InTheForest/moby
1
0
Fork 0
mirror of https://github.com/moby/moby.git synced 2026-01-11 18:51:37 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
master
moby/daemon/libnetwork/drivers/overlay/joinleave.go
Cory Snider 46ab36ae46 daemon/internal: move netiputil from libnetwork 
These utilities are going to be needed elsewhere in the daemon to handle
netip values from API requests.

Signed-off-by: Cory Snider <csnider@mirantis.com>
2025-10-03 21:39:13 +02:00

259 lines
6.9 KiB
Go
Raw Permalink Blame History

//go:build linux
package overlay
import (
"context"
"errors"
"fmt"
"net/netip"
"syscall"
"github.com/containerd/log"
"github.com/gogo/protobuf/proto"
"github.com/moby/moby/v2/daemon/internal/netiputil"
"github.com/moby/moby/v2/daemon/libnetwork/driverapi"
"github.com/moby/moby/v2/daemon/libnetwork/netlabel"
"github.com/moby/moby/v2/daemon/libnetwork/ns"
"github.com/moby/moby/v2/daemon/libnetwork/osl"
"github.com/moby/moby/v2/daemon/libnetwork/types"
"go.opentelemetry.io/otel"
"go.opentelemetry.io/otel/attribute"
"go.opentelemetry.io/otel/trace"
)
// Join method is invoked when a Sandbox is attached to an endpoint.
func (d *driver) Join(ctx context.Context, nid, eid string, sboxKey string, jinfo driverapi.JoinInfo, epOpts, _ map[string]any) error {
ctx, span := otel.Tracer("").Start(ctx, "libnetwork.drivers.overlay.Join", trace.WithAttributes(
attribute.String("nid", nid),
attribute.String("eid", eid),
attribute.String("sboxKey", sboxKey)))
defer span.End()
if err := validateID(nid, eid); err != nil {
return err
}
n, unlock, err := d.lockNetwork(nid)
if err != nil {
return err
}
defer unlock()
ep := n.endpoints[eid]
if ep == nil {
return fmt.Errorf("could not find endpoint with id %s", eid)
}
if n.secure {
d.encrMu.Lock()
nkeys := len(d.keys)
d.encrMu.Unlock()
if nkeys == 0 {
return errors.New("cannot join secure network: encryption keys not present")
}
}
nlh := ns.NlHandle()
if n.secure && !nlh.SupportsNetlinkFamily(syscall.NETLINK_XFRM) {
return errors.New("cannot join secure network: required modules to install IPSEC rules are missing on host")
}
s := n.getSubnetforIP(ep.addr)
if s == nil {
return fmt.Errorf("could not find subnet for endpoint %s", eid)
}
if err := n.joinSandbox(s, true); err != nil {
return fmt.Errorf("network sandbox join failed: %v", err)
}
overlayIfName, containerIfName, err := createVethPair()
if err != nil {
return err
}
ep.ifName = containerIfName
// Set the container interface and its peer MTU to 1450 to allow
// for 50 bytes vxlan encap (inner eth header(14) + outer IP(20) +
// outer UDP(8) + vxlan header(8))
mtu := n.maxMTU()
veth, err := nlh.LinkByName(overlayIfName)
if err != nil {
return fmt.Errorf("could not find link by name %s: %v", overlayIfName, err)
}
err = nlh.LinkSetMTU(veth, mtu)
if err != nil {
return err
}
if err = n.sbox.AddInterface(ctx, overlayIfName, "veth", "", osl.WithMaster(s.brName)); err != nil {
return fmt.Errorf("could not add veth pair inside the network sandbox: %v", err)
}
veth, err = nlh.LinkByName(containerIfName)
if err != nil {
return fmt.Errorf("could not find link by name %s: %v", containerIfName, err)
}
err = nlh.LinkSetMTU(veth, mtu)
if err != nil {
return err
}
if err = nlh.LinkSetHardwareAddr(veth, ep.mac.AsSlice()); err != nil {
return fmt.Errorf("could not set mac address (%v) to the container interface: %v", ep.mac, err)
}
for _, sub := range n.subnets {
if sub == s {
continue
}
if err = jinfo.AddStaticRoute(netiputil.ToIPNet(sub.subnetIP), types.NEXTHOP, s.gwIP.Addr().AsSlice()); err != nil {
log.G(ctx).Errorf("Adding subnet %s static route in network %q failed\n", s.subnetIP, n.id)
}
}
