github/kata-containers
1
0
Fork 2
mirror of https://github.com/kata-containers/kata-containers.git synced 2025-09-17 06:48:51 +00:00
Code Issues Projects Releases Wiki Activity

Merge pull request #4656 from openanolis/runtime-rs-ipvlan

Browse Source 
runtime-rs: support functionalities of ipvlan endpoint
This commit is contained in:
Peng Tao
2022-07-19 11:15:31 +08:00
committed by GitHub
parent 960f2a7f70 62182db645
commit 4c3bd6b1d1
7 changed files with 229 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

126
src/runtime-rs/crates/resource/src/network/endpoint/endpoints_test.rs Normal file
View File

@@ -0,0 +1,126 @@
// Copyright (c) 2019-2022 Alibaba Cloud
// Copyright (c) 2019-2022 Ant Group
//
// SPDX-License-Identifier: Apache-2.0
//
#[cfg(test)]
mod tests {
use anyhow::Context;
use scopeguard::defer;
use std::sync::Arc;
use crate::network::{
endpoint::IPVlanEndpoint,
network_model::{
tc_filter_model::{fetch_index, TcFilterModel},
NetworkModelType,
},
network_pair::{NetworkInterface, NetworkPair, TapInterface},
};
// this unit test tests the integrity of IPVlanEndpoint::new()
// by comparing the manual constructed object with object constructed by new()
#[actix_rt::test]
async fn test_ipvlan_construction() {
let idx = 8192;
let mac_addr = String::from("02:00:CA:FE:00:04");
let manual_virt_iface_name = format!("eth{}", idx);
let tap_iface_name = format!("tap{}_kata", idx); // create by kata
if let Ok((conn, handle, _)) =
rtnetlink::new_connection().context("failed to create new netlink connection")
{
let thread_handler = tokio::spawn(conn);
defer!({
thread_handler.abort();
});
// since IPVlanEndpoint::new() needs an EXISTING virt_iface (which is created
// by containerd normally), we have to manually create a virt_iface.
if let Ok(()) = handle
.link()
.add()
.veth("foo".to_string(), manual_virt_iface_name.clone())
.execute()
.await
.context("failed to create virt_iface")
{
if let Ok(mut result) = IPVlanEndpoint::new(&handle, "", idx, 5)
.await
.context("failed to create new IPVlan Endpoint")
{
let manual = IPVlanEndpoint {
net_pair: NetworkPair {
tap: TapInterface {
id: String::from("uniqueTestID_kata"),
name: format!("br{}_kata", idx),
tap_iface: NetworkInterface {
name: tap_iface_name.clone(),
..Default::default()
},
},
virt_iface: NetworkInterface {
name: manual_virt_iface_name.clone(),
hard_addr: mac_addr.clone(),
..Default::default()
},
model: Arc::new(TcFilterModel::new().unwrap()), // impossible to panic
network_qos: false,
},
};
result.net_pair.tap.id = String::from("uniqueTestID_kata");
result.net_pair.tap.tap_iface.hard_addr = String::from("");
result.net_pair.virt_iface.hard_addr = mac_addr.clone();
// check the integrity by compare all variables
assert_eq!(manual.net_pair.tap.id, result.net_pair.tap.id);
assert_eq!(manual.net_pair.tap.name, result.net_pair.tap.name);
assert_eq!(
manual.net_pair.tap.tap_iface.name,
result.net_pair.tap.tap_iface.name
);
assert_eq!(
manual.net_pair.tap.tap_iface.hard_addr,
result.net_pair.tap.tap_iface.hard_addr
);
assert_eq!(
manual.net_pair.tap.tap_iface.addrs,
result.net_pair.tap.tap_iface.addrs
);
assert_eq!(
manual.net_pair.virt_iface.name,
result.net_pair.virt_iface.name
);
assert_eq!(
manual.net_pair.virt_iface.hard_addr,
result.net_pair.virt_iface.hard_addr
);
assert_eq!(
manual.net_pair.virt_iface.addrs,
result.net_pair.virt_iface.addrs
);
// using match branch to avoid deriving PartialEq trait
match manual.net_pair.model.model_type() {
NetworkModelType::TcFilter => {} // ok
_ => unreachable!(),
}
match result.net_pair.model.model_type() {
NetworkModelType::TcFilter => {}
_ => unreachable!(),
}
assert_eq!(manual.net_pair.network_qos, result.net_pair.network_qos);
}
if let Ok(link_index) = fetch_index(&handle, manual_virt_iface_name.as_str()).await
{
assert!(handle.link().del(link_index).execute().await.is_ok())
}
if let Ok(link_index) = fetch_index(&handle, tap_iface_name.as_str()).await {
assert!(handle.link().del(link_index).execute().await.is_ok())
}
}
}
}
}

90
src/runtime-rs/crates/resource/src/network/endpoint/ipvlan_endpoint.rs Normal file
View File

