[lxc-devel] [lxd/master] network: Allow adding static routes to a bridge

stgraber on Github lxc-bot at linuxcontainers.org
Wed Dec 7 17:00:57 UTC 2016 

A non-text attachment was scrubbed...
Name: not available
Type: text/x-mailbox
Size: 370 bytes
Desc: not available
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20161207/b94d739f/attachment.bin>
-------------- next part --------------
From 64061fff291ce31912d2e15c47213d2b7e921300 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?St=C3=A9phane=20Graber?= <stgraber at ubuntu.com>
Date: Wed, 7 Dec 2016 17:59:22 +0100
Subject: [PATCH] network: Allow adding static routes to a bridge
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Closes #2701

Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>
---
 doc/api-extensions.md  |  3 +++
 doc/configuration.md   |  2 ++
 lxd/api_1.0.go         |  1 +
 lxd/networks.go        | 36 ++++++++++++++++++++++++++++++++++--
 lxd/networks_config.go |  2 ++
 5 files changed, 42 insertions(+), 2 deletions(-)

diff --git a/doc/api-extensions.md b/doc/api-extensions.md
index d273d29..32a6e43 100644
--- a/doc/api-extensions.md
+++ b/doc/api-extensions.md
@@ -173,3 +173,6 @@ rules will still be added so long as the matching "ipv4.nat" or
 
 Rules necessary for dnsmasq to work (DHCP/DNS) will always be applied if
 dnsmasq is enabled on the bridge.
+
+## network\_routes
+Introduces "ipv4.routes" and "ipv6.routes" which allow routing additional subnets to a LXD bridge.
diff --git a/doc/configuration.md b/doc/configuration.md
index 3f7abe9..74c4721 100644
--- a/doc/configuration.md
+++ b/doc/configuration.md
@@ -356,6 +356,7 @@ ipv4.nat                        | boolean   | ipv4 address          | false
 ipv4.dhcp                       | boolean   | ipv4 address          | true                      | Whether to allocate addresses using DHCP
 ipv4.dhcp.ranges                | string    | ipv4 dhcp             | all addresses             | Comma separated list of IP ranges to use for DHCP (FIRST-LAST format)
 ipv4.firewall                   | boolean   | ipv4 address          | true                      | Whether to generate filtering firewall rules for this network
+ipv4.routes                     | string    | ipv4 address          | -                         | Comma separated list of additional IPv4 CIDR subnets to route to the bridge
 ipv4.routing                    | boolean   | ipv4 address          | true                      | Whether to route traffic in and out of the bridge
 ipv6.address                    | string    | standard mode         | random unused subnet      | IPv6 address for the bridge (CIDR notation). Use "none" to turn off IPv6 or "auto" to generate a new one
 ipv6.nat                        | boolean   | ipv6 address          | false                     | Whether to NAT (will default to true if unset and a random ipv6.address is generated)
@@ -363,6 +364,7 @@ ipv6.dhcp                       | boolean   | ipv6 address          | true
 ipv6.dhcp.stateful              | boolean   | ipv6 dhcp             | false                     | Whether to allocate addresses using DHCP
 ipv6.dhcp.ranges                | string    | ipv6 stateful dhcp    | all addresses             | Comma separated list of IPv6 ranges to use for DHCP (FIRST-LAST format)
 ipv6.firewall                   | boolean   | ipv6 address          | true                      | Whether to generate filtering firewall rules for this network
+ipv6.routes                     | string    | ipv6 address          | -                         | Comma separated list of additional IPv6 CIDR subnets to route to the bridge
 ipv6.routing                    | boolean   | ipv6 address          | true                      | Whether to route traffic in and out of the bridge
 dns.domain                      | string    | -                     | lxd                       | Domain to advertise to DHCP clients and use for DNS resolution
 dns.mode                        | string    | -                     | managed                   | DNS registration mode ("none" for no DNS record, "managed" for LXD generated static records or "dynamic" for client generated records)
diff --git a/lxd/api_1.0.go b/lxd/api_1.0.go
index 6ba872a..8ffd973 100644
--- a/lxd/api_1.0.go
+++ b/lxd/api_1.0.go
@@ -80,6 +80,7 @@ func api10Get(d *Daemon, r *http.Request) Response {
 			"migration_progress",
 			"id_map",
 			"network_firewall_filtering",
+			"network_routes",
 		},
 