if iNames := jinfo.InterfaceName(); iNames != nil {
err = iNames.SetNames(containerIfName, "eth", netlabel.GetIfname(epOpts))
if err != nil {
return err
}
}
if err := n.peerAdd(eid, ep.addr, ep.mac, netip.Addr{}); err != nil {
return fmt.Errorf("overlay: failed to add local endpoint to network peer db: %w", err)
}
buf, err := proto.Marshal(&PeerRecord{
EndpointIP: ep.addr.String(),
EndpointMAC: ep.mac.String(),
TunnelEndpointIP: d.advertiseAddress.String(),
})
if err != nil {
return err
}
if err := jinfo.AddTableEntry(OverlayPeerTable, eid, buf); err != nil {
log.G(ctx).Errorf("overlay: Failed adding table entry to joininfo: %v", err)
}
return nil
}
func (d *driver) DecodeTableEntry(tablename string, key string, value []byte) (string, map[string]string) {
if tablename != OverlayPeerTable {
log.G(context.TODO()).Errorf("DecodeTableEntry: unexpected table name %s", tablename)
return "", nil
}
var peer PeerRecord
if err := proto.Unmarshal(value, &peer); err != nil {
log.G(context.TODO()).Errorf("DecodeTableEntry: failed to unmarshal peer record for key %s: %v", key, err)
return "", nil
}
return key, map[string]string{
"Host IP": peer.TunnelEndpointIP,
}
}
func (d *driver) EventNotify(nid, tableName, key string, prev, value []byte) {
if tableName != OverlayPeerTable {
log.G(context.TODO()).Errorf("Unexpected table notification for table %s received", tableName)
return
}
eid := key
var prevPeer, newPeer *Peer
if prev != nil {
var err error
prevPeer, err = UnmarshalPeerRecord(prev)
if err != nil {
log.G(context.TODO()).WithError(err).Error("Failed to unmarshal previous peer record")
} else if prevPeer.TunnelEndpointIP == d.advertiseAddress {
// Ignore local peers. We don't add them to the VXLAN
// FDB so don't need to remove them.
prevPeer = nil
}
}
if value != nil {
var err error
newPeer, err = UnmarshalPeerRecord(value)
if err != nil {
log.G(context.TODO()).WithError(err).Error("Failed to unmarshal peer record")
} else if newPeer.TunnelEndpointIP == d.advertiseAddress {
newPeer = nil
}
}
if prevPeer == nil && newPeer == nil {
// Nothing to do! Either the event was for a local peer,
// or unmarshaling failed.
return
}
if prevPeer != nil && newPeer != nil && *prevPeer == *newPeer {
// The update did not materially change the FDB entry.
return
}
n, unlock, err := d.lockNetwork(nid)
if err != nil {
log.G(context.TODO()).WithFields(log.Fields{
"error": err,
"nid": nid,
}).Error("overlay: handling peer event")
return
}
defer unlock()
if prevPeer != nil {
if err := n.peerDelete(eid, prevPeer.EndpointIP, prevPeer.EndpointMAC, prevPeer.TunnelEndpointIP); err != nil {
log.G(context.TODO()).WithFields(log.Fields{
"error": err,
"nid": n.id,
"peer": prevPeer,
}).Warn("overlay: failed to delete peer entry")
}
}
if newPeer != nil {
if err := n.peerAdd(eid, newPeer.EndpointIP, newPeer.EndpointMAC, newPeer.TunnelEndpointIP); err != nil {
log.G(context.TODO()).WithFields(log.Fields{
"error": err,
"nid": n.id,
"peer": newPeer,
}).Warn("overlay: failed to add peer entry")
}
}
}
// Leave method is invoked when a Sandbox detaches from an endpoint.
func (d *driver) Leave(nid, eid string) error {
if err := validateID(nid, eid); err != nil {
return err
}
n, unlock, err := d.lockNetwork(nid)
if err != nil {
return err
}
defer unlock()
ep := n.endpoints[eid]
if ep == nil {
return types.InternalMaskableErrorf("could not find endpoint with id %s", eid)
}
if err := n.peerDelete(eid, ep.addr, ep.mac, netip.Addr{}); err != nil {
return fmt.Errorf("overlay: failed to delete local endpoint eid:%s from network peer db: %w", eid, err)
}
n.leaveSandbox()
return nil
}
Reference in New Issue View Git Blame Copy Permalink