- 26 Feb, 2021 12 commits
-
-
Stéphane Graber authored
small fixes
-
Christian Brauner authored
Signed-off-by:Christian Brauner <christian.brauner@ubuntu.com>
-
Christian Brauner authored
Signed-off-by: -
Stéphane Graber authored
network: fix networks with switched names
-
Christian Brauner authored
Consider the following network layout: lxc.net.0.type = phys lxc.net.0.link = eth2 lxc.net.0.name = eth%d lxc.net.1.type = phys lxc.net.1.link = eth1 lxc.net.1.name = eth0 If we simply follow this order and create the first network first the kernel will allocate eth0 for the first network but the second network requests that eth1 be renamed to eth0 in the container's network namespace which would lead to a clash. Note, we don't handle cases like: lxc.net.0.type = phys lxc.net.0.link = eth2 lxc.net.0.name = eth0 lxc.net.1.type = phys lxc.net.1.link = eth1 lxc.net.1.name = eth0 That'll brutally fail of course but there's nothing we can do about it. But this can happen when e.g. a has the following LXD configuration: devices: eth2: name: eth0 nictype: physical parent: eth2 type: nic eth3: name: eth0 nictype: physical parent: eth3 type: nic in the container's config and the default profile has: devices: eth0: name: eth0 network: lxdbr0 type: nic Signed-off-by: -
Christian Brauner authored
LXC moves network devices into the target namespace based on their created name. The created name can either be randomly generated for e.g. veth devices or it can be the name of the existing device in the server's namespaces. This is e.g. the case when moving physical devices. However this can lead to weird clashes. Consider we have a network namespace that has the following devices: 4: eth1: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000 link/ether 00:16:3e:91:d3:ae brd ff:ff:ff:ff:ff:ff permaddr 00:16:3e:e7:5d:10 altname enp7s0 5: eth2: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000 link/ether 00:16:3e:e7:5d:10 brd ff:ff:ff:ff:ff:ff permaddr 00:16:3e:91:d3:ae altname enp8s0 and the user generates the following network config for their container: lxc.net.0.type = phys lxc.net.0.name = eth1 lxc.net.0.link = eth2 lxc.net.1.type = phys lxc.net.1.name = eth2 lxc.net.1.link = eth1 This would cause LXC to move the devices eth1 and eth2 from the server's network namespace into the container's network namespace: 24: eth1: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000 link/ether 00:16:3e:91:d3:ae brd ff:ff:ff:ff:ff:ff permaddr 00:16:3e:e7:5d:10 altname enp7s0 25: eth2: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000 link/ether 00:16:3e:e7:5d:10 brd ff:ff:ff:ff:ff:ff permaddr 00:16:3e:91:d3:ae altname enp8s0 According to the network config above we now need to rename the network devices in the container's network namespace. Let's say we start with renaming eth2 to eth1. This would immediately lead to a clash since the container's network namespace already contains a network device with that name. Renaming the other device would have the same problem. There are multiple ways to fix this but I'm concerned with keeping the logic somewhat reasonable which is why we simply start creating transient device names that are unique which we'll use to move and rename the network device in the container's network namespace at the same time. And then we rename based on those random devices names to the target name. Fixes: #3696 Reported-by:Sam Boyles <sam.boyles@alliedtelesis.co.nz> Reported-by:
Blair Steven <blair.steven@alliedtelesis.co.nz> Signed-off-by:
-
Christian Brauner authored
Signed-off-by: -
Christian Brauner authored
Signed-off-by: -
Christian Brauner authored
Signed-off-by: -
Christian Brauner authored
Signed-off-by: -
Christian Brauner authored
Signed-off-by: -
Stéphane Graber authored
tree-wide: some more logging fixes
-
- 25 Feb, 2021 28 commits
-
-
Christian Brauner authored
Signed-off-by: -
Christian Brauner authored
Signed-off-by: -
Christian Brauner authored
Signed-off-by: -
Christian Brauner authored
Signed-off-by: -
Christian Brauner authored
Signed-off-by: -
Christian Brauner authored
Signed-off-by: -
Christian Brauner authored
Signed-off-by: -
Christian Brauner authored
Signed-off-by: -
Christian Brauner authored
Signed-off-by: -
Christian Brauner authored
Signed-off-by: -
Christian Brauner authored
Signed-off-by: -
Stéphane Graber authored
commands: improvements and fixes
-
Christian Brauner authored
Signed-off-by: -
Christian Brauner authored
It is fine to fail these commands when a new client talks to an old server or the kernel doesn't support the necessary features. Signed-off-by: -
Christian Brauner authored
Signed-off-by: -
Christian Brauner authored
Signed-off-by: -
Christian Brauner authored
Signed-off-by: -
Christian Brauner authored
Signed-off-by: -
Christian Brauner authored
Signed-off-by: -
Christian Brauner authored
Signed-off-by: -
Christian Brauner authored
Signed-off-by: -
Christian Brauner authored
Signed-off-by: -
Christian Brauner authored
Signed-off-by: -
Christian Brauner authored
Signed-off-by: -
Christian Brauner authored
Signed-off-by: -
Christian Brauner authored
Signed-off-by: -
Christian Brauner authored
Signed-off-by: -
Christian Brauner authored
Signed-off-by:
-
