diff --git a/src/runtime/virtcontainers/agent.go b/src/runtime/virtcontainers/agent.go index 0db3927683..90730153e3 100644 --- a/src/runtime/virtcontainers/agent.go +++ b/src/runtime/virtcontainers/agent.go @@ -190,9 +190,15 @@ type agent interface { // getAgentMetrics get metrics of agent and guest through agent getAgentMetrics(context.Context, *grpc.GetMetricsRequest) (*grpc.Metrics, error) - //getGuestVolumeStats get the filesystem stats of a volume specified by the volume mount path on the guest. + // getGuestVolumeStats get the filesystem stats of a volume specified by the volume mount path on the guest. getGuestVolumeStats(ctx context.Context, volumeGuestPath string) ([]byte, error) // resizeGuestVolume resizes a volume specified by the volume mount path on the guest. resizeGuestVolume(ctx context.Context, volumeGuestPath string, size uint64) error + + // getIPTables obtains the iptables from the guest + getIPTables(ctx context.Context, isIPv6 bool) ([]byte, error) + + // setIPTables sets the iptables from the guest + setIPTables(ctx context.Context, isIPv6 bool, data []byte) error } diff --git a/src/runtime/virtcontainers/interfaces.go b/src/runtime/virtcontainers/interfaces.go index bb3935be06..df72978e50 100644 --- a/src/runtime/virtcontainers/interfaces.go +++ b/src/runtime/virtcontainers/interfaces.go @@ -79,6 +79,9 @@ type VCSandbox interface { GuestVolumeStats(ctx context.Context, volumePath string) ([]byte, error) ResizeGuestVolume(ctx context.Context, volumePath string, size uint64) error + + GetIPTables(ctx context.Context, isIPv6 bool) ([]byte, error) + SetIPTables(ctx context.Context, isIPv6 bool, data []byte) error } // VCContainer is the Container interface diff --git a/src/runtime/virtcontainers/kata_agent.go b/src/runtime/virtcontainers/kata_agent.go index bee94ef9b3..2f85a2828a 100644 --- a/src/runtime/virtcontainers/kata_agent.go +++ b/src/runtime/virtcontainers/kata_agent.go @@ -141,6 +141,8 @@ const ( grpcAddSwapRequest = "grpc.AddSwapRequest" grpcVolumeStatsRequest = "grpc.VolumeStatsRequest" grpcResizeVolumeRequest = "grpc.ResizeVolumeRequest" + grpcGetIPTablesRequest = "grpc.GetIPTablesRequest" + grpcSetIPTablesRequest = "grpc.SetIPTablesRequest" ) // newKataAgent returns an agent from an agent type. @@ -1976,6 +1978,12 @@ func (k *kataAgent) installReqFunc(c *kataclient.AgentClient) { k.reqHandlers[grpcResizeVolumeRequest] = func(ctx context.Context, req interface{}) (interface{}, error) { return k.client.AgentServiceClient.ResizeVolume(ctx, req.(*grpc.ResizeVolumeRequest)) } + k.reqHandlers[grpcGetIPTablesRequest] = func(ctx context.Context, req interface{}) (interface{}, error) { + return k.client.AgentServiceClient.GetIPTables(ctx, req.(*grpc.GetIPTablesRequest)) + } + k.reqHandlers[grpcSetIPTablesRequest] = func(ctx context.Context, req interface{}) (interface{}, error) { + return k.client.AgentServiceClient.SetIPTables(ctx, req.(*grpc.SetIPTablesRequest)) + } } func (k *kataAgent) getReqContext(ctx context.Context, reqName string) (newCtx context.Context, cancel context.CancelFunc) { @@ -2194,6 +2202,26 @@ func (k *kataAgent) getAgentMetrics(ctx context.Context, req *grpc.GetMetricsReq return resp.(*grpc.Metrics), nil } +func (k *kataAgent) getIPTables(ctx context.Context, isIPv6 bool) ([]byte, error) { + resp, err := k.sendReq(ctx, &grpc.GetIPTablesRequest{IsIpv6: isIPv6}) + if err != nil { + return nil, err + } + return resp.