moby--moby/libnetwork/sandbox/configure_linux.go

package sandbox

import (
	"fmt"
	"net"
	"os"
	"runtime"

	"github.com/vishvananda/netlink"
	"github.com/vishvananda/netns"
)

func configureInterface(iface netlink.Link, settings *Interface) error {
	ifaceName := iface.Attrs().Name
	ifaceConfigurators := []struct {
		Fn         func(netlink.Link, *Interface) error
		ErrMessage string
	}{
		{setInterfaceName, fmt.Sprintf("error renaming interface %q to %q", ifaceName, settings.DstName)},
		{setInterfaceIP, fmt.Sprintf("error setting interface %q IP to %q", ifaceName, settings.Address)},
		{setInterfaceIPv6, fmt.Sprintf("error setting interface %q IPv6 to %q", ifaceName, settings.AddressIPv6)},
		{setInterfaceRoutes, fmt.Sprintf("error setting interface %q routes to %q", ifaceName, settings.Routes)},
	}

	for _, config := range ifaceConfigurators {
		if err := config.Fn(iface, settings); err != nil {
			return fmt.Errorf("%s: %v", config.ErrMessage, err)
		}
	}
	return nil
}

func programGateway(path string, gw net.IP) error {
	runtime.LockOSThread()
	defer runtime.UnlockOSThread()

	origns, err := netns.Get()
	if err != nil {
		return err
	}
	defer origns.Close()

	f, err := os.OpenFile(path, os.O_RDONLY, 0)
	if err != nil {
		return fmt.Errorf("failed get network namespace %q: %v", path, err)
	}
	defer f.Close()

	nsFD := f.Fd()
	if err = netns.Set(netns.NsHandle(nsFD)); err != nil {
		return err
	}
	defer netns.Set(origns)

	gwRoutes, err := netlink.RouteGet(gw)
	if err != nil {
		return fmt.Errorf("route for the gateway could not be found: %v", err)
	}

	return netlink.RouteAdd(&netlink.Route{
		Scope:     netlink.SCOPE_UNIVERSE,
		LinkIndex: gwRoutes[0].LinkIndex,
		Gw:        gw,
	})
}

// Program a route in to the namespace routing table.
func programRoute(path string, dest *net.IPNet, nh net.IP) error {
	runtime.LockOSThread()
	defer runtime.UnlockOSThread()

	origns, err := netns.Get()
	if err != nil {
		return err
	}
	defer origns.Close()

	f, err := os.OpenFile(path, os.O_RDONLY, 0)
	if err != nil {
		return fmt.Errorf("failed get network namespace %q: %v", path, err)
	}
	defer f.Close()

	nsFD := f.Fd()
	if err = netns.Set(netns.NsHandle(nsFD)); err != nil {
		return err
	}
	defer netns.Set(origns)

	gwRoutes, err := netlink.RouteGet(nh)
	if err != nil {
		return fmt.Errorf("route for the next hop could not be found: %v", err)
	}

	return netlink.RouteAdd(&netlink.Route{
		Scope:     netlink.SCOPE_UNIVERSE,
		LinkIndex: gwRoutes[0].LinkIndex,
		Gw:        gwRoutes[0].Gw,
		Dst:       dest,
	})
}

// Delete a route from the namespace routing table.
func removeRoute(path string, dest *net.IPNet, nh net.IP) error {
	runtime.LockOSThread()
	defer runtime.UnlockOSThread()

	origns, err := netns.Get()
	if err != nil {
		return err
	}
	defer origns.Close()

	f, err := os.OpenFile(path, os.O_RDONLY, 0)
	if err != nil {
		return fmt.Errorf("failed get network namespace %q: %v", path, err)
	}
	defer f.Close()

	nsFD := f.Fd()
	if err = netns.Set(netns.NsHandle(nsFD)); err != nil {
		return err
	}
	defer netns.Set(origns)

	gwRoutes, err := netlink.RouteGet(nh)
	if err != nil {
		return fmt.Errorf("route for the next hop could not be found: %v", err)
	}

