|
|
n.Lock()
|
|
|
|
|
if n.id != nid {
|
|
|
|
|
n.Unlock()
|
|
|
|
|
return nil, InvalidNetworkIDError(nid)
|
|
|
|
|
}
|
|
|
|
|
n.Unlock()
|
|
|
|
|
|
|
|
|
|
// Check if endpoint id is good and retrieve correspondent endpoint
|
|
|
|
|
ep, err := n.getEndpoint(eid)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
if ep == nil {
|
2015-05-14 17:56:15 -04:00
|
|
|
return nil, driverapi.ErrNoEndpoint(eid)
|
2015-05-04 14:49:53 -04:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
m := make(map[string]interface{})
|
|
|
|
|
|
2015-12-07 17:45:51 -05:00
|
|
|
if ep.extConnConfig != nil && ep.extConnConfig.ExposedPorts != nil {
|
2015-06-03 23:28:15 -04:00
|
|
|
// Return a copy of the config data
|
2015-12-07 17:45:51 -05:00
|
|
|
epc := make([]types.TransportPort, 0, len(ep.extConnConfig.ExposedPorts))
|
|
|
|
|
for _, tp := range ep.extConnConfig.ExposedPorts {
|
2015-06-03 23:28:15 -04:00
|
|
|
epc = append(epc, tp.GetCopy())
|
|
|
|
|
}
|
|
|
|
|
m[netlabel.ExposedPorts] = epc
|
|
|
|
|
}
|
|
|
|
|
|
2015-05-04 14:49:53 -04:00
|
|
|
if ep.portMapping != nil {
|
|
|
|
|
// Return a copy of the operational data
|
2015-05-20 16:28:46 -04:00
|
|
|
pmc := make([]types.PortBinding, 0, len(ep.portMapping))
|
2015-05-04 14:49:53 -04:00
|
|
|
for _, pm := range ep.portMapping {
|
|
|
|
|
pmc = append(pmc, pm.GetCopy())
|
|
|
|
|
}
|
2015-05-06 00:19:57 -04:00
|
|
|
m[netlabel.PortMap] = pmc
|
2015-05-04 14:49:53 -04:00
|
|
|
}
|
|
|
|
|
|
2015-05-04 23:27:34 -04:00
|
|
|
if len(ep.macAddress) != 0 {
|
2015-05-06 00:19:57 -04:00
|
|
|
m[netlabel.MacAddress] = ep.macAddress
|
2015-05-04 23:27:34 -04:00
|
|
|
}
|
|
|
|
|
|
2015-05-04 14:49:53 -04:00
|
|
|
return m, nil
|
|
|
|
|
}
|
|
|
|
|
|
2015-04-30 17:52:46 -04:00
|
|
|
// Join method is invoked when a Sandbox is attached to an endpoint.
|
2015-07-02 01:00:48 -04:00
|
|
|
func (d *driver) Join(nid, eid string, sboxKey string, jinfo driverapi.JoinInfo, options map[string]interface{}) error {
|
2015-08-31 14:55:58 -04:00
|
|
|
defer osl.InitOSContext()()
|
|
|
|
|
|
2015-05-06 01:51:26 -04:00
|
|
|
network, err := d.getNetwork(nid)
|
|
|
|
|
if err != nil {
|
2015-05-14 02:23:45 -04:00
|
|
|
return err
|
2015-05-06 01:51:26 -04:00
|
|
|
}
|
|
|
|
|
|
2015-05-14 02:23:45 -04:00
|
|
|
endpoint, err := network.getEndpoint(eid)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return err
|
2015-05-01 20:14:04 -04:00
|
|
|
}
|
2015-05-06 01:51:26 -04:00
|
|
|
|
2015-05-14 02:23:45 -04:00
|
|
|
if endpoint == nil {
|
|
|
|
|
return EndpointNotFoundError(eid)
|
|
|
|
|
}
|
2015-04-30 17:52:46 -04:00
|
|
|
|
2015-12-07 17:45:51 -05:00
|
|
|
endpoint.containerConfig, err = parseContainerOptions(options)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
|
2015-09-09 19:06:35 -04:00
|
|
|
iNames := jinfo.InterfaceName()
|
2017-02-27 17:23:12 -05:00
|
|
|
containerVethPrefix := defaultContainerVethPrefix
|
|
|
|
|
if network.config.ContainerIfacePrefix != "" {
|
|
|
|
|
containerVethPrefix = network.config.ContainerIfacePrefix
|
|
|
|
|
}
|
2015-09-09 19:06:35 -04:00
|
|
|
err = iNames.SetNames(endpoint.srcName, containerVethPrefix)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return err
|
2015-05-14 02:23:45 -04:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
err = jinfo.SetGateway(network.bridge.gatewayIPv4)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
err = jinfo.SetGatewayIPv6(network.bridge.gatewayIPv6)
|
2015-05-06 01:51:26 -04:00
|
|
|
if err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
|
2015-05-04 16:33:53 -04:00
|
|
|
return nil
|
2015-05-01 20:14:04 -04:00
|
|
|
}
|
|
|
|
|
|
2015-05-14 02:23:45 -04:00
|
|
|
// Leave method is invoked when a Sandbox detaches from an endpoint.