@@ -0,0 +1,90 @@
// Copyright (c) 2019-2022 Alibaba Cloud
// Copyright (c) 2019-2022 Ant Group
//
// SPDX-License-Identifier: Apache-2.0
//
use std::io::{self, Error};
use anyhow::{Context, Result};
use async_trait::async_trait;
use super::Endpoint;
use crate::network::network_model::TC_FILTER_NET_MODEL_STR;
use crate::network::{utils, NetworkPair};
use hypervisor::{device::NetworkConfig, Device, Hypervisor};
// IPVlanEndpoint is the endpoint bridged to VM
#[derive(Debug)]
pub struct IPVlanEndpoint {
pub(crate) net_pair: NetworkPair,
}
impl IPVlanEndpoint {
pub async fn new(
handle: &rtnetlink::Handle,
name: &str,
idx: u32,
queues: usize,
) -> Result<Self> {
// tc filter network model is the only one works for ipvlan
let net_pair = NetworkPair::new(handle, idx, name, TC_FILTER_NET_MODEL_STR, queues)
.await
.context("error creating new NetworkPair")?;
Ok(IPVlanEndpoint { net_pair })
}
fn get_network_config(&self) -> Result<NetworkConfig> {
let iface = &self.net_pair.tap.tap_iface;
let guest_mac = utils::parse_mac(&iface.hard_addr).ok_or_else(|| {
Error::new(
io::ErrorKind::InvalidData,
format!("hard_addr {}", &iface.hard_addr),
)
})?;
Ok(NetworkConfig {
id: self.net_pair.virt_iface.name.clone(),
host_dev_name: iface.name.clone(),
guest_mac: Some(guest_mac),
})
}
}
#[async_trait]
impl Endpoint for IPVlanEndpoint {
async fn name(&self) -> String {
self.net_pair.virt_iface.name.clone()
}
async fn hardware_addr(&self) -> String {
self.net_pair.tap.tap_iface.hard_addr.clone()
}
async fn attach(&self, h: &dyn Hypervisor) -> Result<()> {
self.net_pair
.add_network_model()
.await
.context("error adding network model")?;
let config = self.get_network_config().context("get network config")?;
h.add_device(Device::Network(config))
.await
.context("error adding device by hypervisor")?;
Ok(())
}
async fn detach(&self, h: &dyn Hypervisor) -> Result<()> {
self.net_pair
.del_network_model()
.await
.context("error deleting network model")?;
let config = self
.get_network_config()
.context("error getting network config")?;
h.remove_device(Device::Network(config))
.await
.context("error removing device by hypervisor")?;
Ok(())
}
}

3
src/runtime-rs/crates/resource/src/network/endpoint/mod.rs
View File

@@ -8,6 +8,9 @@ mod physical_endpoint;
pub use physical_endpoint::PhysicalEndpoint; pub use physical_endpoint::PhysicalEndpoint;
mod veth_endpoint; mod veth_endpoint;
pub use veth_endpoint::VethEndpoint; pub use veth_endpoint::VethEndpoint;
mod ipvlan_endpoint;
pub use ipvlan_endpoint::IPVlanEndpoint;
mod endpoints_test;
use anyhow::Result; use anyhow::Result;
use async_trait::async_trait; use async_trait::async_trait;

4
src/runtime-rs/crates/resource/src/network/network_model/mod.rs
View File

@@ -15,8 +15,8 @@ use async_trait::async_trait;
use super::NetworkPair; use super::NetworkPair;
const TC_FILTER_NET_MODEL_STR: &str = "tcfilter"; pub(crate) const TC_FILTER_NET_MODEL_STR: &str = "tcfilter";
const ROUTE_NET_MODEL_STR: &str = "route"; pub(crate) const ROUTE_NET_MODEL_STR: &str = "route";
pub enum NetworkModelType { pub enum NetworkModelType {
NoneModel, NoneModel,

1
src/runtime-rs/crates/resource/src/network/network_pair.rs
View File

@@ -54,6 +54,7 @@ impl NetworkPair {
let tap_link = create_link(handle, &tap_iface_name, queues) let tap_link = create_link(handle, &tap_iface_name, queues)
.await .await
.context("create link")?; .context("create link")?;
let virt_link = get_link_by_name(handle, virt_iface_name.clone().as_str()) let virt_link = get_link_by_name(handle, virt_iface_name.clone().as_str())
.await .await
.context("get link by name")?; .context("get link by name")?;

8
src/runtime-rs/crates/resource/src/network/network_with_netns.rs
View File

@@ -17,7 +17,7 @@ use scopeguard::defer;
use tokio::sync::RwLock; use tokio::sync::RwLock;
use super::{ use super::{
endpoint::{Endpoint, PhysicalEndpoint, VethEndpoint}, endpoint::{Endpoint, IPVlanEndpoint, PhysicalEndpoint, VethEndpoint},
network_entity::NetworkEntity, network_entity::NetworkEntity,
network_info::network_info_from_link::NetworkInfoFromLink, network_info::network_info_from_link::NetworkInfoFromLink,
utils::{link, netns}, utils::{link, netns},
@@ -186,6 +186,12 @@ async fn create_endpoint(
.context("veth endpoint")?; .context("veth endpoint")?;
Arc::new(ret) Arc::new(ret)
} }
"ipvlan" => {
let ret = IPVlanEndpoint::new(handle, &attrs.name, idx, config.queues)
.await
.context("ipvlan endpoint")?;
Arc::new(ret)
}
_ => return Err(anyhow!("unsupported link type: {}", link_type)), _ => return Err(anyhow!("unsupported link type: {}", link_type)),
} }
}; };

1
src/runtime/virtcontainers/ipvlan_endpoint.go
View File

@@ -96,7 +96,6 @@ func (endpoint *IPVlanEndpoint) NetworkPair() *NetworkInterfacePair {
// Attach for ipvlan endpoint bridges the network pair and adds the // Attach for ipvlan endpoint bridges the network pair and adds the
// tap interface of the network pair to the hypervisor. // tap interface of the network pair to the hypervisor.
// tap interface of the network pair to the Hypervisor.
func (endpoint *IPVlanEndpoint) Attach(ctx context.Context, s *Sandbox) error { func (endpoint *IPVlanEndpoint) Attach(ctx context.Context, s *Sandbox) error {
span, ctx := ipvlanTrace(ctx, "Attach", endpoint) span, ctx := ipvlanTrace(ctx, "Attach", endpoint)
defer span.End() defer span.End()