diff --git a/pkg/ipam/ipam.go b/pkg/ipam/ipam.go index 4463035d..aeb25816 100644 --- a/pkg/ipam/ipam.go +++ b/pkg/ipam/ipam.go @@ -16,8 +16,10 @@ package ipam import ( "context" + "fmt" "github.com/containernetworking/cni/pkg/invoke" "github.com/containernetworking/cni/pkg/types" + "os" ) func ExecAdd(plugin string, netconf []byte) (types.Result, error) { @@ -29,5 +31,13 @@ func ExecCheck(plugin string, netconf []byte) error { } func ExecDel(plugin string, netconf []byte) error { + cmd := os.Getenv("CNI_COMMAND") + if cmd == "" { + return fmt.Errorf("environment variable CNI_COMMAND must be specified.") + } + // Set CNI_COMMAND to DEL explicity. We might be deleting due to an ADD gone wrong. + // restore CNI_COMMAND to original value upon return. + os.Setenv("CNI_COMMAND", "DEL") + defer os.Setenv("CNI_COMMAND", cmd) return invoke.DelegateDel(context.TODO(), plugin, netconf, nil) } diff --git a/plugins/main/bridge/bridge.go b/plugins/main/bridge/bridge.go index ae5c3769..675ffdd2 100644 --- a/plugins/main/bridge/bridge.go +++ b/plugins/main/bridge/bridge.go @@ -20,7 +20,6 @@ import ( "fmt" "io/ioutil" "net" - "os" "runtime" "syscall" @@ -415,9 +414,7 @@ func cmdAdd(args *skel.CmdArgs) error { // release IP in case of failure defer func() { if !success { - os.Setenv("CNI_COMMAND", "DEL") ipam.ExecDel(n.IPAM.Type, args.StdinData) - os.Setenv("CNI_COMMAND", "ADD") } }() diff --git a/plugins/main/host-device/host-device.go b/plugins/main/host-device/host-device.go index aa88786e..f82e2967 100644 --- a/plugins/main/host-device/host-device.go +++ b/plugins/main/host-device/host-device.go @@ -21,7 +21,6 @@ import ( "fmt" "io/ioutil" "net" - "os" "path/filepath" "runtime" "strings" @@ -97,9 +96,7 @@ func cmdAdd(args *skel.CmdArgs) error { // Invoke ipam del if err to avoid ip leak defer func() { if err != nil { - os.Setenv("CNI_COMMAND", "DEL") ipam.ExecDel(cfg.IPAM.Type, args.StdinData) - os.Setenv("CNI_COMMAND", "ADD") } }() diff --git a/plugins/main/ipvlan/ipvlan.go b/plugins/main/ipvlan/ipvlan.go index 162edca0..ba24b54e 100644 --- a/plugins/main/ipvlan/ipvlan.go +++ b/plugins/main/ipvlan/ipvlan.go @@ -203,6 +203,14 @@ func cmdAdd(args *skel.CmdArgs) error { if err != nil { return err } + + // Invoke ipam del if err to avoid ip leak + defer func() { + if err != nil { + ipam.ExecDel(n.IPAM.Type, args.StdinData) + } + }() + // Convert whatever the IPAM result was into the current Result type result, err = current.NewResultFromResult(r) if err != nil { diff --git a/plugins/main/macvlan/macvlan.go b/plugins/main/macvlan/macvlan.go index 5aea4baa..7ffba21d 100644 --- a/plugins/main/macvlan/macvlan.go +++ b/plugins/main/macvlan/macvlan.go @@ -19,7 +19,6 @@ import ( "errors" "fmt" "net" - "os" "runtime" "github.com/j-keck/arping" @@ -227,9 +226,7 @@ func cmdAdd(args *skel.CmdArgs) error { // Invoke ipam del if err to avoid ip leak defer func() { if err != nil { - os.Setenv("CNI_COMMAND", "DEL") ipam.ExecDel(n.IPAM.Type, args.StdinData) - os.Setenv("CNI_COMMAND", "ADD") } }() diff --git a/plugins/main/ptp/ptp.go b/plugins/main/ptp/ptp.go index 1f6def22..a748d7f6 100644 --- a/plugins/main/ptp/ptp.go +++ b/plugins/main/ptp/ptp.go @@ -200,6 +200,14 @@ func cmdAdd(args *skel.CmdArgs) error { if err != nil { return err } + + // Invoke ipam del if err to avoid ip leak + defer func() { + if err != nil { + ipam.ExecDel(conf.IPAM.Type, args.StdinData) + } + }() + // Convert whatever the IPAM result was into the current Result type result, err := current.NewResultFromResult(r) if err != nil { diff --git a/plugins/main/vlan/vlan.go b/plugins/main/vlan/vlan.go index 6e69221b..a7cd7c75 100644 --- a/plugins/main/vlan/vlan.go +++ b/plugins/main/vlan/vlan.go @@ -140,6 +140,14 @@ func cmdAdd(args *skel.CmdArgs) error { if err != nil { return err } + + // Invoke ipam del if err to avoid ip leak + defer func() { + if err != nil { + ipam.ExecDel(n.IPAM.Type, args.StdinData) + } + }() + // Convert whatever the IPAM result was into the current Result type result, err := current.NewResultFromResult(r) if err != nil {