|
2015-07-02 01:00:48 -04:00
|
|
|
func (d *driver) Leave(nid, eid string) error {
|
2015-08-31 14:55:58 -04:00
|
|
|
defer osl.InitOSContext()()
|
|
|
|
|
|
2015-05-01 20:14:04 -04:00
|
|
|
network, err := d.getNetwork(nid)
|
|
|
|
|
if err != nil {
|
2015-10-16 19:11:55 -04:00
|
|
|
return types.InternalMaskableErrorf("%s", err)
|
2015-05-01 20:14:04 -04:00
|
|
|
}
|
2015-05-14 02:23:45 -04:00
|
|
|
|
2015-05-01 20:14:04 -04:00
|
|
|
endpoint, err := network.getEndpoint(eid)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if endpoint == nil {
|
|
|
|
|
return EndpointNotFoundError(eid)
|
|
|
|
|
}
|
|
|
|
|
|
2015-05-14 02:23:45 -04:00
|
|
|
if !network.config.EnableICC {
|
2015-12-07 17:45:51 -05:00
|
|
|
if err = d.link(network, endpoint, false); err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
2015-05-14 02:23:45 -04:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return nil
|
|
|
|
|
}
|
|
|
|
|
|
2015-12-07 17:45:51 -05:00
|
|
|
func (d *driver) ProgramExternalConnectivity(nid, eid string, options map[string]interface{}) error {
|
|
|
|
|
defer osl.InitOSContext()()
|
2015-05-14 02:23:45 -04:00
|
|
|
|
2015-12-07 17:45:51 -05:00
|
|
|
network, err := d.getNetwork(nid)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
endpoint, err := network.getEndpoint(eid)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if endpoint == nil {
|
|
|
|
|
return EndpointNotFoundError(eid)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
endpoint.extConnConfig, err = parseConnectivityOptions(options)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Program any required port mapping and store them in the endpoint
|
|
|
|
|
endpoint.portMapping, err = network.allocatePorts(endpoint, network.config.DefaultBindingIP, d.config.EnableUserlandProxy)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
|
2016-09-02 13:08:09 -04:00
|
|
|
defer func() {
|
|
|
|
|
if err != nil {
|
|
|
|
|
if e := network.releasePorts(endpoint); e != nil {
|
|
|
|
|
logrus.Errorf("Failed to release ports allocated for the bridge endpoint %s on failure %v because of %v",
|
|
|
|
|
eid, err, e)
|
|
|
|
|
}
|
|
|
|
|
endpoint.portMapping = nil
|
|
|
|
|
}
|
|
|
|
|
}()
|
|
|
|
|
|
2016-06-10 11:30:56 -04:00
|
|
|
if err = d.storeUpdate(endpoint); err != nil {
|
2018-07-05 16:33:01 -04:00
|
|
|
return fmt.Errorf("failed to update bridge endpoint %.7s to store: %v", endpoint.id, err)
|
2016-06-10 11:30:56 -04:00
|
|
|
}
|
|
|
|
|
|
2015-12-07 17:45:51 -05:00
|
|
|
if !network.config.EnableICC {
|
|
|
|
|
return d.link(network, endpoint, true)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return nil
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func (d *driver) RevokeExternalConnectivity(nid, eid string) error {
|
|
|
|
|
defer osl.InitOSContext()()
