From 135bfe4c44078f4b8752531eef2f894f330f6ab6 Mon Sep 17 00:00:00 2001 From: sridhar Date: Fri, 1 Nov 2024 09:57:08 -0700 Subject: [PATCH 1/3] Update netlink library --- go.mod | 2 +- go.sum | 7 +++---- 2 files changed, 4 insertions(+), 5 deletions(-) diff --git a/go.mod b/go.mod index 13bb46cfeef..03f7fdbd88a 100644 --- a/go.mod +++ b/go.mod @@ -79,7 +79,7 @@ require ( github.com/tchap/go-patricia/v2 v2.3.1 github.com/termie/go-shutil v0.0.0-20140729215957-bcacb06fecae github.com/urfave/cli/v2 v2.27.3 - github.com/vishvananda/netlink v1.2.1-beta.2.0.20240703200800-b54f85093f4a + github.com/vishvananda/netlink v1.3.1-0.20241022031324-976bd8de7d81 go.etcd.io/etcd/api/v3 v3.5.12 go.etcd.io/etcd/client/pkg/v3 v3.5.12 go.etcd.io/etcd/client/v2 v2.305.12 diff --git a/go.sum b/go.sum index 499cea42d59..e92fb7f5e46 100644 --- a/go.sum +++ b/go.sum @@ -710,9 +710,8 @@ github.com/urfave/cli v1.22.4 h1:u7tSpNPPswAFymm8IehJhy4uJMlUuU/GmqSkvJ1InXA= github.com/urfave/cli v1.22.4/go.mod h1:Gos4lmkARVdJ6EkW0WaNv/tZAAMe9V7XWyB60NtXRu0= github.com/urfave/cli/v2 v2.27.3 h1:/POWahRmdh7uztQ3CYnaDddk0Rm90PyOgIxgW2rr41M= github.com/urfave/cli/v2 v2.27.3/go.mod h1:m4QzxcD2qpra4z7WhzEGn74WZLViBnMpb1ToCAKdGRQ= -github.com/vishvananda/netlink v1.2.1-beta.2.0.20240703200800-b54f85093f4a h1:n9iF7t9sLw43CwPLvPZkCfsFEGvoR2A63W8OEjuQqJ4= -github.com/vishvananda/netlink v1.2.1-beta.2.0.20240703200800-b54f85093f4a/go.mod h1:whJevzBpTrid75eZy99s3DqCmy05NfibNaF2Ol5Ox5A= -github.com/vishvananda/netns v0.0.0-20200728191858-db3c7e526aae/go.mod h1:DD4vA1DwXk04H54A1oHXtwZmA0grkVMdPxx/VGLCah0= +github.com/vishvananda/netlink v1.3.1-0.20241022031324-976bd8de7d81 h1:9fkQcQYvtTr9ayFXuMfDMVuDt4+BYG9FwsGLnrBde0M= +github.com/vishvananda/netlink v1.3.1-0.20241022031324-976bd8de7d81/go.mod h1:i6NetklAujEcC6fK0JPjT8qSwWyO0HLn4UKG+hGqeJs= github.com/vishvananda/netns v0.0.4 h1:Oeaw1EM2JMxD51g9uhtC0D7erkIjgmj8+JZc26m1YX8= github.com/vishvananda/netns v0.0.4/go.mod h1:SpkAiCQRtJ6TvvxPnOSyH3BMl6unz3xZlaprSwhNNJM= github.com/xiang90/probing v0.0.0-20190116061207-43a291ad63a2 h1:eY9dn8+vbi4tKz5Qo6v2eYzo7kUS51QINcR5jNpbZS8= @@ -936,7 +935,6 @@ golang.org/x/sys v0.0.0-20200113162924-86b910548bc1/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20200122134326-e047566fdf82/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200202164722-d101bd2416d5/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200212091648-12a6c2dcc1e4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200217220822-9197077df867/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200223170610-d5e6a3e2c0ae/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200302150141-5c8b2ff67527/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200323222414-85ca7c5b95cd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= @@ -976,6 +974,7 @@ golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.2.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.10.