From b088cc31622c284b1da65776932ea8aa81144055 Mon Sep 17 00:00:00 2001 From: Adrian Moisey Date: Thu, 27 Mar 2025 08:25:33 +0200 Subject: [PATCH] Move calls to netlinksafe These are functions identified as potentially receiving ErrDumpInterrupted and needing to retry Signed-off-by: Adrian Moisey --- pkg/ip/addr_linux.go | 6 +- pkg/ip/link_linux.go | 17 +- pkg/ip/link_linux_test.go | 18 +- pkg/ip/utils_linux.go | 9 +- pkg/ipam/ipam_linux.go | 3 +- pkg/ipam/ipam_linux_test.go | 17 +- pkg/utils/conntrack.go | 6 +- plugins/ipam/dhcp/dhcp2_test.go | 5 +- plugins/ipam/dhcp/dhcp_test.go | 23 +-- plugins/ipam/dhcp/lease.go | 5 +- plugins/main/bridge/bridge.go | 21 +-- plugins/main/bridge/bridge_test.go | 159 +++++++++--------- plugins/main/dummy/dummy.go | 5 +- plugins/main/dummy/dummy_test.go | 11 +- plugins/main/host-device/host-device.go | 23 +-- plugins/main/host-device/host-device_test.go | 73 ++++---- plugins/main/ipvlan/ipvlan.go | 15 +- plugins/main/ipvlan/ipvlan_test.go | 15 +- plugins/main/loopback/loopback.go | 11 +- plugins/main/macvlan/macvlan.go | 21 +-- plugins/main/macvlan/macvlan_test.go | 45 ++--- plugins/main/ptp/ptp.go | 5 +- plugins/main/ptp/ptp_test.go | 6 +- plugins/main/tap/tap.go | 9 +- plugins/main/tap/tap_test.go | 15 +- plugins/main/vlan/vlan.go | 17 +- plugins/main/vlan/vlan_test.go | 19 ++- .../meta/bandwidth/bandwidth_linux_test.go | 51 +++--- .../meta/bandwidth/bandwidth_suite_test.go | 13 +- plugins/meta/bandwidth/ifb_creator.go | 7 +- plugins/meta/bandwidth/main.go | 11 +- .../meta/firewall/firewall_iptables_test.go | 3 +- plugins/meta/portmap/portmap_integ_test.go | 5 +- plugins/meta/sbr/main.go | 17 +- plugins/meta/sbr/sbr_linux_test.go | 9 +- plugins/meta/tuning/tuning.go | 17 +- plugins/meta/tuning/tuning_test.go | 55 +++--- plugins/meta/vrf/vrf.go | 18 +- plugins/meta/vrf/vrf_test.go | 61 +++---- 39 files changed, 443 insertions(+), 403 deletions(-) diff --git a/pkg/ip/addr_linux.go b/pkg/ip/addr_linux.go index b4db50b9..aefa100c 100644 --- a/pkg/ip/addr_linux.go +++ b/pkg/ip/addr_linux.go @@ -20,6 +20,8 @@ import ( "time" "github.com/vishvananda/netlink" + + "github.com/containernetworking/plugins/pkg/netlinksafe" ) const SETTLE_INTERVAL = 50 * time.Millisecond @@ -30,14 +32,14 @@ const SETTLE_INTERVAL = 50 * time.Millisecond // addresses are no longer tentative. // If any addresses are still tentative after timeout seconds, then error. func SettleAddresses(ifName string, timeout int) error { - link, err := netlink.LinkByName(ifName) + link, err := netlinksafe.LinkByName(ifName) if err != nil { return fmt.Errorf("failed to retrieve link: %v", err) } deadline := time.Now().Add(time.Duration(timeout) * time.Second) for { - addrs, err := netlink.AddrList(link, netlink.FAMILY_ALL) + addrs, err := netlinksafe.AddrList(link, netlink.FAMILY_ALL) if err != nil { return fmt.Errorf("could not list addresses: %v", err) } diff --git a/pkg/ip/link_linux.go b/pkg/ip/link_linux.go index e5bb6caf..8f677bf3 100644 --- a/pkg/ip/link_linux.go +++ b/pkg/ip/link_linux.go @@ -24,6 +24,7 @@ import ( "github.com/safchain/ethtool" "github.com/vishvananda/netlink" + "github.com/containernetworking/plugins/pkg/netlinksafe" "github.com/containernetworking/plugins/pkg/ns" "github.com/containernetworking/plugins/pkg/utils/sysctl" ) @@ -52,7 +53,7 @@ func makeVethPair(name, peer string, mtu int, mac string, hostNS ns.NetNS) (netl return nil, err } // Re-fetch the container link to get its creation-time parameters, e.g. index and mac - veth2, err := netlink.LinkByName(name) + veth2, err := netlinksafe.LinkByName(name) if err != nil { netlink.LinkDel(veth) // try and clean up the link if possible. return nil, err @@ -62,7 +63,7 @@ func makeVethPair(name, peer string, mtu int, mac string, hostNS ns.NetNS) (netl } func peerExists(name string) bool { - if _, err := netlink.LinkByName(name); err != nil { + if _, err := netlinksafe.LinkByName(name); err != nil { return false } return true @@ -114,7 +115,7 @@ func RandomVethName() (string, error) { } func RenameLink(curName, newName string) error { - link, err := netlink.LinkByName(curName) + link, err := netlinksafe.LinkByName(curName) if err == nil { err = netlink.LinkSetName(link, newName) } @@ -145,7 +146,7 @@ func SetupVethWithName(contVethName, hostVethName string, mtu int, contVethMac s var hostVeth netlink.Link err = hostNS.Do(func(_ ns.NetNS) error { - hostVeth, err = netlink.LinkByName(hostVethName) + hostVeth, err = netlinksafe.LinkByName(hostVethName) if err != nil { return fmt.Errorf("failed to lookup %q in %q: %v", hostVethName, hostNS.Path(), err) } @@ -174,7 +175,7 @@ func SetupVeth(contVethName string, mtu int, contVethMac string, hostNS ns.NetNS // DelLinkByName removes an interface link. func DelLinkByName(ifName string) error { - iface, err := netlink.LinkByName(ifName) + iface, err := netlinksafe.LinkByName(ifName) if err != nil { if _, ok := err.(netlink.LinkNotFoundError); ok { return ErrLinkNotFound @@ -191,7 +192,7 @@ func DelLinkByName(ifName string) error { // DelLinkByNameAddr remove an interface and returns its addresses func DelLinkByNameAddr(ifName string) ([]*net.IPNet, error) { - iface, err := netlink.LinkByName(ifName) + iface, err := netlinksafe.LinkByName(ifName) if err != nil { if _, ok := err.(netlink.LinkNotFoundError); ok { return nil, ErrLinkNotFound @@ -199,7 +200,7 @@ func DelLinkByNameAddr(ifName string) ([]*net.IPNet, error) { return nil, fmt.Errorf("failed to lookup %q: %v", ifName, err) } - addrs, err := netlink.AddrList(iface, netlink.FAMILY_ALL) + addrs, err := netlinksafe.AddrList(iface, netlink.FAMILY_ALL) if err != nil { return nil, fmt.Errorf("failed to get IP addresses for %q: %v", ifName, err) } @@ -222,7 +223,7 @@ func DelLinkByNameAddr(ifName string) ([]*net.IPNet, error) { // veth, or an error. This peer ifindex will only be valid in the peer's // network namespace. func GetVethPeerIfindex(ifName string) (netlink.Link, int, error) { - link, err := netlink.LinkByName(ifName) + link, err := netlinksafe.LinkByName(ifName) if err != nil { return nil, -1, fmt.Errorf("could not look up %q: %v", ifName, err) } diff --git a/pkg/ip/link_linux_test.go b/pkg/ip/link_linux_test.go index 90938c45..1d1dfcea 100644 --- a/pkg/ip/link_linux_test.go +++ b/pkg/ip/link_linux_test.go @@ -22,9 +22,9 @@ import ( . "github.com/onsi/ginkgo/v2" . "github.com/onsi/gomega" - "github.com/vishvananda/netlink" "github.com/containernetworking/plugins/pkg/ip" + "github.com/containernetworking/plugins/pkg/netlinksafe" "github.com/containernetworking/plugins/pkg/ns" "github.com/containernetworking/plugins/pkg/testutils" ) @@ -127,7 +127,7 @@ var _ = Describe("Link", func() { _ = containerNetNS.Do(func(ns.NetNS) error { defer GinkgoRecover() - containerVethFromName, err := netlink.LinkByName(containerVethName) + containerVethFromName, err := netlinksafe.LinkByName(containerVethName) Expect(err).NotTo(HaveOccurred()) Expect(containerVethFromName.Attrs().Index).To(Equal(containerVeth.Index)) @@ -137,7 +137,7 @@ var _ = Describe("Link", func() { _ = hostNetNS.Do(func(ns.NetNS) error { defer GinkgoRecover() - hostVethFromName, err := netlink.LinkByName(hostVethName) + hostVethFromName, err := netlinksafe.LinkByName(hostVethName) Expect(err).NotTo(HaveOccurred()) Expect(hostVethFromName.Attrs().Index).To(Equal(hostVeth.Index)) @@ -207,7 +207,7 @@ var _ = Describe("Link", func() { _ = containerNetNS.Do(func(ns.NetNS) error { defer GinkgoRecover() - _, err := netlink.LinkByName(containerVethName) + _, err := netlinksafe.LinkByName(containerVethName) Expect(err).NotTo(HaveOccurred()) return nil @@ -216,7 +216,7 @@ var _ = Describe("Link", func() { _ = hostNetNS.Do(func(ns.NetNS) error { defer GinkgoRecover() - _, err := netlink.LinkByName(hostVethName) + _, err := netlinksafe.LinkByName(hostVethName) Expect(err).NotTo(HaveOccurred()) return nil @@ -232,7 +232,7 @@ var _ = Describe("Link", func() { Expect(err).NotTo(HaveOccurred()) hostVethName = hostVeth.Name - link, err := netlink.LinkByName(containerVethName) + link, err := netlinksafe.LinkByName(containerVethName) Expect(err).NotTo(HaveOccurred()) Expect(link.Attrs().HardwareAddr.String()).To(Equal(mac)) @@ -242,7 +242,7 @@ var _ = Describe("Link", func() { _ = hostNetNS.Do(func(ns.NetNS) error { defer GinkgoRecover() - link, err := netlink.LinkByName(hostVethName) + link, err := netlinksafe.LinkByName(hostVethName) Expect(err).NotTo(HaveOccurred()) Expect(link.Attrs().HardwareAddr.String()).NotTo(Equal(mac)) @@ -259,7 +259,7 @@ var _ = Describe("Link", func() { err := ip.DelLinkByName(containerVethName) Expect(err).NotTo(HaveOccurred()) - _, err = netlink.LinkByName(containerVethName) + _, err = netlinksafe.LinkByName(containerVethName) Expect(err).To(HaveOccurred()) return nil @@ -268,7 +268,7 @@ var _ = Describe("Link", func() { _ = hostNetNS.Do(func(ns.NetNS) error { defer GinkgoRecover() - _, err := netlink.LinkByName(hostVethName) + _, err := netlinksafe.LinkByName(hostVethName) Expect(err).To(HaveOccurred()) return nil diff --git a/pkg/ip/utils_linux.go b/pkg/ip/utils_linux.go index 12a6175b..2926def9 100644 --- a/pkg/ip/utils_linux.go +++ b/pkg/ip/utils_linux.go @@ -25,6 +25,7 @@ import ( "github.com/containernetworking/cni/pkg/types" current "github.com/containernetworking/cni/pkg/types/100" + "github.com/containernetworking/plugins/pkg/netlinksafe" ) func ValidateExpectedInterfaceIPs(ifName string, resultIPs []*current.IPConfig) error { @@ -33,12 +34,12 @@ func ValidateExpectedInterfaceIPs(ifName string, resultIPs []*current.IPConfig) ourAddr := netlink.Addr{IPNet: &ips.Address} match := false - link, err := netlink.LinkByName(ifName) + link, err := netlinksafe.LinkByName(ifName) if err != nil { return fmt.Errorf("Cannot find container link %v", ifName) } - addrList, err := netlink.AddrList(link, netlink.FAMILY_ALL) + addrList, err := netlinksafe.AddrList(link, netlink.FAMILY_ALL) if err != nil { return fmt.Errorf("Cannot obtain List of IP Addresses") } @@ -67,7 +68,7 @@ func ValidateExpectedInterfaceIPs(ifName string, resultIPs []*current.IPConfig) family = netlink.FAMILY_V4 } - gwy, err := netlink.RouteListFiltered(family, findGwy, routeFilter) + gwy, err := netlinksafe.RouteListFiltered(family, findGwy, routeFilter) if err != nil { return fmt.Errorf("Error %v trying to find Gateway %v for interface %v", err, ips.Gateway, ifName) } @@ -108,7 +109,7 @@ func ValidateExpectedRoute(resultRoutes []*types.Route) error { return fmt.Errorf("Invalid static route found %v", route) } - wasFound, err := netlink.RouteListFiltered(family, find, routeFilter) + wasFound, err := netlinksafe.RouteListFiltered(family, find, routeFilter) if err != nil { return fmt.Errorf("Expected Route %v not route table lookup error %v", route, err) } diff --git a/pkg/ipam/ipam_linux.go b/pkg/ipam/ipam_linux.go index 61c673a7..4c5af045 100644 --- a/pkg/ipam/ipam_linux.go +++ b/pkg/ipam/ipam_linux.go @@ -23,6 +23,7 @@ import ( current "github.com/containernetworking/cni/pkg/types/100" "github.com/containernetworking/plugins/pkg/ip" + "github.com/containernetworking/plugins/pkg/netlinksafe" "github.com/containernetworking/plugins/pkg/utils/sysctl" ) @@ -38,7 +39,7 @@ func ConfigureIface(ifName string, res *current.Result) error { return fmt.Errorf("no interfaces to configure") } - link, err := netlink.LinkByName(ifName) + link, err := netlinksafe.LinkByName(ifName) if err != nil { return fmt.Errorf("failed to lookup %q: %v", ifName, err) } diff --git a/pkg/ipam/ipam_linux_test.go b/pkg/ipam/ipam_linux_test.go index ddccdac6..9afbcc1c 100644 --- a/pkg/ipam/ipam_linux_test.go +++ b/pkg/ipam/ipam_linux_test.go @@ -24,6 +24,7 @@ import ( "github.com/containernetworking/cni/pkg/types" current "github.com/containernetworking/cni/pkg/types/100" + "github.com/containernetworking/plugins/pkg/netlinksafe" "github.com/containernetworking/plugins/pkg/ns" "github.com/containernetworking/plugins/pkg/testutils" ) @@ -64,7 +65,7 @@ var _ = Describe("ConfigureIface", func() { LinkAttrs: linkAttrs, }) Expect(err).NotTo(HaveOccurred()) - _, err = netlink.LinkByName(LINK_NAME) + _, err = netlinksafe.LinkByName(LINK_NAME) Expect(err).NotTo(HaveOccurred()) return nil }) @@ -148,16 +149,16 @@ var _ = Describe("ConfigureIface", func() { err := ConfigureIface(LINK_NAME, result) Expect(err).NotTo(HaveOccurred()) - link, err := netlink.LinkByName(LINK_NAME) + link, err := netlinksafe.LinkByName(LINK_NAME) Expect(err).NotTo(HaveOccurred()) Expect(link.Attrs().Name).To(Equal(LINK_NAME)) - v4addrs, err := netlink.AddrList(link, syscall.AF_INET) + v4addrs, err := netlinksafe.AddrList(link, syscall.AF_INET) Expect(err).NotTo(HaveOccurred()) Expect(v4addrs).To(HaveLen(1)) Expect(ipNetEqual(v4addrs[0].IPNet, ipv4)).To(BeTrue()) - v6addrs, err := netlink.AddrList(link, syscall.AF_INET6) + v6addrs, err := netlinksafe.AddrList(link, syscall.AF_INET6) Expect(err).NotTo(HaveOccurred()) Expect(v6addrs).To(HaveLen(2)) @@ -171,7 +172,7 @@ var _ = Describe("ConfigureIface", func() { Expect(found).To(BeTrue()) // Ensure the v4 route, v6 route, and subnet route - routes, err := netlink.RouteList(link, 0) + routes, err := netlinksafe.RouteList(link, 0) Expect(err).NotTo(HaveOccurred()) var v4found, v6found, v4Scopefound bool @@ -209,12 +210,12 @@ var _ = Describe("ConfigureIface", func() { err := ConfigureIface(LINK_NAME, result) Expect(err).NotTo(HaveOccurred()) - link, err := netlink.LinkByName(LINK_NAME) + link, err := netlinksafe.LinkByName(LINK_NAME) Expect(err).NotTo(HaveOccurred()) Expect(link.Attrs().Name).To(Equal(LINK_NAME)) // Ensure the v4 route, v6 route, and subnet route - routes, err := netlink.RouteList(link, 0) + routes, err := netlinksafe.RouteList(link, 0) Expect(err).NotTo(HaveOccurred()) var v4found, v6found, v4Tablefound bool @@ -239,7 +240,7 @@ var _ = Describe("ConfigureIface", func() { Table: routeTable, } - routes, err = netlink.RouteListFiltered(netlink.FAMILY_ALL, + routes, err = netlinksafe.RouteListFiltered(netlink.FAMILY_ALL, routeFilter, netlink.RT_FILTER_TABLE) Expect(err).NotTo(HaveOccurred()) diff --git a/pkg/utils/conntrack.go b/pkg/utils/conntrack.go index 3dd0c261..f4cc2627 100644 --- a/pkg/utils/conntrack.go +++ b/pkg/utils/conntrack.go @@ -20,6 +20,8 @@ import ( "github.com/vishvananda/netlink" "golang.org/x/sys/unix" + + "github.com/containernetworking/plugins/pkg/netlinksafe" ) // Assigned Internet Protocol Numbers @@ -51,7 +53,7 @@ func DeleteConntrackEntriesForDstIP(dstIP string, protocol uint8) error { filter.AddIP(netlink.ConntrackOrigDstIP, ip) filter.AddProtocol(protocol) - _, err := netlink.ConntrackDeleteFilters(netlink.ConntrackTable, family, filter) + _, err := netlinksafe.ConntrackDeleteFilters(netlink.ConntrackTable, family, filter) if err != nil { return fmt.Errorf("error deleting connection tracking state for protocol: %d IP: %s, error: %v", protocol, ip, err) } @@ -65,7 +67,7 @@ func DeleteConntrackEntriesForDstPort(port uint16, protocol uint8, family netlin filter.AddProtocol(protocol) filter.AddPort(netlink.ConntrackOrigDstPort, port) - _, err := netlink.ConntrackDeleteFilters(netlink.ConntrackTable, family, filter) + _, err := netlinksafe.ConntrackDeleteFilters(netlink.ConntrackTable, family, filter) if err != nil { return fmt.Errorf("error deleting connection tracking state for protocol: %d Port: %d, error: %v", protocol, port, err) } diff --git a/plugins/ipam/dhcp/dhcp2_test.go b/plugins/ipam/dhcp/dhcp2_test.go index 7f424348..0bbae33d 100644 --- a/plugins/ipam/dhcp/dhcp2_test.go +++ b/plugins/ipam/dhcp/dhcp2_test.go @@ -27,6 +27,7 @@ import ( "github.com/containernetworking/cni/pkg/skel" current "github.com/containernetworking/cni/pkg/types/100" + "github.com/containernetworking/plugins/pkg/netlinksafe" "github.com/containernetworking/plugins/pkg/ns" "github.com/containernetworking/plugins/pkg/testutils" ) @@ -48,12 +49,12 @@ var _ = Describe("DHCP Multiple Lease Operations", func() { err = targetNS.Do(func(_ ns.NetNS) error { defer GinkgoRecover() - link, err := netlink.LinkByName(contVethName0) + link, err := netlinksafe.LinkByName(contVethName0) Expect(err).NotTo(HaveOccurred()) err = netlink.LinkSetUp(link) Expect(err).NotTo(HaveOccurred()) - link1, err := netlink.LinkByName(contVethName1) + link1, err := netlinksafe.LinkByName(contVethName1) Expect(err).NotTo(HaveOccurred()) err = netlink.LinkSetUp(link1) Expect(err).NotTo(HaveOccurred()) diff --git a/plugins/ipam/dhcp/dhcp_test.go b/plugins/ipam/dhcp/dhcp_test.go index 327e591a..78cd11c9 100644 --- a/plugins/ipam/dhcp/dhcp_test.go +++ b/plugins/ipam/dhcp/dhcp_test.go @@ -31,6 +31,7 @@ import ( "github.com/containernetworking/cni/pkg/skel" types100 "github.com/containernetworking/cni/pkg/types/100" + "github.com/containernetworking/plugins/pkg/netlinksafe" "github.com/containernetworking/plugins/pkg/ns" "github.com/containernetworking/plugins/pkg/testutils" ) @@ -181,7 +182,7 @@ var _ = Describe("DHCP Operations", func() { }) Expect(err).NotTo(HaveOccurred()) - host, err := netlink.LinkByName(hostVethName) + host, err := netlinksafe.LinkByName(hostVethName) Expect(err).NotTo(HaveOccurred()) err = netlink.LinkSetUp(host) Expect(err).NotTo(HaveOccurred()) @@ -197,7 +198,7 @@ var _ = Describe("DHCP Operations", func() { }) Expect(err).NotTo(HaveOccurred()) - cont, err := netlink.LinkByName(contVethName) + cont, err := netlinksafe.LinkByName(contVethName) Expect(err).NotTo(HaveOccurred()) err = netlink.LinkSetNsFd(cont, int(targetNS.Fd())) Expect(err).NotTo(HaveOccurred()) @@ -210,7 +211,7 @@ var _ = Describe("DHCP Operations", func() { err = targetNS.Do(func(_ ns.NetNS) error { defer GinkgoRecover() - link, err := netlink.LinkByName(contVethName) + link, err := netlinksafe.LinkByName(contVethName) Expect(err).NotTo(HaveOccurred()) err = netlink.LinkSetUp(link) Expect(err).NotTo(HaveOccurred()) @@ -455,16 +456,16 @@ func dhcpSetupOriginalNS() (chan bool, string, ns.NetNS, ns.NetNS, error) { err = netlink.LinkSetUp(veth) Expect(err).NotTo(HaveOccurred()) - bridgeLink, err := netlink.LinkByName(hostBridgeName) + bridgeLink, err := netlinksafe.LinkByName(hostBridgeName) Expect(err).NotTo(HaveOccurred()) - hostVethLink, err := netlink.LinkByName(hostVethName0) + hostVethLink, err := netlinksafe.LinkByName(hostVethName0) Expect(err).NotTo(HaveOccurred()) err = netlink.LinkSetMaster(hostVethLink, bridgeLink.