libnetwork/d/overlay: drop initEncryption function

The (*driver).Join function does many things to set up overlay networking. One of the first things it does is call (*network).joinSandbox, which in turn calls (*driver).initSandboxPeerDB. The initSandboxPeerDB function iterates through the peer db to add entries to the VXLAN FDB, neighbor table and IPsec security association database in the kernel for all known peers on the overlay network. One of the last things the (*driver).Join function does is call (*driver).initEncryption. The initEncryption function iterates through the peer db to add entries to the IPsec security association database in the kernel for all known peers on the overlay network. But the preceding initSandboxPeerDB call already did that! The initEncryption function is redundant and can safely be removed. Signed-off-by: Cory Snider <csnider@mirantis.com> (cherry picked from commit df6b405796) Signed-off-by: Cory Snider <csnider@mirantis.com>
2026-01-11 18:51:37 +00:00 · 2025-05-27 14:09:23 -04:00
parent f69e64ab12
commit 89ea2469df
2 changed files with 0 additions and 39 deletions
--- a/libnetwork/drivers/overlay/encryption.go
+++ b/libnetwork/drivers/overlay/encryption.go
@@ -113,41 +113,6 @@ func (e *encrMap) String() string {
 	return b.String()
 }

-// initEncryption sets up IPsec encryption parameters for all known peers on a network.
-func (d *driver) initEncryption(nid string) error {
-	log.G(context.TODO()).Debugf("initEncryption(%.7s)", nid)
-
-	n := d.network(nid)
-	if n == nil || !n.secure {
-		return nil
-	}
-
-	if len(d.keys) == 0 {
-		return types.ForbiddenErrorf("encryption key is not present")
-	}
-
-	nodes := map[netip.Addr]struct{}{}
-
-	if err := d.peerDbNetworkWalk(nid, func(_ netip.Addr, _ net.HardwareAddr, pEntry *peerEntry) bool {
-		if !pEntry.isLocal() {
-			nodes[pEntry.vtep] = struct{}{}
-		}
-		return false
-	}); err != nil {
-		log.G(context.TODO()).Warnf("Failed to retrieve list of participating nodes in overlay network %.5s: %v", nid, err)
-	}
-
-	log.G(context.TODO()).Debugf("List of nodes: %s", nodes)
-
-	for rIP := range nodes {
-		if err := d.setupEncryption(rIP); err != nil {
-			log.G(context.TODO()).Warnf("Failed to program network encryption to remote peer %s: %v", rIP, err)
-		}
-	}
-
-	return nil
-}
-
 // setupEncryption programs the encryption parameters for secure communication
 // between the local node and a remote node.
 func (d *driver) setupEncryption(remoteIP netip.Addr) error {
--- a/libnetwork/drivers/overlay/joinleave.go
+++ b/libnetwork/drivers/overlay/joinleave.go
@@ -111,10 +111,6 @@ func (d *driver) Join(nid, eid string, sboxKey string, jinfo driverapi.JoinInfo,

 	d.peerAdd(nid, eid, ep.addr, ep.mac, netip.Addr{})

-	if err = d.initEncryption(nid); err != nil {
-		log.G(context.TODO()).Warn(err)
-	}
-
 	buf, err := proto.Marshal(&PeerRecord{
 		EndpointIP:       ep.addr.String(),
 		EndpointMAC:      ep.mac.String(),