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.21.0 h1:rF+pYz3DAGSQAxAu1CbC7catZg4ebC4UIeIhKxBZvws= From 9b8282790898dbc7f2b1e1f2eda268706a3a228b Mon Sep 17 00:00:00 2001 From: sridhar Date: Fri, 1 Nov 2024 14:37:05 -0700 Subject: [PATCH 2/3] Replace veth with netkit in L3 mode --- .../pkg/dataplane/linux/dataplane_linux.go | 76 ++++++++++++------- felix/dataplane/linux/endpoint_mgr.go | 2 +- felix/routerule/rule_lib.go | 4 +- 3 files changed, 50 insertions(+), 32 deletions(-) diff --git a/cni-plugin/pkg/dataplane/linux/dataplane_linux.go b/cni-plugin/pkg/dataplane/linux/dataplane_linux.go index 7f51613a8f9..d1a97a97849 100644 --- a/cni-plugin/pkg/dataplane/linux/dataplane_linux.go +++ b/cni-plugin/pkg/dataplane/linux/dataplane_linux.go @@ -123,17 +123,31 @@ func (d *linuxDataplane) DoWorkloadNetnsSetUp( } err = ns.WithNetNSPath(netnsPath, func(hostNS ns.NetNS) error { + vethNetNS, err := ns.GetNS(netnsPath) + if err != nil { + return err + } la := netlink.NewLinkAttrs() - la.Name = contVethName + la.Name = hostVethName la.MTU = d.mtu la.NumTxQueues = d.queues la.NumRxQueues = d.queues - veth := &netlink.Veth{ - LinkAttrs: la, - PeerName: hostVethName, - PeerNamespace: netlink.NsFd(int(hostNS.Fd())), + la.Namespace = netlink.NsFd(int(hostNS.Fd())) + + veth := &netlink.Netkit{ + LinkAttrs: la, } + veth.Mode = netlink.NETKIT_MODE_L3 + veth.Policy = netlink.NETKIT_POLICY_FORWARD + + peer := netlink.NewLinkAttrs() + peer.Name = contVethName + peer.MTU = d.mtu + peer.NumTxQueues = d.queues + peer.NumRxQueues = d.queues + peer.Namespace = netlink.NsFd(int(vethNetNS.Fd())) + veth.SetPeerAttrs(&peer) if err := netlink.LinkAdd(veth); err != nil { d.logger.Errorf("Error adding veth %+v: %s", veth, err) return err @@ -145,13 +159,15 @@ func (d *linuxDataplane) DoWorkloadNetnsSetUp( return err } - if mac, err := net.ParseMAC("EE:EE:EE:EE:EE:EE"); err != nil { - d.logger.Infof("failed to parse MAC Address: %v. Using kernel generated MAC.", err) - } else { - // Set the MAC address on the host side interface so the kernel does not - // have to generate a persistent address which fails some times. - if err = hostNlHandle.LinkSetHardwareAddr(hostVeth, mac); err != nil { - d.logger.Warnf("failed to Set MAC of %q: %v. Using kernel generated MAC.", hostVethName, err) + if veth.Mode != netlink.NETKIT_MODE_L3 { + if mac, err := net.ParseMAC("EE:EE:EE:EE:EE:EE"); err != nil { + d.logger.Infof("failed to parse MAC Address: %v. Using kernel generated MAC.", err) + } else { + // Set the MAC address on the host side interface so the kernel does not + // have to generate a persistent address which fails some times. + if err = hostNlHandle.LinkSetHardwareAddr(hostVeth, mac); err != nil { + d.logger.Warnf("failed to Set MAC of %q: %v. Using kernel generated MAC.", hostVethName, err) + } } } @@ -210,28 +226,30 @@ func (d *linuxDataplane) DoWorkloadNetnsSetUp( // Check if there is an annotation requesting a specific fixed MAC address for the container Veth, otherwise // use kernel-assigned MAC. - if requestedContVethMac, found := annotations["cni.projectcalico.org/hwAddr"]; found { - tmpContVethMAC, err := net.ParseMAC(requestedContVethMac) - if err != nil { - return fmt.Errorf("failed to parse MAC address %v provided via cni.projectcalico.org/hwAddr: %v", - requestedContVethMac, err) - } + if veth.Mode != netlink.NETKIT_MODE_L3 { + if requestedContVethMac, found := annotations["cni.projectcalico.org/hwAddr"]; found { + tmpContVethMAC, err := net.ParseMAC(requestedContVethMac) + if err != nil { + return fmt.Errorf("failed to parse MAC address %v provided via cni.projectcalico.org/hwAddr: %v", + requestedContVethMac, err) + } - err = netlink.LinkSetHardwareAddr(contVeth, tmpContVethMAC) - if err != nil { - return fmt.Errorf("failed to set container veth MAC to %v as