Skip to content

L
lxc
Switch branch/tag
  1. 26 Feb, 2021 8 commits
    • network: use two passes through networks · 3a197a1b
      Christian Brauner authored 
      Consider the following network layout:

 lxc.net.0.type = phys
 lxc.net.0.link = eth2
 lxc.net.0.name = eth%d

 lxc.net.1.type = phys
 lxc.net.1.link = eth1
 lxc.net.1.name = eth0

If we simply follow this order and create the first network first the kernel
will allocate eth0 for the first network but the second network requests
that eth1 be renamed to eth0 in the container's network namespace which
would lead to a clash.

Note, we don't handle cases like:

 lxc.net.0.type = phys
 lxc.net.0.link = eth2
 lxc.net.0.name = eth0

 lxc.net.1.type = phys
 lxc.net.1.link = eth1
 lxc.net.1.name = eth0

That'll brutally fail of course but there's nothing we can do about it. But
this can happen when e.g. a has the following LXD configuration:

devices:
  eth2:
    name: eth0
    nictype: physical
    parent: eth2
    type: nic
  eth3:
    name: eth0
    nictype: physical
    parent: eth3
    type: nic

in the container's config and the default profile has:

devices:
  eth0:
    name: eth0
    network: lxdbr0
    type: nic
Signed-off-by: 's avatarChristian Brauner <christian.brauner@ubuntu.com>
    • network: handle name collisions when renaming network devices · fdd6be55
      Christian Brauner authored 
      LXC moves network devices into the target namespace based on their created
name. The created name can either be randomly generated for e.g. veth
devices or it can be the name of the existing device in the server's
namespaces. This is e.g. the case when moving physical devices. However this
can lead to weird clashes. Consider we have a network namespace that has the
following devices:

4: eth1: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000
   link/ether 00:16:3e:91:d3:ae brd ff:ff:ff:ff:ff:ff permaddr 00:16:3e:e7:5d:10
   altname enp7s0
5: eth2: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000
   link/ether 00:16:3e:e7:5d:10 brd ff:ff:ff:ff:ff:ff permaddr 00:16:3e:91:d3:ae
   altname enp8s0

and the user generates the following network config for their container:

 lxc.net.0.type = phys
 lxc.net.0.name = eth1
 lxc.net.0.link = eth2

 lxc.net.1.type = phys
 lxc.net.1.name = eth2
 lxc.net.1.link = eth1

This would cause LXC to move the devices eth1 and eth2 from the server's
network namespace into the container's network namespace:

24: eth1: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000
    link/ether 00:16:3e:91:d3:ae brd ff:ff:ff:ff:ff:ff permaddr 00:16:3e:e7:5d:10
    altname enp7s0
25: eth2: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000
    link/ether 00:16:3e:e7:5d:10 brd ff:ff:ff:ff:ff:ff permaddr 00:16:3e:91:d3:ae
     altname enp8s0

According to the network config above we now need to rename the network
devices in the container's network namespace. Let's say we start with
renaming eth2 to eth1. This would immediately lead to a clash since the
container's network namespace already contains a network device with that
name. Renaming the other device would have the same problem.

There are multiple ways to fix this but I'm concerned with keeping the logic
somewhat reasonable which is why we simply start creating transient device
names that are unique which we'll use to move and rename the network device
in the container's network namespace at the same time. And then we rename
based on those random devices names to the target name.

Fixes: #3696
Reported-by: 's avatarSam Boyles <sam.boyles@alliedtelesis.co.nz>
Reported-by: 's avatarBlair Steven <blair.steven@alliedtelesis.co.nz>
Signed-off-by: 's avatarChristian Brauner <christian.brauner@ubuntu.com>
    • network: add lxc_network_info struct · 3392d379
      Christian Brauner authored 
      Signed-off-by: 's avatarChristian Brauner <christian.brauner@ubuntu.com>
    • network: fix grammar · 4a037d61
      Christian Brauner authored 
      Signed-off-by: 's avatarChristian Brauner <christian.brauner@ubuntu.com>
    • confile_utils: ensure memory is zeroed · 9dffc40e
      Christian Brauner authored 
      Signed-off-by: 's avatarChristian Brauner <christian.brauner@ubuntu.com>
    • network: fix coding style in lxc_create_network_unpriv_exec() · 071d0934
      Christian Brauner authored 
      Signed-off-by: 's avatarChristian Brauner <christian.brauner@ubuntu.com>
    • network: make callback naming consistent and understandable · bad2f913
      Christian Brauner authored 
      Signed-off-by: 's avatarChristian Brauner <christian.brauner@ubuntu.com>
    • Merge pull request #3698 from brauner/2021-02-25/fixes · 32d40452
      Stéphane Graber authored 
      tree-wide: some more logging fixes
  3. 25 Feb, 2021 32 commits