(*netlink.Bridge)) Expect(err).NotTo(HaveOccurred()) - cont, err := netlink.LinkByName(contVethName0) + cont, err := netlinksafe.LinkByName(contVethName0) Expect(err).NotTo(HaveOccurred()) err = netlink.LinkSetNsFd(cont, int(targetNS.Fd())) Expect(err).NotTo(HaveOccurred()) @@ -483,16 +484,16 @@ func dhcpSetupOriginalNS() (chan bool, string, ns.NetNS, ns.NetNS, error) { err = netlink.LinkSetUp(veth1) Expect(err).NotTo(HaveOccurred()) - bridgeLink, err = netlink.LinkByName(hostBridgeName) + bridgeLink, err = netlinksafe.LinkByName(hostBridgeName) Expect(err).NotTo(HaveOccurred()) - hostVethLink1, err := netlink.LinkByName(hostVethName1) + hostVethLink1, err := netlinksafe.LinkByName(hostVethName1) Expect(err).NotTo(HaveOccurred()) err = netlink.LinkSetMaster(hostVethLink1, bridgeLink.(*netlink.Bridge)) Expect(err).NotTo(HaveOccurred()) - cont1, err := netlink.LinkByName(contVethName1) + cont1, err := netlinksafe.LinkByName(contVethName1) Expect(err).NotTo(HaveOccurred()) err = netlink.LinkSetNsFd(cont1, int(targetNS.Fd())) @@ -521,12 +522,12 @@ var _ = Describe("DHCP Lease Unavailable Operations", func() { err = targetNS.Do(func(_ ns.NetNS) error { defer GinkgoRecover() - link, err := netlink.LinkByName(contVethName0) + link, err := netlinksafe.LinkByName(contVethName0) Expect(err).NotTo(HaveOccurred()) err = netlink.LinkSetUp(link) Expect(err).NotTo(HaveOccurred()) - link1, err := netlink.LinkByName(contVethName1) + link1, err := netlinksafe.LinkByName(contVethName1) Expect(err).NotTo(HaveOccurred()) err = netlink.LinkSetUp(link1) Expect(err).NotTo(HaveOccurred()) diff --git a/plugins/ipam/dhcp/lease.go b/plugins/ipam/dhcp/lease.go index 537bbdfc..2bdf401d 100644 --- a/plugins/ipam/dhcp/lease.go +++ b/plugins/ipam/dhcp/lease.go @@ -31,6 +31,7 @@ import ( "github.com/vishvananda/netlink" "github.com/containernetworking/cni/pkg/types" + "github.com/containernetworking/plugins/pkg/netlinksafe" "github.com/containernetworking/plugins/pkg/ns" ) @@ -193,7 +194,7 @@ func AcquireLease( errCh <- ns.WithNetNSPath(netns, func(_ ns.NetNS) error { defer l.wg.Done() - link, err := netlink.LinkByName(ifName) + link, err := netlinksafe.LinkByName(ifName) if err != nil { return fmt.Errorf("error looking up %q: %v", ifName, err) } @@ -382,7 +383,7 @@ func checkLinkExistsWithBackoff(ctx context.Context, linkName string) (bool, err } func checkLinkByName(linkName string) (bool, error) { - _, err := netlink.LinkByName(linkName) + _, err := netlinksafe.LinkByName(linkName) if err != nil { var linkNotFoundErr *netlink.LinkNotFoundError = &netlink.LinkNotFoundError{} if errors.As(err, linkNotFoundErr) { diff --git a/plugins/main/bridge/bridge.go b/plugins/main/bridge/bridge.go index 905676e4..056a6983 100644 --- a/plugins/main/bridge/bridge.go +++ b/plugins/main/bridge/bridge.go @@ -34,6 +34,7 @@ import ( "github.com/containernetworking/plugins/pkg/ip" "github.com/containernetworking/plugins/pkg/ipam" "github.com/containernetworking/plugins/pkg/link" + "github.com/containernetworking/plugins/pkg/netlinksafe" "github.com/containernetworking/plugins/pkg/ns" bv "github.com/containernetworking/plugins/pkg/utils/buildversion" "github.com/containernetworking/plugins/pkg/utils/sysctl" @@ -271,7 +272,7 @@ func calcGateways(result *current.Result, n *NetConf) (*gwInfo, *gwInfo, error) } func ensureAddr(br netlink.Link, family int, ipn *net.IPNet, forceAddress bool) error { - addrs, err := netlink.AddrList(br, family) + addrs, err := netlinksafe.AddrList(br, family) if err != nil && err != syscall.ENOENT { return fmt.Errorf("could not get list of IP addresses: %v", err) } @@ -324,7 +325,7 @@ func deleteAddr(br netlink.Link, ipn *net.IPNet) error { } func bridgeByName(name string) (*netlink.Bridge, error) { - l, err := netlink.LinkByName(name) + l, err := netlinksafe.LinkByName(name) if err != nil { return nil, fmt.Errorf("could not lookup %q: %v", name, err) } @@ -377,7 +378,7 @@ func ensureBridge(brName string, mtu int, promiscMode, vlanFiltering bool) (*net func ensureVlanInterface(br *netlink.Bridge, vlanID int, preserveDefaultVlan bool) (netlink.Link, error) { name := fmt.Sprintf("%s.%d", br.Name, vlanID) - brGatewayVeth, err := netlink.LinkByName(name) + brGatewayVeth, err := netlinksafe.LinkByName(name) if err != nil { if err.Error() != "Link not found" { return nil, fmt.Errorf("failed to find interface %q: %v", name, err) @@ -393,7 +394,7 @@ func ensureVlanInterface(br *netlink.Bridge, vlanID int, preserveDefaultVlan boo return nil, fmt.Errorf("faild to create vlan gateway %q: %v", name, err) } - brGatewayVeth, err = netlink.LinkByName(brGatewayIface.Name) + brGatewayVeth, err = netlinksafe.LinkByName(brGatewayIface.Name) if err != nil { return nil, fmt.Errorf("failed to lookup %q: %v", brGatewayIface.Name, err) } @@ -439,7 +440,7 @@ func setupVeth( } // need to lookup hostVeth again as its index has changed during ns move - hostVeth, err := netlink.LinkByName(hostIface.Name) + hostVeth, err := netlinksafe.LinkByName(hostIface.Name) if err != nil { return nil, nil, fmt.Errorf("failed to lookup %q: %v", hostIface.Name, err) } @@ -486,7 +487,7 @@ func setupVeth( } func removeDefaultVlan(hostVeth netlink.Link) error { - vlanInfo, err := netlink.BridgeVlanList() + vlanInfo, err := netlinksafe.BridgeVlanList() if err != nil { return err } @@ -695,7 +696,7 @@ func cmdAdd(args *skel.CmdArgs) error { } } else if !n.DisableContainerInterface { if err := netns.Do(func(_ ns.NetNS) error { - link, err := netlink.LinkByName(args.IfName) + link, err := netlinksafe.LinkByName(args.IfName) if err != nil { return fmt.Errorf("failed to retrieve link: %v", err) } @@ -710,7 +711,7 @@ func cmdAdd(args *skel.CmdArgs) error { } } - hostVeth, err := netlink.LinkByName(hostInterface.Name) + hostVeth, err := netlinksafe.LinkByName(hostInterface.Name) if err != nil { return err } @@ -721,7 +722,7 @@ func cmdAdd(args *skel.CmdArgs) error { for idx, sleep := range retries { time.Sleep(time.Duration(sleep) * time.Millisecond) - hostVeth, err = netlink.LinkByName(hostInterface.Name) + hostVeth, err = netlinksafe.LinkByName(hostInterface.Name) if err != nil { return err } @@ -858,7 +859,7 @@ func validateInterface(intf current.Interface, expectInSb bool) (cniBridgeIf, ne return ifFound, nil, fmt.Errorf("Interface name missing ") } - link, err := netlink.LinkByName(intf.Name) + link, err := netlinksafe.LinkByName(intf.Name) if err != nil { return ifFound, nil, fmt.Errorf("Interface name %s not found", intf.Name) } diff --git a/plugins/main/bridge/bridge_test.go b/plugins/main/bridge/bridge_test.go index 4e6939af..744f046d 100644 --- a/plugins/main/bridge/bridge_test.go +++ b/plugins/main/bridge/bridge_test.go @@ -35,6 +35,7 @@ import ( types040 "github.com/containernetworking/cni/pkg/types/040" types100 "github.com/containernetworking/cni/pkg/types/100" "github.com/containernetworking/plugins/pkg/ip" + "github.com/containernetworking/plugins/pkg/netlinksafe" "github.com/containernetworking/plugins/pkg/ns" "github.com/containernetworking/plugins/pkg/testutils" "github.com/containernetworking/plugins/plugins/ipam/host-local/backend/allocator" @@ -411,9 +412,9 @@ func delBridgeAddrs(testNS ns.NetNS) { err := testNS.Do(func(ns.NetNS) error { defer GinkgoRecover() - br, err := netlink.LinkByName(BRNAME) + br, err := netlinksafe.LinkByName(BRNAME) Expect(err).NotTo(HaveOccurred()) - addrs, err := netlink.AddrList(br, netlink.FAMILY_ALL) + addrs, err := netlinksafe.AddrList(br, netlink.FAMILY_ALL) Expect(err).NotTo(HaveOccurred()) for _, addr := range addrs { if !addr.IP.IsLinkLocalUnicast() { @@ -422,9 +423,9 @@ func delBridgeAddrs(testNS ns.NetNS) { } } - br, err = netlink.LinkByName(BRNAMEVLAN) + br, err = netlinksafe.LinkByName(BRNAMEVLAN) if err == nil { - addrs, err = netlink.AddrList(br, netlink.FAMILY_ALL) + addrs, err = netlinksafe.AddrList(br, netlink.FAMILY_ALL) Expect(err).NotTo(HaveOccurred()) for _, addr := range addrs { if !addr.IP.IsLinkLocalUnicast() { @@ -443,9 +444,9 @@ func delVlanAddrs(testNS ns.NetNS, vlan int) { err := testNS.Do(func(ns.NetNS) error { defer GinkgoRecover() - vlanLink, err := netlink.LinkByName(fmt.Sprintf("%s.%d", BRNAME, vlan)) + vlanLink, err := netlinksafe.LinkByName(fmt.Sprintf("%s.%d", BRNAME, vlan)) Expect(err).NotTo(HaveOccurred()) - addrs, err := netlink.AddrList(vlanLink, netlink.FAMILY_ALL) + addrs, err := netlinksafe.AddrList(vlanLink, netlink.FAMILY_ALL) Expect(err).NotTo(HaveOccurred()) for _, addr := range addrs { if !addr.IP.IsLinkLocalUnicast() { @@ -583,7 +584,7 @@ func (tester *testerV10x) cmdAddTest(tc testCase, dataDir string) (types.Result, Expect(result.Interfaces[2].Sandbox).To(Equal(tester.targetNS.Path())) // Make sure bridge link exists - link, err := netlink.LinkByName(result.Interfaces[0].Name) + link, err := netlinksafe.LinkByName(result.Interfaces[0].Name) Expect(err).NotTo(HaveOccurred()) Expect(link.Attrs().Name).To(Equal(BRNAME)) Expect(link).To(BeAssignableToTypeOf(&netlink.Bridge{})) @@ -593,7 +594,7 @@ func (tester *testerV10x) cmdAddTest(tc testCase, dataDir string) (types.Result, var vlanLink netlink.Link if !tc.isLayer2 && tc.vlan != 0 { // Make sure vlan link exists - vlanLink, err = netlink.LinkByName(fmt.Sprintf("%s.%d", BRNAME, tc.vlan)) + vlanLink, err = netlinksafe.LinkByName(fmt.Sprintf("%s.%d", BRNAME, tc.vlan)) Expect(err).NotTo(HaveOccurred()) Expect(vlanLink.Attrs().Name).To(Equal(fmt.Sprintf("%s.%d", BRNAME, tc.vlan))) Expect(vlanLink).To(BeAssignableToTypeOf(&netlink.Veth{})) @@ -601,7 +602,7 @@ func (tester *testerV10x) cmdAddTest(tc testCase, dataDir string) (types.Result, // Check the bridge dot vlan interface have the vlan tag peerLink, err := netlink.LinkByIndex(vlanLink.Attrs().Index - 1) Expect(err).NotTo(HaveOccurred()) - interfaceMap, err := netlink.BridgeVlanList() + interfaceMap, err := netlinksafe.BridgeVlanList() Expect(err).NotTo(HaveOccurred()) vlans, isExist := interfaceMap[int32(peerLink.Attrs().Index)] Expect(isExist).To(BeTrue()) @@ -621,9 +622,9 @@ func (tester *testerV10x) cmdAddTest(tc testCase, dataDir string) (types.Result, // Ensure bridge has expected gateway address(es) var addrs []netlink.Addr if tc.vlan == 0 { - addrs, err = netlink.AddrList(link, netlink.FAMILY_ALL) + addrs, err = netlinksafe.AddrList(link, netlink.FAMILY_ALL) } else { - addrs, err = netlink.AddrList(vlanLink, netlink.FAMILY_ALL) + addrs, err = netlinksafe.AddrList(vlanLink, netlink.FAMILY_ALL) } Expect(err).NotTo(HaveOccurred()) Expect(addrs).ToNot(BeEmpty()) @@ -644,7 +645,7 @@ func (tester *testerV10x) cmdAddTest(tc testCase, dataDir string) (types.Result, } // Check for the veth link in the main namespace - links, err := netlink.LinkList() + links, err := netlinksafe.LinkList() Expect(err).NotTo(HaveOccurred()) if !tc.isLayer2 && tc.vlan != 0 { Expect(links).To(HaveLen(5)) // Bridge, Bridge vlan veth, veth, and loopback @@ -652,18 +653,18 @@ func (tester *testerV10x) cmdAddTest(tc testCase, dataDir string) (types.Result, Expect(links).To(HaveLen(3)) // Bridge, veth, and loopback } - link, err = netlink.LinkByName(result.Interfaces[1].Name) + link, err = netlinksafe.LinkByName(result.Interfaces[1].Name) Expect(err).NotTo(HaveOccurred()) Expect(link).To(BeAssignableToTypeOf(&netlink.Veth{})) tester.vethName = result.Interfaces[1].Name - protInfo, err := netlink.LinkGetProtinfo(link) + protInfo, err := netlinksafe.LinkGetProtinfo(link) Expect(err).NotTo(HaveOccurred()) Expect(protInfo.Isolated).To(Equal(tc.portIsolation), "link isolation should be on when portIsolation is set") // check vlan exist on the veth interface if tc.vlan != 0 { - interfaceMap, err := netlink.BridgeVlanList() + interfaceMap, err := netlinksafe.BridgeVlanList() Expect(err).NotTo(HaveOccurred()) vlans, isExist := interfaceMap[int32(link.Attrs().Index)] Expect(isExist).To(BeTrue()) @@ -675,7 +676,7 @@ func (tester *testerV10x) cmdAddTest(tc testCase, dataDir string) (types.Result, // check VlanTrunks exist on the veth interface if tc.vlanTrunk != nil { - interfaceMap, err := netlink.BridgeVlanList() + interfaceMap, err := netlinksafe.BridgeVlanList() Expect(err).NotTo(HaveOccurred()) vlans, isExist := interfaceMap[int32(link.Attrs().Index)] Expect(isExist).To(BeTrue()) @@ -713,17 +714,17 @@ func (tester *testerV10x) cmdAddTest(tc testCase, dataDir string) (types.Result, err = tester.targetNS.Do(func(ns.NetNS) error { defer GinkgoRecover() - link, err := netlink.LinkByName(IFNAME) + link, err := netlinksafe.LinkByName(IFNAME) Expect(err).NotTo(HaveOccurred()) Expect(link.Attrs().Name).To(Equal(IFNAME)) Expect(link).To(BeAssignableToTypeOf(&netlink.Veth{})) assertContainerInterfaceLinkState(&tc, link) expCIDRsV4, expCIDRsV6 := tc.expectedCIDRs() - addrs, err := netlink.AddrList(link, netlink.FAMILY_V4) + addrs, err := netlinksafe.AddrList(link, netlink.FAMILY_V4) Expect(err).NotTo(HaveOccurred()) Expect(addrs).To(HaveLen(len(expCIDRsV4))) - addrs, err = netlink.AddrList(link, netlink.FAMILY_V6) + addrs, err = netlinksafe.AddrList(link, netlink.FAMILY_V6) Expect(err).NotTo(HaveOccurred()) assertIPv6Addresses(&tc, addrs, expCIDRsV6) @@ -738,7 +739,7 @@ func (tester *testerV10x) cmdAddTest(tc testCase, dataDir string) (types.Result, Expect(foundAddrs).To(Equal(len(expCIDRsV6))) // Ensure the default route(s) - routes, err := netlink.RouteList(link, 0) + routes, err := netlinksafe.RouteList(link, 0) Expect(err).NotTo(HaveOccurred()) var defaultRouteFound4, defaultRouteFound6 bool @@ -800,16 +801,16 @@ func (tester *testerV10x) cmdCheckTest(tc testCase, conf *Net, _ string) { err = tester.targetNS.Do(func(ns.NetNS) error { defer GinkgoRecover() - link, err := netlink.LinkByName(IFNAME) + link, err := netlinksafe.LinkByName(IFNAME) Expect(err).NotTo(HaveOccurred()) Expect(link.Attrs().Name).To(Equal(IFNAME)) Expect(link).To(BeAssignableToTypeOf(&netlink.Veth{})) expCIDRsV4, expCIDRsV6 := tc.expectedCIDRs() - addrs, err := netlink.AddrList(link, netlink.FAMILY_V4) + addrs, err := netlinksafe.AddrList(link, netlink.FAMILY_V4) Expect(err).NotTo(HaveOccurred()) Expect(addrs).To(HaveLen(len(expCIDRsV4))) - addrs, err = netlink.AddrList(link, netlink.FAMILY_V6) + addrs, err = netlinksafe.AddrList(link, netlink.FAMILY_V6) Expect(addrs).To(HaveLen(len(expCIDRsV6) + 1)) // add one for the link-local Expect(err).NotTo(HaveOccurred()) // Ignore link local address which may or may not be @@ -823,7 +824,7 @@ func (tester *testerV10x) cmdCheckTest(tc testCase, conf *Net, _ string) { Expect(foundAddrs).To(Equal(len(expCIDRsV6))) // Ensure the default route(s) - routes, err := netlink.RouteList(link, 0) + routes, err := netlinksafe.RouteList(link, 0) Expect(err).NotTo(HaveOccurred()) var defaultRouteFound4, defaultRouteFound6 bool @@ -870,7 +871,7 @@ func (tester *testerV10x) cmdDelTest(tc testCase, dataDir string) { err = tester.targetNS.Do(func(ns.NetNS) error { defer GinkgoRecover() - link, err := netlink.LinkByName(IFNAME) + link, err := netlinksafe.LinkByName(IFNAME) Expect(err).To(HaveOccurred()) Expect(link).To(BeNil()) return nil @@ -881,7 +882,7 @@ func (tester *testerV10x) cmdDelTest(tc testCase, dataDir string) { err = tester.testNS.Do(func(ns.NetNS) error { defer GinkgoRecover() - link, err := netlink.LinkByName(tester.vethName) + link, err := netlinksafe.LinkByName(tester.vethName) Expect(err).To(HaveOccurred()) Expect(link).To(BeNil()) return nil @@ -928,7 +929,7 @@ func (tester *testerV04x) cmdAddTest(tc testCase, dataDir string) (types.Result, Expect(result.Interfaces[2].Sandbox).To(Equal(tester.targetNS.Path())) // Make sure bridge link exists - link, err := netlink.LinkByName(result.Interfaces[0].Name) + link, err := netlinksafe.LinkByName(result.Interfaces[0].Name) Expect(err).NotTo(HaveOccurred()) Expect(link.Attrs().Name).To(Equal(BRNAME)) Expect(link).To(BeAssignableToTypeOf(&netlink.Bridge{})) @@ -938,7 +939,7 @@ func (tester *testerV04x) cmdAddTest(tc testCase, dataDir string) (types.Result, var vlanLink netlink.Link if !tc.isLayer2 && tc.vlan != 0 { // Make sure vlan link exists - vlanLink, err = netlink.LinkByName(fmt.Sprintf("%s.%d", BRNAME, tc.vlan)) + vlanLink, err = netlinksafe.LinkByName(fmt.Sprintf("%s.%d", BRNAME, tc.vlan)) Expect(err).NotTo(HaveOccurred()) Expect(vlanLink.Attrs().Name).To(Equal(fmt.Sprintf("%s.%d", BRNAME, tc.vlan))) Expect(vlanLink).To(BeAssignableToTypeOf(&netlink.Veth{})) @@ -946,7 +947,7 @@ func (tester *testerV04x) cmdAddTest(tc testCase, dataDir string) (types.Result, // Check the bridge dot vlan interface have the vlan tag peerLink, err := netlink.LinkByIndex(vlanLink.Attrs().Index - 1) Expect(err).NotTo(HaveOccurred()) - interfaceMap, err := netlink.BridgeVlanList() + interfaceMap, err := netlinksafe.BridgeVlanList() Expect(err).NotTo(HaveOccurred()) vlans, isExist := interfaceMap[int32(peerLink.Attrs().Index)] Expect(isExist).To(BeTrue()) @@ -966,9 +967,9 @@ func (tester *testerV04x) cmdAddTest(tc testCase, dataDir string) (types.Result, // Ensure bridge has expected gateway address(es) var addrs []netlink.Addr if tc.vlan == 0 { - addrs, err = netlink.AddrList(link, netlink.FAMILY_ALL) + addrs, err = netlinksafe.AddrList(link, netlink.FAMILY_ALL) } else { - addrs, err = netlink.AddrList(vlanLink, netlink.FAMILY_ALL) + addrs, err = netlinksafe.AddrList(vlanLink, netlink.FAMILY_ALL) } Expect(err).NotTo(HaveOccurred()) Expect(addrs).ToNot(BeEmpty()) @@ -989,7 +990,7 @@ func (tester *testerV04x) cmdAddTest(tc testCase, dataDir string) (types.Result, } // Check for the veth link in the main namespace - links, err := netlink.LinkList() + links, err := netlinksafe.LinkList() Expect(err).NotTo(HaveOccurred()) if !tc.isLayer2 && tc.vlan != 0 { Expect(links).To(HaveLen(5)) // Bridge, Bridge vlan veth, veth, and loopback @@ -997,14 +998,14 @@ func (tester *testerV04x) cmdAddTest(tc testCase, dataDir string) (types.Result, Expect(links).To(HaveLen(3)) // Bridge, veth, and loopback } - link, err = netlink.LinkByName(result.Interfaces[1].Name) + link, err = netlinksafe.LinkByName(result.Interfaces[1].Name) Expect(err).NotTo(HaveOccurred()) Expect(link).To(BeAssignableToTypeOf(&netlink.Veth{})) tester.vethName = result.Interfaces[1].Name // check vlan exist on the veth interface if tc.vlan != 0 { - interfaceMap, err := netlink.BridgeVlanList() + interfaceMap, err := netlinksafe.BridgeVlanList() Expect(err).NotTo(HaveOccurred()) vlans, isExist := interfaceMap[int32(link.Attrs().Index)] Expect(isExist).To(BeTrue()) @@ -1016,7 +1017,7 @@ func (tester *testerV04x) cmdAddTest(tc testCase, dataDir string) (types.Result, // check VlanTrunks exist on the veth interface if tc.vlanTrunk != nil { - interfaceMap, err := netlink.BridgeVlanList() + interfaceMap, err := netlinksafe.BridgeVlanList() Expect(err).NotTo(HaveOccurred()) vlans, isExist := interfaceMap[int32(link.Attrs().Index)] Expect(isExist).To(BeTrue()) @@ -1049,16 +1050,16 @@ func (tester *testerV04x) cmdAddTest(tc testCase, dataDir string) (types.Result, err = tester.targetNS.Do(func(ns.NetNS) error { defer GinkgoRecover() - link, err := netlink.LinkByName(IFNAME) + link, err := netlinksafe.LinkByName(IFNAME) Expect(err).NotTo(HaveOccurred()) Expect(link.Attrs().Name).To(Equal(IFNAME)) Expect(link).To(BeAssignableToTypeOf(&netlink.Veth{})) expCIDRsV4, expCIDRsV6 := tc.expectedCIDRs() - addrs, err := netlink.AddrList(link, netlink.FAMILY_V4) + addrs, err := netlinksafe.AddrList(link, netlink.FAMILY_V4) Expect(err).NotTo(HaveOccurred()) Expect(addrs).To(HaveLen(len(expCIDRsV4))) - addrs, err = netlink.AddrList(link, netlink.FAMILY_V6) + addrs, err = netlinksafe.AddrList(link, netlink.FAMILY_V6) Expect(err).NotTo(HaveOccurred()) assertIPv6Addresses(&tc, addrs, expCIDRsV6) @@ -1073,7 +1074,7 @@ func (tester *testerV04x) cmdAddTest(tc testCase, dataDir string) (types.Result, Expect(foundAddrs).To(Equal(len(expCIDRsV6))) // Ensure the default route(s) - routes, err := netlink.RouteList(link, 0) + routes, err := netlinksafe.RouteList(link, 0) Expect(err).NotTo(HaveOccurred()) var defaultRouteFound4, defaultRouteFound6 bool @@ -1134,16 +1135,16 @@ func (tester *testerV04x) cmdCheckTest(tc testCase, conf *Net, _ string) { err = tester.targetNS.Do(func(ns.NetNS) error { defer GinkgoRecover() - link, err := netlink.LinkByName(IFNAME) + link, err := netlinksafe.LinkByName(IFNAME) Expect(err).NotTo(HaveOccurred()) Expect(link.Attrs().Name).To(Equal(IFNAME)) Expect(link).To(BeAssignableToTypeOf(&netlink.Veth{})) expCIDRsV4, expCIDRsV6 := tc.expectedCIDRs() - addrs, err := netlink.AddrList(link, netlink.FAMILY_V4) + addrs, err := netlinksafe.AddrList(link, netlink.FAMILY_V4) Expect(err).NotTo(HaveOccurred()) Expect(addrs).To(HaveLen(len(expCIDRsV4))) - addrs, err = netlink.AddrList(link, netlink.FAMILY_V6) + addrs, err = netlinksafe.AddrList(link, netlink.FAMILY_V6) Expect(addrs).To(HaveLen(len(expCIDRsV6) + 1)) // add one for the link-local Expect(err).NotTo(HaveOccurred()) // Ignore link local address which may or may not be @@ -1157,7 +1158,7 @@ func (tester *testerV04x) cmdCheckTest(tc testCase, conf *Net, _ string) { Expect(foundAddrs).To(Equal(len(expCIDRsV6))) // Ensure the default route(s) - routes, err := netlink.RouteList(link, 0) + routes, err := netlinksafe.RouteList(link, 0) Expect(err).NotTo(HaveOccurred()) var defaultRouteFound4, defaultRouteFound6 bool @@ -1204,7 +1205,7 @@ func (tester *testerV04x) cmdDelTest(tc testCase, dataDir string) { err = tester.targetNS.Do(func(ns.NetNS) error { defer GinkgoRecover() - link, err := netlink.LinkByName(IFNAME) + link, err := netlinksafe.LinkByName(IFNAME) Expect(err).To(HaveOccurred()) Expect(link).To(BeNil()) return nil @@ -1215,7 +1216,7 @@ func (tester *testerV04x) cmdDelTest(tc testCase, dataDir string) { err = tester.testNS.Do(func(ns.NetNS) error { defer GinkgoRecover() - link, err := netlink.LinkByName(tester.vethName) + link, err := netlinksafe.LinkByName(tester.vethName) Expect(err).To(HaveOccurred()) Expect(link).To(BeNil()) return nil @@ -1262,7 +1263,7 @@ func (tester *testerV03x) cmdAddTest(tc testCase, dataDir string) (types.Result, Expect(result.Interfaces[2].Sandbox).To(Equal(tester.targetNS.Path())) // Make sure bridge link exists - link, err := netlink.LinkByName(result.Interfaces[0].Name) + link, err := netlinksafe.LinkByName(result.Interfaces[0].Name) Expect(err).NotTo(HaveOccurred()) Expect(link.Attrs().Name).To(Equal(BRNAME)) Expect(link).To(BeAssignableToTypeOf(&netlink.Bridge{})) @@ -1272,7 +1273,7 @@ func (tester *testerV03x) cmdAddTest(tc testCase, dataDir string) (types.Result, var vlanLink netlink.Link if !tc.isLayer2 && tc.vlan != 0 { // Make sure vlan link exists - vlanLink, err = netlink.LinkByName(fmt.Sprintf("%s.%d", BRNAME, tc.vlan)) + vlanLink, err = netlinksafe.LinkByName(fmt.Sprintf("%s.%d", BRNAME, tc.vlan)) Expect(err).NotTo(HaveOccurred()) Expect(vlanLink.Attrs().Name).To(Equal(fmt.Sprintf("%s.%d", BRNAME, tc.vlan))) Expect(vlanLink).To(BeAssignableToTypeOf(&netlink.Veth{})) @@ -1280,7 +1281,7 @@ func (tester *testerV03x) cmdAddTest(tc testCase, dataDir string) (types.Result, // Check the bridge dot vlan interface have the vlan tag peerLink, err := netlink.LinkByIndex(vlanLink.Attrs().Index - 1) Expect(err).NotTo(HaveOccurred()) - interfaceMap, err := netlink.BridgeVlanList() + interfaceMap, err := netlinksafe.BridgeVlanList() Expect(err).NotTo(HaveOccurred()) vlans, isExist := interfaceMap[int32(peerLink.Attrs().Index)] Expect(isExist).To(BeTrue()) @@ -1300,9 +1301,9 @@ func (tester *testerV03x) cmdAddTest(tc testCase, dataDir string) (types.Result, // Ensure bridge has expected gateway address(es) var addrs []netlink.Addr if tc.vlan == 0 { - addrs, err = netlink.AddrList(link, netlink.FAMILY_ALL) + addrs, err = netlinksafe.AddrList(link, netlink.FAMILY_ALL) } else { - addrs, err = netlink.AddrList(vlanLink, netlink.FAMILY_ALL) + addrs, err = netlinksafe.AddrList(vlanLink, netlink.FAMILY_ALL) } Expect(err).NotTo(HaveOccurred()) Expect(addrs).ToNot(BeEmpty()) @@ -1323,7 +1324,7 @@ func (tester *testerV03x) cmdAddTest(tc testCase, dataDir string) (types.Result, } // Check for the veth link in the main namespace - links, err := netlink.LinkList() + links, err := netlinksafe.LinkList() Expect(err).NotTo(HaveOccurred()) if !tc.isLayer2 && tc.vlan != 0 { Expect(links).To(HaveLen(5)) // Bridge, Bridge vlan veth, veth, and loopback @@ -1331,14 +1332,14 @@ func (tester *testerV03x) cmdAddTest(tc testCase, dataDir string) (types.Result, Expect(links).To(HaveLen(3)) // Bridge, veth, and loopback } - link, err = netlink.LinkByName(result.Interfaces[1].Name) + link, err = netlinksafe.LinkByName(result.Interfaces[1].Name) Expect(err).NotTo(HaveOccurred()) Expect(link).To(BeAssignableToTypeOf(&netlink.Veth{})) tester.vethName = result.Interfaces[1].Name // check vlan exist on the veth interface if tc.vlan != 0 { - interfaceMap, err := netlink.BridgeVlanList() + interfaceMap, err := netlinksafe.BridgeVlanList() Expect(err).NotTo(HaveOccurred()) vlans, isExist := interfaceMap[int32(link.Attrs().Index)] Expect(isExist).To(BeTrue()) @@ -1350,7 +1351,7 @@ func (tester *testerV03x) cmdAddTest(tc testCase, dataDir string) (types.Result, // check VlanTrunks exist on the veth interface if tc.vlanTrunk != nil { - interfaceMap, err := netlink.BridgeVlanList() + interfaceMap, err := netlinksafe.BridgeVlanList() Expect(err).NotTo(HaveOccurred()) vlans, isExist := interfaceMap[int32(link.Attrs().Index)] Expect(isExist).To(BeTrue()) @@ -1383,16 +1384,16 @@ func (tester *testerV03x) cmdAddTest(tc testCase, dataDir string) (types.Result, err = tester.targetNS.Do(func(ns.NetNS) error { defer GinkgoRecover() - link, err := netlink.LinkByName(IFNAME) + link, err := netlinksafe.LinkByName(IFNAME) Expect(err).NotTo(HaveOccurred()) Expect(link.Attrs().Name).To(Equal(IFNAME)) Expect(link).To(BeAssignableToTypeOf(&netlink.Veth{})) expCIDRsV4, expCIDRsV6 := tc.expectedCIDRs() - addrs, err := netlink.AddrList(link, netlink.FAMILY_V4) + addrs, err := netlinksafe.AddrList(link, netlink.FAMILY_V4) Expect(err).NotTo(HaveOccurred()) Expect(addrs).To(HaveLen(len(expCIDRsV4))) - addrs, err = netlink.AddrList(link, netlink.FAMILY_V6) + addrs, err = netlinksafe.AddrList(link, netlink.FAMILY_V6) Expect(err).NotTo(HaveOccurred()) // Ignore link local address which may or may not be // ready when we read addresses. @@ -1405,7 +1406,7 @@ func (tester *testerV03x) cmdAddTest(tc testCase, dataDir string) (types.Result, Expect(foundAddrs).To(Equal(len(expCIDRsV6))) // Ensure the default route(s) - routes, err := netlink.RouteList(link, 0) + routes, err := netlinksafe.RouteList(link, 0) Expect(err).NotTo(HaveOccurred()) var defaultRouteFound4, defaultRouteFound6 bool @@ -1455,7 +1456,7 @@ func (tester *testerV03x) cmdDelTest(_ testCase, _ string) { err = tester.targetNS.Do(func(ns.NetNS) error { defer GinkgoRecover() - link, err := netlink.LinkByName(IFNAME) + link, err := netlinksafe.LinkByName(IFNAME) Expect(err).To(HaveOccurred()) Expect(link).To(BeNil()) return nil @@ -1466,7 +1467,7 @@ func (tester *testerV03x) cmdDelTest(_ testCase, _ string) { err = tester.testNS.Do(func(ns.NetNS) error { defer GinkgoRecover() - link, err := netlink.LinkByName(tester.vethName) + link, err := netlinksafe.LinkByName(tester.vethName) Expect(err).To(HaveOccurred()) Expect(link).To(BeNil()) return nil @@ -1523,7 +1524,7 @@ func (tester *testerV01xOr02x) cmdAddTest(tc testCase, dataDir string) (types.Re Expect(err).NotTo(HaveOccurred()) // Make sure bridge link exists - link, err := netlink.LinkByName(BRNAME) + link, err := netlinksafe.LinkByName(BRNAME) Expect(err).NotTo(HaveOccurred()) Expect(link.Attrs().Name).To(Equal(BRNAME)) Expect(link).To(BeAssignableToTypeOf(&netlink.Bridge{})) @@ -1531,7 +1532,7 @@ func (tester *testerV01xOr02x) cmdAddTest(tc testCase, dataDir string) (types.Re var vlanLink netlink.Link if !tc.isLayer2 && tc.vlan != 0 { // Make sure vlan link exists - vlanLink, err = netlink.LinkByName(fmt.Sprintf("%s.%d", BRNAME, tc.vlan)) + vlanLink, err = netlinksafe.LinkByName(fmt.Sprintf("%s.%d", BRNAME, tc.vlan)) Expect(err).NotTo(HaveOccurred()) Expect(vlanLink.Attrs().Name).To(Equal(fmt.Sprintf("%s.%d", BRNAME, tc.vlan))) Expect(vlanLink).To(BeAssignableToTypeOf(&netlink.Veth{})) @@ -1539,7 +1540,7 @@ func (tester *testerV01xOr02x) cmdAddTest(tc testCase, dataDir string) (types.Re // Check the bridge dot vlan interface have the vlan tag peerLink, err := netlink.LinkByIndex(vlanLink.Attrs().Index - 1) Expect(err).NotTo(HaveOccurred()) - interfaceMap, err := netlink.BridgeVlanList() + interfaceMap, err := netlinksafe.BridgeVlanList() Expect(err).NotTo(HaveOccurred()) vlans, isExist := interfaceMap[int32(peerLink.Attrs().Index)] Expect(isExist).To(BeTrue()) @@ -1559,9 +1560,9 @@ func (tester *testerV01xOr02x) cmdAddTest(tc testCase, dataDir string) (types.Re // Ensure bridge has expected gateway address(es) var addrs []netlink.Addr if tc.vlan == 0 { - addrs, err = netlink.AddrList(link, netlink.FAMILY_ALL) + addrs, err = netlinksafe.AddrList(link, netlink.FAMILY_ALL) } else { - addrs, err = netlink.AddrList(vlanLink, netlink.FAMILY_ALL) + addrs, err = netlinksafe.AddrList(vlanLink, netlink.FAMILY_ALL) } Expect(err).NotTo(HaveOccurred()) Expect(addrs).ToNot(BeEmpty()) @@ -1584,7 +1585,7 @@ func (tester *testerV01xOr02x) cmdAddTest(tc testCase, dataDir string) (types.Re // Check for the veth link in the main namespace; can't // check the for the specific link since version 0.1.0 // doesn't report interfaces - links, err := netlink.LinkList() + links, err := netlinksafe.LinkList() Expect(err).NotTo(HaveOccurred()) if !tc.isLayer2 && tc.vlan != 0 { Expect(links).To(HaveLen(5)) // Bridge, Bridge vlan veth, veth, and loopback @@ -1594,7 +1595,7 @@ func (tester *testerV01xOr02x) cmdAddTest(tc testCase, dataDir string) (types.Re // Grab the vlan map in the host NS for checking later if tc.vlan != 0 { - hostNSVlanMap, err = netlink.BridgeVlanList() + hostNSVlanMap, err = netlinksafe.BridgeVlanList() Expect(err).NotTo(HaveOccurred()) } return nil @@ -1612,16 +1613,16 @@ func (tester *testerV01xOr02x) cmdAddTest(tc testCase, dataDir string) (types.Re err = tester.targetNS.Do(func(ns.NetNS) error { defer GinkgoRecover() - link, err := netlink.LinkByName(IFNAME) + link, err := netlinksafe.LinkByName(IFNAME) Expect(err).NotTo(HaveOccurred()) Expect(link.Attrs().Name).To(Equal(IFNAME)) Expect(link).To(BeAssignableToTypeOf(&netlink.Veth{})) expCIDRsV4, expCIDRsV6 := tc.expectedCIDRs() - addrs, err := netlink.AddrList(link, netlink.FAMILY_V4) + addrs, err := netlinksafe.AddrList(link, netlink.FAMILY_V4) Expect(err).NotTo(HaveOccurred()) Expect(addrs).To(HaveLen(len(expCIDRsV4))) - addrs, err = netlink.AddrList(link, netlink.FAMILY_V6) + addrs, err = netlinksafe.AddrList(link, netlink.FAMILY_V6) Expect(err).NotTo(HaveOccurred()) // Ignore link local address which may or may not be // ready when we read addresses. @@ -1634,7 +1635,7 @@ func (tester *testerV01xOr02x) cmdAddTest(tc testCase, dataDir string) (types.Re Expect(foundAddrs).To(Equal(len(expCIDRsV6))) // Ensure the default route(s) - routes, err := netlink.RouteList(link, 0) + routes, err := netlinksafe.RouteList(link, 0) Expect(err).NotTo(HaveOccurred()) var defaultRouteFound4, defaultRouteFound6 bool @@ -1707,7 +1708,7 @@ func (tester *testerV01xOr02x) cmdDelTest(tc testCase, _ string) { err = tester.testNS.Do(func(ns.NetNS) error { defer GinkgoRecover() - link, err := netlink.LinkByName(IFNAME) + link, err := netlinksafe.LinkByName(IFNAME) Expect(err).To(HaveOccurred()) Expect(link).To(BeNil()) return nil @@ -1902,7 +1903,7 @@ var _ = Describe("bridge Operations", func() { Expect(bridge.Attrs().Name).To(Equal(BRNAME)) // Double check that the link was added - link, err := netlink.LinkByName(BRNAME) + link, err := netlinksafe.LinkByName(BRNAME) Expect(err).NotTo(HaveOccurred()) Expect(link.Attrs().Name).To(Equal(BRNAME)) Expect(link.Attrs().Promisc).To(Equal(0)) @@ -1921,7 +1922,7 @@ var _ = Describe("bridge Operations", func() { LinkAttrs: linkAttrs, }) Expect(err).NotTo(HaveOccurred()) - link, err := netlink.LinkByName(BRNAME) + link, err := netlinksafe.LinkByName(BRNAME) Expect(err).NotTo(HaveOccurred()) Expect(link.Attrs().Name).To(Equal(BRNAME)) ifindex := link.Attrs().Index @@ -1935,7 +1936,7 @@ var _ = Describe("bridge Operations", func() { Expect(bridge.Attrs().Index).To(Equal(ifindex)) // Double check that the link has the same ifindex - link, err = netlink.LinkByName(BRNAME) + link, err = netlinksafe.LinkByName(BRNAME) Expect(err).NotTo(HaveOccurred()) Expect(link.Attrs().Name).To(Equal(BRNAME)) Expect(link.Attrs().Index).To(Equal(ifindex)) @@ -2210,7 +2211,7 @@ var _ = Describe("bridge Operations", func() { // Function to check IP address(es) on bridge checkBridgeIPs := func(cidr0, cidr1 string) { - addrs, err := netlink.AddrList(bridge, family) + addrs, err := netlinksafe.AddrList(bridge, family) Expect(err).NotTo(HaveOccurred()) Expect(addrs).To(HaveLen(expNumAddrs)) addr := addrs[0].IPNet.String() @@ -2294,7 +2295,7 @@ var _ = Describe("bridge Operations", func() { Expect(conf.ForceAddress).To(BeFalse()) // Check if promiscuous mode is set correctly - link, err := netlink.LinkByName("bridge0") + link, err := netlinksafe.LinkByName("bridge0") Expect(err).NotTo(HaveOccurred()) Expect(link.Attrs().Promisc).To(Equal(1)) @@ -2320,13 +2321,13 @@ var _ = Describe("bridge Operations", func() { tc.cniVersion = ver _, _, err := setupBridge(tc.netConf()) Expect(err).NotTo(HaveOccurred()) - link, err := netlink.LinkByName(BRNAME) + link, err := netlinksafe.LinkByName(BRNAME) Expect(err).NotTo(HaveOccurred()) origMac := link.Attrs().HardwareAddr cmdAddDelTest(originalNS, targetNS, tc, dataDir) - link, err = netlink.LinkByName(BRNAME) + link, err = netlinksafe.LinkByName(BRNAME) Expect(err).NotTo(HaveOccurred()) Expect(link.Attrs().HardwareAddr).To(Equal(origMac)) return nil diff --git a/plugins/main/dummy/dummy.go b/plugins/main/dummy/dummy.go index 9a2ba0c9..dadd5753 100644 --- a/plugins/main/dummy/dummy.go +++ b/plugins/main/dummy/dummy.go @@ -28,6 +28,7 @@ import ( "github.com/containernetworking/cni/pkg/version" "github.com/containernetworking/plugins/pkg/ip" "github.com/containernetworking/plugins/pkg/ipam" + "github.com/containernetworking/plugins/pkg/netlinksafe" "github.com/containernetworking/plugins/pkg/ns" bv "github.com/containernetworking/plugins/pkg/utils/buildversion" ) @@ -58,7 +59,7 @@ func createDummy(ifName string, netns ns.NetNS) (*current.Interface, error) { err := netns.Do(func(_ ns.NetNS) error { // Re-fetch interface to get all properties/attributes - contDummy, err := netlink.LinkByName(ifName) + contDummy, err := netlinksafe.LinkByName(ifName) if err != nil { return fmt.Errorf("failed to fetch dummy%q: %v", ifName, err) } @@ -270,7 +271,7 @@ func validateCniContainerInterface(intf current.Interface) error { if intf.Name == "" { return fmt.Errorf("Container interface name missing in prevResult: %v", intf.Name) } - link, err = netlink.LinkByName(intf.Name) + link, err = netlinksafe.LinkByName(intf.Name) if err != nil { return fmt.Errorf("Container Interface name in prevResult: %s not found", intf.Name) } diff --git a/plugins/main/dummy/dummy_test.go b/plugins/main/dummy/dummy_test.go index 594c5cac..3d83f034 100644 --- a/plugins/main/dummy/dummy_test.go +++ b/plugins/main/dummy/dummy_test.go @@ -32,6 +32,7 @@ import ( types020 "github.com/containernetworking/cni/pkg/types/020" types040 "github.com/containernetworking/cni/pkg/types/040" types100 "github.com/containernetworking/cni/pkg/types/100" + "github.com/containernetworking/plugins/pkg/netlinksafe" "github.com/containernetworking/plugins/pkg/ns" "github.com/containernetworking/plugins/pkg/testutils" "github.com/containernetworking/plugins/plugins/ipam/host-local/backend/allocator" @@ -187,7 +188,7 @@ var _ = Describe("dummy Operations", func() { LinkAttrs: linkAttrs, }) Expect(err).NotTo(HaveOccurred()) - m, err := netlink.LinkByName(MASTER_NAME) + m, err := netlinksafe.LinkByName(MASTER_NAME) Expect(err).NotTo(HaveOccurred()) err = netlink.LinkSetUp(m) Expect(err).NotTo(HaveOccurred()) @@ -224,7 +225,7 @@ var _ = Describe("dummy Operations", func() { err = targetNS.Do(func(ns.NetNS) error { defer GinkgoRecover() - link, err := netlink.LinkByName("foobar0") + link, err := netlinksafe.LinkByName("foobar0") Expect(err).NotTo(HaveOccurred()) Expect(link.Attrs().Name).To(Equal("foobar0")) return nil @@ -281,7 +282,7 @@ var _ = Describe("dummy Operations", func() { err = targetNS.Do(func(ns.NetNS) error { defer GinkgoRecover() - link, err := netlink.LinkByName(IFNAME) + link, err := netlinksafe.LinkByName(IFNAME) Expect(err).NotTo(HaveOccurred()) Expect(link.Attrs().Name).To(Equal(IFNAME)) @@ -291,7 +292,7 @@ var _ = Describe("dummy Operations", func() { Expect(link.Attrs().HardwareAddr).To(Equal(hwaddr)) } - addrs, err := netlink.AddrList(link, syscall.AF_INET) + addrs, err := netlinksafe.AddrList(link, syscall.AF_INET) Expect(err).NotTo(HaveOccurred()) Expect(addrs).To(HaveLen(1)) return nil @@ -341,7 +342,7 @@ var _ = Describe("dummy Operations", func() { err = targetNS.Do(func(ns.NetNS) error { defer GinkgoRecover() - link, err := netlink.LinkByName(IFNAME) + link, err := netlinksafe.LinkByName(IFNAME) Expect(err).To(HaveOccurred()) Expect(link).To(BeNil()) return nil diff --git a/plugins/main/host-device/host-device.go b/plugins/main/host-device/host-device.go index 330b44a3..8a101fe0 100644 --- a/plugins/main/host-device/host-device.go +++ b/plugins/main/host-device/host-device.go @@ -33,6 +33,7 @@ import ( "github.com/containernetworking/cni/pkg/version" "github.com/containernetworking/plugins/pkg/ip" "github.com/containernetworking/plugins/pkg/ipam" + "github.com/containernetworking/plugins/pkg/netlinksafe" "github.com/containernetworking/plugins/pkg/ns" bv "github.com/containernetworking/plugins/pkg/utils/buildversion" ) @@ -257,7 +258,7 @@ func moveLinkIn(hostDev netlink.Link, containerNs ns.NetNS, containerIfName stri defer func() { if err != nil { // lookup the device again (index might have changed) - if hostDev, err := netlink.LinkByName(hostDevName); err == nil { + if hostDev, err := netlinksafe.LinkByName(hostDevName); err == nil { _ = netlink.LinkSetUp(hostDev) } } @@ -275,7 +276,7 @@ func moveLinkIn(hostDev netlink.Link, containerNs ns.NetNS, containerIfName stri // but host / container naming is easier to follow. if err = tempNS.Do(func(hostNS ns.NetNS) error { // lookup the device in tempNS (index might have changed) - tempNSDev, err := netlink.LinkByName(hostDevName) + tempNSDev, err := netlinksafe.LinkByName(hostDevName) if err != nil { return fmt.Errorf("failed to find %q in tempNS: %v", hostDevName, err) } @@ -321,13 +322,13 @@ func moveLinkIn(hostDev netlink.Link, containerNs ns.NetNS, containerIfName stri // Lookup the device again on error, the index might have changed defer func() { if err != nil { - tempNSDev, _ = netlink.LinkByName(containerIfName) + tempNSDev, _ = netlinksafe.LinkByName(containerIfName) } }() err = containerNs.Do(func(_ ns.NetNS) error { var err error - contDev, err = netlink.LinkByName(containerIfName) + contDev, err = netlinksafe.LinkByName(containerIfName) if err != nil { return fmt.Errorf("failed to find %q in container NS: %v", containerIfName, err) } @@ -375,7 +376,7 @@ func moveLinkOut(containerNs ns.NetNS, containerIfName string) error { if err != nil && contDev != nil && contDev.Attrs().Flags&net.FlagUp == net.FlagUp { containerNs.Do(func(_ ns.NetNS) error { // lookup the device again (index might have changed) - if contDev, err := netlink.LinkByName(containerIfName); err == nil { + if contDev, err := netlinksafe.LinkByName(containerIfName); err == nil { _ = netlink.LinkSetUp(contDev) } return nil @@ -386,7 +387,7 @@ func moveLinkOut(containerNs ns.NetNS, containerIfName string) error { err = containerNs.Do(func(_ ns.NetNS) error { var err error // Lookup the device in the containerNS - contDev, err = netlink.LinkByName(containerIfName) + contDev, err = netlinksafe.LinkByName(containerIfName) if err != nil { return fmt.Errorf("failed to find %q in containerNS: %v", containerIfName, err) } @@ -408,7 +409,7 @@ func moveLinkOut(containerNs ns.NetNS, containerIfName string) error { err = tempNS.Do(func(hostNS ns.NetNS) error { // Lookup the device in tempNS (index might have changed) - tempNSDev, err := netlink.LinkByName(containerIfName) + tempNSDev, err := netlinksafe.LinkByName(containerIfName) if err != nil { return fmt.Errorf("failed to find %q in tempNS: %v", containerIfName, err) } @@ -502,7 +503,7 @@ func linkFromPath(path string) (netlink.Link, error) { } if len(entries) > 0 { // grab the first net device - return netlink.LinkByName(entries[0].Name()) + return netlinksafe.LinkByName(entries[0].Name()) } return nil, fmt.Errorf("failed to find network device in path %s", path) } @@ -511,14 +512,14 @@ func getLink(devname, hwaddr, kernelpath, pciaddr string, auxDev string) (netlin switch { case len(devname) > 0: - return netlink.LinkByName(devname) + return netlinksafe.LinkByName(devname) case len(hwaddr) > 0: hwAddr, err := net.ParseMAC(hwaddr) if err != nil { return nil, fmt.Errorf("failed to parse MAC address %q: %v", hwaddr, err) } - links, err := netlink.LinkList() + links, err := netlinksafe.LinkList() if err != nil { return nil, fmt.Errorf("failed to list node links: %v", err) } @@ -651,7 +652,7 @@ func validateCniContainerInterface(intf current.Interface) error { if intf.Name == "" { return fmt.Errorf("Container interface name missing in prevResult: %v", intf.Name) } - link, err = netlink.LinkByName(intf.Name) + link, err = netlinksafe.LinkByName(intf.Name) if err != nil { return fmt.Errorf("Container Interface name in prevResult: %s not found", intf.Name) } diff --git a/plugins/main/host-device/host-device_test.go b/plugins/main/host-device/host-device_test.go index 895e29ff..d1a26f72 100644 --- a/plugins/main/host-device/host-device_test.go +++ b/plugins/main/host-device/host-device_test.go @@ -32,6 +32,7 @@ import ( types040 "github.com/containernetworking/cni/pkg/types/040" types100 "github.com/containernetworking/cni/pkg/types/100" "github.com/containernetworking/cni/pkg/version" + "github.com/containernetworking/plugins/pkg/netlinksafe" "github.com/containernetworking/plugins/pkg/ns" "github.com/containernetworking/plugins/pkg/testutils" ) @@ -362,7 +363,7 @@ var _ = Describe("base functionality", func() { LinkAttrs: linkAttrs, }) Expect(err).NotTo(HaveOccurred()) - origLink, err = netlink.LinkByName(ifname) + origLink, err = netlinksafe.LinkByName(ifname) Expect(err).NotTo(HaveOccurred()) err = netlink.LinkSetUp(origLink) Expect(err).NotTo(HaveOccurred()) @@ -408,7 +409,7 @@ var _ = Describe("base functionality", func() { // assert that dummy0 is now in the target namespace and is up _ = targetNS.Do(func(ns.NetNS) error { defer GinkgoRecover() - link, err := netlink.LinkByName(cniName) + link, err := netlinksafe.LinkByName(cniName) Expect(err).NotTo(HaveOccurred()) Expect(link.Attrs().HardwareAddr).To(Equal(origLink.Attrs().HardwareAddr)) Expect(link.Attrs().Flags & net.FlagUp).To(Equal(net.FlagUp)) @@ -418,7 +419,7 @@ var _ = Describe("base functionality", func() { // assert that dummy0 is now NOT in the original namespace anymore _ = originalNS.Do(func(ns.NetNS) error { defer GinkgoRecover() - _, err := netlink.LinkByName(ifname) + _, err := netlinksafe.LinkByName(ifname) Expect(err).To(HaveOccurred()) return nil }) @@ -431,7 +432,7 @@ var _ = Describe("base functionality", func() { }) Expect(err).NotTo(HaveOccurred()) - _, err = netlink.LinkByName(ifname) + _, err = netlinksafe.LinkByName(ifname) Expect(err).NotTo(HaveOccurred()) return nil }) @@ -452,7 +453,7 @@ var _ = Describe("base functionality", func() { LinkAttrs: linkAttrs, }) Expect(err).NotTo(HaveOccurred()) - origLink, err = netlink.LinkByName(ifname) + origLink, err = netlinksafe.LinkByName(ifname) Expect(err).NotTo(HaveOccurred()) err = netlink.LinkSetUp(origLink) Expect(err).NotTo(HaveOccurred()) @@ -489,7 +490,7 @@ var _ = Describe("base functionality", func() { // assert that dummy0 is now in the target namespace and is up _ = targetNS.Do(func(ns.NetNS) error { defer GinkgoRecover() - link, err := netlink.LinkByName(cniName) + link, err := netlinksafe.LinkByName(cniName) Expect(err).NotTo(HaveOccurred()) Expect(link.Attrs().HardwareAddr).To(Equal(origLink.Attrs().HardwareAddr)) Expect(link.Attrs().Flags & net.FlagUp).To(Equal(net.FlagUp)) @@ -499,7 +500,7 @@ var _ = Describe("base functionality", func() { // assert that dummy0 is now NOT in the original namespace anymore _ = originalNS.Do(func(ns.NetNS) error { defer GinkgoRecover() - _, err := netlink.LinkByName(ifname) + _, err := netlinksafe.LinkByName(ifname) Expect(err).To(HaveOccurred()) return nil }) @@ -513,7 +514,7 @@ var _ = Describe("base functionality", func() { LinkAttrs: linkAttrs, }) Expect(err).NotTo(HaveOccurred()) - conflictLink, err = netlink.LinkByName(ifname) + conflictLink, err = netlinksafe.LinkByName(ifname) Expect(err).NotTo(HaveOccurred()) err = netlink.LinkSetUp(conflictLink) Expect(err).NotTo(HaveOccurred()) @@ -533,7 +534,7 @@ var _ = Describe("base functionality", func() { // assert container interface "eth0" still exists in target namespace and is up _ = targetNS.Do(func(ns.NetNS) error { defer GinkgoRecover() - link, err := netlink.LinkByName(cniName) + link, err := netlinksafe.LinkByName(cniName) Expect(err).NotTo(HaveOccurred()) Expect(link.Attrs().HardwareAddr).To(Equal(origLink.Attrs().HardwareAddr)) Expect(link.Attrs().Flags & net.FlagUp).To(Equal(net.FlagUp)) @@ -561,7 +562,7 @@ var _ = Describe("base functionality", func() { // assert that dummy0 is now back in the original namespace _ = originalNS.Do(func(ns.NetNS) error { defer GinkgoRecover() - _, err := netlink.LinkByName(ifname) + _, err := netlinksafe.LinkByName(ifname) Expect(err).NotTo(HaveOccurred()) return nil }) @@ -638,7 +639,7 @@ var _ = Describe("base functionality", func() { LinkAttrs: linkAttrs, }) Expect(err).NotTo(HaveOccurred()) - origLink, err = netlink.LinkByName(ifname) + origLink, err = netlinksafe.LinkByName(ifname) Expect(err).NotTo(HaveOccurred()) err = netlink.LinkSetUp(origLink) Expect(err).NotTo(HaveOccurred()) @@ -684,13 +685,13 @@ var _ = Describe("base functionality", func() { // assert that dummy0 is now in the target namespace and is up _ = targetNS.Do(func(ns.NetNS) error { defer GinkgoRecover() - link, err := netlink.LinkByName(cniName) + link, err := netlinksafe.LinkByName(cniName) Expect(err).NotTo(HaveOccurred()) Expect(link.Attrs().HardwareAddr).To(Equal(origLink.Attrs().HardwareAddr)) Expect(link.Attrs().Flags & net.FlagUp).To(Equal(net.FlagUp)) // get the IP address of the interface in the target namespace - addrs, err := netlink.AddrList(link, netlink.FAMILY_V4) + addrs, err := netlinksafe.AddrList(link, netlink.FAMILY_V4) Expect(err).NotTo(HaveOccurred()) addr := addrs[0].IPNet.String() // assert that IP address is what we set @@ -702,7 +703,7 @@ var _ = Describe("base functionality", func() { // assert that dummy0 is now NOT in the original namespace anymore _ = originalNS.Do(func(ns.NetNS) error { defer GinkgoRecover() - _, err := netlink.LinkByName(ifname) + _, err := netlinksafe.LinkByName(ifname) Expect(err).To(HaveOccurred()) return nil }) @@ -715,7 +716,7 @@ var _ = Describe("base functionality", func() { }) Expect(err).NotTo(HaveOccurred()) - _, err := netlink.LinkByName(ifname) + _, err := netlinksafe.LinkByName(ifname) Expect(err).NotTo(HaveOccurred()) return nil }) @@ -750,7 +751,7 @@ var _ = Describe("base functionality", func() { LinkAttrs: linkAttrs, }) Expect(err).NotTo(HaveOccurred()) - origLink, err = netlink.LinkByName(ifname) + origLink, err = netlinksafe.LinkByName(ifname) Expect(err).NotTo(HaveOccurred()) err = netlink.LinkSetUp(origLink) Expect(err).NotTo(HaveOccurred()) @@ -787,7 +788,7 @@ var _ = Describe("base functionality", func() { // assert that dummy0 is now in the target namespace and is up _ = targetNS.Do(func(ns.NetNS) error { defer GinkgoRecover() - link, err := netlink.LinkByName(cniName) + link, err := netlinksafe.LinkByName(cniName) Expect(err).NotTo(HaveOccurred()) Expect(link.Attrs().HardwareAddr).To(Equal(origLink.Attrs().HardwareAddr)) Expect(link.Attrs().Flags & net.FlagUp).To(Equal(net.FlagUp)) @@ -797,7 +798,7 @@ var _ = Describe("base functionality", func() { // assert that dummy0 is now NOT in the original namespace anymore _ = originalNS.Do(func(ns.NetNS) error { defer GinkgoRecover() - _, err := netlink.LinkByName(ifname) + _, err := netlinksafe.LinkByName(ifname) Expect(err).To(HaveOccurred()) return nil }) @@ -833,7 +834,7 @@ var _ = Describe("base functionality", func() { }) Expect(err).NotTo(HaveOccurred()) - _, err := netlink.LinkByName(ifname) + _, err := netlinksafe.LinkByName(ifname) Expect(err).NotTo(HaveOccurred()) return nil }) @@ -942,7 +943,7 @@ var _ = Describe("base functionality", func() { LinkAttrs: linkAttrs, }) Expect(err).NotTo(HaveOccurred()) - origLink, err = netlink.LinkByName(ifname) + origLink, err = netlinksafe.LinkByName(ifname) Expect(err).NotTo(HaveOccurred()) err = netlink.LinkSetUp(origLink) Expect(err).NotTo(HaveOccurred()) @@ -999,7 +1000,7 @@ var _ = Describe("base functionality", func() { LinkAttrs: linkAttrs, }) Expect(err).NotTo(HaveOccurred()) - origLink, err = netlink.LinkByName(ifname) + origLink, err = netlinksafe.LinkByName(ifname) Expect(err).NotTo(HaveOccurred()) err = netlink.LinkSetUp(origLink) Expect(err).NotTo(HaveOccurred()) @@ -1045,13 +1046,13 @@ var _ = Describe("base functionality", func() { // assert that dummy0 is now in the target namespace and is up _ = targetNS.Do(func(ns.NetNS) error { defer GinkgoRecover() - link, err := netlink.LinkByName(cniName) + link, err := netlinksafe.LinkByName(cniName) Expect(err).NotTo(HaveOccurred()) Expect(link.Attrs().HardwareAddr).To(Equal(origLink.Attrs().HardwareAddr)) Expect(link.Attrs().Flags & net.FlagUp).To(Equal(net.FlagUp)) // get the IP address of the interface in the target namespace - addrs, err := netlink.AddrList(link, netlink.FAMILY_V4) + addrs, err := netlinksafe.AddrList(link, netlink.FAMILY_V4) Expect(err).NotTo(HaveOccurred()) addr := addrs[0].IPNet.String() // assert that IP address is what we set @@ -1063,7 +1064,7 @@ var _ = Describe("base functionality", func() { // assert that dummy0 is now NOT in the original namespace anymore _ = originalNS.Do(func(ns.NetNS) error { defer GinkgoRecover() - _, err := netlink.LinkByName(ifname) + _, err := netlinksafe.LinkByName(ifname) Expect(err).To(HaveOccurred()) return nil }) @@ -1102,7 +1103,7 @@ var _ = Describe("base functionality", func() { }) Expect(err).NotTo(HaveOccurred()) - _, err := netlink.LinkByName(ifname) + _, err := netlinksafe.LinkByName(ifname) Expect(err).NotTo(HaveOccurred()) return nil }) @@ -1123,7 +1124,7 @@ var _ = Describe("base functionality", func() { LinkAttrs: linkAttrs, }) Expect(err).NotTo(HaveOccurred()) - origLink, err = netlink.LinkByName(ifname) + origLink, err = netlinksafe.LinkByName(ifname) Expect(err).NotTo(HaveOccurred()) err = netlink.LinkSetUp(origLink) Expect(err).NotTo(HaveOccurred()) @@ -1160,7 +1161,7 @@ var _ = Describe("base functionality", func() { // assert that dummy0 is now in the target namespace and is up _ = targetNS.Do(func(ns.NetNS) error { defer GinkgoRecover() - link, err := netlink.LinkByName(cniName) + link, err := netlinksafe.LinkByName(cniName) Expect(err).NotTo(HaveOccurred()) Expect(link.Attrs().HardwareAddr).To(Equal(origLink.Attrs().HardwareAddr)) Expect(link.Attrs().Flags & net.FlagUp).To(Equal(net.FlagUp)) @@ -1170,7 +1171,7 @@ var _ = Describe("base functionality", func() { // assert that dummy0 is now NOT in the original namespace anymore _ = originalNS.Do(func(ns.NetNS) error { defer GinkgoRecover() - _, err := netlink.LinkByName(ifname) + _, err := netlinksafe.LinkByName(ifname) Expect(err).To(HaveOccurred()) return nil }) @@ -1184,7 +1185,7 @@ var _ = Describe("base functionality", func() { LinkAttrs: linkAttrs, }) Expect(err).NotTo(HaveOccurred()) - conflictLink, err = netlink.LinkByName(ifname) + conflictLink, err = netlinksafe.LinkByName(ifname) Expect(err).NotTo(HaveOccurred()) err = netlink.LinkSetUp(conflictLink) Expect(err).NotTo(HaveOccurred()) @@ -1204,7 +1205,7 @@ var _ = Describe("base functionality", func() { // assert container interface "eth0" still exists in target namespace and is up err = targetNS.Do(func(ns.NetNS) error { defer GinkgoRecover() - link, err := netlink.LinkByName(cniName) + link, err := netlinksafe.LinkByName(cniName) Expect(err).NotTo(HaveOccurred()) Expect(link.Attrs().HardwareAddr).To(Equal(origLink.Attrs().HardwareAddr)) Expect(link.Attrs().Flags & net.FlagUp).To(Equal(net.FlagUp)) @@ -1233,7 +1234,7 @@ var _ = Describe("base functionality", func() { // assert that dummy0 is now back in the original namespace _ = originalNS.Do(func(ns.NetNS) error { defer GinkgoRecover() - _, err := netlink.LinkByName(ifname) + _, err := netlinksafe.LinkByName(ifname) Expect(err).NotTo(HaveOccurred()) return nil }) @@ -1257,7 +1258,7 @@ var _ = Describe("base functionality", func() { LinkAttrs: linkAttrs, }) Expect(err).NotTo(HaveOccurred()) - origLink, err = netlink.LinkByName(hostIfname) + origLink, err = netlinksafe.LinkByName(hostIfname) Expect(err).NotTo(HaveOccurred()) err = netlink.LinkSetUp(origLink) Expect(err).NotTo(HaveOccurred()) @@ -1273,7 +1274,7 @@ var _ = Describe("base functionality", func() { LinkAttrs: linkAttrs, }) Expect(err).NotTo(HaveOccurred()) - containerLink, err = netlink.LinkByName(containerAdditionalIfname) + containerLink, err = netlinksafe.LinkByName(containerAdditionalIfname) Expect(err).NotTo(HaveOccurred()) err = netlink.LinkSetUp(containerLink) Expect(err).NotTo(HaveOccurred()) @@ -1310,7 +1311,7 @@ var _ = Describe("base functionality", func() { // assert that host device is now in the target namespace and is up _ = targetNS.Do(func(ns.NetNS) error { defer GinkgoRecover() - link, err := netlink.LinkByName(cniName) + link, err := netlinksafe.LinkByName(cniName) Expect(err).NotTo(HaveOccurred()) Expect(link.Attrs().HardwareAddr).To(Equal(origLink.Attrs().HardwareAddr)) Expect(link.Attrs().Flags & net.FlagUp).To(Equal(net.FlagUp)) @@ -1330,7 +1331,7 @@ var _ = Describe("base functionality", func() { // assert container interface "eth0" still exists in target namespace and is up err = targetNS.Do(func(ns.NetNS) error { defer GinkgoRecover() - link, err := netlink.LinkByName(containerAdditionalIfname) + link, err := netlinksafe.LinkByName(containerAdditionalIfname) Expect(err).NotTo(HaveOccurred()) Expect(link.Attrs().HardwareAddr).To(Equal(containerLink.Attrs().HardwareAddr)) Expect(link.Attrs().Flags & net.FlagUp).To(Equal(net.FlagUp)) @@ -1341,7 +1342,7 @@ var _ = Describe("base functionality", func() { // assert that host device is now back in the original namespace _ = originalNS.Do(func(ns.NetNS) error { defer GinkgoRecover() - _, err := netlink.LinkByName(hostIfname) + _, err := netlinksafe.LinkByName(hostIfname) Expect(err).NotTo(HaveOccurred()) return nil }) diff --git a/plugins/main/ipvlan/ipvlan.go b/plugins/main/ipvlan/ipvlan.go index 37736fd2..9dbd78ad 100644 --- a/plugins/main/ipvlan/ipvlan.go +++ b/plugins/main/ipvlan/ipvlan.go @@ -28,6 +28,7 @@ import ( "github.com/containernetworking/cni/pkg/version" "github.com/containernetworking/plugins/pkg/ip" "github.com/containernetworking/plugins/pkg/ipam" + "github.com/containernetworking/plugins/pkg/netlinksafe" "github.com/containernetworking/plugins/pkg/ns" bv "github.com/containernetworking/plugins/pkg/utils/buildversion" "github.com/containernetworking/plugins/pkg/utils/sysctl" @@ -127,11 +128,11 @@ func createIpvlan(conf *NetConf, ifName string, netns ns.NetNS) (*current.Interf var m netlink.Link if conf.LinkContNs { err = netns.Do(func(_ ns.NetNS) error { - m, err = netlink.LinkByName(conf.Master) + m, err = netlinksafe.LinkByName(conf.Master) return err }) } else { - m, err = netlink.LinkByName(conf.Master) + m, err = netlinksafe.LinkByName(conf.Master) } if err != nil { return nil, fmt.Errorf("failed to lookup master %q: %v", conf.Master, err) @@ -173,7 +174,7 @@ func createIpvlan(conf *NetConf, ifName string, netns ns.NetNS) (*current.Interf ipvlan.Name = ifName // Re-fetch ipvlan to get all properties/attributes - contIpvlan, err := netlink.LinkByName(ipvlan.Name) + contIpvlan, err := netlinksafe.LinkByName(ipvlan.Name) if err != nil { return fmt.Errorf("failed to refetch ipvlan %q: %v", ipvlan.Name, err) } @@ -190,7 +191,7 @@ func createIpvlan(conf *NetConf, ifName string, netns ns.NetNS) (*current.Interf } func getDefaultRouteInterfaceName() (string, error) { - routeToDstIP, err := netlink.RouteList(nil, netlink.FAMILY_ALL) + routeToDstIP, err := netlinksafe.RouteList(nil, netlink.FAMILY_ALL) if err != nil { return "", err } @@ -411,11 +412,11 @@ func cmdCheck(args *skel.CmdArgs) error { if n.LinkContNs { err = netns.Do(func(_ ns.NetNS) error { - _, err = netlink.LinkByName(n.Master) + _, err = netlinksafe.LinkByName(n.Master) return err }) } else { - _, err = netlink.LinkByName(n.Master) + _, err = netlinksafe.LinkByName(n.Master) } if err != nil { @@ -454,7 +455,7 @@ func validateCniContainerInterface(intf current.Interface, modeExpected string) if intf.Name == "" { return fmt.Errorf("Container interface name missing in prevResult: %v", intf.Name) } - link, err = netlink.LinkByName(intf.Name) + link, err = netlinksafe.LinkByName(intf.Name) if err != nil { return fmt.Errorf("Container Interface name in prevResult: %s not found", intf.Name) } diff --git a/plugins/main/ipvlan/ipvlan_test.go b/plugins/main/ipvlan/ipvlan_test.go index 09b1dc64..f20d50ba 100644 --- a/plugins/main/ipvlan/ipvlan_test.go +++ b/plugins/main/ipvlan/ipvlan_test.go @@ -31,6 +31,7 @@ import ( types020 "github.com/containernetworking/cni/pkg/types/020" types040 "github.com/containernetworking/cni/pkg/types/040" types100 "github.com/containernetworking/cni/pkg/types/100" + "github.com/containernetworking/plugins/pkg/netlinksafe" "github.com/containernetworking/plugins/pkg/ns" "github.com/containernetworking/plugins/pkg/testutils" "github.com/containernetworking/plugins/plugins/ipam/host-local/backend/allocator" @@ -136,7 +137,7 @@ func ipvlanAddCheckDelTest(conf, masterName string, originalNS, targetNS ns.NetN err = targetNS.Do(func(ns.NetNS) error { defer GinkgoRecover() - link, err := netlink.LinkByName(args.IfName) + link, err := netlinksafe.LinkByName(args.IfName) Expect(err).NotTo(HaveOccurred()) Expect(link.Attrs().Name).To(Equal(args.IfName)) @@ -146,7 +147,7 @@ func ipvlanAddCheckDelTest(conf, masterName string, originalNS, targetNS ns.NetN Expect(link.Attrs().HardwareAddr).To(Equal(hwaddr)) } - addrs, err := netlink.AddrList(link, syscall.AF_INET) + addrs, err := netlinksafe.AddrList(link, syscall.AF_INET) Expect(err).NotTo(HaveOccurred()) Expect(addrs).To(HaveLen(1)) return nil @@ -198,7 +199,7 @@ func ipvlanAddCheckDelTest(conf, masterName string, originalNS, targetNS ns.NetN err = targetNS.Do(func(ns.NetNS) error { defer GinkgoRecover() - link, err := netlink.LinkByName(args.IfName) + link, err := netlinksafe.LinkByName(args.IfName) Expect(err).To(HaveOccurred()) Expect(link).To(BeNil()) return nil @@ -295,7 +296,7 @@ var _ = Describe("ipvlan Operations", func() { LinkAttrs: linkAttrs, }) Expect(err).NotTo(HaveOccurred()) - _, err = netlink.LinkByName(MASTER_NAME) + _, err = netlinksafe.LinkByName(MASTER_NAME) Expect(err).NotTo(HaveOccurred()) return nil }) @@ -311,7 +312,7 @@ var _ = Describe("ipvlan Operations", func() { LinkAttrs: linkAttrs, }) Expect(err).NotTo(HaveOccurred()) - _, err = netlink.LinkByName(MASTER_NAME_INCONTAINER) + _, err = netlinksafe.LinkByName(MASTER_NAME_INCONTAINER) Expect(err).NotTo(HaveOccurred()) return nil }) @@ -367,7 +368,7 @@ var _ = Describe("ipvlan Operations", func() { err = targetNS.Do(func(ns.NetNS) error { defer GinkgoRecover() - link, err := netlink.LinkByName("foobar0") + link, err := netlinksafe.LinkByName("foobar0") Expect(err).NotTo(HaveOccurred()) Expect(link.Attrs().Name).To(Equal("foobar0")) return nil @@ -475,7 +476,7 @@ var _ = Describe("ipvlan Operations", func() { err := currentNs.Do(func(ns.NetNS) error { defer GinkgoRecover() - link, err := netlink.LinkByName(masterInterface) + link, err := netlinksafe.LinkByName(masterInterface) Expect(err).NotTo(HaveOccurred()) err = netlink.LinkSetUp(link) Expect(err).NotTo(HaveOccurred()) diff --git a/plugins/main/loopback/loopback.go b/plugins/main/loopback/loopback.go index 182e4e6b..a2c428eb 100644 --- a/plugins/main/loopback/loopback.go +++ b/plugins/main/loopback/loopback.go @@ -26,6 +26,7 @@ import ( "github.com/containernetworking/cni/pkg/types" current "github.com/containernetworking/cni/pkg/types/100" "github.com/containernetworking/cni/pkg/version" + "github.com/containernetworking/plugins/pkg/netlinksafe" "github.com/containernetworking/plugins/pkg/ns" bv "github.com/containernetworking/plugins/pkg/utils/buildversion" ) @@ -58,7 +59,7 @@ func cmdAdd(args *skel.CmdArgs) error { args.IfName = "lo" // ignore config, this only works for loopback err = ns.WithNetNSPath(args.Netns, func(_ ns.NetNS) error { - link, err := netlink.LinkByName(args.IfName) + link, err := netlinksafe.LinkByName(args.IfName) if err != nil { return err // not tested } @@ -68,7 +69,7 @@ func cmdAdd(args *skel.CmdArgs) error { return err // not tested } - v4Addrs, err := netlink.AddrList(link, netlink.FAMILY_V4) + v4Addrs, err := netlinksafe.AddrList(link, netlink.FAMILY_V4) if err != nil { return err // not tested } @@ -82,7 +83,7 @@ func cmdAdd(args *skel.CmdArgs) error { } } - v6Addrs, err := netlink.AddrList(link, netlink.FAMILY_V6) + v6Addrs, err := netlinksafe.AddrList(link, netlink.FAMILY_V6) if err != nil { return err // not tested } @@ -145,7 +146,7 @@ func cmdDel(args *skel.CmdArgs) error { } args.IfName = "lo" // ignore config, this only works for loopback err := ns.WithNetNSPath(args.Netns, func(ns.NetNS) error { - link, err := netlink.LinkByName(args.IfName) + link, err := netlinksafe.LinkByName(args.IfName) if err != nil { return err // not tested } @@ -185,7 +186,7 @@ func cmdCheck(args *skel.CmdArgs) error { args.IfName = "lo" // ignore config, this only works for loopback return ns.WithNetNSPath(args.Netns, func(_ ns.NetNS) error { - link, err := netlink.LinkByName(args.IfName) + link, err := netlinksafe.LinkByName(args.IfName) if err != nil { return err } diff --git a/plugins/main/macvlan/macvlan.go b/plugins/main/macvlan/macvlan.go index f550be75..a7d3c0d1 100644 --- a/plugins/main/macvlan/macvlan.go +++ b/plugins/main/macvlan/macvlan.go @@ -29,6 +29,7 @@ import ( "github.com/containernetworking/cni/pkg/version" "github.com/containernetworking/plugins/pkg/ip" "github.com/containernetworking/plugins/pkg/ipam" + "github.com/containernetworking/plugins/pkg/netlinksafe" "github.com/containernetworking/plugins/pkg/ns" bv "github.com/containernetworking/plugins/pkg/utils/buildversion" "github.com/containernetworking/plugins/pkg/utils/sysctl" @@ -62,7 +63,7 @@ func init() { } func getDefaultRouteInterfaceName() (string, error) { - routeToDstIP, err := netlink.RouteList(nil, netlink.FAMILY_ALL) + routeToDstIP, err := netlinksafe.RouteList(nil, netlink.FAMILY_ALL) if err != nil { return "", err } @@ -156,11 +157,11 @@ func getMTUByName(ifName string, namespace string, inContainer bool) (int, error defer netns.Close() err = netns.Do(func(_ ns.NetNS) error { - link, err = netlink.LinkByName(ifName) + link, err = netlinksafe.LinkByName(ifName) return err }) } else { - link, err = netlink.LinkByName(ifName) + link, err = netlinksafe.LinkByName(ifName) } if err != nil { return 0, err @@ -209,11 +210,11 @@ func createMacvlan(conf *NetConf, ifName string, netns ns.NetNS) (*current.Inter var m netlink.Link if conf.LinkContNs { err = netns.Do(func(_ ns.NetNS) error { - m, err = netlink.LinkByName(conf.Master) + m, err = netlinksafe.LinkByName(conf.Master) return err }) } else { - m, err = netlink.LinkByName(conf.Master) + m, err = netlinksafe.LinkByName(conf.Master) } if err != nil { return nil, fmt.Errorf("failed to lookup master %q: %v", conf.Master, err) @@ -269,7 +270,7 @@ func createMacvlan(conf *NetConf, ifName string, netns ns.NetNS) (*current.Inter macvlan.Name = ifName // Re-fetch macvlan to get all properties/attributes - contMacvlan, err := netlink.LinkByName(ifName) + contMacvlan, err := netlinksafe.LinkByName(ifName) if err != nil { return fmt.Errorf("failed to refetch macvlan %q: %v", ifName, err) } @@ -363,7 +364,7 @@ func cmdAdd(args *skel.CmdArgs) error { } else { // For L2 just change interface status to up err = netns.Do(func(_ ns.NetNS) error { - macvlanInterfaceLink, err := netlink.LinkByName(args.IfName) + macvlanInterfaceLink, err := netlinksafe.LinkByName(args.IfName) if err != nil { return fmt.Errorf("failed to find interface name %q: %v", macvlanInterface.Name, err) } @@ -491,11 +492,11 @@ func cmdCheck(args *skel.CmdArgs) error { if n.LinkContNs { err = netns.Do(func(_ ns.NetNS) error { - _, err = netlink.LinkByName(n.Master) + _, err = netlinksafe.LinkByName(n.Master) return err }) } else { - _, err = netlink.LinkByName(n.Master) + _, err = netlinksafe.LinkByName(n.Master) } if err != nil { return fmt.Errorf("failed to lookup master %q: %v", n.Master, err) @@ -533,7 +534,7 @@ func validateCniContainerInterface(intf current.Interface, modeExpected string) if intf.Name == "" { return fmt.Errorf("container interface name missing in prevResult: %v", intf.Name) } - link, err = netlink.LinkByName(intf.Name) + link, err = netlinksafe.LinkByName(intf.Name) if err != nil { return fmt.Errorf("container Interface name in prevResult: %s not found", intf.Name) } diff --git a/plugins/main/macvlan/macvlan_test.go b/plugins/main/macvlan/macvlan_test.go index 3341acf7..cd1461e3 100644 --- a/plugins/main/macvlan/macvlan_test.go +++ b/plugins/main/macvlan/macvlan_test.go @@ -31,6 +31,7 @@ import ( types020 "github.com/containernetworking/cni/pkg/types/020" types040 "github.com/containernetworking/cni/pkg/types/040" types100 "github.com/containernetworking/cni/pkg/types/100" + "github.com/containernetworking/plugins/pkg/netlinksafe" "github.com/containernetworking/plugins/pkg/ns" "github.com/containernetworking/plugins/pkg/testutils" "github.com/containernetworking/plugins/plugins/ipam/host-local/backend/allocator" @@ -215,7 +216,7 @@ var _ = Describe("macvlan Operations", func() { LinkAttrs: linkAttrs, }) Expect(err).NotTo(HaveOccurred()) - _, err = netlink.LinkByName(MASTER_NAME) + _, err = netlinksafe.LinkByName(MASTER_NAME) Expect(err).NotTo(HaveOccurred()) return nil }) @@ -231,7 +232,7 @@ var _ = Describe("macvlan Operations", func() { LinkAttrs: linkAttrs, }) Expect(err).NotTo(HaveOccurred()) - _, err = netlink.LinkByName(MASTER_NAME_INCONTAINER) + _, err = netlinksafe.LinkByName(MASTER_NAME_INCONTAINER) Expect(err).NotTo(HaveOccurred()) return nil }) @@ -287,7 +288,7 @@ var _ = Describe("macvlan Operations", func() { err = targetNS.Do(func(ns.NetNS) error { defer GinkgoRecover() - link, err := netlink.LinkByName("foobar0") + link, err := netlinksafe.LinkByName("foobar0") Expect(err).NotTo(HaveOccurred()) Expect(link.Attrs().Name).To(Equal("foobar0")) return nil @@ -343,7 +344,7 @@ var _ = Describe("macvlan Operations", func() { err = targetNS.Do(func(ns.NetNS) error { defer GinkgoRecover() - link, err := netlink.LinkByName(IFNAME) + link, err := netlinksafe.LinkByName(IFNAME) Expect(err).NotTo(HaveOccurred()) Expect(link.Attrs().Name).To(Equal(IFNAME)) @@ -353,7 +354,7 @@ var _ = Describe("macvlan Operations", func() { Expect(link.Attrs().HardwareAddr).To(Equal(hwaddr)) } - addrs, err := netlink.AddrList(link, syscall.AF_INET) + addrs, err := netlinksafe.AddrList(link, syscall.AF_INET) Expect(err).NotTo(HaveOccurred()) Expect(addrs).To(HaveLen(1)) return nil @@ -375,7 +376,7 @@ var _ = Describe("macvlan Operations", func() { err = targetNS.Do(func(ns.NetNS) error { defer GinkgoRecover() - link, err := netlink.LinkByName(IFNAME) + link, err := netlinksafe.LinkByName(IFNAME) Expect(err).To(HaveOccurred()) Expect(link).To(BeNil()) return nil @@ -462,7 +463,7 @@ var _ = Describe("macvlan Operations", func() { err = targetNS.Do(func(ns.NetNS) error { defer GinkgoRecover() - link, err := netlink.LinkByName(IFNAME) + link, err := netlinksafe.LinkByName(IFNAME) Expect(err).NotTo(HaveOccurred()) Expect(link.Attrs().Name).To(Equal(IFNAME)) @@ -472,7 +473,7 @@ var _ = Describe("macvlan Operations", func() { Expect(link.Attrs().HardwareAddr).To(Equal(hwaddr)) } - addrs, err := netlink.AddrList(link, syscall.AF_INET) + addrs, err := netlinksafe.AddrList(link, syscall.AF_INET) Expect(err).NotTo(HaveOccurred()) Expect(addrs).To(BeEmpty()) return nil @@ -494,7 +495,7 @@ var _ = Describe("macvlan Operations", func() { err = targetNS.Do(func(ns.NetNS) error { defer GinkgoRecover() - link, err := netlink.LinkByName(IFNAME) + link, err := netlinksafe.LinkByName(IFNAME) Expect(err).To(HaveOccurred()) Expect(link).To(BeNil()) return nil @@ -555,7 +556,7 @@ var _ = Describe("macvlan Operations", func() { err = targetNS.Do(func(ns.NetNS) error { defer GinkgoRecover() - link, err := netlink.LinkByName(IFNAME) + link, err := netlinksafe.LinkByName(IFNAME) Expect(err).NotTo(HaveOccurred()) Expect(link.Attrs().Name).To(Equal(IFNAME)) @@ -565,7 +566,7 @@ var _ = Describe("macvlan Operations", func() { Expect(link.Attrs().HardwareAddr).To(Equal(hwaddr)) } - addrs, err := netlink.AddrList(link, syscall.AF_INET) + addrs, err := netlinksafe.AddrList(link, syscall.AF_INET) Expect(err).NotTo(HaveOccurred()) Expect(addrs).To(HaveLen(1)) return nil @@ -616,7 +617,7 @@ var _ = Describe("macvlan Operations", func() { err = targetNS.Do(func(ns.NetNS) error { defer GinkgoRecover() - link, err := netlink.LinkByName(IFNAME) + link, err := netlinksafe.LinkByName(IFNAME) Expect(err).To(HaveOccurred()) Expect(link).To(BeNil()) return nil @@ -654,7 +655,7 @@ var _ = Describe("macvlan Operations", func() { err := currentNs.Do(func(ns.NetNS) error { defer GinkgoRecover() - link, err := netlink.LinkByName(masterInterface) + link, err := netlinksafe.LinkByName(masterInterface) Expect(err).NotTo(HaveOccurred()) err = netlink.LinkSetUp(link) Expect(err).NotTo(HaveOccurred()) @@ -702,7 +703,7 @@ var _ = Describe("macvlan Operations", func() { err = targetNS.Do(func(ns.NetNS) error { defer GinkgoRecover() - link, err := netlink.LinkByName(IFNAME) + link, err := netlinksafe.LinkByName(IFNAME) Expect(err).NotTo(HaveOccurred()) Expect(link.Attrs().Name).To(Equal(IFNAME)) @@ -712,7 +713,7 @@ var _ = Describe("macvlan Operations", func() { Expect(link.Attrs().HardwareAddr).To(Equal(hwaddr)) } - addrs, err := netlink.AddrList(link, syscall.AF_INET) + addrs, err := netlinksafe.AddrList(link, syscall.AF_INET) Expect(err).NotTo(HaveOccurred()) Expect(addrs).To(HaveLen(1)) return nil @@ -734,7 +735,7 @@ var _ = Describe("macvlan Operations", func() { err = targetNS.Do(func(ns.NetNS) error { defer GinkgoRecover() - link, err := netlink.LinkByName(IFNAME) + link, err := netlinksafe.LinkByName(IFNAME) Expect(err).To(HaveOccurred()) Expect(link).To(BeNil()) return nil @@ -786,7 +787,7 @@ var _ = Describe("macvlan Operations", func() { err = targetNS.Do(func(ns.NetNS) error { defer GinkgoRecover() - link, err := netlink.LinkByName(IFNAME) + link, err := netlinksafe.LinkByName(IFNAME) Expect(err).NotTo(HaveOccurred()) Expect(link.Attrs().Name).To(Equal(IFNAME)) @@ -794,7 +795,7 @@ var _ = Describe("macvlan Operations", func() { Expect(err).NotTo(HaveOccurred()) Expect(link.Attrs().HardwareAddr).To(Equal(hwaddr)) - addrs, err := netlink.AddrList(link, syscall.AF_INET) + addrs, err := netlinksafe.AddrList(link, syscall.AF_INET) Expect(err).NotTo(HaveOccurred()) Expect(addrs).To(BeEmpty()) return nil @@ -816,7 +817,7 @@ var _ = Describe("macvlan Operations", func() { err = targetNS.Do(func(ns.NetNS) error { defer GinkgoRecover() - link, err := netlink.LinkByName(IFNAME) + link, err := netlinksafe.LinkByName(IFNAME) Expect(err).To(HaveOccurred()) Expect(link).To(BeNil()) return nil @@ -871,7 +872,7 @@ var _ = Describe("macvlan Operations", func() { err = targetNS.Do(func(ns.NetNS) error { defer GinkgoRecover() - link, err := netlink.LinkByName(IFNAME) + link, err := netlinksafe.LinkByName(IFNAME) Expect(err).NotTo(HaveOccurred()) Expect(link.Attrs().Name).To(Equal(IFNAME)) @@ -879,7 +880,7 @@ var _ = Describe("macvlan Operations", func() { Expect(err).NotTo(HaveOccurred()) Expect(link.Attrs().HardwareAddr).To(Equal(hwaddr)) - addrs, err := netlink.AddrList(link, syscall.AF_INET) + addrs, err := netlinksafe.AddrList(link, syscall.AF_INET) Expect(err).NotTo(HaveOccurred()) Expect(addrs).To(BeEmpty()) return nil @@ -901,7 +902,7 @@ var _ = Describe("macvlan Operations", func() { err = targetNS.Do(func(ns.NetNS) error { defer GinkgoRecover() - link, err := netlink.LinkByName(IFNAME) + link, err := netlinksafe.LinkByName(IFNAME) Expect(err).To(HaveOccurred()) Expect(link).To(BeNil()) return nil diff --git a/plugins/main/ptp/ptp.go b/plugins/main/ptp/ptp.go index 129146f2..9c88d901 100644 --- a/plugins/main/ptp/ptp.go +++ b/plugins/main/ptp/ptp.go @@ -30,6 +30,7 @@ import ( "github.com/containernetworking/cni/pkg/version" "github.com/containernetworking/plugins/pkg/ip" "github.com/containernetworking/plugins/pkg/ipam" + "github.com/containernetworking/plugins/pkg/netlinksafe" "github.com/containernetworking/plugins/pkg/ns" bv "github.com/containernetworking/plugins/pkg/utils/buildversion" ) @@ -147,7 +148,7 @@ func setupContainerVeth(netns ns.NetNS, ifName string, mtu int, pr *current.Resu func setupHostVeth(vethName string, result *current.Result) error { // hostVeth moved namespaces and may have a new ifindex - veth, err := netlink.LinkByName(vethName) + veth, err := netlinksafe.LinkByName(vethName) if err != nil { return fmt.Errorf("failed to lookup %q: %v", vethName, err) } @@ -390,7 +391,7 @@ func validateCniContainerInterface(intf current.Interface) error { if intf.Name == "" { return fmt.Errorf("Container interface name missing in prevResult: %v", intf.Name) } - link, err = netlink.LinkByName(intf.Name) + link, err = netlinksafe.LinkByName(intf.Name) if err != nil { return fmt.Errorf("ptp: Container Interface name in prevResult: %s not found", intf.Name) } diff --git a/plugins/main/ptp/ptp_test.go b/plugins/main/ptp/ptp_test.go index 5caf83f6..7cc20f10 100644 --- a/plugins/main/ptp/ptp_test.go +++ b/plugins/main/ptp/ptp_test.go @@ -22,13 +22,13 @@ import ( . "github.com/onsi/ginkgo/v2" . "github.com/onsi/gomega" - "github.com/vishvananda/netlink" "github.com/containernetworking/cni/pkg/skel" "github.com/containernetworking/cni/pkg/types" types020 "github.com/containernetworking/cni/pkg/types/020" types040 "github.com/containernetworking/cni/pkg/types/040" types100 "github.com/containernetworking/cni/pkg/types/100" + "github.com/containernetworking/plugins/pkg/netlinksafe" "github.com/containernetworking/plugins/pkg/ns" "github.com/containernetworking/plugins/pkg/testutils" "github.com/containernetworking/plugins/plugins/ipam/host-local/backend/allocator" @@ -275,7 +275,7 @@ var _ = Describe("ptp