Using ptp plugin with non default routes, we get the following error
when cri-o call CheckNetworkList():
```
Expected Route {Dst:{IP:198.18.128.0 Mask:ffff8000} GW:<nil>} not found in routing table
```
Using cniVersion 0.3.1 to bypass the check, we can see that the
route is added with a gateway
```
$ ip r
198.18.0.0/17 via 198.18.0.1 dev eth0 src 198.18.3.102
198.18.0.1 dev eth0 scope link src 198.18.3.102
198.18.128.0/17 via 198.18.0.1 dev eth0
```
If GW is nil only check if we have a route with a DST that matches, and
ignore the GW.
Fixes #886
Signed-off-by: Etienne Champetier <e.champetier@ateme.com>
Making sure the exec'ed nft command is executed in 55 secs allows for
CNI to fail early, thus preventing CRI from sending another CNI DEL
while the previous NFT call is still being processed.
This fix prevents part of the behavior described in [0], in which:
> cnv-bridge and nft comes pile up in a loop, increasing every 60, never
completes
The timeout had to be less than 60 seconds (otherwise CRI would still
trigger CNI DEL again) but large enough for this feature to have a
chance of working on older kernels (e.g. centOS 8), where it takes
longer to access even a specific chain/table.
Signed-off-by: Miguel Duarte Barroso <mdbarroso@redhat.com>
This go-nft version allows its users to only read particular
tables/chains when invoking `ReadConfig`, instead of the entire ruleset.
This will make deleting rules from a large ruleset faster, thus speeding
up CNI DELs.
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=2175041
Signed-off-by: Miguel Duarte Barroso <mdbarroso@redhat.com>
add vlan trunk support for veth
vlan trunk only support L2 only mode without any IPAM
refer ovs-cni design
https://github.com/k8snetworkplumbingwg/ovs-cni/blob/main/pkg/plugin/plugin.go
design:
origin "vlan" option will be PVID or untagged vlan for the network.
"vlanTrunk" will setup tagged vlan for veth.
entry type:
`{ "id": 100 }` will specify only tagged vlan 100
`{ "minID": 100, "maxID": 120 }` will specify tagged vlan from 100 to
120 (include 100 and 120)
vlanTrunk is a list of above entry type, so you can use this to add
tagged vlan
`[
{ "id": 100 },
{
"minID": 1000,
"maxID": 2000
}
]`
complete config will be like this
{
"cniVersion": "0.3.1",
"name": "mynet",
"type": "bridge",
"bridge": "mynet0",
"vlan": 100,
"vlanTrunk": [
{ "id": 101 },
{ "minID": 1000, "maxID": 2000 },
{ "minID": 3000, "maxID": 4000 }
],
"ipam": {}
}
Signed-off-by: Date Huang <date.huang@suse.com>
Rules are appendend by default, thus using an index is redundant.
Using an index also requires the full NFT cache, which causes a CNI ADD
to be extremely slow.
Signed-off-by: Miguel Duarte Barroso <mdbarroso@redhat.com>
this prevents the error to be lost which was causing the
panic while accesing a nil var.
Fix #830
Signed-off-by: Marcelo Guerrero Viveros <marguerr@redhat.com>
This commit updates the import of ginkgo to v2 in
all of the tests.
Signed-off-by: liornoy <lnoy@redhat.com>
Co-authored-by: Sascha Grunert <sgrunert@redhat.com>
This commit updates ginkgo to v2.
Note that because ginkgo/v2 requires go1.18, it was
updated as well.
Signed-off-by: liornoy <lnoy@redhat.com>
Co-authored-by: Sascha Grunert <sgrunert@redhat.com>
This PR adds a plugin to create tap devices.
The plugin adds a tap device to the container.
The plugin has a workaround for a golang netlink library
which does not allow for tap devices with no owner/group
to be created. When no tap owner/group is requested, the
plugin will fall back to using the ip tool for creating
the tap device. A fix to the golang netlink lib is pending.
Signed-off-by: mmirecki <mmirecki@redhat.com>
