github/kata-containers
1
0
Fork 1
mirror of https://github.com/kata-containers/kata-containers.git synced 2025-04-29 12:14:48 +00:00
Code Issues Projects Releases Wiki Activity

runtime: Always add network endpoints from the pod netns

Browse Source 
As the container runtime, we're never inspecting, adding or configuring
host networking endpoints.
Make sure we're always do that by wrapping addSingleEndpoint calls into
the pod network namespace.

Fixes #3661

Signed-off-by: Samuel Ortiz <s.ortiz@apple.com>
This commit is contained in:
Samuel Ortiz 2022-02-17 18:04:22 +01:00 committed by Samuel Ortiz
parent f324305004
commit 27de212fe1
1 changed files with 35 additions and 32 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

67
src/runtime/virtcontainers/network_linux.go
View File

@ -178,38 +178,32 @@ func (n *LinuxNetwork) addSingleEndpoint(ctx context.Context, s *Sandbox, netInf
endpoint.SetProperties(netInfo) endpoint.SetProperties(netInfo)
if err := doNetNS(n.netNSPath, func(_ ns.NetNS) error { networkLogger().WithField("endpoint-type", endpoint.Type()).WithField("hotplug", hotplug).Info("Attaching endpoint")
networkLogger().WithField("endpoint-type", endpoint.Type()).WithField("hotplug", hotplug).Info("Attaching endpoint") if hotplug {
if hotplug { if err := endpoint.HotAttach(ctx, s.hypervisor); err != nil {
if err := endpoint.HotAttach(ctx, s.hypervisor); err != nil { return nil, err
return err }
} } else {
} else { if err := endpoint.Attach(ctx, s); err != nil {
if err := endpoint.Attach(ctx, s); err != nil { return nil, err
return err }
}
if !s.hypervisor.IsRateLimiterBuiltin() {
rxRateLimiterMaxRate := s.hypervisor.HypervisorConfig().RxRateLimiterMaxRate
if rxRateLimiterMaxRate > 0 {
networkLogger().Info("Add Rx Rate Limiter")
if err := addRxRateLimiter(endpoint, rxRateLimiterMaxRate); err != nil {
return nil, err
} }
} }
txRateLimiterMaxRate := s.hypervisor.HypervisorConfig().TxRateLimiterMaxRate
if !s.hypervisor.IsRateLimiterBuiltin() { if txRateLimiterMaxRate > 0 {
rxRateLimiterMaxRate := s.hypervisor.HypervisorConfig().RxRateLimiterMaxRate networkLogger().Info("Add Tx Rate Limiter")
if rxRateLimiterMaxRate > 0 { if err := addTxRateLimiter(endpoint, txRateLimiterMaxRate); err != nil {
networkLogger().Info("Add Rx Rate Limiter") return nil, err
if err := addRxRateLimiter(endpoint, rxRateLimiterMaxRate); err != nil {
return err
}
}
txRateLimiterMaxRate := s.hypervisor.HypervisorConfig().TxRateLimiterMaxRate
if txRateLimiterMaxRate > 0 {
networkLogger().Info("Add Tx Rate Limiter")
if err := addTxRateLimiter(endpoint, txRateLimiterMaxRate); err != nil {
return err
}
} }
} }
return nil
}); err != nil {
return nil, err
} }
n.eps = append(n.eps, endpoint) n.eps = append(n.eps, endpoint)
@ -298,10 +292,13 @@ func (n *LinuxNetwork) addAllEndpoints(ctx context.Context, s *Sandbox, hotplug
continue continue
} }
_, err = n.addSingleEndpoint(ctx, s, netInfo, hotplug) if err := doNetNS(n.netNSPath, func(_ ns.NetNS) error {
if err != nil { _, err = n.addSingleEndpoint(ctx, s, netInfo, hotplug)
return err
}); err != nil {
return err return err
} }
} }
sort.Slice(n.eps, func(i, j int) bool { sort.Slice(n.eps, func(i, j int) bool {
@ -335,8 +332,14 @@ func (n *LinuxNetwork) AddEndpoints(ctx context.Context, s *Sandbox, endpointsIn
} }
} else { } else {
for _, ep := range endpointsInfo { for _, ep := range endpointsInfo {
if _, err := n.addSingleEndpoint(ctx, s, ep, hotplug); err != nil { if err := doNetNS(n.netNSPath, func(_ ns.NetNS) error {
n.eps = nil if _, err := n.addSingleEndpoint(ctx, s, ep, hotplug); err != nil {
n.eps = nil
return err
}
return nil
}); err != nil {
return nil, err return nil, err
} }
} }