[lxc-devel] Patch to automatically set a gateway inside a container

Daniel Lezcano daniel.lezcano at free.fr
Mon Aug 15 22:47:07 UTC 2011


On 08/15/2011 10:58 PM, Matthijs Kooijman wrote:
> Hey folks,
>
> Here's a small patch series that allows setting up a gateway inside a
> container. Two modes are supported: Defining a static address in
> lxc.conf, or taking the configured address from the bridge (link)
> interface and using that as a gateway.
>
> The latter is usefule when a number of containers are bridged together
> without being bridged into a physical network (instead relying on the
> host to do routing or NAT for the containers).
>
> The first patch enables the static gateway setup and should be pretty
> straightforward.
>
> The second patch enables automatic gateway setup. To get this working,
> I needed to get the IP address from the bridge interface. This uses the
> netlink interface, but unlike all other netlink code so far actually
> uses the reply. Furthermore, netlink does not support filtering at the
> kernel end, so the RTM_GETADDR message requests _all_ configured
> addresses. The addresses are returned one per reply message, which are
> then filtered to find the right address.
>
> This requires some complicated code to loop over the reply messages and
> repeatedly receive more messages in case the buffer wasn't big enough
> the first time (emperical evidence suggests a second receive is needed
> when aroudn 100 ipv4 addresses are configured).
>
> I suspect that the code could be made a bit more elegant if the
> functions in nl.c would support returning multiple messsages and/or
> multiple receives for a single request. In particular, I found a piece
> of code in netlink_rcv, for which I couldn't figure out what it was
> supposed to do, or how it would interact with a multiple reply and/or
> multipe receive scenario:
>
>        if (msg.msg_flags & MSG_TRUNC &&
>             ret == answer->nlmsghdr.nlmsg_len)
>                 return -EMSGSIZE;
>
> Any hints?

Matthis,

that's excellent ! Good work !

Yeah, I think I did not take care of supporting multiple messages with
netlink as it was not needed.
But in your case, I think that would be worth to support it now :)

Thanks !
  -- Daniel




More information about the lxc-devel mailing list