Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Restrict post-processing to kernel network interfaces #240

Merged
merged 2 commits into from
Nov 13, 2020
Merged

Conversation

Levovar
Copy link
Collaborator

@Levovar Levovar commented Nov 2, 2020

In this PR the post-processing done by DANM is restructured to accomodate CNIs which do not create kernel networking interfaces.
Userpsace CNIs, or various network config CNIs all belong to this category. When such a CNI is invoked through DANM, various post-processing errors related to automatically setting certain interface specific configs (v/, DAD, IP routes etc.) in the kernel would fail simply because the interface does not exist.

These issues are universally solved by checking for the presence of a kernel interface first, and only initiating post-processing if one is found.

It can happen that IPv6 is disabled on the parent interface level in some edge cases (can be debated who does this nowadays, but, well).
In this rare scenario explicitly setting either disable, or enable IPv6 setting into the interface specific sys path fails, as the whole tree will not exist.
Adding stat check to both sysctl checker functions solves the issue.
…erfaces

The problem corrected in the first commit was just one symptom of ungraceful handling of user space interfaces.
The real, and generic correction is delivered by this commit.
Post-processing in general is now skipped for links not managed by the kernel.
A warning message is also written when this happens, so post-mortem debugging for kernel managed links is still possible.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant