--- /dev/null
+// Copyright 2015 CNI authors
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package main
+
+import (
+ "encoding/json"
+ "errors"
+ "fmt"
+ "runtime"
+
+ "github.com/containernetworking/cni/pkg/ip"
+ "github.com/containernetworking/cni/pkg/ipam"
+ "github.com/containernetworking/cni/pkg/ns"
+ "github.com/containernetworking/cni/pkg/skel"
+ "github.com/containernetworking/cni/pkg/types"
+ "github.com/containernetworking/cni/pkg/utils/sysctl"
+ "github.com/containernetworking/cni/pkg/version"
+ "github.com/vishvananda/netlink"
+)
+
+const (
+ IPv4InterfaceArpProxySysctlTemplate = "net.ipv4.conf.%s.proxy_arp"
+)
+
+type NetConf struct {
+ types.NetConf
+ Master string `json:"master"`
+ Mode string `json:"mode"`
+ MTU int `json:"mtu"`
+}
+
+func init() {
+ // this ensures that main runs only on main thread (thread group leader).
+ // since namespace ops (unshare, setns) are done for a single thread, we
+ // must ensure that the goroutine does not jump from OS thread to thread
+ runtime.LockOSThread()
+}
+
+func loadConf(bytes []byte) (*NetConf, error) {
+ n := &NetConf{}
+ if err := json.Unmarshal(bytes, n); err != nil {
+ return nil, fmt.Errorf("failed to load netconf: %v", err)
+ }
+ if n.Master == "" {
+ return nil, fmt.Errorf(`"master" field is required. It specifies the host interface name to virtualize`)
+ }
+ return n, nil
+}
+
+func modeFromString(s string) (netlink.MacvlanMode, error) {
+ switch s {
+ case "", "bridge":
+ return netlink.MACVLAN_MODE_BRIDGE, nil
+ case "private":
+ return netlink.MACVLAN_MODE_PRIVATE, nil
+ case "vepa":
+ return netlink.MACVLAN_MODE_VEPA, nil
+ case "passthru":
+ return netlink.MACVLAN_MODE_PASSTHRU, nil
+ default:
+ return 0, fmt.Errorf("unknown macvlan mode: %q", s)
+ }
+}
+
+func createMacvlan(conf *NetConf, ifName string, netns ns.NetNS) error {
+ mode, err := modeFromString(conf.Mode)
+ if err != nil {
+ return err
+ }
+
+ m, err := netlink.LinkByName(conf.Master)
+ if err != nil {
+ return fmt.Errorf("failed to lookup master %q: %v", conf.Master, err)
+ }
+
+ // due to kernel bug we have to create with tmpName or it might
+ // collide with the name on the host and error out
+ tmpName, err := ip.RandomVethName()
+ if err != nil {
+ return err
+ }
+
+ mv := &netlink.Macvlan{
+ LinkAttrs: netlink.LinkAttrs{
+ MTU: conf.MTU,
+ Name: tmpName,
+ ParentIndex: m.Attrs().Index,
+ Namespace: netlink.NsFd(int(netns.Fd())),
+ },
+ Mode: mode,
+ }
+
+ if err := netlink.LinkAdd(mv); err != nil {
+ return fmt.Errorf("failed to create macvlan: %v", err)
+ }
+
+ return netns.Do(func(_ ns.NetNS) error {
+ // TODO: duplicate following lines for ipv6 support, when it will be added in other places
+ ipv4SysctlValueName := fmt.Sprintf(IPv4InterfaceArpProxySysctlTemplate, tmpName)
+ if _, err := sysctl.Sysctl(ipv4SysctlValueName, "1"); err != nil {
+ // remove the newly added link and ignore errors, because we already are in a failed state
+ _ = netlink.LinkDel(mv)
+ return fmt.Errorf("failed to set proxy_arp on newly added interface %q: %v", tmpName, err)
+ }
+
+ err := renameLink(tmpName, ifName)
+ if err != nil {
+ _ = netlink.LinkDel(mv)
+ return fmt.Errorf("failed to rename macvlan to %q: %v", ifName, err)
+ }
+ return nil
+ })
+}
+
+func cmdAdd(args *skel.CmdArgs) error {
+ n, err := loadConf(args.StdinData)
+ if err != nil {
+ return err
+ }
+
+ netns, err := ns.GetNS(args.Netns)
+ if err != nil {
+ return fmt.Errorf("failed to open netns %q: %v", netns, err)
+ }
+ defer netns.Close()
+
+ if err = createMacvlan(n, args.IfName, netns); err != nil {
+ return err
+ }
+
+ // run the IPAM plugin and get back the config to apply
+ result, err := ipam.ExecAdd(n.IPAM.Type, args.StdinData)
+ if err != nil {
+ return err
+ }
+ if result.IP4 == nil {
+ return errors.New("IPAM plugin returned missing IPv4 config")
+ }
+
+ err = netns.Do(func(_ ns.NetNS) error {
+ if err := ip.SetHWAddrByIP(args.IfName, result.IP4.IP.IP, nil /* TODO IPv6 */); err != nil {
+ return err
+ }
+
+ return ipam.ConfigureIface(args.IfName, result)
+ })
+ if err != nil {
+ return err
+ }
+
+ result.DNS = n.DNS
+ return result.Print()
+}
+
+func cmdDel(args *skel.CmdArgs) error {
+ n, err := loadConf(args.StdinData)
+ if err != nil {
+ return err
+ }
+
+ err = ipam.ExecDel(n.IPAM.Type, args.StdinData)
+ if err != nil {
+ return err
+ }
+
+ if args.Netns == "" {
+ return nil
+ }
+
+ return ns.WithNetNSPath(args.Netns, func(_ ns.NetNS) error {
+ return ip.DelLinkByName(args.IfName)
+ })
+}
+
+func renameLink(curName, newName string) error {
+ link, err := netlink.LinkByName(curName)
+ if err != nil {
+ return err
+ }
+
+ return netlink.LinkSetName(link, newName)
+}
+
+func main() {
+ skel.PluginMain(cmdAdd, cmdDel, version.Legacy)
+}
--- /dev/null
+// Copyright 2015 CNI authors
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package main
+
+import (
+ "fmt"
+
+ "github.com/containernetworking/cni/pkg/ns"
+ "github.com/containernetworking/cni/pkg/skel"
+ "github.com/containernetworking/cni/pkg/testutils"
+ "github.com/containernetworking/cni/pkg/types"
+ "github.com/containernetworking/cni/pkg/utils/hwaddr"
+
+ "github.com/vishvananda/netlink"
+
+ . "github.com/onsi/ginkgo"
+ . "github.com/onsi/gomega"
+)
+
+const MASTER_NAME = "eth0"
+
+var _ = Describe("macvlan Operations", func() {
+ var originalNS ns.NetNS
+
+ BeforeEach(func() {
+ // Create a new NetNS so we don't modify the host
+ var err error
+ originalNS, err = ns.NewNS()
+ Expect(err).NotTo(HaveOccurred())
+
+ err = originalNS.Do(func(ns.NetNS) error {
+ defer GinkgoRecover()
+
+ // Add master
+ err = netlink.LinkAdd(&netlink.Dummy{
+ LinkAttrs: netlink.LinkAttrs{
+ Name: MASTER_NAME,
+ },
+ })
+ Expect(err).NotTo(HaveOccurred())
+ _, err = netlink.LinkByName(MASTER_NAME)