requested via cni.projectcalico.org/hwAddr: %v", - requestedContVethMac, err) + err = netlink.LinkSetHardwareAddr(contVeth, tmpContVethMAC) + if err != nil { + return fmt.Errorf("failed to set container veth MAC to %v as requested via cni.projectcalico.org/hwAddr: %v", + requestedContVethMac, err) + } + + contVethMAC = tmpContVethMAC.String() + d.logger.Infof("successfully configured container veth MAC to %v as requested via cni.projectcalico.org/hwAddr", + contVethMAC) + } else { + contVethMAC = contVeth.Attrs().HardwareAddr.String() } - contVethMAC = tmpContVethMAC.String() - d.logger.Infof("successfully configured container veth MAC to %v as requested via cni.projectcalico.org/hwAddr", - contVethMAC) - } else { - contVethMAC = contVeth.Attrs().HardwareAddr.String() + d.logger.WithField("MAC", contVethMAC).Debug("Found MAC for container veth") } - d.logger.WithField("MAC", contVethMAC).Debug("Found MAC for container veth") - // At this point, the virtual ethernet pair has been created, and both ends have the right names. // Do the per-IP version set-up. Add gateway routes etc. diff --git a/felix/dataplane/linux/endpoint_mgr.go b/felix/dataplane/linux/endpoint_mgr.go index 39f620e318c..668c1005cea 100644 --- a/felix/dataplane/linux/endpoint_mgr.go +++ b/felix/dataplane/linux/endpoint_mgr.go @@ -1393,7 +1393,7 @@ func configureInterface(name string, ipVersion int, rpFilter string, writeProcSy // means that we don't need to assign the link local address explicitly to each // host side of the veth, which is one fewer thing to maintain and one fewer // thing we may clash over. - err = writeProcSys(fmt.Sprintf("/proc/sys/net/ipv4/conf/%s/proxy_arp", name), "1") + err = writeProcSys(fmt.Sprintf("/proc/sys/net/ipv4/conf/%s/proxy_arp", name), "0") if err != nil { return err } diff --git a/felix/routerule/rule_lib.go b/felix/routerule/rule_lib.go index 7c88d1cd787..a80885f3a4a 100644 --- a/felix/routerule/rule_lib.go +++ b/felix/routerule/rule_lib.go @@ -72,8 +72,8 @@ func (r *Rule) markMatchesWithMask(mark, mask uint32) *Rule { if mark&mask != mark { logCxt.Panic("Bug: mark is not contained in mask") } - r.nlRule.Mask = int(mask) - r.nlRule.Mark = int(mark) + r.nlRule.Mask = &mask + r.nlRule.Mark = mark return r } From 9afaf6730a24fb80b98b4e8880b7a54833c6a321 Mon Sep 17 00:00:00 2001 From: sridhar Date: Sat, 2 Nov 2024 13:02:24 -0700 Subject: [PATCH 3/3] Dont set peer namespace --- cni-plugin/pkg/dataplane/linux/dataplane_linux.go | 5 ----- 1 file changed, 5 deletions(-) diff --git a/cni-plugin/pkg/dataplane/linux/dataplane_linux.go b/cni-plugin/pkg/dataplane/linux/dataplane_linux.go index d1a97a97849..97952d849e2 100644 --- a/cni-plugin/pkg/dataplane/linux/dataplane_linux.go +++ b/cni-plugin/pkg/dataplane/linux/dataplane_linux.go @@ -123,10 +123,6 @@ func (d *linuxDataplane) DoWorkloadNetnsSetUp( } err = ns.WithNetNSPath(netnsPath, func(hostNS ns.NetNS) error { - vethNetNS, err := ns.GetNS(netnsPath) - if err != nil { - return err - } la := netlink.NewLinkAttrs() la.Name = hostVethName la.MTU = d.mtu @@ -146,7 +142,6 @@ func (d *linuxDataplane) DoWorkloadNetnsSetUp( peer.MTU = d.mtu peer.NumTxQueues = d.queues peer.NumRxQueues = d.queues - peer.Namespace = netlink.NsFd(int(vethNetNS.Fd())) veth.SetPeerAttrs(&peer) if err := netlink.LinkAdd(veth); err != nil { d.logger.Errorf("Error adding veth %+v: %s", veth, err)