Documentation
¶
Index ¶
- Constants
- Variables
- func AddAddresses(link netlink.Link, cidrs []*net.IPNet) (newAddrs []*net.IPNet, err error)
- func AddChainWithRules(ipt *iptables.IPTables, table, chain string, rulespecs [][]string) error
- func AddRoute(link netlink.Link, scope netlink.Scope, dst *net.IPNet, gw net.IP) error
- func AttachContainer(netNSPath, id, ifName, bridgeName string, mtu int, withMulticastRoute bool, ...) error
- func CheckAddressOverlap(addr net.IP, ignoreIfaceNames map[string]struct{}) error
- func CheckNetworkFree(subnet *net.IPNet, ignoreIfaceNames map[string]struct{}) error
- func ConfigureARP(prefix, procPath string) error
- func ConfigureIPTables(config *BridgeConfig, ips ipset.Interface) error
- func ConnectedToBridgeVethPeerIds(bridgeName string) ([]int, error)
- func CreateAndAttachVeth(procPath, name, peerName, bridgeName string, mtu int, keepTXOn bool, ...) (*netlink.Veth, error)
- func DetachContainer(netNSPath, id, ifName string, cidrs []*net.IPNet) error
- func DetectHairpin(portIfName string, log *logrus.Logger) error
- func EnforceAddrAssignType(bridgeName string) (setAddr bool, err error)
- func EnsureInterface(ifaceName string) (*net.Interface, error)
- func EnsureInterfaceAndMcastRoute(ifaceName string) (*net.Interface, error)
- func EthtoolTXOff(name string) error
- func Expose(bridgeName string, ipAddr *net.IPNet, removeDefaultRoute, npc bool, ...) error
- func FindBridgeIP(bridgeName string, subnet *net.IPNet) (net.IP, error)
- func GetSystemPeerName(dbPrefix, hostRoot string) (string, error)
- func LinkAddIfNotExist(link netlink.Link) error
- func ListenUnixSocket(pathname string) (net.Listener, error)
- func LocalAddresses() ([]*net.IPNet, error)
- func MACfromUUID(uuid []byte) net.HardwareAddr
- func MonitorForIptablesFlush(log *logrus.Logger, canary string, tables []string, reloadFunc func(), ...)
- func NSPathByPid(pid int) string
- func NSPathByPidWithProc(procPath string, pid int) string
- func PollImmediateUntil(interval time.Duration, condition utilwait.ConditionFunc, ...) error
- func RandomMAC() (net.HardwareAddr, error)
- func Reexpose(config *BridgeConfig, log *logrus.Logger) error
- func ResetIPTables(config *BridgeConfig, ips ipset.Interface) error
- func WithNetNS(ns netns.NsHandle, work func() error) error
- func WithNetNSByPath(path string, work func() error) error
- func WithNetNSLink(ns netns.NsHandle, ifName string, work func(link netlink.Link) error) error
- type Bridge
- type BridgeConfig
- type Dev
- type EthtoolValue
- type IFReqData
- type NoMasqLocalTracker
Constants ¶
const ( WeaveBridgeName = "weave" DatapathName = "datapath" DatapathIfName = "vethwe-datapath" BridgeIfName = "vethwe-bridge" PcapIfName = "vethwe-pcap" NoMasqLocalIpset = ipset.Name("weaver-no-masq-local") )
const ( SIOCETHTOOL = 0x8946 // linux/sockios.h ETHTOOL_GTXCSUM = 0x00000016 // linux/ethtool.h ETHTOOL_STXCSUM = 0x00000017 // linux/ethtool.h IFNAMSIZ = 16 // linux/if.h )
const (
VethName = "ethwe" // name inside container namespace
)
Variables ¶
var ErrBridgeNoIP = fmt.Errorf("Bridge has no IP address")
var ErrLinkNotFound = errors.New("Link not found")
Functions ¶
func AddAddresses ¶
func AddChainWithRules ¶
AddChainWithRules creates a chain and appends given rules to it.