(*grpc.GetIPTablesResponse).Data, nil +} + +func (k *kataAgent) setIPTables(ctx context.Context, isIPv6 bool, data []byte) error { + _, err := k.sendReq(ctx, &grpc.SetIPTablesRequest{ + IsIpv6: isIPv6, + Data: data, + }) + if err != nil { + k.Logger().WithError(err).Errorf("setIPTables request to agent failed") + } + + return err +} + func (k *kataAgent) getGuestVolumeStats(ctx context.Context, volumeGuestPath string) ([]byte, error) { result, err := k.sendReq(ctx, &grpc.VolumeStatsRequest{VolumeGuestPath: volumeGuestPath}) if err != nil { diff --git a/src/runtime/virtcontainers/mock_agent.go b/src/runtime/virtcontainers/mock_agent.go index 43c84b9471..a3c4d44b06 100644 --- a/src/runtime/virtcontainers/mock_agent.go +++ b/src/runtime/virtcontainers/mock_agent.go @@ -249,3 +249,11 @@ func (n *mockAgent) getGuestVolumeStats(ctx context.Context, volumeGuestPath str func (n *mockAgent) resizeGuestVolume(ctx context.Context, volumeGuestPath string, size uint64) error { return nil } + +func (k *mockAgent) getIPTables(ctx context.Context, isIPv6 bool) ([]byte, error) { + return nil, nil +} + +func (k *mockAgent) setIPTables(ctx context.Context, isIPv6 bool, data []byte) error { + return nil +} diff --git a/src/runtime/virtcontainers/pkg/mock/mock.go b/src/runtime/virtcontainers/pkg/mock/mock.go index 2af88b8416..634dc7fd8d 100644 --- a/src/runtime/virtcontainers/pkg/mock/mock.go +++ b/src/runtime/virtcontainers/pkg/mock/mock.go @@ -12,12 +12,13 @@ import ( "net/url" "os" + "path" + "strings" + "github.com/containerd/ttrpc" gpb "github.com/gogo/protobuf/types" aTypes "github.com/kata-containers/kata-containers/src/runtime/virtcontainers/pkg/agent/protocols" pb "github.com/kata-containers/kata-containers/src/runtime/virtcontainers/pkg/agent/protocols/grpc" - "path" - "strings" ) const VSockPrefix = "mock://" @@ -239,3 +240,11 @@ func (p *HybridVSockTTRPCMockImp) GetVolumeStats(ctx context.Context, req *pb.Vo func (p *HybridVSockTTRPCMockImp) ResizeVolume(ctx context.Context, req *pb.ResizeVolumeRequest) (*gpb.Empty, error) { return &gpb.Empty{}, nil } + +func (p *HybridVSockTTRPCMockImp) GetIPTables(ctx context.Context, req *pb.GetIPTablesRequest) (*pb.GetIPTablesResponse, error) { + return &pb.GetIPTablesResponse{}, nil +} + +func (p *HybridVSockTTRPCMockImp) SetIPTables(ctx context.Context, req *pb.SetIPTablesRequest) (*pb.SetIPTablesResponse, error) { + return &pb.SetIPTablesResponse{}, nil +} diff --git a/src/runtime/virtcontainers/pkg/vcmock/sandbox.go b/src/runtime/virtcontainers/pkg/vcmock/sandbox.go index b3b5f7a8d1..064a60af71 100644 --- a/src/runtime/virtcontainers/pkg/vcmock/sandbox.go +++ b/src/runtime/virtcontainers/pkg/vcmock/sandbox.go @@ -261,3 +261,11 @@ func (s *Sandbox) GuestVolumeStats(ctx context.Context, path string) ([]byte, er func (s *Sandbox) ResizeGuestVolume(ctx context.Context, path string, size uint64) error { return nil } + +func (s *Sandbox) GetIPTables(ctx context.Context, isIPv6 bool) ([]byte, error) { + return nil, nil +} + +func (s *Sandbox) SetIPTables(ctx context.Context, isIPv6 bool, data []byte) error { + return nil +} diff --git a/src/runtime/virtcontainers/sandbox.go b/src/runtime/virtcontainers/sandbox.go index d494d54bab..71851c2cfb 100644 --- a/src/runtime/virtcontainers/sandbox.go +++ b/src/runtime/virtcontainers/sandbox.go @@ -2254,6 +2254,16 @@ func (s *Sandbox) GetAgentURL() (string, error) { return s.agent.getAgentURL() } +// GetIPTables will obtain the iptables from the guest +func (s *Sandbox) GetIPTables(ctx context.Context, isIPv6 bool) ([]byte, error) { + return s.agent.getIPTables(ctx, isIPv6) +} + +// SetIPTables will set the iptables in the guest +func (s *Sandbox) SetIPTables(ctx context.Context, isIPv6 bool, data []byte) error { + return s.agent.setIPTables(ctx, isIPv6, data) +} + // GuestVolumeStats return the filesystem stat of a given volume in the guest. func (s *Sandbox) GuestVolumeStats(ctx context.Context, volumePath string) ([]byte, error) { guestMountPath, err := s.guestMountPath(volumePath)