-
Notifications
You must be signed in to change notification settings - Fork 257
enable dual NIC support in transparent VLAN #4057
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
base: master
Are you sure you want to change the base?
Changes from all commits
2ddbf89
2f33a42
776430c
7cc5010
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change | ||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|
|
@@ -400,14 +400,38 @@ | |||||||||||
return nil | ||||||||||||
} | ||||||||||||
|
||||||||||||
// Set ARP proxy on the vlan interface to respond to ARP requests for the gateway IP | ||||||||||||
func (client *TransparentVlanEndpointClient) setArpProxy(ifName string) error { | ||||||||||||
cmd := fmt.Sprintf("echo 1 > /proc/sys/net/ipv4/conf/%v/proxy_arp", ifName) | ||||||||||||
_, err := client.plClient.ExecuteRawCommand(cmd) | ||||||||||||
if err != nil { | ||||||||||||
logger.Error("Failed to set ARP proxy", zap.String("interface", ifName), zap.Error(err)) | ||||||||||||
} else { | ||||||||||||
logger.Info("ARP proxy enabled", zap.String("interface", ifName)) | ||||||||||||
} | ||||||||||||
return err | ||||||||||||
Check failure on line 412 in network/transparent_vlan_endpointclient_linux.go
|
||||||||||||
} | ||||||||||||
|
||||||||||||
func (client *TransparentVlanEndpointClient) AddEndpointRules(epInfo *EndpointInfo) error { | ||||||||||||
if err := client.AddSnatEndpointRules(); err != nil { | ||||||||||||
return errors.Wrap(err, "failed to add snat endpoint rules") | ||||||||||||
} | ||||||||||||
logger.Info("[transparent-vlan] Adding tunneling rules in vnet namespace") | ||||||||||||
err := ExecuteInNS(client.nsClient, client.vnetNSName, func() error { | ||||||||||||
return client.AddVnetRules(epInfo) | ||||||||||||
if err := client.AddVnetRules(epInfo); err != nil { | ||||||||||||
return err | ||||||||||||
} | ||||||||||||
|
||||||||||||
// Set ARP proxy on vnet veth (inside vnet namespace) | ||||||||||||
logger.Info("calling setArpProxy for", zap.String("vnetVethName", client.vnetVethName)) | ||||||||||||
if err := client.setArpProxy(client.vnetVethName); err != nil { | ||||||||||||
logger.Error("setArpProxy failed with", zap.Error(err)) | ||||||||||||
return err | ||||||||||||
} | ||||||||||||
|
||||||||||||
return nil | ||||||||||||
}) | ||||||||||||
|
||||||||||||
return err | ||||||||||||
} | ||||||||||||
|
||||||||||||
|
@@ -519,9 +543,19 @@ | |||||||||||
} | ||||||||||||
} | ||||||||||||
|
||||||||||||
if err := client.addDefaultRoutes(client.containerVethName, 0); err != nil { | ||||||||||||
return errors.Wrap(err, "failed container ns add default routes") | ||||||||||||
if epInfo.SkipDefaultRoutes { | ||||||||||||
logger.Info("Skipping adding default routes in container ns as requested") | ||||||||||||
if err := client.addCustomRoutes(client.containerVethName, epInfo.Subnets[0].Gateway, epInfo.Subnets[0].Prefix, 0); err != nil { | ||||||||||||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. i think we decided not to add any custom routes. let the orchestrator add it |
||||||||||||
return errors.Wrap(err, "failed container ns add custom routes") | ||||||||||||
} | ||||||||||||
return nil | ||||||||||||
} else { | ||||||||||||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. can remove else |
||||||||||||
logger.Info("Adding default routes in container ns") | ||||||||||||
if err := client.addDefaultRoutes(client.containerVethName, 0); err != nil { | ||||||||||||
return errors.Wrap(err, "failed container ns add default routes") | ||||||||||||
} | ||||||||||||
} | ||||||||||||
|
||||||||||||
if err := client.AddDefaultArp(client.containerVethName, client.vnetMac.String()); err != nil { | ||||||||||||
return errors.Wrap(err, "failed container ns add default arp") | ||||||||||||
} | ||||||||||||
|
@@ -614,6 +648,38 @@ | |||||||||||
return nil | ||||||||||||
} | ||||||||||||
|
||||||||||||
// Helper that creates routing rules for the current NS which direct packets | ||||||||||||
// to the subnet gateway ip on linkToName device interface | ||||||||||||
// Route 1: <gatewayIP> dev <linkToName> | ||||||||||||
// Route 2: <subnetCIDR> via <gatewayIP> dev <linkToName> | ||||||||||||
func (client *TransparentVlanEndpointClient) addCustomRoutes(linkToName string, gatewayIP net.IP, subnetCIDR net.IPNet, table int) error { | ||||||||||||
// Add route for subnetgwIP (ip route add <gatewayIP> dev <linkToName>) | ||||||||||||
gWIP, gwNet, _ := net.ParseCIDR(gatewayIP.String() + "/32") | ||||||||||||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Error values from net.ParseCIDR are being ignored. These parsing operations could fail and should be handled to prevent potential runtime panics or incorrect network configuration.
Suggested change
Copilot uses AI. Check for mistakes. Positive FeedbackNegative Feedback |
||||||||||||
routeInfo := RouteInfo{ | ||||||||||||
Dst: *gwNet, | ||||||||||||
Scope: netlink.RT_SCOPE_LINK, | ||||||||||||
Table: table, | ||||||||||||
} | ||||||||||||
// Difference between interface name in addRoutes and DevName: in RouteInfo? | ||||||||||||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. This comment indicates uncertainty about the API design. Either clarify the difference or remove the comment if it's not actionable. Copilot uses AI. Check for mistakes. Positive FeedbackNegative Feedback |
||||||||||||
if err := addRoutes(client.netlink, client.netioshim, linkToName, []RouteInfo{routeInfo}); err != nil { | ||||||||||||
return err | ||||||||||||
} | ||||||||||||
|
||||||||||||
// Add subnet route (ip route add <subnetCIDR> via <gatewayIP> dev <linkToName>) | ||||||||||||
subnetPrefix, subnetIPNet, _ := net.ParseCIDR(subnetCIDR.String()) | ||||||||||||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Error values from net.ParseCIDR are being ignored. These parsing operations could fail and should be handled to prevent potential runtime panics or incorrect network configuration.
Suggested change
Copilot uses AI. Check for mistakes. Positive FeedbackNegative Feedback |
||||||||||||
dstIP := net.IPNet{IP: subnetPrefix, Mask: subnetIPNet.Mask} | ||||||||||||
routeInfo = RouteInfo{ | ||||||||||||
Dst: dstIP, | ||||||||||||
Gw: gWIP, | ||||||||||||
Table: table, | ||||||||||||
} | ||||||||||||
|
||||||||||||
if err := addRoutes(client.netlink, client.netioshim, linkToName, []RouteInfo{routeInfo}); err != nil { | ||||||||||||
return err | ||||||||||||
} | ||||||||||||
return nil | ||||||||||||
} | ||||||||||||
|
||||||||||||
// Helper that creates arp entry for the current NS which maps the virtual | ||||||||||||
// gateway (169.254.2.1) to destMac on a particular interfaceName | ||||||||||||
// Example: (169.254.2.1) at 12:34:56:78:9a:bc [ether] PERM on <interfaceName> | ||||||||||||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Using shell command execution with string formatting could be vulnerable to command injection if ifName contains malicious characters. Consider using a safer approach or validating the interface name against a whitelist of allowed characters.
Copilot uses AI. Check for mistakes.