+ Expect(err).NotTo(HaveOccurred())
+ return nil
+ })
+ Expect(err).NotTo(HaveOccurred())
+ })
+
+ AfterEach(func() {
+ Expect(originalNS.Close()).To(Succeed())
+ })
+
+ It("creates an macvlan link in a non-default namespace", func() {
+ conf := &NetConf{
+ NetConf: types.NetConf{
+ CNIVersion: "0.2.0",
+ Name: "testConfig",
+ Type: "macvlan",
+ },
+ Master: MASTER_NAME,
+ Mode: "bridge",
+ MTU: 1500,
+ }
+
+ targetNs, err := ns.NewNS()
+ Expect(err).NotTo(HaveOccurred())
+ defer targetNs.Close()
+
+ err = originalNS.Do(func(ns.NetNS) error {
+ defer GinkgoRecover()
+
+ err = createMacvlan(conf, "foobar0", targetNs)
+ Expect(err).NotTo(HaveOccurred())
+ return nil
+ })
+ Expect(err).NotTo(HaveOccurred())
+
+ // Make sure macvlan link exists in the target namespace
+ err = targetNs.Do(func(ns.NetNS) error {
+ defer GinkgoRecover()
+
+ link, err := netlink.LinkByName("foobar0")
+ Expect(err).NotTo(HaveOccurred())
+ Expect(link.Attrs().Name).To(Equal("foobar0"))
+ return nil
+ })
+ Expect(err).NotTo(HaveOccurred())
+ })
+
+ It("configures and deconfigures a macvlan link with ADD/DEL", func() {
+ const IFNAME = "macvl0"
+
+ conf := fmt.Sprintf(`{
+ "cniVersion": "0.2.0",
+ "name": "mynet",
+ "type": "macvlan",
+ "master": "%s",
+ "ipam": {
+ "type": "host-local",
+ "subnet": "10.1.2.0/24"
+ }
+}`, MASTER_NAME)
+
+ targetNs, err := ns.NewNS()
+ Expect(err).NotTo(HaveOccurred())
+ defer targetNs.Close()
+
+ args := &skel.CmdArgs{
+ ContainerID: "dummy",
+ Netns: targetNs.Path(),
+ IfName: IFNAME,
+ StdinData: []byte(conf),
+ }
+
+ // Make sure macvlan link exists in the target namespace
+ err = originalNS.Do(func(ns.NetNS) error {
+ defer GinkgoRecover()
+
+ _, err := testutils.CmdAddWithResult(targetNs.Path(), IFNAME, func() error {
+ return cmdAdd(args)
+ })
+ Expect(err).NotTo(HaveOccurred())
+ return nil
+ })
+ Expect(err).NotTo(HaveOccurred())
+
+ // Make sure macvlan link exists in the target namespace
+ err = targetNs.Do(func(ns.NetNS) error {
+ defer GinkgoRecover()
+
+ link, err := netlink.LinkByName(IFNAME)
+ Expect(err).NotTo(HaveOccurred())
+ Expect(link.Attrs().Name).To(Equal(IFNAME))
+
+ hwAddr := fmt.Sprintf("%s", link.Attrs().HardwareAddr)
+ Expect(hwAddr).To(HavePrefix(hwaddr.PrivateMACPrefixString))
+
+ return nil
+ })
+ Expect(err).NotTo(HaveOccurred())
+
+ err = originalNS.Do(func(ns.NetNS) error {
+ defer GinkgoRecover()
+
+ err := testutils.CmdDelWithResult(targetNs.Path(), IFNAME, func() error {
+ return cmdDel(args)
+ })
+ Expect(err).NotTo(HaveOccurred())
+ return nil
+ })
+ Expect(err).NotTo(HaveOccurred())
+
+ // Make sure macvlan link has been deleted
+ err = targetNs.Do(func(ns.NetNS) error {
+ defer GinkgoRecover()
+
+ link, err := netlink.LinkByName(IFNAME)
+ Expect(err).To(HaveOccurred())
+ Expect(link).To(BeNil())
+ return nil
+ })
+ Expect(err).NotTo(HaveOccurred())
+ })
+})
git://git.halfball.org / cni.git / commitdiff