spec/plugins: return interface details and multiple IP addresses to runtime
Updates the spec and plugins to return an array of interfaces and IP details to the runtime including: - interface names and MAC addresses configured by the plugin - whether the interfaces are sandboxed (container/VM) or host (bridge, veth, etc) - multiple IP addresses configured by IPAM and which interface they have been assigned to Returning interface details is useful for runtimes, as well as allowing more flexible chaining of CNI plugins themselves. For example, some meta plugins may need to know the host-side interface to be able to apply firewall or traffic shaping rules to the container.
This commit is contained in:
Dan Williams
@ -16,6 +16,7 @@ package ipam
|
||||
|
||||
import (
|
||||
"fmt"
|
||||
"net"
|
||||
"os"
|
||||
|
||||
"github.com/containernetworking/cni/pkg/invoke"
|
||||
@ -37,6 +38,10 @@ func ExecDel(plugin string, netconf []byte) error {
|
||||
// ConfigureIface takes the result of IPAM plugin and
|
||||
// applies to the ifName interface
|
||||
func ConfigureIface(ifName string, res *current.Result) error {
|
||||
if len(res.Interfaces) == 0 {
|
||||
return fmt.Errorf("no interfaces to configure")
|
||||
}
|
||||
|
||||
link, err := netlink.LinkByName(ifName)
|
||||
if err != nil {
|
||||
return fmt.Errorf("failed to lookup %q: %v", ifName, err)
|
||||
@ -46,16 +51,35 @@ func ConfigureIface(ifName string, res *current.Result) error {
|
||||
return fmt.Errorf("failed to set %q UP: %v", ifName, err)
|
||||
}
|
||||
|
||||
// TODO(eyakubovich): IPv6
|
||||
addr := &netlink.Addr{IPNet: &res.IP4.IP, Label: ""}
|
||||
if err = netlink.AddrAdd(link, addr); err != nil {
|
||||
return fmt.Errorf("failed to add IP addr to %q: %v", ifName, err)
|
||||
var v4gw, v6gw net.IP
|
||||
for _, ipc := range res.IPs {
|
||||
if int(ipc.Interface) >= len(res.Interfaces) || res.Interfaces[ipc.Interface].Name != ifName {
|
||||
// IP address is for a different interface
|
||||
return fmt.Errorf("failed to add IP addr %v to %q: invalid interface index", ipc, ifName)
|
||||
}
|
||||
|
||||
addr := &netlink.Addr{IPNet: &ipc.Address, Label: ""}
|
||||
if err = netlink.AddrAdd(link, addr); err != nil {
|
||||
return fmt.Errorf("failed to add IP addr %v to %q: %v", ipc, ifName, err)
|
||||
}
|
||||
|
||||
gwIsV4 := ipc.Gateway.To4() != nil
|
||||
if gwIsV4 && v4gw == nil {
|
||||
v4gw = ipc.Gateway
|
||||
} else if !gwIsV4 && v6gw == nil {
|
||||
v6gw = ipc.Gateway
|
||||
}
|
||||
}
|
||||
|
||||
for _, r := range res.IP4.Routes {
|
||||
for _, r := range res.Routes {
|
||||
routeIsV4 := r.Dst.IP.To4() != nil
|
||||
gw := r.GW
|
||||
if gw == nil {
|
||||
gw = res.IP4.Gateway
|
||||
if routeIsV4 && v4gw != nil {
|
||||
gw = v4gw
|
||||
} else if !routeIsV4 && v6gw != nil {
|
||||
gw = v6gw
|
||||
}
|
||||
}
|
||||
if err = ip.AddRoute(&r.Dst, gw, link); err != nil {
|
||||
// we skip over duplicate routes as we assume the first one wins
|
||||
|
||||
Reference in New Issue
Block a user