	return netlink.RouteDel(&netlink.Route{
		Scope:     netlink.SCOPE_UNIVERSE,
		LinkIndex: gwRoutes[0].LinkIndex,
		Gw:        gwRoutes[0].Gw,
		Dst:       dest,
	})
}

func setInterfaceIP(iface netlink.Link, settings *Interface) error {
	ipAddr := &netlink.Addr{IPNet: settings.Address, Label: ""}
	return netlink.AddrAdd(iface, ipAddr)
}

func setInterfaceIPv6(iface netlink.Link, settings *Interface) error {
	if settings.AddressIPv6 == nil {
		return nil
	}
	ipAddr := &netlink.Addr{IPNet: settings.AddressIPv6, Label: ""}
	return netlink.AddrAdd(iface, ipAddr)
}

func setInterfaceName(iface netlink.Link, settings *Interface) error {
	return netlink.LinkSetName(iface, settings.DstName)
}

func setInterfaceRoutes(iface netlink.Link, settings *Interface) error {
	for _, route := range settings.Routes {
		err := netlink.RouteAdd(&netlink.Route{
			Scope:     netlink.SCOPE_UNIVERSE,
			LinkIndex: iface.Attrs().Index,
			Dst:       route,
		})
		if err != nil {
			return err
		}
	}
	return nil
}
Libnetwork refactor for container network model - Added controller, network, endpoint and sandbox interfaces - Created netutils package for miscallaneous network utilities - Created driverapi package to break cyclic dependency b/w driver and libnetwork - Made libnetwork multithread safe - Made bridge driver multithread safe - Fixed README.md Signed-off-by: Jana Radhakrishnan <mrjana@docker.com> 2015-04-13 14:40:42 -04:00			`package sandbox`

			`import (`
			`"fmt"`
			`"net"`
- Fixed an assortment of bugs in sandbox - Added more test coverage to sandbox Signed-off-by: Jana Radhakrishnan <mrjana@docker.com> 2015-04-23 20:37:19 -04:00			`"os"`
			`"runtime"`
Libnetwork refactor for container network model - Added controller, network, endpoint and sandbox interfaces - Created netutils package for miscallaneous network utilities - Created driverapi package to break cyclic dependency b/w driver and libnetwork - Made libnetwork multithread safe - Made bridge driver multithread safe - Fixed README.md Signed-off-by: Jana Radhakrishnan <mrjana@docker.com> 2015-04-13 14:40:42 -04:00
			`"github.com/vishvananda/netlink"`
- Fixed an assortment of bugs in sandbox - Added more test coverage to sandbox Signed-off-by: Jana Radhakrishnan <mrjana@docker.com> 2015-04-23 20:37:19 -04:00			`"github.com/vishvananda/netns"`
Libnetwork refactor for container network model - Added controller, network, endpoint and sandbox interfaces - Created netutils package for miscallaneous network utilities - Created driverapi package to break cyclic dependency b/w driver and libnetwork - Made libnetwork multithread safe - Made bridge driver multithread safe - Fixed README.md Signed-off-by: Jana Radhakrishnan <mrjana@docker.com> 2015-04-13 14:40:42 -04:00			`)`