|
|
|
|
|
|
|
|
|
|
network, err := d.getNetwork(nid)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
endpoint, err := network.getEndpoint(eid)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if endpoint == nil {
|
|
|
|
|
return EndpointNotFoundError(eid)
|
2015-05-01 20:14:04 -04:00
|
|
|
}
|
2015-05-05 20:33:08 -04:00
|
|
|
|
2015-12-07 17:45:51 -05:00
|
|
|
err = network.releasePorts(endpoint)
|
|
|
|
|
if err != nil {
|
|
|
|
|
logrus.Warn(err)
|
|
|
|
|
}
|
|
|
|
|
|
2016-05-25 14:41:36 -04:00
|
|
|
endpoint.portMapping = nil
|
|
|
|
|
|
2017-04-06 15:26:08 -04:00
|
|
|
// Clean the connection tracker state of the host for the specific endpoint
|
|
|
|
|
// The host kernel keeps track of the connections (TCP and UDP), so if a new endpoint gets the same IP of
|
|
|
|
|
// this one (that is going down), is possible that some of the packets would not be routed correctly inside
|
|
|
|
|
// the new endpoint
|
|
|
|
|
// Deeper details: https://github.com/docker/docker/issues/8795
|
|
|
|
|
clearEndpointConnections(d.nlh, endpoint)
|
|
|
|
|
|
2016-05-25 14:41:36 -04:00
|
|
|
if err = d.storeUpdate(endpoint); err != nil {
|
2018-07-05 16:33:01 -04:00
|
|
|
return fmt.Errorf("failed to update bridge endpoint %.7s to store: %v", endpoint.id, err)
|
2016-05-25 14:41:36 -04:00
|
|
|
}
|
|
|
|
|
|
2015-12-07 17:45:51 -05:00
|
|
|
return nil
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func (d *driver) link(network *bridgeNetwork, endpoint *bridgeEndpoint, enable bool) error {
|
|
|
|
|
var err error
|
|
|
|
|
|
|
|
|
|
cc := endpoint.containerConfig
|
2015-05-01 20:14:04 -04:00
|
|
|
if cc == nil {
|
|
|
|
|
return nil
|
|
|
|
|
}
|
2015-12-07 17:45:51 -05:00
|
|
|
ec := endpoint.extConnConfig
|
|
|
|
|
if ec == nil {
|
|
|
|
|
return nil
|
|
|
|
|
}
|
2015-05-01 20:14:04 -04:00
|
|
|
|
2015-12-07 17:45:51 -05:00
|
|
|
if ec.ExposedPorts != nil {
|
2015-05-05 16:46:11 -04:00
|
|
|
for _, p := range cc.ParentEndpoints {
|
2015-05-01 20:14:04 -04:00
|
|
|
var parentEndpoint *bridgeEndpoint
|
2015-07-02 01:00:48 -04:00
|
|
|
parentEndpoint, err = network.getEndpoint(p)
|
2015-05-01 20:14:04 -04:00
|
|
|
if err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
if parentEndpoint == nil {
|
2015-05-05 16:46:11 -04:00
|
|
|
err = InvalidEndpointIDError(p)
|
2015-05-01 20:14:04 -04:00
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
|
2015-06-04 23:21:23 -04:00
|
|
|
l := newLink(parentEndpoint.addr.IP.String(),
|
|
|
|
|
endpoint.addr.IP.String(),
|
2015-12-07 17:45:51 -05:00
|
|
|
ec.ExposedPorts, network.config.BridgeName)
|
2015-05-01 20:14:04 -04:00
|
|
|
if enable {
|
|
|
|
|
err = l.Enable()
|
|
|
|
|
if err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
defer func() {
|
|
|
|
|
if err != nil {
|
|
|
|
|
l.Disable()
|
|
|
|
|
}
|
|
|
|
|
}()
|
|
|
|
|
} else {
|
|
|
|
|
l.Disable()
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2015-05-05 16:46:11 -04:00
|
|
|
for _, c := range cc.ChildEndpoints {
|
2015-05-01 20:14:04 -04:00
|
|
|
var childEndpoint *bridgeEndpoint
|
2015-07-02 01:00:48 -04:00
|
|
|
childEndpoint, err = network.getEndpoint(c)
|
2015-05-01 20:14:04 -04:00
|
|
|
if err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
if childEndpoint == nil {
|
2015-05-05 16:46:11 -04:00
|
|
|
err = InvalidEndpointIDError(c)
|
2015-05-01 20:14:04 -04:00
|
|
|
return err
|
|
|
|
|
}
|
2015-12-07 17:45:51 -05:00
|
|
|
if childEndpoint.extConnConfig == nil || childEndpoint.extConnConfig.ExposedPorts == nil {
|
2015-05-01 20:14:04 -04:00
|
|
|
continue
|
|
|
|
|
}
|
2015-05-06 01:51:26 -04:00
|
|
|
|
2015-06-04 23:21:23 -04:00
|
|
|
l := newLink(endpoint.addr.IP.String(),
|
|
|
|
|
childEndpoint.addr.IP.String(),
|
2015-12-07 17:45:51 -05:00
|
|
|
childEndpoint.extConnConfig.ExposedPorts, network.config.BridgeName)
|
2015-05-01 20:14:04 -04:00
|
|
|
if enable {
|
|
|
|
|
err = l.Enable()
|
|
|
|
|
if err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
defer func() {
|
|
|
|
|
if err != nil {
|
|
|
|
|
l.Disable()
|
|
|
|
|
}
|
|
|
|
|
}()
|
|
|
|
|
} else {
|
|
|
|
|
l.Disable()
|
|
|
|
|
}
|
|
|
|
|
}
|
2015-05-05 20:33:08 -04:00
|
|
|
|
2015-04-30 17:52:46 -04:00
|
|
|
return nil
|
|
|
|
|
}
|
|
|
|
|
|
2015-04-22 19:47:07 -04:00
|
|
|
func (d *driver) Type() string {
|
|
|
|
|
return networkType
|
|
|
|
|
}
|
|
|
|
|
|
2016-12-18 22:56:34 -05:00
|
|
|
func (d *driver) IsBuiltIn() bool {
|
|
|
|
|
return true
|
|
|
|
|
}
|
|
|
|
|
|
2015-09-18 15:54:08 -04:00
|
|
|
// DiscoverNew is a notification for a new discovery event, such as a new node joining a cluster
|
2016-01-28 14:54:03 -05:00
|
|
|
func (d *driver) DiscoverNew(dType discoverapi.DiscoveryType, data interface{}) error {
|
2015-09-18 15:54:08 -04:00
|
|
|
return nil
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// DiscoverDelete is a notification for a discovery delete event, such as a node leaving a cluster
|
2016-01-28 14:54:03 -05:00
|
|
|
func (d *driver) DiscoverDelete(dType discoverapi.DiscoveryType, data interface{}) error {
|
2015-09-18 15:54:08 -04:00
|
|
|
return nil
|
|
|
|
|
}
|
|
|
|
|
|
2015-05-22 13:56:36 -04:00
|
|
|
func parseEndpointOptions(epOptions map[string]interface{}) (*endpointConfiguration, error) {
|
2015-04-23 14:15:15 -04:00
|
|
|
if epOptions == nil {
|
|
|
|
|
return nil, nil
|
|
|
|
|
}
|
2015-05-01 20:01:21 -04:00
|
|
|
|
2015-05-22 13:56:36 -04:00
|
|
|
ec := &endpointConfiguration{}
|
2015-05-01 20:01:21 -04:00
|
|
|
|
2015-05-06 00:19:57 -04:00
|
|
|
if opt, ok := epOptions[netlabel.MacAddress]; ok {
|
2015-05-01 20:01:21 -04:00
