From 29e2fa0feddf4046056a3f69191403a92984d6f1 Mon Sep 17 00:00:00 2001 From: Sebastien Boeuf Date: Tue, 4 Sep 2018 15:07:40 -0700 Subject: [PATCH] virtcontainers: Avoid conflict with network monitor Because the network monitor will be listening to every event received through the netlink socket, it will be notified everytime a new link will be added/updated/modified in the network namespace it's running into. The goal being to detect new interface added by Docker such as a veth pair. The problem is that kata-runtime will add other internal interfaces when the network monitor will ask for the addition of the new veth pair. And we need a way to ignore those new interfaces being created as they relate to the veth pair that is being added. That's why, in order to prevent from running into an infinite loop, virtcontainers needs to tag the internal interfaces with the "kata" suffix so that the network monitor will be able to ignore them. Signed-off-by: Sebastien Boeuf --- virtcontainers/network.go | 11 +++++------ virtcontainers/network_test.go | 8 ++++---- virtcontainers/qemu.go | 6 +++--- virtcontainers/sandbox.go | 1 + 4 files changed, 13 insertions(+), 13 deletions(-) diff --git a/virtcontainers/network.go b/virtcontainers/network.go index cd35c6c0fc..cbfaa28ee9 100644 --- a/virtcontainers/network.go +++ b/virtcontainers/network.go @@ -257,7 +257,7 @@ func (endpoint *VirtualEndpoint) HotAttach(h hypervisor) error { return err } - if _, err := h.hotplugAddDevice(*endpoint, netDev); err != nil { + if _, err := h.hotplugAddDevice(endpoint, netDev); err != nil { networkLogger().WithError(err).Error("Error attach virtual ep") return err } @@ -273,11 +273,10 @@ func (endpoint *VirtualEndpoint) HotDetach(h hypervisor, netNsCreated bool, netN if err := doNetNS(netNsPath, func(_ ns.NetNS) error { return xconnectVMNetwork(&(endpoint.NetPair), false, 0, h.hypervisorConfig().DisableVhostNet) }); err != nil { - networkLogger().WithError(err).Error("Error abridging virtual ep") - return err + networkLogger().WithError(err).Warn("Error un-bridging virtual ep") } - if _, err := h.hotplugRemoveDevice(*endpoint, netDev); err != nil { + if _, err := h.hotplugRemoveDevice(endpoint, netDev); err != nil { networkLogger().WithError(err).Error("Error detach virtual ep") return err } @@ -1151,13 +1150,13 @@ func createVirtualNetworkEndpoint(idx int, ifName string, interworkingModel NetI // at the time of hypervisor attach and not here NetPair: NetworkInterfacePair{ ID: uniqueID, - Name: fmt.Sprintf("br%d", idx), + Name: fmt.Sprintf("br%d_kata", idx), VirtIface: NetworkInterface{ Name: fmt.Sprintf("eth%d", idx), HardAddr: hardAddr.String(), }, TAPIface: NetworkInterface{ - Name: fmt.Sprintf("tap%d", idx), + Name: fmt.Sprintf("tap%d_kata", idx), }, NetInterworkingModel: interworkingModel, }, diff --git a/virtcontainers/network_test.go b/virtcontainers/network_test.go index e02ae9d5ed..6a82e8a591 100644 --- a/virtcontainers/network_test.go +++ b/virtcontainers/network_test.go @@ -209,13 +209,13 @@ func TestCreateVirtualNetworkEndpoint(t *testing.T) { expected := &VirtualEndpoint{ NetPair: NetworkInterfacePair{ ID: "uniqueTestID-4", - Name: "br4", + Name: "br4_kata", VirtIface: NetworkInterface{ Name: "eth4", HardAddr: macAddr.String(), }, TAPIface: NetworkInterface{ - Name: "tap4", + Name: "tap4_kata", }, NetInterworkingModel: DefaultNetInterworkingModel, }, @@ -241,13 +241,13 @@ func TestCreateVirtualNetworkEndpointChooseIfaceName(t *testing.T) { expected := &VirtualEndpoint{ NetPair: NetworkInterfacePair{ ID: "uniqueTestID-4", - Name: "br4", + Name: "br4_kata", VirtIface: NetworkInterface{ Name: "eth1", HardAddr: macAddr.String(), }, TAPIface: NetworkInterface{ - Name: "tap4", + Name: "tap4_kata", }, NetInterworkingModel: DefaultNetInterworkingModel, }, diff --git a/virtcontainers/qemu.go b/virtcontainers/qemu.go index 4aa2bca705..f33f436086 100644 --- a/virtcontainers/qemu.go +++ b/virtcontainers/qemu.go @@ -821,7 +821,7 @@ func (q *qemu) hotplugVFIODevice(device *config.VFIODev, op operation) error { return nil } -func (q *qemu) hotplugMacvtap(drive VirtualEndpoint) error { +func (q *qemu) hotplugMacvtap(drive *VirtualEndpoint) error { var ( VMFdNames []string VhostFdNames []string @@ -845,7 +845,7 @@ func (q *qemu) hotplugMacvtap(drive VirtualEndpoint) error { return q.qmpMonitorCh.qmp.ExecuteNetdevAddByFds(q.qmpMonitorCh.ctx, "tap", drive.NetPair.Name, VMFdNames, VhostFdNames) } -func (q *qemu) hotplugNetDevice(drive VirtualEndpoint, op operation) error { +func (q *qemu) hotplugNetDevice(drive *VirtualEndpoint, op operation) error { err := q.qmpSetup() if err != nil { return err @@ -902,7 +902,7 @@ func (q *qemu) hotplugDevice(devInfo interface{}, devType deviceType, op operati memdev := devInfo.(*memoryDevice) return nil, q.hotplugMemory(memdev, op) case netDev: - device := devInfo.(VirtualEndpoint) + device := devInfo.(*VirtualEndpoint) return nil, q.hotplugNetDevice(device, op) default: return nil, fmt.Errorf("cannot hotplug device: unsupported device type '%v'", devType) diff --git a/virtcontainers/sandbox.go b/virtcontainers/sandbox.go index d9aed435b8..feefe289ff 100644 --- a/virtcontainers/sandbox.go +++ b/virtcontainers/sandbox.go @@ -1056,6 +1056,7 @@ func (s *Sandbox) AddInterface(inf *grpc.Interface) (*grpc.Interface, error) { } // Add network for vm + inf.PciAddr = endpoint.PCIAddr return s.agent.updateInterface(inf) }