ITQC/containernetworking-plugins
24
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 34 Wiki Activity

tuning: fix cmdCheck when using IFNAME

Browse Source 
Fixes: c16cff9805427c5db34b43de3155769b362f596e
Signed-off-by: Etienne Champetier <e.champetier@ateme.com>
This commit is contained in:
Etienne Champetier 2023-04-20 11:14:51 -04:00
parent 9f1f9a588b
commit 5b7a263e8f
1 changed files with 28 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

43
plugins/meta/tuning/tuning.go
View File

@ -334,22 +334,13 @@ func cmdAdd(args *skel.CmdArgs) error {
err = ns.WithNetNSPath(args.Netns, func(_ ns.NetNS) error { err = ns.WithNetNSPath(args.Netns, func(_ ns.NetNS) error {
for key, value := range tuningConf.SysCtl { for key, value := range tuningConf.SysCtl {
key = strings.ReplaceAll(key, ".", string(os.PathSeparator)) fileName, err := getSysctlFilename(key, args.IfName)
if err != nil {
// If the key contains `IFNAME` - substitute it with args.IfName return err
// to allow setting sysctls on a particular interface, on which
// other operations (like mac/mtu setting) are performed
key = strings.Replace(key, "IFNAME", args.IfName, 1)
fileName := filepath.Join("/proc/sys", key)
// Refuse to modify sysctl parameters that don't belong
// to the network subsystem.
if !strings.HasPrefix(fileName, "/proc/sys/net/") {
return fmt.Errorf("invalid net sysctl key: %q", key)
} }
content := []byte(value) content := []byte(value)
err := os.WriteFile(fileName, content, 0o644) err = os.WriteFile(fileName, content, 0o644)
if err != nil { if err != nil {
return err return err
} }
@ -439,7 +430,10 @@ func cmdCheck(args *skel.CmdArgs) error {
err = ns.WithNetNSPath(args.Netns, func(_ ns.NetNS) error { err = ns.WithNetNSPath(args.Netns, func(_ ns.NetNS) error {
// Check each configured value vs what's currently in the container // Check each configured value vs what's currently in the container
for key, confValue := range tuningConf.SysCtl { for key, confValue := range tuningConf.SysCtl {
fileName := filepath.Join("/proc/sys", strings.ReplaceAll(key, ".", "/")) fileName, err := getSysctlFilename(key, args.IfName)
if err != nil {
return err
}
contents, err := os.ReadFile(fileName) contents, err := os.ReadFile(fileName)
if err != nil { if err != nil {
@ -583,3 +577,22 @@ func validateArgs(args *skel.CmdArgs) error {
} }
return nil return nil
} }
func getSysctlFilename(key, ifName string) (string, error) {
key = strings.ReplaceAll(key, ".", string(os.PathSeparator))
// If the key contains `IFNAME` - substitute it with args.IfName
// to allow setting sysctls on a particular interface, on which
// other operations (like mac/mtu setting) are performed
key = strings.Replace(key, "IFNAME", ifName, 1)
fileName := filepath.Join("/proc/sys", key)
// Refuse to modify sysctl parameters that don't belong
// to the network subsystem.
if !strings.HasPrefix(fileName, "/proc/sys/net/") {
return "", fmt.Errorf("invalid net sysctl key: %q", key)
}
return fileName, nil
}