pkg/meta/bandwidth: increase IfbDeviceName size
* Increase entroy from 2 bytes to 7 bytes to prevent collisions * Extract common library function for hash with prefix * Refactor portmap plugin to use library function fixes #347 Co-authored-by: Cameron Moreau <cmoreau@pivotal.io> Co-authored-by: Mikael Manukyan <mmanukyan@pivotal.io>
This commit is contained in:
Gabe Rosenhouse
@ -105,7 +105,7 @@ var _ = Describe("bandwidth test", func() {
|
||||
hostIP = net.IP{169, 254, 0, 1}
|
||||
containerIP = net.IP{10, 254, 0, 1}
|
||||
hostIfaceMTU = 1024
|
||||
ifbDeviceName = "5b6c"
|
||||
ifbDeviceName = "bwpa8eda89404b7"
|
||||
|
||||
createVeth(hostNs.Path(), hostIfname, containerNs.Path(), containerIfname, hostIP, containerIP, hostIfaceMTU)
|
||||
})
|
||||
|
||||
@ -15,7 +15,6 @@
|
||||
package main
|
||||
|
||||
import (
|
||||
"crypto/sha1"
|
||||
"encoding/json"
|
||||
"fmt"
|
||||
|
||||
@ -28,9 +27,13 @@ import (
|
||||
|
||||
"github.com/containernetworking/plugins/pkg/ip"
|
||||
"github.com/containernetworking/plugins/pkg/ns"
|
||||
"github.com/containernetworking/plugins/pkg/utils"
|
||||
bv "github.com/containernetworking/plugins/pkg/utils/buildversion"
|
||||
)
|
||||
|
||||
const maxIfbDeviceLength = 15
|
||||
const ifbDevicePrefix = "bwp"
|
||||
|
||||
// BandwidthEntry corresponds to a single entry in the bandwidth argument,
|
||||
// see CONVENTIONS.md
|
||||
type BandwidthEntry struct {
|
||||
@ -111,14 +114,8 @@ func validateRateAndBurst(rate int, burst int) error {
|
||||
return nil
|
||||
}
|
||||
|
||||
func getIfbDeviceName(networkName string, containerId string) (string, error) {
|
||||
hash := sha1.New()
|
||||
_, err := hash.Write([]byte(networkName + containerId))
|
||||
if err != nil {
|
||||
return "", err
|
||||
}
|
||||
|
||||
return fmt.Sprintf("%x", hash.Sum(nil))[:4], nil
|
||||
func getIfbDeviceName(networkName string, containerId string) string {
|
||||
return utils.MustFormatHashWithPrefix(maxIfbDeviceLength, ifbDevicePrefix, networkName+containerId)
|
||||
}
|
||||
|
||||
func getMTU(deviceName string) (int, error) {
|
||||
@ -205,10 +202,7 @@ func cmdAdd(args *skel.CmdArgs) error {
|
||||
return err
|
||||
}
|
||||
|
||||
ifbDeviceName, err := getIfbDeviceName(conf.Name, args.ContainerID)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
ifbDeviceName := getIfbDeviceName(conf.Name, args.ContainerID)
|
||||
|
||||
err = CreateIfb(ifbDeviceName, mtu)
|
||||
if err != nil {
|
||||
@ -239,10 +233,7 @@ func cmdDel(args *skel.CmdArgs) error {
|
||||
return err
|
||||
}
|
||||
|
||||
ifbDeviceName, err := getIfbDeviceName(conf.Name, args.ContainerID)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
ifbDeviceName := getIfbDeviceName(conf.Name, args.ContainerID)
|
||||
|
||||
if err := TeardownIfb(ifbDeviceName); err != nil {
|
||||
return err
|
||||
@ -343,10 +334,7 @@ func cmdCheck(args *skel.CmdArgs) error {
|
||||
latency := latencyInUsec(latencyInMillis)
|
||||
limitInBytes := limit(uint64(rateInBytes), latency, uint32(burstInBytes))
|
||||
|
||||
ifbDeviceName, err := getIfbDeviceName(bwConf.Name, args.ContainerID)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
ifbDeviceName := getIfbDeviceName(bwConf.Name, args.ContainerID)
|
||||
|
||||
ifbDevice, err := netlink.LinkByName(ifbDeviceName)
|
||||
if err != nil {
|
||||
|
||||
@ -20,6 +20,7 @@ import (
|
||||
"sort"
|
||||
"strconv"
|
||||
|
||||
"github.com/containernetworking/plugins/pkg/utils"
|
||||
"github.com/containernetworking/plugins/pkg/utils/sysctl"
|
||||
"github.com/coreos/go-iptables/iptables"
|
||||
)
|
||||
@ -172,7 +173,7 @@ func genToplevelDnatChain() chain {
|
||||
func genDnatChain(netName, containerID string) chain {
|
||||
return chain{
|
||||
table: "nat",
|
||||
name: formatChainName("DN-", netName, containerID),
|
||||
name: utils.MustFormatChainNameWithPrefix(netName, containerID, "DN-"),
|
||||
entryChains: []string{TopLevelDNATChainName},
|
||||
}
|
||||
}
|
||||
@ -323,11 +324,9 @@ func enableLocalnetRouting(ifName string) error {
|
||||
// genOldSnatChain is no longer used, but used to be created. We'll try and
|
||||
// tear it down in case the plugin version changed between ADD and DEL
|
||||
func genOldSnatChain(netName, containerID string) chain {
|
||||
name := formatChainName("SN-", netName, containerID)
|
||||
|
||||
return chain{
|
||||
table: "nat",
|
||||
name: name,
|
||||
name: utils.MustFormatChainNameWithPrefix(netName, containerID, "SN-"),
|
||||
entryChains: []string{OldTopLevelSNATChainName},
|
||||
}
|
||||
}
|
||||
|
||||
@ -15,7 +15,6 @@
|
||||
package main
|
||||
|
||||
import (
|
||||
"crypto/sha512"
|
||||
"fmt"
|
||||
"net"
|
||||
"strconv"
|
||||
@ -24,8 +23,6 @@ import (
|
||||
"github.com/vishvananda/netlink"
|
||||
)
|
||||
|
||||
const maxChainNameLength = 28
|
||||
|
||||
// fmtIpPort correctly formats ip:port literals for iptables and ip6tables -
|
||||
// need to wrap v6 literals in a []
|
||||
func fmtIpPort(ip net.IP, port int) string {
|
||||
@ -62,12 +59,6 @@ func getRoutableHostIF(containerIP net.IP) string {
|
||||
return ""
|
||||
}
|
||||
|
||||
func formatChainName(prefix, name, id string) string {
|
||||
chainBytes := sha512.Sum512([]byte(name + id))
|
||||
chain := fmt.Sprintf("CNI-%s%x", prefix, chainBytes)
|
||||
return chain[:maxChainNameLength]
|
||||
}
|
||||
|
||||
// groupByProto groups port numbers by protocol
|
||||
func groupByProto(entries []PortMapEntry) map[string][]int {
|
||||
if len(entries) == 0 {
|
||||
|
||||
Reference in New Issue
Block a user