Refactor driverapi, sandbox pkgs - Move SanboxInfo and Interface structures in sandbox package (changed it to Info as per golint) - Move UUID to new internal pkg types - Updated .gitignore to ignore IDE project files Signed-off-by: Alessandro Boch <aboch@docker.com> 2015-04-20 11:44:06 -04:00			`func configureInterface(iface netlink.Link, settings *Interface) error {`
Libnetwork refactor for container network model - Added controller, network, endpoint and sandbox interfaces - Created netutils package for miscallaneous network utilities - Created driverapi package to break cyclic dependency b/w driver and libnetwork - Made libnetwork multithread safe - Made bridge driver multithread safe - Fixed README.md Signed-off-by: Jana Radhakrishnan <mrjana@docker.com> 2015-04-13 14:40:42 -04:00			`ifaceName := iface.Attrs().Name`
			`ifaceConfigurators := []struct {`
Refactor driverapi, sandbox pkgs - Move SanboxInfo and Interface structures in sandbox package (changed it to Info as per golint) - Move UUID to new internal pkg types - Updated .gitignore to ignore IDE project files Signed-off-by: Alessandro Boch <aboch@docker.com> 2015-04-20 11:44:06 -04:00			`Fn func(netlink.Link, *Interface) error`
Libnetwork refactor for container network model - Added controller, network, endpoint and sandbox interfaces - Created netutils package for miscallaneous network utilities - Created driverapi package to break cyclic dependency b/w driver and libnetwork - Made libnetwork multithread safe - Made bridge driver multithread safe - Fixed README.md Signed-off-by: Jana Radhakrishnan <mrjana@docker.com> 2015-04-13 14:40:42 -04:00			`ErrMessage string`
			`}{`
			`{setInterfaceName, fmt.Sprintf("error renaming interface %q to %q", ifaceName, settings.DstName)},`
			`{setInterfaceIP, fmt.Sprintf("error setting interface %q IP to %q", ifaceName, settings.Address)},`
			`{setInterfaceIPv6, fmt.Sprintf("error setting interface %q IPv6 to %q", ifaceName, settings.AddressIPv6)},`
Allow drivers to supply static routes for interfaces Signed-off-by: Tom Denham <tom.denham@metaswitch.com> 2015-05-19 20:08:56 -04:00			`{setInterfaceRoutes, fmt.Sprintf("error setting interface %q routes to %q", ifaceName, settings.Routes)},`
Libnetwork refactor for container network model - Added controller, network, endpoint and sandbox interfaces - Created netutils package for miscallaneous network utilities - Created driverapi package to break cyclic dependency b/w driver and libnetwork - Made libnetwork multithread safe - Made bridge driver multithread safe - Fixed README.md Signed-off-by: Jana Radhakrishnan <mrjana@docker.com> 2015-04-13 14:40:42 -04:00			`}`

			`for _, config := range ifaceConfigurators {`
			`if err := config.Fn(iface, settings); err != nil {`
			`return fmt.Errorf("%s: %v", config.ErrMessage, err)`
			`}`
			`}`
			`return nil`
			`}`

Rename setGatewayIP() in sandbox pkg - setGatewayIP() => programGateway() becsause it is causing confusion with setGateway() and setGatewayIPv6() Signed-off-by: Alessandro Boch <aboch@docker.com> 2015-04-24 20:08:50 -04:00			`func programGateway(path string, gw net.IP) error {`
- Fixed an assortment of bugs in sandbox - Added more test coverage to sandbox Signed-off-by: Jana Radhakrishnan <mrjana@docker.com> 2015-04-23 20:37:19 -04:00			`runtime.LockOSThread()`
			`defer runtime.UnlockOSThread()`

			`origns, err := netns.Get()`
			`if err != nil {`
			`return err`
			`}`
			`defer origns.Close()`

			`f, err := os.OpenFile(path, os.O_RDONLY, 0)`
			`if err != nil {`
			`return fmt.Errorf("failed get network namespace %q: %v", path, err)`
			`}`
			`defer f.Close()`

			`nsFD := f.Fd()`
			`if err = netns.Set(netns.NsHandle(nsFD)); err != nil {`
			`return err`
			`}`
			`defer netns.Set(origns)`

- Added support for Join/Leave methods to Endpoint. - Removed sandbox key argument for CreateEndpoint. - Refactored bridge driver code to remove sandbox key. - Fixed bridge driver code for gaps in ipv6 behavior observed during docker integration. - Updated test code, readme code, README.md according api change. - Fixed some sandbox issues while testing docker ipv6 integration. Signed-off-by: Jana Radhakrishnan <mrjana@docker.com> 2015-04-28 01:57:36 -04:00			`gwRoutes, err := netlink.RouteGet(gw)`
			`if err != nil {`
			`return fmt.Errorf("route for the gateway could not be found: %v", err)`
			`}`

