diff --git a/pkg/utils/utils.go b/pkg/utils/utils.go new file mode 100644 index 00000000..eaf48d0b --- /dev/null +++ b/pkg/utils/utils.go @@ -0,0 +1,20 @@ +package utils + +import ( + "crypto/sha512" + "fmt" +) + +// 29 - len('CNI') - 2*len('-') +const maxNameLen = 16 + +// Generates a chain name to be used with iptables. +// Ensures that the generated name is less than +// 29 chars in length +func FormatChainName(name string, id string) string { + h := sha512.Sum512([]byte(id)) + if len(name) > maxNameLen { + return fmt.Sprintf("CNI-%s-%x", name[:len(name)-maxNameLen], h[:8]) + } + return fmt.Sprintf("CNI-%s-%x", name, h[:8]) +} diff --git a/pkg/utils/utils_suite_test.go b/pkg/utils/utils_suite_test.go new file mode 100644 index 00000000..f160db60 --- /dev/null +++ b/pkg/utils/utils_suite_test.go @@ -0,0 +1,13 @@ +package utils_test + +import ( + . "github.com/onsi/ginkgo" + . "github.com/onsi/gomega" + + "testing" +) + +func TestUtils(t *testing.T) { + RegisterFailHandler(Fail) + RunSpecs(t, "Utils Suite") +} diff --git a/pkg/utils/utils_test.go b/pkg/utils/utils_test.go new file mode 100644 index 00000000..e9b9f9bf --- /dev/null +++ b/pkg/utils/utils_test.go @@ -0,0 +1,18 @@ +package utils + +import ( + . "github.com/onsi/ginkgo" + . "github.com/onsi/gomega" +) + +var _ = Describe("Utils", func() { + It("should format a short name", func() { + chain := FormatChainName("test", "1234") + Expect(chain).To(Equal("CNI-test-d404559f602eab6f")) + }) + + It("should truncate a long name", func() { + chain := FormatChainName("testalongnamethatdoesnotmakesense", "1234") + Expect(chain).To(Equal("CNI-testalongnamethat-d404559f602eab6f")) + }) +}) diff --git a/plugins/main/bridge/bridge.go b/plugins/main/bridge/bridge.go index 49c0aa5d..d5581bf4 100644 --- a/plugins/main/bridge/bridge.go +++ b/plugins/main/bridge/bridge.go @@ -28,6 +28,7 @@ import ( "github.com/appc/cni/pkg/ns" "github.com/appc/cni/pkg/skel" "github.com/appc/cni/pkg/types" + "github.com/appc/cni/pkg/utils" "github.com/vishvananda/netlink" ) @@ -220,7 +221,7 @@ func cmdAdd(args *skel.CmdArgs) error { } if n.IPMasq { - chain := "CNI-" + n.Name + chain := utils.FormatChainName(n.Name, args.ContainerID) if err = ip.SetupIPMasq(ip.Network(&result.IP4.IP), chain); err != nil { return err } diff --git a/plugins/main/ptp/ptp.go b/plugins/main/ptp/ptp.go index 3cb8f643..b397b795 100644 --- a/plugins/main/ptp/ptp.go +++ b/plugins/main/ptp/ptp.go @@ -15,7 +15,6 @@ package main import ( - "crypto/sha512" "encoding/json" "errors" "fmt" @@ -30,6 +29,7 @@ import ( "github.com/appc/cni/pkg/ns" "github.com/appc/cni/pkg/skel" "github.com/appc/cni/pkg/types" + "github.com/appc/cni/pkg/utils" ) func init() { @@ -178,8 +178,7 @@ func cmdAdd(args *skel.CmdArgs) error { } if conf.IPMasq { - h := sha512.Sum512([]byte(args.ContainerID)) - chain := fmt.Sprintf("CNI-%s-%x", conf.Name, h[:8]) + chain := utils.FormatChainName(conf.Name, args.ContainerID) if err = ip.SetupIPMasq(&result.IP4.IP, chain); err != nil { return err } @@ -206,8 +205,7 @@ func cmdDel(args *skel.CmdArgs) error { } if conf.IPMasq { - h := sha512.Sum512([]byte(args.ContainerID)) - chain := fmt.Sprintf("CNI-%s-%x", conf.Name, h[:8]) + chain := utils.FormatChainName(conf.Name, args.ContainerID) if err = ip.TeardownIPMasq(ipn, chain); err != nil { return err } diff --git a/test b/test index a333086f..a51a0e8f 100755 --- a/test +++ b/test @@ -11,7 +11,7 @@ set -e source ./build -TESTABLE="plugins/ipam/dhcp plugins/main/loopback pkg/invoke pkg/ns pkg/skel pkg/types" +TESTABLE="plugins/ipam/dhcp plugins/main/loopback pkg/invoke pkg/ns pkg/skel pkg/types pkg/utils" FORMATTABLE="$TESTABLE libcni pkg/ip pkg/ns pkg/types pkg/ipam plugins/ipam/host-local plugins/main/bridge plugins/meta/flannel plugins/meta/tuning" # user has not provided PKG override