From 26d1d707b001dc1fff281c2f83cfe93a310f06e0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Pavel=20Mat=C4=9Bja?= Date: Wed, 26 Jun 2019 14:23:51 +0200 Subject: [PATCH 1/3] Macvlan internal network shouldln't change gw MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Since docker container can be connected to combination of several internal and external networks change of default gateway of the internal ones breaks communication via the external ones. This fixes only macvlan network type Signed-off-by: Pavel Matěja --- drivers/macvlan/macvlan_joinleave.go | 62 ++++++++++++++-------------- 1 file changed, 32 insertions(+), 30 deletions(-) diff --git a/drivers/macvlan/macvlan_joinleave.go b/drivers/macvlan/macvlan_joinleave.go index 72d5c24ddc..fda972bf87 100644 --- a/drivers/macvlan/macvlan_joinleave.go +++ b/drivers/macvlan/macvlan_joinleave.go @@ -39,38 +39,40 @@ func (d *driver) Join(nid, eid string, sboxKey string, jinfo driverapi.JoinInfo, return fmt.Errorf("could not find endpoint with id %s", eid) } // parse and match the endpoint address with the available v4 subnets - if len(n.config.Ipv4Subnets) > 0 { - s := n.getSubnetforIPv4(ep.addr) - if s == nil { - return fmt.Errorf("could not find a valid ipv4 subnet for endpoint %s", eid) + if !n.config.Internal { + if len(n.config.Ipv4Subnets) > 0 { + s := n.getSubnetforIPv4(ep.addr) + if s == nil { + return fmt.Errorf("could not find a valid ipv4 subnet for endpoint %s", eid) + } + v4gw, _, err := net.ParseCIDR(s.GwIP) + if err != nil { + return fmt.Errorf("gateway %s is not a valid ipv4 address: %v", s.GwIP, err) + } + err = jinfo.SetGateway(v4gw) + if err != nil { + return err + } + logrus.Debugf("Macvlan Endpoint Joined with IPv4_Addr: %s, Gateway: %s, MacVlan_Mode: %s, Parent: %s", + ep.addr.IP.String(), v4gw.String(), n.config.MacvlanMode, n.config.Parent) } - v4gw, _, err := net.ParseCIDR(s.GwIP) - if err != nil { - return fmt.Errorf("gateway %s is not a valid ipv4 address: %v", s.GwIP, err) - } - err = jinfo.SetGateway(v4gw) - if err != nil { - return err - } - logrus.Debugf("Macvlan Endpoint Joined with IPv4_Addr: %s, Gateway: %s, MacVlan_Mode: %s, Parent: %s", - ep.addr.IP.String(), v4gw.String(), n.config.MacvlanMode, n.config.Parent) - } - // parse and match the endpoint address with the available v6 subnets - if len(n.config.Ipv6Subnets) > 0 { - s := n.getSubnetforIPv6(ep.addrv6) - if s == nil { - return fmt.Errorf("could not find a valid ipv6 subnet for endpoint %s", eid) - } - v6gw, _, err := net.ParseCIDR(s.GwIP) - if err != nil { - return fmt.Errorf("gateway %s is not a valid ipv6 address: %v", s.GwIP, err) - } - err = jinfo.SetGatewayIPv6(v6gw) - if err != nil { - return err + // parse and match the endpoint address with the available v6 subnets + if len(n.config.Ipv6Subnets) > 0 { + s := n.getSubnetforIPv6(ep.addrv6) + if s == nil { + return fmt.Errorf("could not find a valid ipv6 subnet for endpoint %s", eid) + } + v6gw, _, err := net.ParseCIDR(s.GwIP) + if err != nil { + return fmt.Errorf("gateway %s is not a valid ipv6 address: %v", s.GwIP, err) + } + err = jinfo.SetGatewayIPv6(v6gw) + if err != nil { + return err + } + logrus.Debugf("Macvlan Endpoint Joined with IPv6_Addr: %s Gateway: %s MacVlan_Mode: %s, Parent: %s", + ep.addrv6.IP.String(), v6gw.String(), n.config.MacvlanMode, n.config.Parent) } - logrus.Debugf("Macvlan Endpoint Joined with IPv6_Addr: %s Gateway: %s MacVlan_Mode: %s, Parent: %s", - ep.addrv6.IP.String(), v6gw.String(), n.config.MacvlanMode, n.config.Parent) } iNames := jinfo.InterfaceName() err = iNames.SetNames(vethName, containerVethPrefix) From e2c5ecba915e0152fd3b24792015992c04f7f08a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Pavel=20Mat=C4=9Bja?