Operations", func() { err = targetNS.Do(func(ns.NetNS) error { defer GinkgoRecover() - link, err := netlink.LinkByName(IFNAME) + link, err := netlinksafe.LinkByName(IFNAME) Expect(err).NotTo(HaveOccurred()) if mac != "" { Expect(mac).To(Equal(link.Attrs().HardwareAddr.String())) @@ -337,7 +337,7 @@ var _ = Describe("ptp Operations", func() { err = targetNS.Do(func(ns.NetNS) error { defer GinkgoRecover() - link, err := netlink.LinkByName(IFNAME) + link, err := netlinksafe.LinkByName(IFNAME) Expect(err).To(HaveOccurred()) Expect(link).To(BeNil()) return nil diff --git a/plugins/main/tap/tap.go b/plugins/main/tap/tap.go index f789952e..b16bfdcd 100644 --- a/plugins/main/tap/tap.go +++ b/plugins/main/tap/tap.go @@ -34,6 +34,7 @@ import ( "github.com/containernetworking/cni/pkg/version" "github.com/containernetworking/plugins/pkg/ip" "github.com/containernetworking/plugins/pkg/ipam" + "github.com/containernetworking/plugins/pkg/netlinksafe" "github.com/containernetworking/plugins/pkg/ns" bv "github.com/containernetworking/plugins/pkg/utils/buildversion" "github.com/containernetworking/plugins/pkg/utils/sysctl" @@ -202,7 +203,7 @@ func createTap(conf *NetConf, ifName string, netns ns.NetNS) (*current.Interface } if err = ip.RenameLink(tmpName, ifName); err != nil { - link, err := netlink.LinkByName(tmpName) + link, err := netlinksafe.LinkByName(tmpName) if err != nil { netlink.LinkDel(link) return fmt.Errorf("failed to rename tap to %q: %v", ifName, err) @@ -211,13 +212,13 @@ func createTap(conf *NetConf, ifName string, netns ns.NetNS) (*current.Interface tap.Name = ifName // Re-fetch link to get all properties/attributes - link, err := netlink.LinkByName(ifName) + link, err := netlinksafe.LinkByName(ifName) if err != nil { return fmt.Errorf("failed to refetch tap %q: %v", ifName, err) } if conf.Bridge != "" { - bridge, err := netlink.LinkByName(conf.Bridge) + bridge, err := netlinksafe.LinkByName(conf.Bridge) if err != nil { return fmt.Errorf("failed to get bridge %s: %v", conf.Bridge, err) } @@ -322,7 +323,7 @@ func cmdAdd(args *skel.CmdArgs) error { } else { // For L2 just change interface status to up err = netns.Do(func(_ ns.NetNS) error { - tapInterfaceLink, err := netlink.LinkByName(args.IfName) + tapInterfaceLink, err := netlinksafe.LinkByName(args.IfName) if err != nil { return fmt.Errorf("failed to find interface name %q: %v", tapInterface.Name, err) } diff --git a/plugins/main/tap/tap_test.go b/plugins/main/tap/tap_test.go index df1ba765..a9726571 100644 --- a/plugins/main/tap/tap_test.go +++ b/plugins/main/tap/tap_test.go @@ -31,6 +31,7 @@ import ( types020 "github.com/containernetworking/cni/pkg/types/020" types040 "github.com/containernetworking/cni/pkg/types/040" types100 "github.com/containernetworking/cni/pkg/types/100" + "github.com/containernetworking/plugins/pkg/netlinksafe" "github.com/containernetworking/plugins/pkg/ns" "github.com/containernetworking/plugins/pkg/testutils" "github.com/containernetworking/plugins/plugins/ipam/host-local/backend/allocator" @@ -243,7 +244,7 @@ var _ = Describe("Add, check, remove tap plugin", func() { err = targetNS.Do(func(ns.NetNS) error { defer GinkgoRecover() - link, err := netlink.LinkByName(IFNAME) + link, err := netlinksafe.LinkByName(IFNAME) Expect(err).NotTo(HaveOccurred()) Expect(link.Attrs().Name).To(Equal(IFNAME)) Expect(link.Type()).To(Equal(TYPETAP)) @@ -253,7 +254,7 @@ var _ = Describe("Add, check, remove tap plugin", func() { Expect(err).NotTo(HaveOccurred()) Expect(link.Attrs().HardwareAddr).To(Equal(hwaddr)) } - addrs, err := netlink.AddrList(link, syscall.AF_INET) + addrs, err := netlinksafe.AddrList(link, syscall.AF_INET) Expect(err).NotTo(HaveOccurred()) Expect(addrs).To(HaveLen(1)) return nil @@ -302,7 +303,7 @@ var _ = Describe("Add, check, remove tap plugin", func() { err = targetNS.Do(func(ns.NetNS) error { defer GinkgoRecover() - link, err := netlink.LinkByName(IFNAME) + link, err := netlinksafe.LinkByName(IFNAME) Expect(err).To(HaveOccurred()) Expect(link).To(BeNil()) return nil @@ -360,7 +361,7 @@ var _ = Describe("Add, check, remove tap plugin", func() { }); err != nil { return err } - bridge, err = netlink.LinkByName(bridgeName) + bridge, err = netlinksafe.LinkByName(bridgeName) if err != nil { return err } @@ -391,7 +392,7 @@ var _ = Describe("Add, check, remove tap plugin", func() { err = targetNS.Do(func(ns.NetNS) error { defer GinkgoRecover() - link, err := netlink.LinkByName(IFNAME) + link, err := netlinksafe.LinkByName(IFNAME) Expect(err).NotTo(HaveOccurred()) Expect(link.Attrs().Name).To(Equal(IFNAME)) Expect(link.Type()).To(Equal(TYPETAP)) @@ -402,7 +403,7 @@ var _ = Describe("Add, check, remove tap plugin", func() { Expect(err).NotTo(HaveOccurred()) Expect(link.Attrs().HardwareAddr).To(Equal(hwaddr)) } - addrs, err := netlink.AddrList(link, syscall.AF_INET) + addrs, err := netlinksafe.AddrList(link, syscall.AF_INET) Expect(err).NotTo(HaveOccurred()) Expect(addrs).To(HaveLen(1)) return nil @@ -425,7 +426,7 @@ var _ = Describe("Add, check, remove tap plugin", func() { err = targetNS.Do(func(ns.NetNS) error { defer GinkgoRecover() - link, err := netlink.LinkByName(IFNAME) + link, err := netlinksafe.LinkByName(IFNAME) Expect(err).To(HaveOccurred()) Expect(link).To(BeNil()) return nil diff --git a/plugins/main/vlan/vlan.go b/plugins/main/vlan/vlan.go index f0e04577..75efa8fd 100644 --- a/plugins/main/vlan/vlan.go +++ b/plugins/main/vlan/vlan.go @@ -28,6 +28,7 @@ import ( "github.com/containernetworking/cni/pkg/version" "github.com/containernetworking/plugins/pkg/ip" "github.com/containernetworking/plugins/pkg/ipam" + "github.com/containernetworking/plugins/pkg/netlinksafe" "github.com/containernetworking/plugins/pkg/ns" bv "github.com/containernetworking/plugins/pkg/utils/buildversion" ) @@ -82,11 +83,11 @@ func getMTUByName(ifName string, namespace string, inContainer bool) (int, error defer netns.Close() err = netns.Do(func(_ ns.NetNS) error { - link, err = netlink.LinkByName(ifName) + link, err = netlinksafe.LinkByName(ifName) return err }) } else { - link, err = netlink.LinkByName(ifName) + link, err = netlinksafe.LinkByName(ifName) } if err != nil { return 0, err @@ -101,11 +102,11 @@ func createVlan(conf *NetConf, ifName string, netns ns.NetNS) (*current.Interfac var err error if conf.LinkContNs { err = netns.Do(func(_ ns.NetNS) error { - m, err = netlink.LinkByName(conf.Master) + m, err = netlinksafe.LinkByName(conf.Master) return err }) } else { - m, err = netlink.LinkByName(conf.Master) + m, err = netlinksafe.LinkByName(conf.Master) } if err != nil { @@ -149,7 +150,7 @@ func createVlan(conf *NetConf, ifName string, netns ns.NetNS) (*current.Interfac vlan.Name = ifName // Re-fetch interface to get all properties/attributes - contVlan, err := netlink.LinkByName(vlan.Name) + contVlan, err := netlinksafe.LinkByName(vlan.Name) if err != nil { return fmt.Errorf("failed to refetch vlan %q: %v", vlan.Name, err) } @@ -317,11 +318,11 @@ func cmdCheck(args *skel.CmdArgs) error { if conf.LinkContNs { err = netns.Do(func(_ ns.NetNS) error { - _, err = netlink.LinkByName(conf.Master) + _, err = netlinksafe.LinkByName(conf.Master) return err }) } else { - _, err = netlink.LinkByName(conf.Master) + _, err = netlinksafe.LinkByName(conf.Master) } if err != nil { @@ -361,7 +362,7 @@ func validateCniContainerInterface(intf current.Interface, vlanID int, mtu int) if intf.Name == "" { return fmt.Errorf("Container interface name missing in prevResult: %v", intf.Name) } - link, err = netlink.LinkByName(intf.Name) + link, err = netlinksafe.LinkByName(intf.Name) if err != nil { return fmt.Errorf("vlan: Container Interface name in prevResult: %s not found", intf.Name) } diff --git a/plugins/main/vlan/vlan_test.go b/plugins/main/vlan/vlan_test.go index 10533cf6..95615557 100644 --- a/plugins/main/vlan/vlan_test.go +++ b/plugins/main/vlan/vlan_test.go @@ -31,6 +31,7 @@ import ( types020 "github.com/containernetworking/cni/pkg/types/020" types040 "github.com/containernetworking/cni/pkg/types/040" types100 "github.com/containernetworking/cni/pkg/types/100" + "github.com/containernetworking/plugins/pkg/netlinksafe" "github.com/containernetworking/plugins/pkg/ns" "github.com/containernetworking/plugins/pkg/testutils" "github.com/containernetworking/plugins/plugins/ipam/host-local/backend/allocator" @@ -194,7 +195,7 @@ var _ = Describe("vlan Operations", func() { LinkAttrs: linkAttrs, }) Expect(err).NotTo(HaveOccurred()) - m, err := netlink.LinkByName(MASTER_NAME) + m, err := netlinksafe.LinkByName(MASTER_NAME) Expect(err).NotTo(HaveOccurred()) err = netlink.LinkSetUp(m) Expect(err).NotTo(HaveOccurred()) @@ -212,7 +213,7 @@ var _ = Describe("vlan Operations", func() { LinkAttrs: linkAttrs, }) Expect(err).NotTo(HaveOccurred()) - m, err := netlink.LinkByName(MASTER_NAME_INCONTAINER) + m, err := netlinksafe.LinkByName(MASTER_NAME_INCONTAINER) Expect(err).NotTo(HaveOccurred()) err = netlink.LinkSetUp(m) Expect(err).NotTo(HaveOccurred()) @@ -268,7 +269,7 @@ var _ = Describe("vlan Operations", func() { err = targetNS.Do(func(ns.NetNS) error { defer GinkgoRecover() - link, err := netlink.LinkByName("foobar0") + link, err := netlinksafe.LinkByName("foobar0") Expect(err).NotTo(HaveOccurred()) Expect(link.Attrs().Name).To(Equal("foobar0")) Expect(link.Attrs().MTU).To(Equal(1500)) @@ -298,7 +299,7 @@ var _ = Describe("vlan Operations", func() { err := otherNs.Do(func(ns.NetNS) error { defer GinkgoRecover() - m, err := netlink.LinkByName(masterInterface) + m, err := netlinksafe.LinkByName(masterInterface) Expect(err).NotTo(HaveOccurred()) err = netlink.LinkSetMTU(m, 1200) Expect(err).NotTo(HaveOccurred()) @@ -313,7 +314,7 @@ var _ = Describe("vlan Operations", func() { err = targetNS.Do(func(ns.NetNS) error { defer GinkgoRecover() - link, err := netlink.LinkByName("foobar0") + link, err := netlinksafe.LinkByName("foobar0") Expect(err).NotTo(HaveOccurred()) Expect(link.Attrs().Name).To(Equal("foobar0")) Expect(link.Attrs().MTU).To(Equal(1200)) @@ -375,7 +376,7 @@ var _ = Describe("vlan Operations", func() { err = targetNS.Do(func(ns.NetNS) error { defer GinkgoRecover() - link, err := netlink.LinkByName(IFNAME) + link, err := netlinksafe.LinkByName(IFNAME) Expect(err).NotTo(HaveOccurred()) Expect(link.Attrs().Name).To(Equal(IFNAME)) @@ -385,7 +386,7 @@ var _ = Describe("vlan Operations", func() { Expect(link.Attrs().HardwareAddr).To(Equal(hwaddr)) } - addrs, err := netlink.AddrList(link, syscall.AF_INET) + addrs, err := netlinksafe.AddrList(link, syscall.AF_INET) Expect(err).NotTo(HaveOccurred()) Expect(addrs).To(HaveLen(1)) return nil @@ -440,7 +441,7 @@ var _ = Describe("vlan Operations", func() { err = targetNS.Do(func(ns.NetNS) error { defer GinkgoRecover() - link, err := netlink.LinkByName(IFNAME) + link, err := netlinksafe.LinkByName(IFNAME) Expect(err).To(HaveOccurred()) Expect(link).To(BeNil()) return nil @@ -487,7 +488,7 @@ var _ = Describe("vlan Operations", func() { defer GinkgoRecover() // set master link's MTU to 1500 - link, err := netlink.LinkByName(masterInterface) + link, err := netlinksafe.LinkByName(masterInterface) Expect(err).NotTo(HaveOccurred()) err = netlink.LinkSetMTU(link, 1500) Expect(err).NotTo(HaveOccurred()) diff --git a/plugins/meta/bandwidth/bandwidth_linux_test.go b/plugins/meta/bandwidth/bandwidth_linux_test.go index 9d2aa9cb..0ea41d98 100644 --- a/plugins/meta/bandwidth/bandwidth_linux_test.go +++ b/plugins/meta/bandwidth/bandwidth_linux_test.go @@ -31,6 +31,7 @@ import ( "github.com/containernetworking/cni/pkg/skel" "github.com/containernetworking/cni/pkg/types" types100 "github.com/containernetworking/cni/pkg/types/100" + "github.com/containernetworking/plugins/pkg/netlinksafe" "github.com/containernetworking/plugins/pkg/ns" "github.com/containernetworking/plugins/pkg/testutils" ) @@ -176,11 +177,11 @@ var _ = Describe("bandwidth test", func() { Expect(result.Interfaces[2].Name).To(Equal(ifbDeviceName)) Expect(result.Interfaces[2].Sandbox).To(Equal("")) - ifbLink, err := netlink.LinkByName(ifbDeviceName) + ifbLink, err := netlinksafe.LinkByName(ifbDeviceName) Expect(err).NotTo(HaveOccurred()) Expect(ifbLink.Attrs().MTU).To(Equal(hostIfaceMTU)) - qdiscs, err := netlink.QdiscList(ifbLink) + qdiscs, err := netlinksafe.QdiscList(ifbLink) Expect(err).NotTo(HaveOccurred()) Expect(qdiscs).To(HaveLen(1)) @@ -190,10 +191,10 @@ var _ = Describe("bandwidth test", func() { Expect(qdiscs[0].(*netlink.Tbf).Rate).To(Equal(uint64(2))) Expect(qdiscs[0].(*netlink.Tbf).Limit).To(Equal(uint32(1))) - hostVethLink, err := netlink.LinkByName(hostIfname) + hostVethLink, err := netlinksafe.LinkByName(hostIfname) Expect(err).NotTo(HaveOccurred()) - qdiscFilters, err := netlink.FilterList(hostVethLink, netlink.MakeHandle(0xffff, 0)) + qdiscFilters, err := netlinksafe.FilterList(hostVethLink, netlink.MakeHandle(0xffff, 0)) Expect(err).NotTo(HaveOccurred()) Expect(qdiscFilters).To(HaveLen(1)) @@ -205,10 +206,10 @@ var _ = Describe("bandwidth test", func() { Expect(hostNs.Do(func(_ ns.NetNS) error { defer GinkgoRecover() - ifbLink, err := netlink.LinkByName(hostIfname) + ifbLink, err := netlinksafe.LinkByName(hostIfname) Expect(err).NotTo(HaveOccurred()) - qdiscs, err := netlink.QdiscList(ifbLink) + qdiscs, err := netlinksafe.QdiscList(ifbLink) Expect(err).NotTo(HaveOccurred()) Expect(qdiscs).To(HaveLen(2)) @@ -266,7 +267,7 @@ var _ = Describe("bandwidth test", func() { _, out, err := testutils.CmdAdd(containerNs.Path(), args.ContainerID, ifbDeviceName, []byte(conf), func() error { return cmdAdd(args) }) Expect(err).NotTo(HaveOccurred(), string(out)) - _, err = netlink.LinkByName(ifbDeviceName) + _, err = netlinksafe.LinkByName(ifbDeviceName) Expect(err).NotTo(HaveOccurred()) return nil })).To(Succeed()) @@ -274,10 +275,10 @@ var _ = Describe("bandwidth test", func() { Expect(hostNs.Do(func(_ ns.NetNS) error { defer GinkgoRecover() - containerIfLink, err := netlink.LinkByName(hostIfname) + containerIfLink, err := netlinksafe.LinkByName(hostIfname) Expect(err).NotTo(HaveOccurred()) - qdiscs, err := netlink.QdiscList(containerIfLink) + qdiscs, err := netlinksafe.QdiscList(containerIfLink) Expect(err).NotTo(HaveOccurred()) Expect(qdiscs).To(HaveLen(2)) @@ -333,7 +334,7 @@ var _ = Describe("bandwidth test", func() { _, out, err := testutils.CmdAdd(containerNs.Path(), args.ContainerID, ifbDeviceName, []byte(conf), func() error { return cmdAdd(args) }) Expect(err).NotTo(HaveOccurred(), string(out)) - _, err = netlink.LinkByName(ifbDeviceName) + _, err = netlinksafe.LinkByName(ifbDeviceName) Expect(err).To(HaveOccurred()) return nil })).To(Succeed()) @@ -341,10 +342,10 @@ var _ = Describe("bandwidth test", func() { Expect(hostNs.Do(func(_ ns.NetNS) error { defer GinkgoRecover() - containerIfLink, err := netlink.LinkByName(hostIfname) + containerIfLink, err := netlinksafe.LinkByName(hostIfname) Expect(err).NotTo(HaveOccurred()) - qdiscs, err := netlink.QdiscList(containerIfLink) + qdiscs, err := netlinksafe.QdiscList(containerIfLink) Expect(err).NotTo(HaveOccurred()) Expect(qdiscs).To(HaveLen(1)) @@ -459,11 +460,11 @@ var _ = Describe("bandwidth test", func() { Expect(result.Interfaces[2].Name).To(Equal(ifbDeviceName)) Expect(result.Interfaces[2].Sandbox).To(Equal("")) - ifbLink, err := netlink.LinkByName(ifbDeviceName) + ifbLink, err := netlinksafe.LinkByName(ifbDeviceName) Expect(err).NotTo(HaveOccurred()) Expect(ifbLink.Attrs().MTU).To(Equal(hostIfaceMTU)) - qdiscs, err := netlink.QdiscList(ifbLink) + qdiscs, err := netlinksafe.QdiscList(ifbLink) Expect(err).NotTo(HaveOccurred()) Expect(qdiscs).To(HaveLen(1)) @@ -473,10 +474,10 @@ var _ = Describe("bandwidth test", func() { Expect(qdiscs[0].(*netlink.Tbf).Rate).To(Equal(uint64(2))) Expect(qdiscs[0].(*netlink.Tbf).Limit).To(Equal(uint32(1))) - hostVethLink, err := netlink.LinkByName(hostIfname) + hostVethLink, err := netlinksafe.LinkByName(hostIfname) Expect(err).NotTo(HaveOccurred()) - qdiscFilters, err := netlink.FilterList(hostVethLink, netlink.MakeHandle(0xffff, 0)) + qdiscFilters, err := netlinksafe.FilterList(hostVethLink, netlink.MakeHandle(0xffff, 0)) Expect(err).NotTo(HaveOccurred()) Expect(qdiscFilters).To(HaveLen(1)) @@ -488,10 +489,10 @@ var _ = Describe("bandwidth test", func() { Expect(hostNs.Do(func(_ ns.NetNS) error { defer GinkgoRecover() - ifbLink, err := netlink.LinkByName(hostIfname) + ifbLink, err := netlinksafe.LinkByName(hostIfname) Expect(err).NotTo(HaveOccurred()) - qdiscs, err := netlink.QdiscList(ifbLink) + qdiscs, err := netlinksafe.QdiscList(ifbLink) Expect(err).NotTo(HaveOccurred()) Expect(qdiscs).To(HaveLen(2)) @@ -609,7 +610,7 @@ var _ = Describe("bandwidth test", func() { err = testutils.CmdDel(containerNs.Path(), args.ContainerID, "", func() error { return cmdDel(args) }) Expect(err).NotTo(HaveOccurred(), string(out)) - _, err = netlink.LinkByName(ifbDeviceName) + _, err = netlinksafe.LinkByName(ifbDeviceName) Expect(err).To(HaveOccurred()) return nil @@ -680,11 +681,11 @@ var _ = Describe("bandwidth test", func() { Expect(result.Interfaces[4].Name).To(Equal(ifbDeviceName)) Expect(result.Interfaces[4].Sandbox).To(Equal("")) - ifbLink, err := netlink.LinkByName(ifbDeviceName) + ifbLink, err := netlinksafe.LinkByName(ifbDeviceName) Expect(err).NotTo(HaveOccurred()) Expect(ifbLink.Attrs().MTU).To(Equal(hostIfaceMTU)) - qdiscs, err := netlink.QdiscList(ifbLink) + qdiscs, err := netlinksafe.QdiscList(ifbLink) Expect(err).NotTo(HaveOccurred()) Expect(qdiscs).To(HaveLen(1)) @@ -694,10 +695,10 @@ var _ = Describe("bandwidth test", func() { Expect(qdiscs[0].(*netlink.Tbf).Rate).To(Equal(uint64(2))) Expect(qdiscs[0].