 		"api_status":  "stable",
diff --git a/lxd/networks.go b/lxd/networks.go
index fd36c14..208a70b 100644
--- a/lxd/networks.go
+++ b/lxd/networks.go
@@ -649,12 +649,17 @@ func (n *network) Start() error {
 		return err
 	}
 
-	// Flush all IPv4 addresses
+	// Flush all IPv4 addresses and routes
 	err = shared.RunCommand("ip", "-4", "addr", "flush", "dev", n.name, "scope", "global")
 	if err != nil {
 		return err
 	}
 
+	err = shared.RunCommand("ip", "-4", "route", "flush", "dev", n.name, "proto", "static")
+	if err != nil {
+		return err
+	}
+
 	// Configure IPv4 firewall (includes fan)
 	if n.config["bridge.mode"] == "fan" || !shared.StringInSlice(n.config["ipv4.address"], []string{"", "none"}) {
 		// Setup basic iptables overrides
@@ -756,6 +761,17 @@ func (n *network) Start() error {
 				return err
 			}
 		}
+
+		// Add additional routes
+		if n.config["ipv4.routes"] != "" {
+			for _, route := range strings.Split(n.config["ipv4.routes"], ",") {
+				route = strings.TrimSpace(route)
+				err = shared.RunCommand("ip", "-4", "route", "add", "dev", n.name, route, "proto", "static")
+				if err != nil {
+					return err
+				}
+			}
+		}
 	}
 
 	// Remove any existing IPv6 iptables rules
@@ -769,12 +785,17 @@ func (n *network) Start() error {
 		return err
 	}
 
-	// Flush all IPv6 addresses
+	// Flush all IPv6 addresses and routes
 	err = shared.RunCommand("ip", "-6", "addr", "flush", "dev", n.name, "scope", "global")
 	if err != nil {
 		return err
 	}
 
+	err = shared.RunCommand("ip", "-6", "route", "flush", "dev", n.name, "proto", "static")
+	if err != nil {
+		return err
+	}
+
 	// Configure IPv6
 	if !shared.StringInSlice(n.config["ipv6.address"], []string{"", "none"}) {
 		// Enable IPv6 for the subnet
@@ -895,6 +916,17 @@ func (n *network) Start() error {
 				return err
 			}
 		}
+
+		// Add additional routes
+		if n.config["ipv6.routes"] != "" {
+			for _, route := range strings.Split(n.config["ipv6.routes"], ",") {
+				route = strings.TrimSpace(route)
+				err = shared.RunCommand("ip", "-6", "route", "add", "dev", n.name, route, "proto", "static")
+				if err != nil {
+					return err
+				}
+			}
+		}
 	}
 
 	// Configure the fan
diff --git a/lxd/networks_config.go b/lxd/networks_config.go
index 1ed3b53..0270045 100644
--- a/lxd/networks_config.go
+++ b/lxd/networks_config.go
@@ -63,6 +63,7 @@ var networkConfigKeys = map[string]func(value string) error{
 	"ipv4.nat":         shared.IsBool,
 	"ipv4.dhcp":        shared.IsBool,
 	"ipv4.dhcp.ranges": shared.IsAny,
+	"ipv4.routes":      shared.IsAny,
 	"ipv4.routing":     shared.IsBool,
 
 	"ipv6.address": func(value string) error {
@@ -77,6 +78,7 @@ var networkConfigKeys = map[string]func(value string) error{
 	"ipv6.dhcp":          shared.IsBool,
 	"ipv6.dhcp.stateful": shared.IsBool,
 	"ipv6.dhcp.ranges":   shared.IsAny,
+	"ipv6.routes":        shared.IsAny,
 	"ipv6.routing":       shared.IsBool,
 
 	"dns.domain": shared.IsAny,

More information about the lxc-devel mailing list