When running in VPN mode eth0 and eth1 have default routes, but
eth1 has the lowest metric. However the host CIFS server can
only be contacted via eth0, so always use the eth0 address.
Signed-off-by: David Scott <dave.scott@docker.com>
We now tell the 9P server
proto1:ip1:port1:<address for forwarding>
which means please listen on proto1:ip1:port1, then connect to the port
proxy in Moby and tell it the connection is for <address for forwarding>.
Note this requires a corresponding change in hostnet/vpnkit.
Signed-off-by: David Scott <dave.scott@docker.com>
On a Hyper-V system we can only register one listening endpoint (with
a GUID), so we need to accept connections, read a header and then
start the proxy.
If the binary has argv[0] == "proxy-vsockd" then run this new frontend.
Signed-off-by: David Scott <dave.scott@docker.com>
The tap-vsockd service is started from eth1's pre-up script.
On the Mac: the bind of the AF_HYPERV socket fails, and eth1 is skipped.
On Windows: if there is no database then eth1 is skipped.
On Windows: if the database has network=native then eth1 is brought up.
Signed-off-by: David Scott <dave.scott@docker.com>
In `connect` mode the client looping calling `connect` and `close` on a timer.
This could result in the server accepting the connection and the client accidentally
closing it immediately. This patch makes `tap-vsockd` keep trying to (re-)establish
the connection. Note that daemonization is delayed until after the first successful
negotiation, so attempts to send a packet afterwards should succeed.
Signed-off-by: David Scott <dave.scott@docker.com>
Our convention is to print command-line parse failures to the terminal
to allow easier interactive debugging, rather than sending them to
the syslog.
Signed-off-by: David Scott <dave.scott@docker.com>
We daemonize after checking the command-line and binding/connecting
the socket and creating the tap device. Only the ethernet frame
processing happens afterwards.
This patch also includes a new well-known service GUID for the
VPN-proxy ethernet service.
Signed-off-by: David Scott <dave.scott@docker.com>
Older versions of the Linux AF_HVSOCK can only accept() as they
don't allow connections to the parent partition. Support both
modes for now.
Signed-off-by: David Scott <dave.scott@docker.com>
The vmnet protocol expects to tell the client what the MAC address is.
This patch sets it on the TAP device.
Signed-off-by: David Scott <dave.scott@docker.com>
The client on the host may time-out the connection attempt after we have
accepted it. If the mount fails, sleep for 1s and try again.
Signed-off-by: David Scott <dave.scott@docker.com>
The database has a reconnect loop, and we don't particularly want
to accept more than one of its connections per mount.
Signed-off-by: David Scott <dave.scott@docker.com>
These packages will be shared by a number of utilities
so vendoring them in a shared place.
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
Previously the logs for a single connection would be something like:
2016/05/04 12:44:41 171 Accepted connection on fd 5 from 00000002.00010006
2016/05/04 12:44:41 171 Connected to docker &{{0xc82008a5b0}}
2016/05/04 12:44:44 171 copying from vsock to docker: 4465 bytes done
2016/05/04 12:44:44 171 copying from docker to vsock: 1324 bytes done
2016/05/04 12:44:44 171 Done. read: 4465 written: 1324
2016/05/04 12:44:44 171 Closing docker &{{0xc82008a5b0}}
2016/05/04 12:44:44 171 Closing vsock &{0xc820086840}
The "Connected" and "Closing" lines are not useful now that it is debugged and
working well. The "copying..." lines are redundant with the "Done" line. Reduce
to just:
2016/05/04 14:00:41 4 Accepted connection on fd 10 from 00000002.00010003
2016/05/04 14:00:41 4 Done. read: 90 written: 145
Signed-off-by: Ian Campbell <ian.campbell@docker.com>
