* Use of Table ID in IPAM
Signed-off-by: Lionel Jouin <lionel.jouin@est.tech>
* SBR: option to pass the table id
Using the option to set the table number in the SBR meta plugin will
create a policy route for each IP added for the interface returned by
the main plugin.
Unlike the default behavior, the routes will not be moved to the table.
The default behavior of the SBR plugin is kept if the table id is not set.
Signed-off-by: Lionel Jouin <lionel.jouin@est.tech>
---------
Signed-off-by: Lionel Jouin <lionel.jouin@est.tech>
From the dhcp daemon log, we can see that dhcp will fail to acquire
the lease when the link is down, and success on retry.
```
2024/08/21 21:30:44 macvlan-dhcp/eth1: acquiring lease
2024/08/21 21:30:44 Link "eth1" down. Attempting to set up
2024/08/21 21:30:44 network is down
2024/08/21 21:30:44 retrying in 2.641696 seconds
2024/08/21 21:30:49 macvlan-dhcp/eth1: lease acquired, expiration is 2024-08-22 09:30:49.755367962 +0800 CST m=+43205.712107889
```
After move the code of set up link to the beginning of the function, the
dhcp success on first time.
```
2024/08/21 22:04:02 macvlan-dhcp/eth1: acquiring lease
2024/08/21 22:04:02 Link "eth1" down. Attempting to set up
2024/08/21 22:04:05 macvlan-dhcp/eth1: lease acquired, expiration is 2024-08-22 10:04:05.297887726 +0800 CST m=+43203.081141304
```
Signed-off-by: Songmin Li <lisongmin@protonmail.com>
even if json unmarshalling in golang with the standard libs is case unsensitive regarding the keys
Signed-off-by: Raphael <oOraph@users.noreply.github.com>
what changed:
we had to refactor the bandwidth plugin and switch from a classless qdisc (tbf)
to a classful qdisc (htb).
subnets are to be provided in config or runtimeconfig just like other parameters
unit and integration tests were also adapted in consequence
unrelated changes:
test fixes: the most important tests were just silently skipped due to ginkgo Measure deprecation
(the ones actually checking the effectiveness of the traffic control)
Signed-off-by: Raphael <oOraph@users.noreply.github.com>
Today, it is not possible to use host-device CNI to move a
host device to container namespace if a device already exists
in that namespace.
e.g when a delegate plugin (such as multus) is used to provide
multiple networks to a container, CNI Add call will fail if
the targeted host device name already exists in container network
namespace.
to overcome this, we use a temporary name for the interface before
moving it in/out of container network namespace.
Signed-off-by: adrianc <adrianc@nvidia.com>
The new `disableContainerInterface` parameter is added to the bridge plugin to
enable setting the container interface state down.
When the parameter is enabled, the container interface (veth peer that is placed
at the container ns) remain down (i.e: disabled).
The bridge and host peer interfaces state are not affected by the parameter.
Since IPAM logic involve various configurations including waiting for addresses
to be realized and setting the interface state UP, the new parameter cannot work
with IPAM.
In case both IPAM and DisableContainerInterface parameters are set, the bridge
plugin will raise an error.
Signed-off-by: Or Mergi <ormergi@redhat.com>
When the master interface on the node has been deleted, and loadConf tries
to get the MTU, This causes cmdDel to return a linkNotFound error to the
runtime. The cmdDel only needs to unmarshal the netConf. No need to
get the MTU. So we just replaced the loadConf function with
json.unmarshal in cmdDel.
Signed-off-by: cyclinder <qifeng.guo@daocloud.io>
current route filter uses RT_FILTER_IIF in conjunction with LinkIndex.
This combination is ignored by netlink, rendering the filter
ineffective
Signed-off-by: Poh Chiat Koh <poh@inter.link>
On a recent Fedora Rawhide, dbus-daemon-1.14.8-1 prints a string
prefixed by 'unix:path' instead of the expected 'unix:abstract', thereby
failing the test. Allowing this alternate prefix fixes the test, so for
communication with the daemon it is not relevant.
Signed-off-by: Phil Sutter <psutter@redhat.com>
Just attempt to delete the known rules referring to the custom chain,
then flush and delete it. If the latter succeeds, no referencing rules
are left and the job is done.
If the final flush'n'delete fails, fall back to the referencing rule
search which is slow with large rulesets.
Signed-off-by: Phil Sutter <psutter@redhat.com>
Starting with v0.5.0, go-iptables exports a fast ChainExists() which
does not rely upon listing all chains and searching the results but
probes chain existence by listing its first rule. This should make a
significant difference in rulesets with thousands of chains.
Signed-off-by: Phil Sutter <psutter@redhat.com>
The test named "correctly handles multiple DELs for the same container" in the ipam/dhcp package experiences race conditions when multiple goroutines concurrently access and modify the Args struct (of type CmdArgs).
To address these issues, a copy of the CmdArgs struct is now created in each function to eliminate data races.
Also, the test-linux.sh and test-windows.sh scripts have been updated to include the '-race' flag, enabling race detection during testing. This change helps prevent future race conditions by activating the Go race detector.
Signed-off-by: Alina Sudakov <asudakov@redhat.com>
Up until now, if previous plugin assigned routes to interface, movement of
this interface to new VRF cause routes to be deleted.
This patch adds funtionality to VRF plugin to save the routes before
interface is assgined to VRF, and then re-apply all saved routes to new VRF.
Signed-off-by: Artur Korzeniewski <artur.korzeniewski@travelping.com>
This extends the tap plugin API enabling the user to instruct the CNI
plugin the created tap device must be set as a port of an *existing*
linux bridge on the pod network namespace.
This is helpful for KubeVirt, allowing network connectivity to be
extended from the pod's interface into the Virtual Machine running
inside the pod.
Signed-off-by: Miguel Duarte Barroso <mdbarroso@redhat.com>
Using ptp plugin with non default routes, we get the following error
when cri-o call CheckNetworkList():
```
Expected Route {Dst:{IP:198.18.128.0 Mask:ffff8000} GW:<nil>} not found in routing table
```
Using cniVersion 0.3.1 to bypass the check, we can see that the
route is added with a gateway
```
$ ip r
198.18.0.0/17 via 198.18.0.1 dev eth0 src 198.18.3.102
198.18.0.1 dev eth0 scope link src 198.18.3.102
198.18.128.0/17 via 198.18.0.1 dev eth0
```
If GW is nil only check if we have a route with a DST that matches, and
ignore the GW.
Fixes #886
Signed-off-by: Etienne Champetier <e.champetier@ateme.com>
