This reverts commit ef076afac1af0b9a8446f72e3343666567bc04dc, reversing
changes made to 597408952e3e7247fb0deef26a3a935c405aa0cf.
Signed-off-by: h0nIg <h0nIg@users.noreply.github.com>
The tests were flaky due to a route with the link-local IP being
automatically added after the test run saves the initial state
(routes before SBR plugin is ran). When the SBR plugin is ran,
the new state is compared with the old state. The new state will
then contain the route with the link-local IP (that has been
added after saving the old state), the old state was not
containing it, so the tests were failing
The solution here is to ignore routes with the link-local IP
for the tests.
fixes: #1096
Signed-off-by: Lionel Jouin <lionel.jouin@est.tech>
* ci, go.mod: bump to go 1.23
Now that go.mod matches our go version, we can stop setting go version
in CI separately.
Signed-off-by: Casey Callendrello <c1@caseyc.net>
* minor: fix lint errors
Bumping golangci-lint to v1.61 introduced some new reasonable checks;
fix the errors they found.
Signed-off-by: Casey Callendrello <c1@caseyc.net>
* ci: bump golangci-lint to v1.61.0
Also, fix some deprecated config directives.
Signed-off-by: Casey Callendrello <c1@caseyc.net>
---------
Signed-off-by: Casey Callendrello <c1@caseyc.net>
Currently, we can not set the metric of routes in dhcp.
It's ok if there is only a network interface.
But if there are multiple network interfaces, and both have a default route,
We need to set the metric of the route to make the traffic
go through the correct network interface.
For host-local and static, we can set the metric with the route.priority option.
But there is no such option for dhcp.
Signed-off-by: Songmin Li <lisongmin@protonmail.com>
* Use of Table ID in IPAM
Signed-off-by: Lionel Jouin <lionel.jouin@est.tech>
* SBR: option to pass the table id
Using the option to set the table number in the SBR meta plugin will
create a policy route for each IP added for the interface returned by
the main plugin.
Unlike the default behavior, the routes will not be moved to the table.
The default behavior of the SBR plugin is kept if the table id is not set.
Signed-off-by: Lionel Jouin <lionel.jouin@est.tech>
---------
Signed-off-by: Lionel Jouin <lionel.jouin@est.tech>
From the dhcp daemon log, we can see that dhcp will fail to acquire
the lease when the link is down, and success on retry.
```
2024/08/21 21:30:44 macvlan-dhcp/eth1: acquiring lease
2024/08/21 21:30:44 Link "eth1" down. Attempting to set up
2024/08/21 21:30:44 network is down
2024/08/21 21:30:44 retrying in 2.641696 seconds
2024/08/21 21:30:49 macvlan-dhcp/eth1: lease acquired, expiration is 2024-08-22 09:30:49.755367962 +0800 CST m=+43205.712107889
```
After move the code of set up link to the beginning of the function, the
dhcp success on first time.
```
2024/08/21 22:04:02 macvlan-dhcp/eth1: acquiring lease
2024/08/21 22:04:02 Link "eth1" down. Attempting to set up
2024/08/21 22:04:05 macvlan-dhcp/eth1: lease acquired, expiration is 2024-08-22 10:04:05.297887726 +0800 CST m=+43203.081141304
```
Signed-off-by: Songmin Li <lisongmin@protonmail.com>
even if json unmarshalling in golang with the standard libs is case unsensitive regarding the keys
Signed-off-by: Raphael <oOraph@users.noreply.github.com>
what changed:
we had to refactor the bandwidth plugin and switch from a classless qdisc (tbf)
to a classful qdisc (htb).
subnets are to be provided in config or runtimeconfig just like other parameters
unit and integration tests were also adapted in consequence
unrelated changes:
test fixes: the most important tests were just silently skipped due to ginkgo Measure deprecation
(the ones actually checking the effectiveness of the traffic control)
Signed-off-by: Raphael <oOraph@users.noreply.github.com>
Today, it is not possible to use host-device CNI to move a
host device to container namespace if a device already exists
in that namespace.
e.g when a delegate plugin (such as multus) is used to provide
multiple networks to a container, CNI Add call will fail if
the targeted host device name already exists in container network
namespace.
to overcome this, we use a temporary name for the interface before
moving it in/out of container network namespace.
Signed-off-by: adrianc <adrianc@nvidia.com>
The new `disableContainerInterface` parameter is added to the bridge plugin to
enable setting the container interface state down.
When the parameter is enabled, the container interface (veth peer that is placed
at the container ns) remain down (i.e: disabled).
The bridge and host peer interfaces state are not affected by the parameter.
Since IPAM logic involve various configurations including waiting for addresses
to be realized and setting the interface state UP, the new parameter cannot work
with IPAM.
In case both IPAM and DisableContainerInterface parameters are set, the bridge
plugin will raise an error.
Signed-off-by: Or Mergi <ormergi@redhat.com>
When the master interface on the node has been deleted, and loadConf tries
to get the MTU, This causes cmdDel to return a linkNotFound error to the
runtime. The cmdDel only needs to unmarshal the netConf. No need to
get the MTU. So we just replaced the loadConf function with
json.unmarshal in cmdDel.
Signed-off-by: cyclinder <qifeng.guo@daocloud.io>
current route filter uses RT_FILTER_IIF in conjunction with LinkIndex.
This combination is ignored by netlink, rendering the filter
ineffective
Signed-off-by: Poh Chiat Koh <poh@inter.link>
On a recent Fedora Rawhide, dbus-daemon-1.14.8-1 prints a string
prefixed by 'unix:path' instead of the expected 'unix:abstract', thereby
failing the test. Allowing this alternate prefix fixes the test, so for
communication with the daemon it is not relevant.
Signed-off-by: Phil Sutter <psutter@redhat.com>
Just attempt to delete the known rules referring to the custom chain,
then flush and delete it. If the latter succeeds, no referencing rules
are left and the job is done.
If the final flush'n'delete fails, fall back to the referencing rule
search which is slow with large rulesets.
Signed-off-by: Phil Sutter <psutter@redhat.com>
Starting with v0.5.0, go-iptables exports a fast ChainExists() which
does not rely upon listing all chains and searching the results but
probes chain existence by listing its first rule. This should make a
significant difference in rulesets with thousands of chains.
Signed-off-by: Phil Sutter <psutter@redhat.com>
The test named "correctly handles multiple DELs for the same container" in the ipam/dhcp package experiences race conditions when multiple goroutines concurrently access and modify the Args struct (of type CmdArgs).
To address these issues, a copy of the CmdArgs struct is now created in each function to eliminate data races.
Also, the test-linux.sh and test-windows.sh scripts have been updated to include the '-race' flag, enabling race detection during testing. This change helps prevent future race conditions by activating the Go race detector.
Signed-off-by: Alina Sudakov <asudakov@redhat.com>
Up until now, if previous plugin assigned routes to interface, movement of
this interface to new VRF cause routes to be deleted.
This patch adds funtionality to VRF plugin to save the routes before
interface is assgined to VRF, and then re-apply all saved routes to new VRF.
Signed-off-by: Artur Korzeniewski <artur.korzeniewski@travelping.com>