(*netlink.Tbf).Limit).To(Equal(uint32(1))) - hostVethLink, err := netlink.LinkByName(hostIfname) + hostVethLink, err := netlinksafe.LinkByName(hostIfname) Expect(err).NotTo(HaveOccurred()) - qdiscFilters, err := netlink.FilterList(hostVethLink, netlink.MakeHandle(0xffff, 0)) + qdiscFilters, err := netlinksafe.FilterList(hostVethLink, netlink.MakeHandle(0xffff, 0)) Expect(err).NotTo(HaveOccurred()) Expect(qdiscFilters).To(HaveLen(1)) @@ -709,10 +710,10 @@ var _ = Describe("bandwidth test", func() { Expect(hostNs.Do(func(_ ns.NetNS) error { defer GinkgoRecover() - ifbLink, err := netlink.LinkByName(hostIfname) + ifbLink, err := netlinksafe.LinkByName(hostIfname) Expect(err).NotTo(HaveOccurred()) - qdiscs, err := netlink.QdiscList(ifbLink) + qdiscs, err := netlinksafe.QdiscList(ifbLink) Expect(err).NotTo(HaveOccurred()) Expect(qdiscs).To(HaveLen(2)) diff --git a/plugins/meta/bandwidth/bandwidth_suite_test.go b/plugins/meta/bandwidth/bandwidth_suite_test.go index 0dc7ea7c..cba203ec 100644 --- a/plugins/meta/bandwidth/bandwidth_suite_test.go +++ b/plugins/meta/bandwidth/bandwidth_suite_test.go @@ -30,6 +30,7 @@ import ( "github.com/onsi/gomega/gexec" "github.com/vishvananda/netlink" + "github.com/containernetworking/plugins/pkg/netlinksafe" "github.com/containernetworking/plugins/pkg/ns" ) @@ -120,7 +121,7 @@ func createVeth(hostNs ns.NetNS, hostVethIfName string, containerNs ns.NetNS, co return fmt.Errorf("creating veth pair: %s", err) } - containerVeth, err := netlink.LinkByName(containerVethIfName) + containerVeth, err := netlinksafe.LinkByName(containerVethIfName) if err != nil { return fmt.Errorf("failed to find newly-created veth device %q: %v", containerVethIfName, err) } @@ -146,7 +147,7 @@ func createVeth(hostNs ns.NetNS, hostVethIfName string, containerNs ns.NetNS, co addr.Peer = peerAddr addr.Scope = int(netlink.SCOPE_LINK) - hostVeth, err := netlink.LinkByName(hostVethIfName) + hostVeth, err := netlinksafe.LinkByName(hostVethIfName) if err != nil { return fmt.Errorf("failed to find newly-created veth device %q: %v", containerVethIfName, err) } @@ -177,7 +178,7 @@ func createVeth(hostNs ns.NetNS, hostVethIfName string, containerNs ns.NetNS, co addr.Peer = peerAddr addr.Scope = int(netlink.SCOPE_LINK) - containerVeth, err := netlink.LinkByName(containerVethIfName) + containerVeth, err := netlinksafe.LinkByName(containerVethIfName) if err != nil { return fmt.Errorf("failed to find newly-created veth device %q: %v", containerVethIfName, err) } @@ -206,7 +207,7 @@ func createVethInOneNs(netNS ns.NetNS, vethName, peerName string) { return fmt.Errorf("failed to create veth pair: %v", err) } - _, err := netlink.LinkByName(peerName) + _, err := netlinksafe.LinkByName(peerName) if err != nil { return fmt.Errorf("failed to find newly-created veth device %q: %v", peerName, err) } @@ -217,7 +218,7 @@ func createVethInOneNs(netNS ns.NetNS, vethName, peerName string) { func createMacvlan(netNS ns.NetNS, master, macvlanName string) { err := netNS.Do(func(_ ns.NetNS) error { - m, err := netlink.LinkByName(master) + m, err := netlinksafe.LinkByName(master) if err != nil { return fmt.Errorf("failed to lookup master %q: %v", master, err) } @@ -235,7 +236,7 @@ func createMacvlan(netNS ns.NetNS, master, macvlanName string) { return fmt.Errorf("failed to create macvlan device: %s", err) } - _, err = netlink.LinkByName(macvlanName) + _, err = netlinksafe.LinkByName(macvlanName) if err != nil { return fmt.Errorf("failed to find newly-created macvlan device %q: %v", macvlanName, err) } diff --git a/plugins/meta/bandwidth/ifb_creator.go b/plugins/meta/bandwidth/ifb_creator.go index 604b42db..aed88c3d 100644 --- a/plugins/meta/bandwidth/ifb_creator.go +++ b/plugins/meta/bandwidth/ifb_creator.go @@ -22,6 +22,7 @@ import ( "github.com/vishvananda/netlink" "github.com/containernetworking/plugins/pkg/ip" + "github.com/containernetworking/plugins/pkg/netlinksafe" ) const latencyInMillis = 25 @@ -53,7 +54,7 @@ func TeardownIfb(deviceName string) error { } func CreateIngressQdisc(rateInBits, burstInBits uint64, hostDeviceName string) error { - hostDevice, err := netlink.LinkByName(hostDeviceName) + hostDevice, err := netlinksafe.LinkByName(hostDeviceName) if err != nil { return fmt.Errorf("get host device: %s", err) } @@ -61,11 +62,11 @@ func CreateIngressQdisc(rateInBits, burstInBits uint64, hostDeviceName string) e } func CreateEgressQdisc(rateInBits, burstInBits uint64, hostDeviceName string, ifbDeviceName string) error { - ifbDevice, err := netlink.LinkByName(ifbDeviceName) + ifbDevice, err := netlinksafe.LinkByName(ifbDeviceName) if err != nil { return fmt.Errorf("get ifb device: %s", err) } - hostDevice, err := netlink.LinkByName(hostDeviceName) + hostDevice, err := netlinksafe.LinkByName(hostDeviceName) if err != nil { return fmt.Errorf("get host device: %s", err) } diff --git a/plugins/meta/bandwidth/main.go b/plugins/meta/bandwidth/main.go index 27de7c86..1df1ceb5 100644 --- a/plugins/meta/bandwidth/main.go +++ b/plugins/meta/bandwidth/main.go @@ -26,6 +26,7 @@ import ( current "github.com/containernetworking/cni/pkg/types/100" "github.com/containernetworking/cni/pkg/version" "github.com/containernetworking/plugins/pkg/ip" + "github.com/containernetworking/plugins/pkg/netlinksafe" "github.com/containernetworking/plugins/pkg/ns" "github.com/containernetworking/plugins/pkg/utils" bv "github.com/containernetworking/plugins/pkg/utils/buildversion" @@ -120,7 +121,7 @@ func getIfbDeviceName(networkName string, containerID string) string { } func getMTU(deviceName string) (int, error) { - link, err := netlink.LinkByName(deviceName) + link, err := netlinksafe.LinkByName(deviceName) if err != nil { return -1, err } @@ -210,7 +211,7 @@ func cmdAdd(args *skel.CmdArgs) error { return err } - ifbDevice, err := netlink.LinkByName(ifbDeviceName) + ifbDevice, err := netlinksafe.LinkByName(ifbDeviceName) if err != nil { return err } @@ -250,7 +251,7 @@ func main() { } func SafeQdiscList(link netlink.Link) ([]netlink.Qdisc, error) { - qdiscs, err := netlink.QdiscList(link) + qdiscs, err := netlinksafe.QdiscList(link) if err != nil { return nil, err } @@ -291,7 +292,7 @@ func cmdCheck(args *skel.CmdArgs) error { if err != nil { return err } - link, err := netlink.LinkByName(hostInterface.Name) + link, err := netlinksafe.LinkByName(hostInterface.Name) if err != nil { return err } @@ -339,7 +340,7 @@ func cmdCheck(args *skel.CmdArgs) error { ifbDeviceName := getIfbDeviceName(bwConf.Name, args.ContainerID) - ifbDevice, err := netlink.LinkByName(ifbDeviceName) + ifbDevice, err := netlinksafe.LinkByName(ifbDeviceName) if err != nil { return fmt.Errorf("get ifb device: %s", err) } diff --git a/plugins/meta/firewall/firewall_iptables_test.go b/plugins/meta/firewall/firewall_iptables_test.go index 6f4c7624..8849b552 100644 --- a/plugins/meta/firewall/firewall_iptables_test.go +++ b/plugins/meta/firewall/firewall_iptables_test.go @@ -29,6 +29,7 @@ import ( types040 "github.com/containernetworking/cni/pkg/types/040" current "github.com/containernetworking/cni/pkg/types/100" "github.com/containernetworking/cni/pkg/version" + "github.com/containernetworking/plugins/pkg/netlinksafe" "github.com/containernetworking/plugins/pkg/ns" "github.com/containernetworking/plugins/pkg/testutils" ) @@ -211,7 +212,7 @@ var _ = Describe("firewall plugin iptables backend", func() { LinkAttrs: linkAttrs, }) Expect(err).NotTo(HaveOccurred()) - _, err = netlink.LinkByName(IFNAME) + _, err = netlinksafe.LinkByName(IFNAME) Expect(err).NotTo(HaveOccurred()) return nil }) diff --git a/plugins/meta/portmap/portmap_integ_test.go b/plugins/meta/portmap/portmap_integ_test.go index 25b27deb..dc519d96 100644 --- a/plugins/meta/portmap/portmap_integ_test.go +++ b/plugins/meta/portmap/portmap_integ_test.go @@ -31,7 +31,8 @@ import ( "github.com/vishvananda/netlink" "github.com/containernetworking/cni/libcni" - "github.com/containernetworking/cni/pkg/types/100" + types100 "github.com/containernetworking/cni/pkg/types/100" + "github.com/containernetworking/plugins/pkg/netlinksafe" "github.com/containernetworking/plugins/pkg/ns" "github.com/containernetworking/plugins/pkg/testutils" ) @@ -452,7 +453,7 @@ func testEchoServer(address, protocol string, port int, netns string) bool { } func getLocalIP() string { - addrs, err := netlink.AddrList(nil, netlink.FAMILY_V4) + addrs, err := netlinksafe.AddrList(nil, netlink.FAMILY_V4) Expect(err).NotTo(HaveOccurred()) for _, addr := range addrs { diff --git a/plugins/meta/sbr/main.go b/plugins/meta/sbr/main.go index acfa2464..7379a01e 100644 --- a/plugins/meta/sbr/main.go +++ b/plugins/meta/sbr/main.go @@ -28,6 +28,7 @@ import ( "github.com/containernetworking/cni/pkg/types" current "github.com/containernetworking/cni/pkg/types/100" "github.com/containernetworking/cni/pkg/version" + "github.com/containernetworking/plugins/pkg/netlinksafe" "github.com/containernetworking/plugins/pkg/ns" bv "github.com/containernetworking/plugins/pkg/utils/buildversion" ) @@ -208,12 +209,12 @@ func getNextTableID(rules []netlink.Rule, routes []netlink.Route, candidateID in // doRoutes does all the work to set up routes and rules during an add. func doRoutes(ipCfgs []*current.IPConfig, iface string) error { // Get a list of rules and routes ready. - rules, err := netlink.RuleList(netlink.FAMILY_ALL) + rules, err := netlinksafe.RuleList(netlink.FAMILY_ALL) if err != nil { return fmt.Errorf("Failed to list all rules: %v", err) } - routes, err := netlink.RouteList(nil, netlink.FAMILY_ALL) + routes, err := netlinksafe.RouteList(nil, netlink.FAMILY_ALL) if err != nil { return fmt.Errorf("Failed to list all routes: %v", err) } @@ -224,7 +225,7 @@ func doRoutes(ipCfgs []*current.IPConfig, iface string) error { table := getNextTableID(rules, routes, firstTableID) log.Printf("First unreferenced table: %d", table) - link, err := netlink.LinkByName(iface) + link, err := netlinksafe.LinkByName(iface) if err != nil { return fmt.Errorf("Cannot find network interface %s: %v", iface, err) } @@ -232,7 +233,7 @@ func doRoutes(ipCfgs []*current.IPConfig, iface string) error { linkIndex := link.Attrs().Index // Get all routes for the interface in the default routing table - routes, err = netlink.RouteList(link, netlink.FAMILY_ALL) + routes, err = netlinksafe.RouteList(link, netlink.FAMILY_ALL) if err != nil { return fmt.Errorf("Unable to list routes: %v", err) } @@ -384,7 +385,7 @@ func tidyRules(iface string, table *int) error { var rules []netlink.Rule if table != nil { - rules, err = netlink.RuleListFiltered( + rules, err = netlinksafe.RuleListFiltered( netlink.FAMILY_ALL, &netlink.Rule{ Table: *table, @@ -396,14 +397,14 @@ func tidyRules(iface string, table *int) error { return fmt.Errorf("failed to list rules of table %d to tidy: %v", *table, err) } } else { - rules, err = netlink.RuleList(netlink.FAMILY_ALL) + rules, err = netlinksafe.RuleList(netlink.FAMILY_ALL) if err != nil { log.Printf("Failed to list all rules to tidy: %v", err) return fmt.Errorf("Failed to list all rules to tidy: %v", err) } } - link, err := netlink.LinkByName(iface) + link, err := netlinksafe.LinkByName(iface) if err != nil { // If interface is not found by any reason it's safe to ignore an error. Also, we don't need to raise an error // during cmdDel call according to CNI spec: @@ -416,7 +417,7 @@ func tidyRules(iface string, table *int) error { return fmt.Errorf("Failed to get link %s: %v", iface, err) } - addrs, err := netlink.AddrList(link, netlink.FAMILY_ALL) + addrs, err := netlinksafe.AddrList(link, netlink.FAMILY_ALL) if err != nil { log.Printf("Failed to list all addrs: %v", err) return fmt.Errorf("Failed to list all addrs: %v", err) diff --git a/plugins/meta/sbr/sbr_linux_test.go b/plugins/meta/sbr/sbr_linux_test.go index 731f71d8..d0f87267 100644 --- a/plugins/meta/sbr/sbr_linux_test.go +++ b/plugins/meta/sbr/sbr_linux_test.go @@ -25,6 +25,7 @@ import ( "golang.org/x/sys/unix" "github.com/containernetworking/cni/pkg/skel" + "github.com/containernetworking/plugins/pkg/netlinksafe" "github.com/containernetworking/plugins/pkg/ns" "github.com/containernetworking/plugins/pkg/testutils" ) @@ -101,7 +102,7 @@ func readback(targetNs ns.NetNS, devNames []string) (netStatus, error) { log.Printf("Checking device %s", name) retVal.Devices[i].Name = name - link, err := netlink.LinkByName(name) + link, err := netlinksafe.LinkByName(name) if err != nil { return err } @@ -112,7 +113,7 @@ func readback(targetNs ns.NetNS, devNames []string) (netStatus, error) { Table: unix.RT_TABLE_UNSPEC, } - routes, err := netlink.RouteListFiltered(netlink.FAMILY_ALL, + routes, err := netlinksafe.RouteListFiltered(netlink.FAMILY_ALL, routeFilter, netlink.RT_FILTER_OIF|netlink.RT_FILTER_TABLE) if err != nil { @@ -131,7 +132,7 @@ func readback(targetNs ns.NetNS, devNames []string) (netStatus, error) { retVal.Devices[i].Routes = routesNoLinkLocal } - rules, err := netlink.RuleList(netlink.FAMILY_ALL) + rules, err := netlinksafe.RuleList(netlink.FAMILY_ALL) if err != nil { return err } @@ -609,7 +610,7 @@ var _ = Describe("sbr test", func() { var rules []netlink.Rule err = targetNs.Do(func(_ ns.NetNS) error { var err error - rules, err = netlink.RuleListFiltered( + rules, err = netlinksafe.RuleListFiltered( netlink.FAMILY_ALL, &netlink.Rule{ Table: tableID, }, diff --git a/plugins/meta/tuning/tuning.go b/plugins/meta/tuning/tuning.go index 84e8d97b..20b61ca6 100644 --- a/plugins/meta/tuning/tuning.go +++ b/plugins/meta/tuning/tuning.go @@ -35,6 +35,7 @@ import ( "github.com/containernetworking/cni/pkg/types" current "github.com/containernetworking/cni/pkg/types/100" "github.com/containernetworking/cni/pkg/version" + "github.com/containernetworking/plugins/pkg/netlinksafe" "github.com/containernetworking/plugins/pkg/ns" bv "github.com/containernetworking/plugins/pkg/utils/buildversion" ) @@ -154,7 +155,7 @@ func changeMacAddr(ifName string, newMacAddr string) error { return fmt.Errorf("invalid args %v for MAC addr: %v", newMacAddr, err) } - link, err := netlink.LinkByName(ifName) + link, err := netlinksafe.LinkByName(ifName) if err != nil { return fmt.Errorf("failed to get %q: %v", ifName, err) } @@ -180,7 +181,7 @@ func updateResultsMacAddr(config *TuningConf, ifName string, newMacAddr string) } func changePromisc(ifName string, val bool) error { - link, err := netlink.LinkByName(ifName) + link, err := netlinksafe.LinkByName(ifName) if err != nil { return fmt.Errorf("failed to get %q: %v", ifName, err) } @@ -192,7 +193,7 @@ func changePromisc(ifName string, val bool) error { } func changeMtu(ifName string, mtu int) error { - link, err := netlink.LinkByName(ifName) + link, err := netlinksafe.LinkByName(ifName) if err != nil { return fmt.Errorf("failed to get %q: %v", ifName, err) } @@ -200,7 +201,7 @@ func changeMtu(ifName string, mtu int) error { } func changeAllmulti(ifName string, val bool) error { - link, err := netlink.LinkByName(ifName) + link, err := netlinksafe.LinkByName(ifName) if err != nil { return fmt.Errorf("failed to get %q: %v", ifName, err) } @@ -212,7 +213,7 @@ func changeAllmulti(ifName string, val bool) error { } func changeTxQLen(ifName string, txQLen int) error { - link, err := netlink.LinkByName(ifName) + link, err := netlinksafe.LinkByName(ifName) if err != nil { return fmt.Errorf("failed to get %q: %v", ifName, err) } @@ -221,7 +222,7 @@ func changeTxQLen(ifName string, txQLen int) error { func createBackup(ifName, containerID, backupPath string, tuningConf *TuningConf) error { config := configToRestore{} - link, err := netlink.LinkByName(ifName) + link, err := netlinksafe.LinkByName(ifName) if err != nil { return fmt.Errorf("failed to get %q: %v", ifName, err) } @@ -281,7 +282,7 @@ func restoreBackup(ifName, containerID, backupPath string) error { var errStr []string - _, err = netlink.LinkByName(ifName) + _, err = netlinksafe.LinkByName(ifName) if err != nil { return nil } @@ -483,7 +484,7 @@ func cmdCheck(args *skel.CmdArgs) error { } } - link, err := netlink.LinkByName(args.IfName) + link, err := netlinksafe.LinkByName(args.IfName) if err != nil { return fmt.Errorf("Cannot find container link %v", args.IfName) } diff --git a/plugins/meta/tuning/tuning_test.go b/plugins/meta/tuning/tuning_test.go index 09a9a834..ca643456 100644 --- a/plugins/meta/tuning/tuning_test.go +++ b/plugins/meta/tuning/tuning_test.go @@ -29,6 +29,7 @@ import ( "github.com/containernetworking/cni/pkg/skel" "github.com/containernetworking/cni/pkg/types" types100 "github.com/containernetworking/cni/pkg/types/100" + "github.com/containernetworking/plugins/pkg/netlinksafe" "github.com/containernetworking/plugins/pkg/ns" "github.com/containernetworking/plugins/pkg/testutils" ) @@ -116,7 +117,7 @@ var _ = Describe("tuning plugin", func() { LinkAttrs: linkAttrs, }) Expect(err).NotTo(HaveOccurred()) - link, err := netlink.LinkByName(IFNAME) + link, err := netlinksafe.LinkByName(IFNAME) Expect(err).NotTo(HaveOccurred()) beforeConf.Mac = link.Attrs().HardwareAddr.String() @@ -249,7 +250,7 @@ var _ = Describe("tuning plugin", func() { Expect(result.IPs).To(HaveLen(1)) Expect(result.IPs[0].Address.String()).To(Equal("10.0.0.2/24")) - link, err := netlink.LinkByName(IFNAME) + link, err := netlinksafe.LinkByName(IFNAME) Expect(err).NotTo(HaveOccurred()) Expect(link.Attrs().Promisc).To(Equal(1)) @@ -273,7 +274,7 @@ var _ = Describe("tuning plugin", func() { args.ContainerID, "", func() error { return cmdDel(args) }) Expect(err).NotTo(HaveOccurred()) - link, err = netlink.LinkByName(IFNAME) + link, err = netlinksafe.LinkByName(IFNAME) Expect(err).NotTo(HaveOccurred()) Expect(link.Attrs().Promisc != 0).To(Equal(*beforeConf.Promisc)) @@ -330,7 +331,7 @@ var _ = Describe("tuning plugin", func() { Expect(result.IPs).To(HaveLen(1)) Expect(result.IPs[0].Address.String()).To(Equal("10.0.0.2/24")) - link, err := netlink.LinkByName(IFNAME) + link, err := netlinksafe.LinkByName(IFNAME) Expect(err).NotTo(HaveOccurred()) Expect(link.Attrs().Promisc).To(Equal(1)) @@ -338,7 +339,7 @@ var _ = Describe("tuning plugin", func() { args.ContainerID, "", func() error { return cmdDel(args) }) Expect(err).NotTo(HaveOccurred()) - link, err = netlink.LinkByName(IFNAME) + link, err = netlinksafe.LinkByName(IFNAME) Expect(err).NotTo(HaveOccurred()) Expect(link.Attrs().Promisc != 0).To(Equal(*beforeConf.Promisc)) @@ -391,7 +392,7 @@ var _ = Describe("tuning plugin", func() { Expect(result.IPs).To(HaveLen(1)) Expect(result.IPs[0].Address.String()).To(Equal("10.0.0.2/24")) - link, err := netlink.LinkByName(IFNAME) + link, err := netlinksafe.LinkByName(IFNAME) Expect(err).NotTo(HaveOccurred()) Expect(link.Attrs().MTU).To(Equal(1454)) @@ -415,7 +416,7 @@ var _ = Describe("tuning plugin", func() { args.ContainerID, "", func() error { return cmdDel(args) }) Expect(err).NotTo(HaveOccurred()) - link, err = netlink.LinkByName(IFNAME) + link, err = netlinksafe.LinkByName(IFNAME) Expect(err).NotTo(HaveOccurred()) Expect(link.Attrs().MTU).To(Equal(beforeConf.Mtu)) @@ -472,7 +473,7 @@ var _ = Describe("tuning plugin", func() { Expect(result.IPs).To(HaveLen(1)) Expect(result.IPs[0].Address.String()).To(Equal("10.0.0.2/24")) - link, err := netlink.LinkByName(IFNAME) + link, err := netlinksafe.LinkByName(IFNAME) Expect(err).NotTo(HaveOccurred()) Expect(link.Attrs().MTU).To(Equal(1454)) @@ -480,7 +481,7 @@ var _ = Describe("tuning plugin", func() { args.ContainerID, "", func() error { return cmdDel(args) }) Expect(err).NotTo(HaveOccurred()) - link, err = netlink.LinkByName(IFNAME) + link, err = netlinksafe.LinkByName(IFNAME) Expect(err).NotTo(HaveOccurred()) Expect(link.Attrs().MTU).To(Equal(beforeConf.Mtu)) @@ -525,7 +526,7 @@ var _ = Describe("tuning plugin", func() { }) Expect(err).NotTo(HaveOccurred()) - link, err := netlink.LinkByName(IFNAME) + link, err := netlinksafe.LinkByName(IFNAME) Expect(err).NotTo(HaveOccurred()) Expect(link.Attrs().TxQLen).To(Equal(20000)) @@ -547,7 +548,7 @@ var _ = Describe("tuning plugin", func() { args.ContainerID, "", func() error { return cmdDel(args) }) Expect(err).NotTo(HaveOccurred()) - link, err = netlink.LinkByName(IFNAME) + link, err = netlinksafe.LinkByName(IFNAME) Expect(err).NotTo(HaveOccurred()) Expect(link.Attrs().TxQLen).To(Equal(*beforeConf.TxQLen)) @@ -604,7 +605,7 @@ var _ = Describe("tuning plugin", func() { Expect(result.IPs).To(HaveLen(1)) Expect(result.IPs[0].Address.String()).To(Equal("10.0.0.2/24")) - link, err := netlink.LinkByName(IFNAME) + link, err := netlinksafe.LinkByName(IFNAME) Expect(err).NotTo(HaveOccurred()) Expect(link.Attrs().TxQLen).To(Equal(20000)) @@ -612,7 +613,7 @@ var _ = Describe("tuning plugin", func() { args.ContainerID, "", func() error { return cmdDel(args) }) Expect(err).NotTo(HaveOccurred()) - link, err = netlink.LinkByName(IFNAME) + link, err = netlinksafe.LinkByName(IFNAME) Expect(err).NotTo(HaveOccurred()) Expect(link.Attrs().TxQLen).To(Equal(*beforeConf.TxQLen)) @@ -667,7 +668,7 @@ var _ = Describe("tuning plugin", func() { Expect(result.IPs[0].Address.String()).To(Equal("10.0.0.2/24")) Expect(result.Interfaces[0].Mac).To(Equal(mac)) - link, err := netlink.LinkByName(IFNAME) + link, err := netlinksafe.LinkByName(IFNAME) Expect(err).NotTo(HaveOccurred()) hw, err := net.ParseMAC(mac) Expect(err).NotTo(HaveOccurred()) @@ -693,7 +694,7 @@ var _ = Describe("tuning plugin", func() { args.ContainerID, "", func() error { return cmdDel(args) }) Expect(err).NotTo(HaveOccurred()) - link, err = netlink.LinkByName(IFNAME) + link, err = netlinksafe.LinkByName(IFNAME) Expect(err).NotTo(HaveOccurred()) Expect(link.Attrs().HardwareAddr.String()).To(Equal(beforeConf.Mac)) @@ -750,7 +751,7 @@ var _ = Describe("tuning plugin", func() { Expect(result.IPs).To(HaveLen(1)) Expect(result.IPs[0].Address.String()).To(Equal("10.0.0.2/24")) - link, err := netlink.LinkByName(IFNAME) + link, err := netlinksafe.LinkByName(IFNAME) Expect(err).NotTo(HaveOccurred()) hw, err := net.ParseMAC("c2:11:22:33:44:55") Expect(err).NotTo(HaveOccurred()) @@ -760,7 +761,7 @@ var _ = Describe("tuning plugin", func() { args.ContainerID, "", func() error { return cmdDel(args) }) Expect(err).NotTo(HaveOccurred()) - link, err = netlink.LinkByName(IFNAME) + link, err = netlinksafe.LinkByName(IFNAME) Expect(err).NotTo(HaveOccurred()) Expect(link.Attrs().HardwareAddr.String()).To(Equal(beforeConf.Mac)) @@ -813,7 +814,7 @@ var _ = Describe("tuning plugin", func() { Expect(result.IPs).To(HaveLen(1)) Expect(result.IPs[0].Address.String()).To(Equal("10.0.0.2/24")) - link, err := netlink.LinkByName(IFNAME) + link, err := netlinksafe.LinkByName(IFNAME) Expect(err).NotTo(HaveOccurred()) hw, err := net.ParseMAC("c2:11:22:33:44:66") Expect(err).NotTo(HaveOccurred()) @@ -839,7 +840,7 @@ var _ = Describe("tuning plugin", func() { args.ContainerID, "", func() error { return cmdDel(args) }) Expect(err).NotTo(HaveOccurred()) - link, err = netlink.LinkByName(IFNAME) + link, err = netlinksafe.LinkByName(IFNAME) Expect(err).NotTo(HaveOccurred()) Expect(link.Attrs().HardwareAddr.String()).To(Equal(beforeConf.Mac)) @@ -895,7 +896,7 @@ var _ = Describe("tuning plugin", func() { Expect(result.IPs).To(HaveLen(1)) Expect(result.IPs[0].Address.String()).To(Equal("10.0.0.2/24")) - link, err := netlink.LinkByName(IFNAME) + link, err := netlinksafe.LinkByName(IFNAME) Expect(err).NotTo(HaveOccurred()) hw, err := net.ParseMAC("c2:11:22:33:44:55") Expect(err).NotTo(HaveOccurred()) @@ -905,7 +906,7 @@ var _ = Describe("tuning plugin", func() { args.ContainerID, "", func() error { return cmdDel(args) }) Expect(err).NotTo(HaveOccurred()) - link, err = netlink.LinkByName(IFNAME) + link, err = netlinksafe.LinkByName(IFNAME) Expect(err).NotTo(HaveOccurred()) Expect(link.Attrs().HardwareAddr.String()).To(Equal(beforeConf.Mac)) @@ -962,7 +963,7 @@ var _ = Describe("tuning plugin", func() { Expect(result.IPs).To(HaveLen(1)) Expect(result.IPs[0].Address.String()).To(Equal("10.0.0.2/24")) - link, err := netlink.LinkByName(IFNAME) + link, err := netlinksafe.LinkByName(IFNAME) Expect(err).NotTo(HaveOccurred()) hw, err := net.ParseMAC("c2:11:22:33:44:77") Expect(err).NotTo(HaveOccurred()) @@ -993,7 +994,7 @@ var _ = Describe("tuning plugin", func() { args.ContainerID, "", func() error { return cmdDel(args) }) Expect(err).NotTo(HaveOccurred()) - link, err = netlink.LinkByName(IFNAME) + link, err = netlinksafe.LinkByName(IFNAME) Expect(err).NotTo(HaveOccurred()) Expect(link.Attrs().HardwareAddr.String()).To(Equal(beforeConf.Mac)) Expect(link.Attrs().MTU).To(Equal(beforeConf.Mtu)) @@ -1049,7 +1050,7 @@ var _ = Describe("tuning plugin", func() { Expect(result.IPs).To(HaveLen(1)) Expect(result.IPs[0].Address.String()).To(Equal("10.0.0.2/24")) - link, err := netlink.LinkByName(IFNAME) + link, err := netlinksafe.LinkByName(IFNAME) Expect(err).NotTo(HaveOccurred()) Expect(link.Attrs().RawFlags & unix.IFF_ALLMULTI).NotTo(BeZero()) @@ -1073,7 +1074,7 @@ var _ = Describe("tuning plugin", func() { args.ContainerID, "", func() error { return cmdDel(args) }) Expect(err).NotTo(HaveOccurred()) - link, err = netlink.LinkByName(IFNAME) + link, err = netlinksafe.LinkByName(IFNAME) Expect(err).NotTo(HaveOccurred()) Expect(link.Attrs().RawFlags&unix.IFF_ALLMULTI != 0).To(Equal(*beforeConf.Allmulti)) @@ -1130,7 +1131,7 @@ var _ = Describe("tuning plugin", func() { Expect(result.IPs).To(HaveLen(1)) Expect(result.IPs[0].Address.String()).To(Equal("10.0.0.2/24")) - link, err := netlink.LinkByName(IFNAME) + link, err := netlinksafe.LinkByName(IFNAME) Expect(err).NotTo(HaveOccurred()) Expect(link.Attrs().RawFlags & unix.IFF_ALLMULTI).NotTo(BeZero()) @@ -1138,7 +1139,7 @@ var _ = Describe("tuning plugin", func() { args.ContainerID, "", func() error { return cmdDel(args) }) Expect(err).NotTo(HaveOccurred()) - link, err = netlink.LinkByName(IFNAME) + link, err = netlinksafe.LinkByName(IFNAME) Expect(err).NotTo(HaveOccurred()) Expect(link.Attrs().RawFlags&unix.IFF_ALLMULTI != 0).To(Equal(*beforeConf.Allmulti)) diff --git a/plugins/meta/vrf/vrf.go b/plugins/meta/vrf/vrf.go index bc7a732e..fb1ff92a 100644 --- a/plugins/meta/vrf/vrf.go +++ b/plugins/meta/vrf/vrf.go @@ -21,11 +21,13 @@ import ( "time" "github.com/vishvananda/netlink" + + "github.com/containernetworking/plugins/pkg/netlinksafe" ) // findVRF finds a VRF link with the provided name. func findVRF(name string) (*netlink.Vrf, error) { - link, err := netlink.LinkByName(name) + link, err := netlinksafe.LinkByName(name) if err != nil { return nil, err } @@ -38,7 +40,7 @@ func findVRF(name string) (*netlink.Vrf, error) { // createVRF creates a new VRF and sets it up. func createVRF(name string, tableID uint32) (*netlink.Vrf, error) { - links, err := netlink.LinkList() + links, err := netlinksafe.LinkList() if err != nil { return nil, fmt.Errorf("createVRF: Failed to find links %v", err) } @@ -71,7 +73,7 @@ func createVRF(name string, tableID uint32) (*netlink.Vrf, error) { // assignedInterfaces returns the list of interfaces associated to the given vrf. func assignedInterfaces(vrf *netlink.Vrf) ([]netlink.Link, error) { - links, err := netlink.LinkList() + links, err := netlinksafe.LinkList() if err != nil { return nil, fmt.Errorf("getAssignedInterfaces: Failed to find links %v", err) } @@ -86,7 +88,7 @@ func assignedInterfaces(vrf *netlink.Vrf) ([]netlink.Link, error) { // addInterface adds the given interface to the VRF func addInterface(vrf *netlink.Vrf, intf string) error { - i, err := netlink.LinkByName(intf) + i, err := netlinksafe.LinkByName(intf) if err != nil { return fmt.Errorf("could not get link by name %s", intf) } @@ -114,7 +116,7 @@ func addInterface(vrf *netlink.Vrf, intf string) error { Scope: netlink.SCOPE_UNIVERSE, // Exclude local and connected routes } filterMask := netlink.RT_FILTER_OIF | netlink.RT_FILTER_SCOPE // Filter based on link index and scope - r, err := netlink.RouteListFiltered(netlink.FAMILY_ALL, filter, filterMask) + r, err := netlinksafe.RouteListFiltered(netlink.FAMILY_ALL, filter, filterMask) if err != nil { return fmt.Errorf("failed getting all routes for %s", intf) } @@ -156,7 +158,7 @@ CONTINUE: // Waits for global IPV6 addresses to be added by the kernel. maxRetry := 10 for { - routesVRFTable, err := netlink.RouteListFiltered( + routesVRFTable, err := netlinksafe.RouteListFiltered( netlink.FAMILY_ALL, &netlink.Route{ Dst: &net.IPNet{ @@ -217,7 +219,7 @@ func findFreeRoutingTableID(links []netlink.Link) (uint32, error) { } func resetMaster(interfaceName string) error { - intf, err := netlink.LinkByName(interfaceName) + intf, err := netlinksafe.LinkByName(interfaceName) if err != nil { return fmt.Errorf("resetMaster: could not get link by name %s", interfaceName) } @@ -230,7 +232,7 @@ func resetMaster(interfaceName string) error { // getGlobalAddresses returns the global addresses of the given interface func getGlobalAddresses(link netlink.Link, family int) ([]netlink.Addr, error) { - addresses, err := netlink.AddrList(link, family) + addresses, err := netlinksafe.AddrList(link, family) if err != nil { return nil, fmt.Errorf("failed getting list of IP addresses for %s: %w", link.Attrs().Name, err) } diff --git a/plugins/meta/vrf/vrf_test.go b/plugins/meta/vrf/vrf_test.go index a38a6a05..ff0d1be7 100644 --- a/plugins/meta/vrf/vrf_test.go +++ b/plugins/meta/vrf/vrf_test.go @@ -28,6 +28,7 @@ import ( "github.com/containernetworking/cni/pkg/skel" "github.com/containernetworking/cni/pkg/types" current "github.com/containernetworking/cni/pkg/types/100" + "github.com/containernetworking/plugins/pkg/netlinksafe" "github.com/containernetworking/plugins/pkg/ns" "github.com/containernetworking/plugins/pkg/testutils" ) @@ -101,7 +102,7 @@ var _ = Describe("vrf plugin", func() { LinkAttrs: la0, }) Expect(err).NotTo(HaveOccurred()) - _, err = netlink.LinkByName(IF0Name) + _, err = netlinksafe.LinkByName(IF0Name) Expect(err).NotTo(HaveOccurred()) la1 := netlink.NewLinkAttrs() @@ -110,7 +111,7 @@ var _ = Describe("vrf plugin", func() { LinkAttrs: la1, }) Expect(err).NotTo(HaveOccurred()) - _, err = netlink.LinkByName(IF1Name) + _, err = netlinksafe.LinkByName(IF1Name) Expect(err).NotTo(HaveOccurred()) return nil }) @@ -202,7 +203,7 @@ var _ = Describe("vrf plugin", func() { Expect(err).NotTo(HaveOccurred()) Expect(routev6).NotTo(BeNil()) - link, err := netlink.LinkByName(IF0Name) + link, err := netlinksafe.LinkByName(IF0Name) Expect(err).NotTo(HaveOccurred()) // Add IP addresses for network reachability @@ -214,14 +215,14 @@ var _ = Describe("vrf plugin", func() { IP: ipv6.IP, Mask: net.IPMask{0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff}, } - routes, _ := netlink.RouteListFiltered(netlink.FAMILY_ALL, &netlink.Route{ + routes, _ := netlinksafe.RouteListFiltered(netlink.FAMILY_ALL, &netlink.Route{ Dst: ipv6RouteDst, Table: 0, }, netlink.RT_FILTER_DST|netlink.RT_FILTER_TABLE) return err == nil && len(routes) >= 1 }, time.Second, 500*time.Millisecond).Should(BeTrue()) - ipAddrs, err := netlink.AddrList(link, netlink.FAMILY_V4) + ipAddrs, err := netlinksafe.AddrList(link, netlink.FAMILY_V4) Expect(err).NotTo(HaveOccurred()) // Check if address was assigned properly Expect(ipAddrs[0].IP.String()).To(Equal("10.0.0.2")) @@ -311,7 +312,7 @@ var _ = Describe("vrf plugin", func() { Expect(err).NotTo(HaveOccurred()) Expect(routev6).NotTo(BeNil()) - link, err := netlink.LinkByName(IF0Name) + link, err := netlinksafe.LinkByName(IF0Name) Expect(err).NotTo(HaveOccurred()) // Add IP addresses for network reachability @@ -323,14 +324,14 @@ var _ = Describe("vrf plugin", func() { IP: ipv6.IP, Mask: net.IPMask{0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff}, } - routes, _ := netlink.RouteListFiltered(netlink.FAMILY_ALL, &netlink.Route{ + routes, _ := netlinksafe.RouteListFiltered(netlink.FAMILY_ALL, &netlink.Route{ Dst: ipv6RouteDst, Table: 0, }, netlink.RT_FILTER_DST|netlink.RT_FILTER_TABLE) return err == nil && len(routes) >= 1 }, time.Second, 500*time.Millisecond).Should(BeTrue()) - ipAddrs, err := netlink.AddrList(link, netlink.FAMILY_V4) + ipAddrs, err := netlinksafe.AddrList(link, netlink.FAMILY_V4) Expect(err).NotTo(HaveOccurred()) // Check if address was assigned properly Expect(ipAddrs[0].IP.String()).To(Equal("10.0.0.2")) @@ -381,7 +382,7 @@ var _ = Describe("vrf plugin", func() { Expect(err).NotTo(HaveOccurred()) Expect(routev6).NotTo(BeNil()) - link, err := netlink.LinkByName(IF1Name) + link, err := netlinksafe.LinkByName(IF1Name) Expect(err).NotTo(HaveOccurred()) // Add IP addresses for network reachability @@ -393,14 +394,14 @@ var _ = Describe("vrf plugin", func() { IP: ipv6.IP, Mask: net.IPMask{0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff}, } - routes, _ := netlink.RouteListFiltered(netlink.FAMILY_ALL, &netlink.Route{ + routes, _ := netlinksafe.RouteListFiltered(netlink.FAMILY_ALL, &netlink.Route{ Dst: ipv6RouteDst, Table: 0, }, netlink.RT_FILTER_DST|netlink.RT_FILTER_TABLE) return err == nil && len(routes) >= 1 }, time.Second, 500*time.Millisecond).Should(BeTrue()) - ipAddrs, err := netlink.AddrList(link, netlink.FAMILY_V4) + ipAddrs, err := netlinksafe.AddrList(link, netlink.FAMILY_V4) Expect(err).NotTo(HaveOccurred()) // Check if address was assigned properly Expect(ipAddrs[0].IP.String()).To(Equal("10.0.0.3")) @@ -473,7 +474,7 @@ var _ = Describe("vrf plugin", func() { By("Setting the interface's master", func() { err := targetNS.Do(func(ns.NetNS) error { defer GinkgoRecover() - l, err := netlink.LinkByName(IF0Name) + l, err := netlinksafe.LinkByName(IF0Name) Expect(err).NotTo(HaveOccurred()) linkAttrs := netlink.NewLinkAttrs() linkAttrs.Name = "testrbridge" @@ -520,7 +521,7 @@ var _ = Describe("vrf plugin", func() { By("Setting the first interface's ip", func() { err := targetNS.Do(func(ns.NetNS) error { - l, err := netlink.LinkByName(IF0Name) + l, err := netlinksafe.LinkByName(IF0Name) Expect(err).NotTo(HaveOccurred()) err = netlink.AddrAdd(l, addr0) @@ -551,7 +552,7 @@ var _ = Describe("vrf plugin", func() { By("Setting the second interface's ip", func() { err := targetNS.Do(func(ns.NetNS) error { - l, err := netlink.LinkByName(IF1Name) + l, err := netlinksafe.LinkByName(IF1Name) Expect(err).NotTo(HaveOccurred()) err = netlink.AddrAdd(l, addr1) @@ -584,9 +585,9 @@ var _ = Describe("vrf plugin", func() { defer GinkgoRecover() checkInterfaceOnVRF(vrf0, IF0Name) - link, err := netlink.LinkByName(IF0Name) + link, err := netlinksafe.LinkByName(IF0Name) Expect(err).NotTo(HaveOccurred()) - addresses, err := netlink.AddrList(link, netlink.FAMILY_ALL) + addresses, err := netlinksafe.AddrList(link, netlink.FAMILY_ALL) Expect(err).NotTo(HaveOccurred()) Expect(addresses).To(HaveLen(1)) Expect(addresses[0].IP.Equal(addr0.IP)).To(BeTrue()) @@ -601,10 +602,10 @@ var _ = Describe("vrf plugin", func() { defer GinkgoRecover() checkInterfaceOnVRF(vrf0, IF0Name) - link, err := netlink.LinkByName(IF1Name) + link, err := netlinksafe.LinkByName(IF1Name) Expect(err).NotTo(HaveOccurred()) - addresses, err := netlink.AddrList(link, netlink.FAMILY_ALL) + addresses, err := netlinksafe.AddrList(link, netlink.FAMILY_ALL) Expect(err).NotTo(HaveOccurred()) Expect(addresses).To(HaveLen(1)) Expect(addresses[0].IP.Equal(addr1.IP)).To(BeTrue()) @@ -620,10 +621,10 @@ var _ = Describe("vrf plugin", func() { } err := targetNS.Do(func(ns.NetNS) error { defer GinkgoRecover() - l0, err := netlink.LinkByName(vrf0) + l0, err := netlinksafe.LinkByName(vrf0) Expect(err).NotTo(HaveOccurred()) Expect(l0).To(BeAssignableToTypeOf(&netlink.Vrf{})) - l1, err := netlink.LinkByName(vrf1) + l1, err := netlinksafe.LinkByName(vrf1) Expect(err).NotTo(HaveOccurred()) Expect(l1).To(BeAssignableToTypeOf(&netlink.Vrf{})) @@ -670,7 +671,7 @@ var _ = Describe("vrf plugin", func() { err := targetNS.Do(func(ns.NetNS) error { defer GinkgoRecover() - l, err := netlink.LinkByName(vrf0) + l, err := netlinksafe.LinkByName(vrf0) Expect(err).NotTo(HaveOccurred()) vrf := l.(*netlink.Vrf) Expect(vrf.Table).To(Equal(uint32(tableid0))) @@ -766,7 +767,7 @@ var _ = Describe("vrf plugin", func() { Expect(err).NotTo(HaveOccurred()) err = targetNS.Do(func(ns.NetNS) error { - link, err := netlink.LinkByName(IF0Name) + link, err := netlinksafe.LinkByName(IF0Name) Expect(err).NotTo(HaveOccurred()) err = netlink.LinkDel(link) Expect(err).NotTo(HaveOccurred()) @@ -801,7 +802,7 @@ var _ = Describe("vrf plugin", func() { Expect(err).NotTo(HaveOccurred()) err = targetNS.Do(func(ns.NetNS) error { - link, err := netlink.LinkByName(IF1Name) + link, err := netlinksafe.LinkByName(IF1Name) Expect(err).NotTo(HaveOccurred()) err = netlink.LinkDel(link) Expect(err).NotTo(HaveOccurred()) @@ -813,7 +814,7 @@ var _ = Describe("vrf plugin", func() { By("Checking that the VRF is removed", func() { targetNS.Do(func(ns.NetNS) error { defer GinkgoRecover() - _, err := netlink.LinkByName(VRF0Name) + _, err := netlinksafe.LinkByName(VRF0Name) Expect(err).To(HaveOccurred()) return nil }) @@ -1010,11 +1011,11 @@ func configWithRouteFor(name, intf, vrf, ip, route string) []byte { } func checkInterfaceOnVRF(vrfName, intfName string) { - vrf, err := netlink.LinkByName(vrfName) + vrf, err := netlinksafe.LinkByName(vrfName) Expect(err).NotTo(HaveOccurred()) Expect(vrf).To(BeAssignableToTypeOf(&netlink.Vrf{})) - link, err := netlink.LinkByName(intfName) + link, err := netlinksafe.LinkByName(intfName) Expect(err).NotTo(HaveOccurred()) masterIndx := link.Attrs().MasterIndex master, err := netlink.LinkByIndex(masterIndx) @@ -1023,20 +1024,20 @@ func checkInterfaceOnVRF(vrfName, intfName string) { } func checkRoutesOnVRF(vrfName, intfName string, addrStr string, routesToCheck ...string) { - l, err := netlink.LinkByName(vrfName) + l, err := netlinksafe.LinkByName(vrfName) Expect(err).NotTo(HaveOccurred()) Expect(l).To(BeAssignableToTypeOf(&netlink.Vrf{})) vrf, ok := l.(*netlink.Vrf) Expect(ok).To(BeTrue()) - link, err := netlink.LinkByName(intfName) + link, err := netlinksafe.LinkByName(intfName) Expect(err).NotTo(HaveOccurred()) err = netlink.LinkSetUp(link) Expect(err).NotTo(HaveOccurred()) - ipAddrs, err := netlink.AddrList(link, netlink.FAMILY_V4) + ipAddrs, err := netlinksafe.AddrList(link, netlink.FAMILY_V4) Expect(err).NotTo(HaveOccurred()) Expect(ipAddrs).To(HaveLen(1)) Expect(ipAddrs[0].IP.String()).To(Equal(addrStr)) @@ -1045,7 +1046,7 @@ func checkRoutesOnVRF(vrfName, intfName string, addrStr string, routesToCheck .. Table: int(vrf.Table), } - routes, err := netlink.RouteListFiltered(netlink.FAMILY_ALL, + routes, err := netlinksafe.RouteListFiltered(netlink.FAMILY_ALL, routeFilter, netlink.RT_FILTER_TABLE) Expect(err).NotTo(HaveOccurred())