From 72bec928515c36150b3177406ba742435626503a Mon Sep 17 00:00:00 2001 From: Piotr Skamruk Date: Mon, 7 Mar 2016 16:40:27 +0100 Subject: [PATCH 1/3] pkg/utils: add functions to work with sysctl --- pkg/utils/sysctl/sysctl_linux.go | 58 ++++++++++++++++++++++++++++++++ 1 file changed, 58 insertions(+) create mode 100644 pkg/utils/sysctl/sysctl_linux.go diff --git a/pkg/utils/sysctl/sysctl_linux.go b/pkg/utils/sysctl/sysctl_linux.go new file mode 100644 index 00000000..c0fba382 --- /dev/null +++ b/pkg/utils/sysctl/sysctl_linux.go @@ -0,0 +1,58 @@ +// Copyright 2016 CNI authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +// build +linux + +package sysctl + +import ( + "fmt" + "io/ioutil" + "path/filepath" + "strings" +) + +// Sysctl provides a method to set/get values from /proc/sys - in linux systems +// new interface to set/get values of variables formerly handled by sysctl syscall +// If optional `params` have only one string value - this function will +// set this value into coresponding sysctl variable +func Sysctl(name string, params ...string) (string, error) { + if len(params) > 1 { + return "", fmt.Errorf("unexcepted additional parameters") + } else if len(params) == 1 { + return setSysctl(name, params[0]) + } + return getSysctl(name) +} + +func getSysctl(name string) (string, error) { + fullName := filepath.Join("/proc/sys", strings.Replace(name, ".", "/", -1)) + fullName = filepath.Clean(fullName) + data, err := ioutil.ReadFile(fullName) + if err != nil { + return "", err + } + + return string(data[:len(data)-1]), nil +} + +func setSysctl(name, value string) (string, error) { + fullName := filepath.Join("/proc/sys", strings.Replace(name, ".", "/", -1)) + fullName = filepath.Clean(fullName) + if err := ioutil.WriteFile(fullName, []byte(value), 0644); err != nil { + return "", err + } + + return getSysctl(name) +} From b2f492e8b58d7db989abffe6297d5e7afde38480 Mon Sep 17 00:00:00 2001 From: Piotr Skamruk Date: Mon, 7 Mar 2016 16:41:04 +0100 Subject: [PATCH 2/3] macvlan: set proxy_arp in time of creating interface Resolves CNI part of https://github.com/coreos/rkt/issues/1765 Second part would be adding similar lines into kvm flavored macvlan support (in time of creating macvtap device). --- plugins/main/macvlan/macvlan.go | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) diff --git a/plugins/main/macvlan/macvlan.go b/plugins/main/macvlan/macvlan.go index f6891a34..0635f263 100644 --- a/plugins/main/macvlan/macvlan.go +++ b/plugins/main/macvlan/macvlan.go @@ -26,9 +26,14 @@ import ( "github.com/appc/cni/pkg/ns" "github.com/appc/cni/pkg/skel" "github.com/appc/cni/pkg/types" + "github.com/appc/cni/pkg/utils/sysctl" "github.com/vishvananda/netlink" ) +const ( + IPv4InterfaceArpProxySysctlTemplate = "net.ipv4.conf.%s.proxy_arp" +) + type NetConf struct { types.NetConf Master string `json:"master"` @@ -80,7 +85,7 @@ func createMacvlan(conf *NetConf, ifName string, netns *os.File) error { return fmt.Errorf("failed to lookup master %q: %v", conf.Master, err) } - // due to kernel bug we have to create with tmpname or it might + // due to kernel bug we have to create with tmpName or it might // collide with the name on the host and error out tmpName, err := ip.RandomVethName() if err != nil { @@ -101,6 +106,14 @@ func createMacvlan(conf *NetConf, ifName string, netns *os.File) error { return fmt.Errorf("failed to create macvlan: %v", err) } + // TODO: duplicate following lines for ipv6 support, when it will be added in other places + ipv4SysctlValueName := fmt.Sprintf(IPv4InterfaceArpProxySysctlTemplate, tmpName) + if _, err := sysctl.Sysctl(ipv4SysctlValueName, "1"); err != nil { + // remove the newly added link and ignore errors, because we already are in a failed state + _ = netlink.LinkDel(mv) + return fmt.Errorf("failed to set proxy_arp on newly added interface %q: %v", tmpName, err) + } + return ns.WithNetNS(netns, false, func(_ *os.File) error { err := renameLink(tmpName, ifName) if err != nil { From bc482febfbb11ab1a4d253d075e363fc14f219dd Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Fri, 8 Apr 2016 14:22:20 +0200 Subject: [PATCH 3/3] travis: don't go get vet --- .travis.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.travis.yml b/.travis.yml index 8c7cd0d9..5e29caf7 100644 --- a/.travis.yml +++ b/.travis.yml @@ -18,7 +18,6 @@ env: - GO15VENDOREXPERIMENT=1 install: - - go get ${TOOLS_CMD}/vet - go get ${TOOLS_CMD}/cover - go get github.com/modocache/gover - go get github.com/mattn/goveralls