[lxc-devel] Patch to automatically set a gateway inside a container

[Matthijs Kooijman]

Hey folks,

Here's a small patch series that allows setting up a gateway inside a
container. Two modes are supported: Defining a static address in
lxc.conf, or taking the configured address from the bridge (link)
interface and using that as a gateway.

The latter is usefule when a number of containers are bridged together
without being bridged into a physical network (instead relying on the
host to do routing or NAT for the containers).

The first patch enables the static gateway setup and should be pretty
straightforward.

The second patch enables automatic gateway setup. To get this working,
I needed to get the IP address from the bridge interface. This uses the
netlink interface, but unlike all other netlink code so far actually
uses the reply. Furthermore, netlink does not support filtering at the
kernel end, so the RTM_GETADDR message requests _all_ configured
addresses. The addresses are returned one per reply message, which are
then filtered to find the right address.

This requires some complicated code to loop over the reply messages and
repeatedly receive more messages in case the buffer wasn't big enough
the first time (emperical evidence suggests a second receive is needed
when aroudn 100 ipv4 addresses are configured).

I suspect that the code could be made a bit more elegant if the
functions in nl.c would support returning multiple messsages and/or
multiple receives for a single request. In particular, I found a piece
of code in netlink_rcv, for which I couldn't figure out what it was
supposed to do, or how it would interact with a multiple reply and/or
multipe receive scenario:

       if (msg.msg_flags & MSG_TRUNC &&
            ret == answer->nlmsghdr.nlmsg_len)
                return -EMSGSIZE;

Any hints?

Gr.

Matthijs