From 41ca84c950a9e16c2a5a2c78b972d6fcc9361518 Mon Sep 17 00:00:00 2001 From: Alessandro Boch Date: Sat, 11 Jun 2016 16:34:54 -0700 Subject: [PATCH] Populate nlHandle and use it on netns restore - also in overlay/encryprion.go Signed-off-by: Alessandro Boch --- libnetwork/drivers/overlay/encryption.go | 19 +++---- libnetwork/osl/namespace_linux.go | 67 +++++++++++------------- libnetwork/sandbox_dns_unix.go | 1 - 3 files changed, 42 insertions(+), 45 deletions(-) diff --git a/libnetwork/drivers/overlay/encryption.go b/libnetwork/drivers/overlay/encryption.go index fc82ac3700..0f9a5e4767 100644 --- a/libnetwork/drivers/overlay/encryption.go +++ b/libnetwork/drivers/overlay/encryption.go @@ -10,6 +10,7 @@ import ( log "github.com/Sirupsen/logrus" "github.com/docker/libnetwork/iptables" + "github.com/docker/libnetwork/ns" "github.com/docker/libnetwork/types" "github.com/vishvananda/netlink" "strconv" @@ -214,12 +215,12 @@ func programSA(localIP, remoteIP net.IP, spi *spi, k *key, dir int, add bool) (f var ( crypt *netlink.XfrmStateAlgo action = "Removing" - xfrmProgram = netlink.XfrmStateDel + xfrmProgram = ns.NlHandle().XfrmStateDel ) if add { action = "Adding" - xfrmProgram = netlink.XfrmStateAdd + xfrmProgram = ns.NlHandle().XfrmStateAdd crypt = &netlink.XfrmStateAlgo{Name: "cbc(aes)", Key: k.value} } @@ -278,10 +279,10 @@ func programSA(localIP, remoteIP net.IP, spi *spi, k *key, dir int, add bool) (f func programSP(fSA *netlink.XfrmState, rSA *netlink.XfrmState, add bool) error { action := "Removing" - xfrmProgram := netlink.XfrmPolicyDel + xfrmProgram := ns.NlHandle().XfrmPolicyDel if add { action = "Adding" - xfrmProgram = netlink.XfrmPolicyAdd + xfrmProgram = ns.NlHandle().XfrmPolicyAdd } fullMask := net.CIDRMask(8*len(fSA.Src), 8*len(fSA.Src)) @@ -322,7 +323,7 @@ func programSP(fSA *netlink.XfrmState, rSA *netlink.XfrmState, add bool) error { } func saExists(sa *netlink.XfrmState) (bool, error) { - _, err := netlink.XfrmStateGet(sa) + _, err := ns.NlHandle().XfrmStateGet(sa) switch err { case nil: return true, nil @@ -336,7 +337,7 @@ func saExists(sa *netlink.XfrmState) (bool, error) { } func spExists(sp *netlink.XfrmPolicy) (bool, error) { - _, err := netlink.XfrmPolicyGet(sp) + _, err := ns.NlHandle().XfrmPolicyGet(sp) switch err { case nil: return true, nil @@ -482,7 +483,7 @@ func updateNodeKey(lIP, rIP net.IP, idxs []*spi, curKeys []*key, newIdx, priIdx, Limits: netlink.XfrmStateLimits{TimeSoft: timeout}, } log.Infof("Updating rSA0{%s}", rSA0) - if err := netlink.XfrmStateUpdate(rSA0); err != nil { + if err := ns.NlHandle().XfrmStateUpdate(rSA0); err != nil { log.Warnf("Failed to update rSA0{%s}: %v", rSA0, err) } } @@ -518,7 +519,7 @@ func updateNodeKey(lIP, rIP net.IP, idxs []*spi, curKeys []*key, newIdx, priIdx, }, } log.Infof("Updating fSP{%s}", fSP1) - if err := netlink.XfrmPolicyUpdate(fSP1); err != nil { + if err := ns.NlHandle().XfrmPolicyUpdate(fSP1); err != nil { log.Warnf("Failed to update fSP{%s}: %v", fSP1, err) } @@ -533,7 +534,7 @@ func updateNodeKey(lIP, rIP