If the chain exists, but its rules are not the same as the given ones, the function will flush the chain and then will append the rules.
func AttachContainer ¶
func CheckAddressOverlap ¶
For a specific address, we only care if it is actually *inside* an existing route, because weave-local traffic never hits IP routing.
func CheckNetworkFree ¶
A network is considered free if it does not overlap any existing routes on this host. This is the same approach taken by Docker.
func ConfigureARP ¶
configureARP is a helper for the Docker plugin which doesn't set the addresses itself
func ConfigureIPTables ¶
func ConfigureIPTables(config *BridgeConfig, ips ipset.Interface) error
ConfigureIPTables idempotently configures all the iptables!
func ConnectedToBridgeVethPeerIds ¶
ConnectedToBridgeVethPeerIds returns peer indexes of veth links connected to the given bridge. The peer index is used to query from a container netns whether the container is connected to the bridge.
func CreateAndAttachVeth ¶
func CreateAndAttachVeth(procPath, name, peerName, bridgeName string, mtu int, keepTXOn bool, errIfLinkExist bool, init func(peer netlink.Link) error) (*netlink.Veth, error)
create and attach a veth to the Weave bridge
func EnforceAddrAssignType ¶
func EnsureInterface ¶
Wait for an interface to come up.
func EnsureInterfaceAndMcastRoute ¶
Wait for an interface to come up and have a route added to the multicast subnet. This matches the behaviour in 'weave attach', which is the only context in which we expect this to be called. If you change one, change the other to match.
func EthtoolTXOff ¶
Disable TX checksum offload on specified interface
func Expose ¶
Expose makes the network accessible from a host by assigning a given IP address to the weave bridge.
List of params: * "bridgeName" - a name of the weave bridge. * "ipAddr" - IP addr to be assigned to the bridge. * "removeDefaultRoute" - whether to remove a default route installed by the kernel (used only in the AWSVPC mode). * "npc" - whether is Weave NPC running. * "skipNAT" - whether to skip adding iptables NAT rules
func GetSystemPeerName ¶
GetSystemPeerName returns an ID derived from concatenated machine-id (either systemd or dbus), the system (aka bios) UUID and the hypervisor UUID. It is tweaked and formatted to be usable as a mac address
func LinkAddIfNotExist ¶
func LocalAddresses ¶
func MACfromUUID ¶
func MACfromUUID(uuid []byte) net.HardwareAddr
func MonitorForIptablesFlush ¶
func MonitorForIptablesFlush(log *logrus.Logger, canary string, tables []string, reloadFunc func(), interval time.Duration, stopCh <-chan struct{})
MonitorForIptablesFlush periodically checks for a canary chain in iptables. If this canary chain goes missing it calls the reloadFunc. This is a more efficient way of detecting whether firewalld or another process has been removing rules that we rely on. The reloadFunc can then check whether other chains that should exist are still there, fix things and restore the canary.
func NSPathByPid ¶
func NSPathByPidWithProc ¶
func PollImmediateUntil ¶
func PollImmediateUntil(interval time.Duration, condition utilwait.ConditionFunc, stopCh <-chan struct{}) error
PollImmediateUntil tries a condition func until it returns true, an error or stopCh is closed.
PollImmediateUntil runs the 'condition' before waiting for the interval. 'condition' will always be invoked at least once.
func RandomMAC ¶
func RandomMAC() (net.HardwareAddr, error)
func ResetIPTables ¶
func ResetIPTables(config *BridgeConfig, ips ipset.Interface) error
ResetIPTables resets IPTables in case they're in a strange state from a previous run.
func WithNetNSByPath ¶
Types ¶
type Bridge ¶
type Bridge interface {
IsFastdp() bool // does this bridge use fastdp?
String() string // human-readable type string
// contains filtered or unexported methods
}
func EnsureBridge ¶
func ExistingBridgeType ¶
type BridgeConfig ¶
type Dev ¶
type Dev struct {
Name string `json:"Name,omitempty"`
MAC net.HardwareAddr `json:"MAC,omitempty"`
CIDRs []*net.IPNet `json:"CIDRs,omitempty"`
}
func GetBridgeNetDev ¶
Get the weave bridge interface. NB: Should be called from the root network namespace.
func GetNetDevsByVethPeerIds ¶
func GetWeaveNetDevs ¶
Lookup the weave interface of a container
type EthtoolValue ¶
linux/ethtool.h 'struct ethtool_value'
type NoMasqLocalTracker ¶
type NoMasqLocalTracker struct {
// contains filtered or unexported fields
}
func NewNoMasqLocalTracker ¶
func NewNoMasqLocalTracker(ips ipset.Interface) *NoMasqLocalTracker
func (*NoMasqLocalTracker) HandleUpdate ¶
func (t *NoMasqLocalTracker) HandleUpdate(prevRanges, currRanges []address.Range, local bool) error
func (*NoMasqLocalTracker) String ¶
func (t *NoMasqLocalTracker) String() string
Source Files
Directories