|
|
|
if mac, ok := opt.(net.HardwareAddr); ok {
|
|
|
|
|
ec.MacAddress = mac
|
|
|
|
|
} else {
|
2015-05-14 17:56:15 -04:00
|
|
|
return nil, &ErrInvalidEndpointConfig{}
|
2015-05-01 20:01:21 -04:00
|
|
|
}
|
2015-04-30 20:57:06 -04:00
|
|
|
}
|
2015-05-01 20:01:21 -04:00
|
|
|
|
2015-12-07 17:45:51 -05:00
|
|
|
return ec, nil
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func parseContainerOptions(cOptions map[string]interface{}) (*containerConfiguration, error) {
|
|
|
|
|
if cOptions == nil {
|
|
|
|
|
return nil, nil
|
|
|
|
|
}
|
2016-03-08 01:21:17 -05:00
|
|
|
genericData := cOptions[netlabel.GenericData]
|
|
|
|
|
if genericData == nil {
|
|
|
|
|
return nil, nil
|
2015-04-23 14:15:15 -04:00
|
|
|
}
|
2016-03-08 01:21:17 -05:00
|
|
|
switch opt := genericData.(type) {
|
|
|
|
|
case options.Generic:
|
|
|
|
|
opaqueConfig, err := options.GenerateFromModel(opt, &containerConfiguration{})
|
|
|
|
|
if err != nil {
|
|
|
|
|
return nil, err
|
2015-05-04 22:46:18 -04:00
|
|
|
}
|
2016-03-08 01:21:17 -05:00
|
|
|
return opaqueConfig.(*containerConfiguration), nil
|
|
|
|
|
case *containerConfiguration:
|
|
|
|
|
return opt, nil
|
|
|
|
|
default:
|
|
|
|
|
return nil, nil
|
2015-05-04 22:46:18 -04:00
|
|
|
}
|
2015-04-23 14:15:15 -04:00
|
|
|
}
|
|
|
|
|
|
2015-12-07 17:45:51 -05:00
|
|
|
func parseConnectivityOptions(cOptions map[string]interface{}) (*connectivityConfiguration, error) {
|
2015-04-30 17:52:46 -04:00
|
|
|
if cOptions == nil {
|
|
|
|
|
return nil, nil
|
|
|
|
|
}
|
2015-12-07 17:45:51 -05:00
|
|
|
|
|
|
|
|
cc := &connectivityConfiguration{}
|
|
|
|
|
|
|
|
|
|
if opt, ok := cOptions[netlabel.PortMap]; ok {
|
|
|
|
|
if pb, ok := opt.([]types.PortBinding); ok {
|
|
|
|
|
cc.PortBindings = pb
|
|
|
|
|
} else {
|
|
|
|
|
return nil, types.BadRequestErrorf("Invalid port mapping data in connectivity configuration: %v", opt)
|
|
|
|
|
}
|
2015-05-01 20:14:04 -04:00
|
|
|
}
|
2015-12-07 17:45:51 -05:00
|
|
|
|
|
|
|
|
if opt, ok := cOptions[netlabel.ExposedPorts]; ok {
|
|
|
|
|
if ports, ok := opt.([]types.TransportPort); ok {
|
|
|
|
|
cc.ExposedPorts = ports
|
|
|
|
|
} else {
|
|
|
|
|
return nil, types.BadRequestErrorf("Invalid exposed ports data in connectivity configuration: %v", opt)
|
2015-04-30 17:52:46 -04:00
|
|
|
}
|
|
|
|
|
}
|
2015-12-07 17:45:51 -05:00
|
|
|
|
|
|
|
|
return cc, nil
|
2015-04-30 17:52:46 -04:00
|
|
|
}
|
|
|
|
|
|
2015-06-10 17:21:24 -04:00
|
|
|
func electMacAddress(epConfig *endpointConfiguration, ip net.IP) net.HardwareAddr {
|
2015-05-01 16:51:17 -04:00
|
|
|
if epConfig != nil && epConfig.MacAddress != nil {
|
|
|
|
|
return epConfig.MacAddress
|
|
|
|
|
}
|
2015-07-29 18:33:45 -04:00
|
|
|
return netutils.GenerateMACFromIP(ip)
|
2015-05-01 16:51:17 -04:00
|
|
|
}
|