= Date: Tue, 16 Jul 2019 14:50:08 +0200 Subject: [PATCH 2/3] Log when endpoint joins internal macvlan network MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Pavel Matěja --- drivers/macvlan/macvlan_joinleave.go | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/drivers/macvlan/macvlan_joinleave.go b/drivers/macvlan/macvlan_joinleave.go index fda972bf87..0c67f5ac3f 100644 --- a/drivers/macvlan/macvlan_joinleave.go +++ b/drivers/macvlan/macvlan_joinleave.go @@ -73,6 +73,15 @@ func (d *driver) Join(nid, eid string, sboxKey string, jinfo driverapi.JoinInfo, logrus.Debugf("Macvlan Endpoint Joined with IPv6_Addr: %s Gateway: %s MacVlan_Mode: %s, Parent: %s", ep.addrv6.IP.String(), v6gw.String(), n.config.MacvlanMode, n.config.Parent) } + } else { + if len(n.config.Ipv4Subnets) > 0 { + logrus.Debugf("Macvlan Endpoint Joined with IPv4_Addr: %s, MacVlan_Mode: %s, Parent: %s", + ep.addr.IP.String(), n.config.MacvlanMode, n.config.Parent) + } + if len(n.config.Ipv6Subnets) > 0 { + logrus.Debugf("Macvlan Endpoint Joined with IPv6_Addr: %s MacVlan_Mode: %s, Parent: %s", + ep.addrv6.IP.String(), n.config.MacvlanMode, n.config.Parent) + } } iNames := jinfo.InterfaceName() err = iNames.SetNames(vethName, containerVethPrefix) From d5f5553b662ea26463f5589ffdf9cd438d0dfffc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Pavel=20Mat=C4=9Bja?= Date: Thu, 20 Feb 2020 17:39:19 +0000 Subject: [PATCH 3/3] Ipvlan internal network should not change gw MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Since docker container can be connected to combination of several internal and external networks change of default gateway of the internal ones breaks communication via the external ones. This fixes only ipvlan network type Signed-off-by: Pavel Matěja --- drivers/ipvlan/ipvlan_joinleave.go | 111 ++++++++++++++++------------- 1 file changed, 61 insertions(+), 50 deletions(-) diff --git a/drivers/ipvlan/ipvlan_joinleave.go b/drivers/ipvlan/ipvlan_joinleave.go index fc56bce5a6..9474824105 100644 --- a/drivers/ipvlan/ipvlan_joinleave.go +++ b/drivers/ipvlan/ipvlan_joinleave.go @@ -50,65 +50,76 @@ func (d *driver) Join(nid, eid string, sboxKey string, jinfo driverapi.JoinInfo, if ep == nil { return fmt.Errorf("could not find endpoint with id %s", eid) } - if n.config.IpvlanMode == modeL3 { - // disable gateway services to add a default gw using dev eth0 only - jinfo.DisableGatewayService() - defaultRoute, err := ifaceGateway(defaultV4RouteCidr) - if err != nil { - return err - } - if err := jinfo.AddStaticRoute(defaultRoute.Destination, defaultRoute.RouteType, defaultRoute.NextHop); err != nil { - return fmt.Errorf("failed to set an ipvlan l3 mode ipv4 default gateway: %v", err) - } - logrus.Debugf("Ipvlan Endpoint Joined with IPv4_Addr: %s, Ipvlan_Mode: %s, Parent: %s", - ep.addr.IP.String(), n.config.IpvlanMode, n.config.Parent) - // If the endpoint has a v6 address, set a v6 default route - if ep.addrv6 != nil { - default6Route, err := ifaceGateway(defaultV6RouteCidr) + if !n.config.Internal { + if n.config.IpvlanMode == modeL3 { + // disable gateway services to add a default gw using dev eth0 only + jinfo.DisableGatewayService() + defaultRoute, err := ifaceGateway(defaultV4RouteCidr) if err != nil { return err } - if err = jinfo.AddStaticRoute(default6Route.Destination, default6Route.RouteType, default6Route.NextHop); err != nil { - return fmt.Errorf("failed to set an ipvlan l3 mode ipv6 default gateway: %v", err) + if err := jinfo.AddStaticRoute(defaultRoute.Destination, defaultRoute.RouteType, defaultRoute.NextHop); err != nil { + return fmt.Errorf("failed to set an ipvlan l3 mode ipv4 default gateway: %v", err) } - logrus.Debugf("Ipvlan Endpoint Joined with IPv6_Addr: %s, Ipvlan_Mode: %s, Parent: %s", - ep.addrv6.IP.String(), n.config.IpvlanMode, n.config.Parent) - } - } - if n.config.IpvlanMode == modeL2 { - // parse and correlate the endpoint v4 address with the available v4 subnets - if len(n.config.Ipv4Subnets) > 0 { - s := n.getSubnetforIPv4(ep.addr) - if s == nil { - return fmt.Errorf("could not find a valid ipv4 subnet for endpoint %s", eid) + logrus.Debugf("Ipvlan Endpoint Joined with IPv4_Addr: %s, Ipvlan_Mode: %s, Parent: %s", + ep.addr.IP.String(), n.config.IpvlanMode, n.config.Parent) + // If the endpoint has a v6 address, set a v6 default route + if ep.addrv6 != nil { + default6Route, err := ifaceGateway(defaultV6RouteCidr) + if err != nil { + return err + } + if err = jinfo.AddStaticRoute(default6Route.Destination, default6Route.RouteType, default6Route.NextHop); err != nil { + return fmt.Errorf("failed to set an ipvlan l3 mode ipv6 default gateway: %v", err) + } + logrus.Debugf("Ipvlan Endpoint Joined with IPv6_Addr: %s, Ipvlan_Mode: %s, Parent: %s", + ep.addrv6.IP.String(), n.config.IpvlanMode, n.config.Parent) } - v4gw, _, err := net.ParseCIDR(s.GwIP) - if err != nil { - return fmt.Errorf("gateway %s is not a valid ipv4 address: %v", s.GwIP, err) + } + if n.config.IpvlanMode == modeL2 { + // parse and correlate the endpoint v4 address with the available v4 subnets + if len(n.config.Ipv4Subnets) > 0 { + s := n.getSubnetforIPv4(ep.addr) + if s == nil { + return fmt.Errorf("could not find a valid ipv4 subnet for endpoint %s", eid) + } + v4gw, _, err := net.ParseCIDR(s.GwIP) + if err != nil { + return fmt.Errorf("gateway %s is not a valid ipv4 address: %v", s.GwIP, err) + } + err = jinfo.SetGateway(v4gw) + if err != nil { + return err + } + logrus.Debugf("Ipvlan Endpoint Joined with IPv4_Addr: %s, Gateway: %s, Ipvlan_Mode: %s, Parent: %s", + ep.addr.IP.String(), v4gw.String(), n.config.IpvlanMode, n.config.Parent) } - err = jinfo.SetGateway(v4gw) - if err != nil { - return err + // parse and correlate the endpoint v6 address with the available v6 subnets + if len(n.config.Ipv6Subnets) > 0 { + s := n.getSubnetforIPv6(ep.addrv6) + if s == nil { + return fmt.Errorf("could not find a valid ipv6 subnet for endpoint %s", eid) + } + v6gw, _, err := net.ParseCIDR(s.GwIP) + if err != nil { + return fmt.Errorf("gateway %s is not a valid ipv6 address: %v", s.GwIP, err) + } + err = jinfo.SetGatewayIPv6(v6gw) + if err != nil { + return err + } + logrus.Debugf("Ipvlan Endpoint Joined with IPv6_Addr: %s, Gateway: %s, Ipvlan_Mode: %s, Parent: %s", + ep.addrv6.IP.String(), v6gw.String(), n.config.IpvlanMode, n.config.Parent) } - logrus.Debugf("Ipvlan Endpoint Joined with IPv4_Addr: %s, Gateway: %s, Ipvlan_Mode: %s, Parent: %s", - ep.addr.IP.String(), v4gw.String(), n.config.IpvlanMode, n.config.Parent) } - // parse and correlate the endpoint v6 address with the available v6 subnets + } else { + if len(n.config.Ipv4Subnets) > 0 { + logrus.Debugf("Ipvlan Endpoint Joined with IPv4_Addr: %s, IpVlan_Mode: %s, Parent: %s", + ep.addr.IP.String(), n.config.IpvlanMode, n.config.Parent) + } if len(n.config.Ipv6Subnets) > 0 { - s := n.getSubnetforIPv6(ep.addrv6) - if s == nil { - return fmt.Errorf("could not find a valid ipv6 subnet for endpoint %s", eid) - } - v6gw, _, err := net.ParseCIDR(s.GwIP) - if err != nil { - return fmt.Errorf("gateway %s is not a valid ipv6 address: %v", s.GwIP, err) - } - err = jinfo.SetGatewayIPv6(v6gw) - if err != nil { - return err - } - logrus.Debugf("Ipvlan Endpoint Joined with IPv6_Addr: %s, Gateway: %s, Ipvlan_Mode: %s, Parent: %s", - ep.addrv6.IP.String(), v6gw.String(), n.config.IpvlanMode, n.config.Parent) + logrus.Debugf("Ipvlan Endpoint Joined with IPv6_Addr: %s IpVlan_Mode: %s, Parent: %s", + ep.addrv6.IP.String(), n.config.IpvlanMode, n.config.Parent) } } iNames := jinfo.InterfaceName()