DEL can be called multiple times, a plugin should return no error if
the device is already removed, and other errors should be returned. It
was the opposite for vlan plugin. This PR fixes it.
Signed-off-by: Quan Tian <qtian@vmware.com>
Sysctl names can use dots or slashes as separator:
- if dots are used, dots and slashes are interchanged.
- if slashes are used, slashes and dots are left intact.
Separator in use is determined by firt ocurrence.
Reference: http://man7.org/linux/man-pages/man5/sysctl.d.5.html
Signed-off-by: Jaime Caamaño Ruiz <jcaamano@suse.com>
If the Linux kernel is not built with the parameter
CONFIG_BRIDGE_VLAN_FILTERING, passing vlanFiltering in
the Bridge struct returns an error creating the bridge interface.
This happens even when no parameter is set on Vlan in the CNI config.
This change fixes the case where no Vlan parameter is configured on
CNI config file so the flag doesn't need to be included in the struct.
Signed-off-by: Carlos de Paula <me@carlosedp.com>
bump the go-iptables module to v0.4.5 to avoid
concurrency issues with the portmap plugin and
errors related to iptables not able to hold the
lock.
Signed-off-by: Antonio Ojea <antonio.ojea.garcia@gmail.com>
Add the following idempotent functions to iptables utils:
DeleteRule: idempotently delete an iptables rule
DeleteChain: idempotently delete an iptables chain
ClearChain: idempotently flush an iptables chain
Signed-off-by: Antonio Ojea <antonio.ojea.garcia@gmail.com>
It turns out that the portmap plugin is not idempotent if its
executed in parallel.
The errors are caused due to a race of different instantiations
deleting the chains.
This patch does that the portmap plugin doesn't fail if the
errors are because the chain doesn't exist on teardown.
Signed-off-by: Antonio Ojea <antonio.ojea.garcia@gmail.com>
Use a Describe container for the It code block of the
portmap port forward integration test.
Signed-off-by: Antonio Ojea <antonio.ojea.garcia@gmail.com>
Concurrent use of the `portmap` and `firewall` plugins can result in
errors during iptables chain creation:
- The `portmap` plugin has a time-of-check-time-of-use race where it
checks for existence of the chain but the operation isn't atomic.
- The `firewall` plugin doesn't check for existing chains and just
returns an error.
This commit makes both operations idempotent by creating the chain and
then discarding the error if it's caused by the chain already
existing. It also factors the chain creation out into `pkg/utils` as a
site for future refactoring work.
Signed-off-by: Tim Gross <tim@0x74696d.com>
This change sends gratuitous ARP when MAC address is changed to
let other devices to know the MAC address update.
Signed-off-by: Tomofumi Hayashi <tohayash@redhat.com>
When running in a user namespace created by an unprivileged user the
owner of /var/run will be reported as the unknown user (as defined in
/proc/sys/kernel/overflowuid) so any access to the directory will
fail.
If the XDG_RUNTIME_DIR environment variable is set, check whether the
current user is also the owner of /var/run. If the owner is different
than the current user, use the $XDG_RUNTIME_DIR/netns directory.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
This change introduce priorities for IPs input among CNI_ARGS,
'args' and runtimeConfig. Fix #399.
Signed-off-by: Tomofumi Hayashi <tohayash@redhat.com>
