InTheForest/moby
1
0
Fork 0
mirror of https://github.com/moby/moby.git synced 2026-01-11 18:51:37 +00:00
Code Issues Packages Projects Releases Wiki Activity

libnetwork/d/overlay: drop initEncryption function

Browse Source 
The (*driver).Join function does many things to set up overlay
networking. One of the first things it does is call
(*network).joinSandbox, which in turn calls (*driver).initSandboxPeerDB.
The initSandboxPeerDB function iterates through the peer db to add
entries to the VXLAN FDB, neighbor table and IPsec security association
database in the kernel for all known peers on the overlay network.

One of the last things the (*driver).Join function does is call
(*driver).initEncryption. The initEncryption function iterates through
the peer db to add entries to the IPsec security association database in
the kernel for all known peers on the overlay network. But the preceding
initSandboxPeerDB call already did that! The initEncryption function is
redundant and can safely be removed.

Signed-off-by: Cory Snider <csnider@mirantis.com>
This commit is contained in:
Cory Snider
2025-05-27 14:09:23 -04:00
parent 713f887698
commit df6b405796
2 changed files with 0 additions and 39 deletions
Download Patch File Download Diff File Expand all files Collapse all files

35
libnetwork/drivers/overlay/encryption.go
View File

@@ -113,41 +113,6 @@ func (e *encrMap) String() string {
return b.String()
}
// initEncryption sets up IPsec encryption parameters for all known peers on a network.
func (d *driver) initEncryption(nid string) error {
log.G(context.TODO()).Debugf("initEncryption(%.7s)", nid)
n := d.network(nid)
if n == nil || !n.secure {
return nil
}
if len(d.keys) == 0 {
return types.ForbiddenErrorf("encryption key is not present")
}
nodes := map[netip.Addr]struct{}{}
if err := d.peerDbNetworkWalk(nid, func(_ netip.Addr, _ net.HardwareAddr, pEntry *peerEntry) bool {
if !pEntry.isLocal() {
nodes[pEntry.vtep] = struct{}{}
}
return false
}); err != nil {
log.G(context.TODO()).Warnf("Failed to retrieve list of participating nodes in overlay network %.5s: %v", nid, err)
}
log.G(context.TODO()).Debugf("List of nodes: %s", nodes)
for rIP := range nodes {
if err := d.setupEncryption(rIP); err != nil {
log.G(context.TODO()).Warnf("Failed to program network encryption to remote peer %s: %v", rIP, err)
}
}
return nil
}
// setupEncryption programs the encryption parameters for secure communication
// between the local node and a remote node.
func (d *driver) setupEncryption(remoteIP netip.Addr) error {

4
libnetwork/drivers/overlay/joinleave.go
View File

@@ -121,10 +121,6 @@ func (d *driver) Join(ctx context.Context, nid, eid string, sboxKey string, jinf
d.peerAdd(nid, eid, ep.addr, ep.mac, netip.Addr{})
if err = d.initEncryption(nid); err != nil {
log.G(ctx).Warn(err)
}
buf, err := proto.Marshal(&PeerRecord{
EndpointIP: ep.addr.String(),
EndpointMAC: ep.mac.String(),