net.IP, idxs []*spi, curKeys []*key, newIdx, priIdx, Limits: netlink.XfrmStateLimits{TimeHard: timeout}, } log.Infof("Removing fSA0{%s}", fSA0) - if err := netlink.XfrmStateUpdate(fSA0); err != nil { + if err := ns.NlHandle().XfrmStateUpdate(fSA0); err != nil { log.Warnf("Failed to remove fSA0{%s}: %v", fSA0, err) } } diff --git a/libnetwork/osl/namespace_linux.go b/libnetwork/osl/namespace_linux.go index 3d38d131da..659fd7a0fd 100644 --- a/libnetwork/osl/namespace_linux.go +++ b/libnetwork/osl/namespace_linux.go @@ -408,49 +408,45 @@ func (n *networkNamespace) Restore(ifsopt map[string][]IfaceOption, routes []*ty if n.isDefault { i.dstName = i.srcName } else { + links, err := n.nlHandle.LinkList() + if err != nil { + return fmt.Errorf("failed to retrieve list of links in network namespace %q during restore", n.path) + } // due to the docker network connect/disconnect, so the dstName should // restore from the namespace - err := nsInvoke(n.path, func(nsFD int) error { return nil }, func(callerFD int) error { - ifaces, err := net.Interfaces() + for _, link := range links { + addrs, err := n.nlHandle.AddrList(link, netlink.FAMILY_V4) if err != nil { return err } - for _, iface := range ifaces { - addrs, err := iface.Addrs() - if err != nil { - return err - } - if strings.HasPrefix(iface.Name, "vxlan") { - if i.dstName == "vxlan" { - i.dstName = iface.Name - break - } - } - // find the interface name by ip - if i.address != nil { - for _, addr := range addrs { - if addr.String() == i.address.String() { - i.dstName = iface.Name - break - } - continue - } - if i.dstName == iface.Name { - break - } - } - // This is to find the interface name of the pair in overlay sandbox - if strings.HasPrefix(iface.Name, "veth") { - if i.master != "" && i.dstName == "veth" { - i.dstName = iface.Name - } + ifaceName := link.Attrs().Name + if strings.HasPrefix(ifaceName, "vxlan") { + if i.dstName == "vxlan" { + i.dstName = ifaceName + break + } + } + // find the interface name by ip + if i.address != nil { + for _, addr := range addrs { + if addr.IPNet.String() == i.address.String() { + i.dstName = ifaceName + break + } + continue + } + if i.dstName == ifaceName { + break + } + } + // This is to find the interface name of the pair in overlay sandbox + if strings.HasPrefix(ifaceName, "veth") { + if i.master != "" && i.dstName == "veth" { + i.dstName = ifaceName } } - return nil - }) - if err != nil { - return err } + var index int indexStr := strings.TrimPrefix(i.dstName, dstPrefix) if indexStr != "" { @@ -488,5 +484,6 @@ func (n *networkNamespace) Restore(ifsopt map[string][]IfaceOption, routes []*ty n.gwv6 = gw6 n.Unlock() } + return nil } diff --git a/libnetwork/sandbox_dns_unix.go b/libnetwork/sandbox_dns_unix.go index 2b22e0a2e5..3f531beb99 100644 --- a/libnetwork/sandbox_dns_unix.go +++ b/libnetwork/sandbox_dns_unix.go @@ -147,7 +147,6 @@ func (sb *sandbox) restorePath() { if sb.config.hostsPath == "" { sb.config.hostsPath = defaultPrefix + "/" + sb.id + "/hosts" } - } func (sb *sandbox) setupDNS() error {