[lxc-devel] [lxd/master] Network: Minor improvements to bridge driver

tomponline on Github lxc-bot at linuxcontainers.org
Thu Jul 16 14:25:36 UTC 2020 

A non-text attachment was scrubbed...
Name: not available
Type: text/x-mailbox
Size: 355 bytes
Desc: not available
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20200716/50efad51/attachment.bin>
-------------- next part --------------
From 6d80e607c7c89aa52bccaac8d0c22681f2d840ff Mon Sep 17 00:00:00 2001
From: Thomas Parrott <thomas.parrott at canonical.com>
Date: Thu, 16 Jul 2020 15:10:59 +0100
Subject: [PATCH 1/5] lxc/network/driver/bridge: isRunning comment

Signed-off-by: Thomas Parrott <thomas.parrott at canonical.com>
---
 lxd/network/driver_bridge.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lxd/network/driver_bridge.go b/lxd/network/driver_bridge.go
index 57087295c6..b990338ce9 100644
--- a/lxd/network/driver_bridge.go
+++ b/lxd/network/driver_bridge.go
@@ -234,7 +234,7 @@ func (n *bridge) Validate(config map[string]string) error {
 	return nil
 }
 
-// IsRunning returns whether the network is up.
+// isRunning returns whether the network is up.
 func (n *bridge) isRunning() bool {
 	return shared.PathExists(fmt.Sprintf("/sys/class/net/%s", n.name))
 }

From 4196f225f6c0c5f286a9867bc273980300057859 Mon Sep 17 00:00:00 2001
From: Thomas Parrott <thomas.parrott at canonical.com>
Date: Thu, 16 Jul 2020 15:11:30 +0100
Subject: [PATCH 2/5] lxd/network/driver/bridge: Unexports hasIPv4Firewall and
 hasIPv6Firewall

Signed-off-by: Thomas Parrott <thomas.parrott at canonical.com>
---
 lxd/network/driver_bridge.go | 16 ++++++++--------
 1 file changed, 8 insertions(+), 8 deletions(-)

diff --git a/lxd/network/driver_bridge.go b/lxd/network/driver_bridge.go
index b990338ce9..9de8f6bf6f 100644
--- a/lxd/network/driver_bridge.go
+++ b/lxd/network/driver_bridge.go
@@ -497,7 +497,7 @@ func (n *bridge) setup(oldConfig map[string]string) error {
 
 	// Configure IPv4 firewall (includes fan)
 	if n.config["bridge.mode"] == "fan" || !shared.StringInSlice(n.config["ipv4.address"], []string{"", "none"}) {
-		if n.HasDHCPv4() && n.HasIPv4Firewall() {
+		if n.HasDHCPv4() && n.hasIPv4Firewall() {
 			// Setup basic iptables overrides for DHCP/DNS
 			err = n.state.Firewall.NetworkSetupDHCPDNSAccess(n.name, 4)
 			if err != nil {
@@ -506,7 +506,7 @@ func (n *bridge) setup(oldConfig map[string]string) error {
 		}
 
 		// Attempt a workaround for broken DHCP clients
-		if n.HasIPv4Firewall() {
+		if n.hasIPv4Firewall() {
 			err = n.state.Firewall.NetworkSetupDHCPv4Checksum(n.name)
 			if err != nil {
 				return err
@@ -520,14 +520,14 @@ func (n *bridge) setup(oldConfig map[string]string) error {
 				return err
 			}
 
-			if n.HasIPv4Firewall() {
+			if n.hasIPv4Firewall() {
 				err = n.state.Firewall.NetworkSetupForwardingPolicy(n.name, 4, true)
 				if err != nil {
 					return err
 				}
 			}
 		} else {
-			if n.HasIPv4Firewall() {
+			if n.hasIPv4Firewall() {
 				err = n.state.Firewall.NetworkSetupForwardingPolicy(n.name, 4, false)
 				if err != nil {
 					return err
@@ -1668,8 +1668,8 @@ func (n *bridge) updateForkdnsServersFile(addresses []string) error {
 	return nil
 }
 
-// HasIPv4Firewall indicates whether the network has IPv4 firewall enabled.
-func (n *bridge) HasIPv4Firewall() bool {
+// hasIPv4Firewall indicates whether the network has IPv4 firewall enabled.
+func (n *bridge) hasIPv4Firewall() bool {
 	if n.config["ipv4.firewall"] == "" || shared.IsTrue(n.config["ipv4.firewall"]) {
 		return true
 	}
@@ -1677,8 +1677,8 @@ func (n *bridge) HasIPv4Firewall() bool {
 	return false
 }
 
-// HasIPv6Firewall indicates whether the network has IPv6 firewall enabled.
-func (n *bridge) HasIPv6Firewall() bool {
+// hasIPv6Firewall indicates whether the network has IPv6 firewall enabled.
+func (n *bridge) hasIPv6Firewall() bool {
 	if n.config["ipv6.firewall"] == "" || shared.IsTrue(n.config["ipv6.firewall"]) {
 		return true
 	}

From e0982411e8ace9dd72d6692ae76695f9647608db Mon Sep 17 00:00:00 2001
From: Thomas Parrott <thomas.parrott at canonical.com>
Date: Thu, 16 Jul 2020 15:19:28 +0100
Subject: [PATCH 3/5] lxd/networks: Detect unknown network type in
 networksPost, dont assume bridge

When network type is not supplied, defaults to bridge to maintain compat with older clients.

Signed-off-by: Thomas Parrott <thomas.parrott at canonical.com>
---
 lxd/networks.go | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/lxd/networks.go b/lxd/networks.go
index 2544461bfa..ac06ba4574 100644
--- a/lxd/networks.go
+++ b/lxd/networks.go
@@ -121,12 +121,13 @@ func networksPost(d *Daemon, r *http.Request) response.Response {
 		return response.BadRequest(err)
 	}
 
+	// Convert requested network type to DB type code.
 	var dbNetType db.NetworkType
 	switch req.Type {
 	case "bridge":
 		dbNetType = db.NetworkTypeBridge
 	default:
-		dbNetType = db.NetworkTypeBridge
+		return response.BadRequest(fmt.Errorf("Unrecognised network type"))
 	}
 
 	url := fmt.Sprintf("/%s/networks/%s", version.APIVersion, req.Name)

From 3b5fe959231ad31b0898b811a002199a22717ef9 Mon Sep 17 00:00:00 2001
From: Thomas Parrott <thomas.parrott at canonical.com>
Date: Thu, 16 Jul 2020 15:20:09 +0100
Subject: [PATCH 4/5] lxd/networks: comment fix in networksPostCluster

Signed-off-by: Thomas Parrott <thomas.parrott at canonical.com>
---
 lxd/networks.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lxd/networks.go b/lxd/networks.go
index ac06ba4574..bdaf20cdc9 100644
--- a/lxd/networks.go
+++ b/lxd/networks.go
@@ -272,7 +272,7 @@ func networksPostCluster(d *Daemon, req api.NetworksPost) error {
 	}
 
 	// We need to mark the network as created now, because the
-	// network.LoadByName call invoked by doNetworkCreate would fail with
+	// network.LoadByName call invoked by doNetworksCreate would fail with
 	// not-found otherwise.
 	createErr := d.cluster.Transaction(func(tx *db.ClusterTx) error {
 		return tx.NetworkCreated(req.Name)

From 36a9cd84431c927e140b4971af918482388c65cc Mon Sep 17 00:00:00 2001
From: Thomas Parrott <thomas.parrott at canonical.com>
Date: Thu, 16 Jul 2020 15:20:31 +0100
Subject: [PATCH 5/5] lxd/db/network: Provide way to identifty unknown network
 type in getNetwork

Don't silently convert to bridge. Existing networks will get the default type ID of 0, so will be recognised as bridge correctly.

Signed-off-by: Thomas Parrott <thomas.parrott at canonical.com>
---
 lxd/db/networks.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lxd/db/networks.go b/lxd/db/networks.go
index 36ec050739..558c788f9b 100644
--- a/lxd/db/networks.go
+++ b/lxd/db/networks.go
@@ -370,7 +370,7 @@ func (c *Cluster) getNetwork(name string, onlyCreated bool) (int64, *api.Network
 	case NetworkTypeBridge:
 		network.Type = "bridge"
 	default:
-		network.Type = "bridge"
+		network.Type = "" // Unknown
 	}
 
 	nodes, err := c.networkNodes(id)

More information about the lxc-devel mailing list