Libnetwork refactor for container network model - Added controller, network, endpoint and sandbox interfaces - Created netutils package for miscallaneous network utilities - Created driverapi package to break cyclic dependency b/w driver and libnetwork - Made libnetwork multithread safe - Made bridge driver multithread safe - Fixed README.md Signed-off-by: Jana Radhakrishnan <mrjana@docker.com> 2015-04-13 14:40:42 -04:00			`return netlink.RouteAdd(&netlink.Route{`
- Added support for Join/Leave methods to Endpoint. - Removed sandbox key argument for CreateEndpoint. - Refactored bridge driver code to remove sandbox key. - Fixed bridge driver code for gaps in ipv6 behavior observed during docker integration. - Updated test code, readme code, README.md according api change. - Fixed some sandbox issues while testing docker ipv6 integration. Signed-off-by: Jana Radhakrishnan <mrjana@docker.com> 2015-04-28 01:57:36 -04:00			`Scope: netlink.SCOPE_UNIVERSE,`
			`LinkIndex: gwRoutes[0].LinkIndex,`
			`Gw: gw,`
Libnetwork refactor for container network model - Added controller, network, endpoint and sandbox interfaces - Created netutils package for miscallaneous network utilities - Created driverapi package to break cyclic dependency b/w driver and libnetwork - Made libnetwork multithread safe - Made bridge driver multithread safe - Fixed README.md Signed-off-by: Jana Radhakrishnan <mrjana@docker.com> 2015-04-13 14:40:42 -04:00			`})`
			`}`

Allow drivers to supply static routes for interfaces Signed-off-by: Tom Denham <tom.denham@metaswitch.com> 2015-05-19 20:08:56 -04:00			`// Program a route in to the namespace routing table.`
			`func programRoute(path string, dest *net.IPNet, nh net.IP) error {`
			`runtime.LockOSThread()`
			`defer runtime.UnlockOSThread()`

			`origns, err := netns.Get()`
			`if err != nil {`
			`return err`
			`}`
			`defer origns.Close()`

			`f, err := os.OpenFile(path, os.O_RDONLY, 0)`
			`if err != nil {`
			`return fmt.Errorf("failed get network namespace %q: %v", path, err)`
			`}`
			`defer f.Close()`

			`nsFD := f.Fd()`
			`if err = netns.Set(netns.NsHandle(nsFD)); err != nil {`
			`return err`
			`}`
			`defer netns.Set(origns)`

			`gwRoutes, err := netlink.RouteGet(nh)`
			`if err != nil {`
			`return fmt.Errorf("route for the next hop could not be found: %v", err)`
			`}`

			`return netlink.RouteAdd(&netlink.Route{`
			`Scope: netlink.SCOPE_UNIVERSE,`
			`LinkIndex: gwRoutes[0].LinkIndex,`
			`Gw: gwRoutes[0].Gw,`
			`Dst: dest,`
			`})`
			`}`

			`// Delete a route from the namespace routing table.`
			`func removeRoute(path string, dest *net.IPNet, nh net.IP) error {`
			`runtime.LockOSThread()`
			`defer runtime.UnlockOSThread()`

			`origns, err := netns.Get()`
			`if err != nil {`
			`return err`
			`}`
			`defer origns.Close()`

			`f, err := os.OpenFile(path, os.O_RDONLY, 0)`
			`if err != nil {`
			`return fmt.Errorf("failed get network namespace %q: %v", path, err)`
			`}`
			`defer f.Close()`

			`nsFD := f.Fd()`
			`if err = netns.Set(netns.NsHandle(nsFD)); err != nil {`
			`return err`
			`}`
			`defer netns.Set(origns)`

			`gwRoutes, err := netlink.RouteGet(nh)`
			`if err != nil {`
			`return fmt.Errorf("route for the next hop could not be found: %v", err)`
			`}`

			`return netlink.RouteDel(&netlink.Route{`
			`Scope: netlink.SCOPE_UNIVERSE,`
			`LinkIndex: gwRoutes[0].LinkIndex,`
			`Gw: gwRoutes[0].Gw,`
			`Dst: dest,`
			`})`
			`}`

Refactor driverapi, sandbox pkgs - Move SanboxInfo and Interface structures in sandbox package (changed it to Info as per golint) - Move UUID to new internal pkg types - Updated .gitignore to ignore IDE project files Signed-off-by: Alessandro Boch <aboch@docker.com> 2015-04-20 11:44:06 -04:00			`func setInterfaceIP(iface netlink.Link, settings *Interface) error {`
Enhance Endpoint interface - Added new getter methods - Modified signature of Network.CreateEndpoint() Signed-off-by: Alessandro Boch <aboch@docker.com> 2015-04-17 18:42:23 -04:00			`ipAddr := &netlink.Addr{IPNet: settings.Address, Label: ""}`
Converted IP address and gateway values to be proper types rather than strings in the sandbox and driverapi protocol Signed-off-by: Jana Radhakrishnan <mrjana@docker.com> 2015-04-13 21:36:58 -04:00			`return netlink.AddrAdd(iface, ipAddr)`
Libnetwork refactor for container network model - Added controller, network, endpoint and sandbox interfaces - Created netutils package for miscallaneous network utilities - Created driverapi package to break cyclic dependency b/w driver and libnetwork - Made libnetwork multithread safe - Made bridge driver multithread safe - Fixed README.md Signed-off-by: Jana Radhakrishnan <mrjana@docker.com> 2015-04-13 14:40:42 -04:00			`}`

Refactor driverapi, sandbox pkgs - Move SanboxInfo and Interface structures in sandbox package (changed it to Info as per golint) - Move UUID to new internal pkg types - Updated .gitignore to ignore IDE project files Signed-off-by: Alessandro Boch <aboch@docker.com> 2015-04-20 11:44:06 -04:00			`func setInterfaceIPv6(iface netlink.Link, settings *Interface) error {`
- Fixed an assortment of bugs in sandbox - Added more test coverage to sandbox Signed-off-by: Jana Radhakrishnan <mrjana@docker.com> 2015-04-23 20:37:19 -04:00			`if settings.AddressIPv6 == nil {`
			`return nil`
			`}`
			`ipAddr := &netlink.Addr{IPNet: settings.AddressIPv6, Label: ""}`
Converted IP address and gateway values to be proper types rather than strings in the sandbox and driverapi protocol Signed-off-by: Jana Radhakrishnan <mrjana@docker.com> 2015-04-13 21:36:58 -04:00			`return netlink.AddrAdd(iface, ipAddr)`
Libnetwork refactor for container network model - Added controller, network, endpoint and sandbox interfaces - Created netutils package for miscallaneous network utilities - Created driverapi package to break cyclic dependency b/w driver and libnetwork - Made libnetwork multithread safe - Made bridge driver multithread safe - Fixed README.md Signed-off-by: Jana Radhakrishnan <mrjana@docker.com> 2015-04-13 14:40:42 -04:00			`}`

Refactor driverapi, sandbox pkgs - Move SanboxInfo and Interface structures in sandbox package (changed it to Info as per golint) - Move UUID to new internal pkg types - Updated .gitignore to ignore IDE project files Signed-off-by: Alessandro Boch <aboch@docker.com> 2015-04-20 11:44:06 -04:00			`func setInterfaceName(iface netlink.Link, settings *Interface) error {`
Libnetwork refactor for container network model - Added controller, network, endpoint and sandbox interfaces - Created netutils package for miscallaneous network utilities - Created driverapi package to break cyclic dependency b/w driver and libnetwork - Made libnetwork multithread safe - Made bridge driver multithread safe - Fixed README.md Signed-off-by: Jana Radhakrishnan <mrjana@docker.com> 2015-04-13 14:40:42 -04:00			`return netlink.LinkSetName(iface, settings.DstName)`
			`}`
Allow drivers to supply static routes for interfaces Signed-off-by: Tom Denham <tom.denham@metaswitch.com> 2015-05-19 20:08:56 -04:00
			`func setInterfaceRoutes(iface netlink.Link, settings *Interface) error {`
			`for _, route := range settings.Routes {`
			`err := netlink.RouteAdd(&netlink.Route{`
			`Scope: netlink.SCOPE_UNIVERSE,`
			`LinkIndex: iface.Attrs().Index,`
			`Dst: route,`
			`})`
			`if err != nil {`
			`return err`
			`}`
			`}`
			`return nil`
			`}`