From 0a0bc1c5ae2fe934242f658e5221d752d9466cd3 Mon Sep 17 00:00:00 2001 From: Paul Holzinger Date: Mon, 10 Jan 2022 16:20:55 +0100 Subject: [PATCH 1/2] libnetwork: only validate static ip when ipam is host-local If the dhcp ipam driver is used podman does not know any subnets so we cannot verify if the given static ip is in the subnet. Fixes containers/podman#12762 Signed-off-by: Paul Holzinger --- libnetwork/internal/util/validate.go | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/libnetwork/internal/util/validate.go b/libnetwork/internal/util/validate.go index 322bf2c31..bfc5e2247 100644 --- a/libnetwork/internal/util/validate.go +++ b/libnetwork/internal/util/validate.go @@ -109,14 +109,16 @@ func validatePerNetworkOpts(network *types.Network, netOpts *types.PerNetworkOpt if netOpts.InterfaceName == "" { return errors.Errorf("interface name on network %s is empty", network.Name) } -outer: - for _, ip := range netOpts.StaticIPs { - for _, s := range network.Subnets { - if s.Subnet.Contains(ip) { - continue outer + if network.IPAMOptions["driver"] == types.HostLocalIPAMDriver { + outer: + for _, ip := range netOpts.StaticIPs { + for _, s := range network.Subnets { + if s.Subnet.Contains(ip) { + continue outer + } } + return errors.Errorf("requested static ip %s not in any subnet on network %s", ip.String(), network.Name) } - return errors.Errorf("requested static ip %s not in any subnet on network %s", ip.String(), network.Name) } return nil } From bf7bc2bfca8b10d7cf641845256326f0bbb73446 Mon Sep 17 00:00:00 2001 From: Paul Holzinger Date: Mon, 10 Jan 2022 16:26:45 +0100 Subject: [PATCH 2/2] libnetwork: netavark allow mtu option for macvlan We have to support the mtu option for netavark since it is also supported by CNI. Signed-off-by: Paul Holzinger --- libnetwork/netavark/config.go | 68 ++++++++++++++++++------------ libnetwork/netavark/config_test.go | 18 ++++++++ 2 files changed, 58 insertions(+), 28 deletions(-) diff --git a/libnetwork/netavark/config.go b/libnetwork/netavark/config.go index 15c9f8337..6d2daf299 100644 --- a/libnetwork/netavark/config.go +++ b/libnetwork/netavark/config.go @@ -107,35 +107,10 @@ func (n *netavarkNetwork) networkCreate(newNetwork *types.Network, defaultNet bo } } case types.MacVLANNetworkDriver: - if newNetwork.Internal { - return nil, errors.New("internal is not supported with macvlan") - } - if newNetwork.NetworkInterface != "" { - interfaceNames, err := internalutil.GetLiveNetworkNames() - if err != nil { - return nil, err - } - if !util.StringInSlice(newNetwork.NetworkInterface, interfaceNames) { - return nil, errors.Errorf("parent interface %s does not exist", newNetwork.NetworkInterface) - } - } - if len(newNetwork.Subnets) == 0 { - return nil, errors.Errorf("macvlan driver needs at least one subnet specified, DHCP is not supported with netavark") - } - newNetwork.IPAMOptions["driver"] = types.HostLocalIPAMDriver - - // validate the given options, we do not need them but just check to make sure they are valid - for key, value := range newNetwork.Options { - switch key { - case "mode": - if !util.StringInSlice(value, types.ValidMacVLANModes) { - return nil, errors.Errorf("unknown macvlan mode %q", value) - } - default: - return nil, errors.Errorf("unsupported macvlan network option %s", key) - } + err = createMacvlan(newNetwork) + if err != nil { + return nil, err } - default: return nil, errors.Wrapf(types.ErrInvalidArg, "unsupported driver %s", newNetwork.Driver) } @@ -169,6 +144,43 @@ func (n *netavarkNetwork) networkCreate(newNetwork *types.Network, defaultNet bo return newNetwork, nil } +func createMacvlan(network *types.Network) error { + if network.Internal { + return errors.New("internal is not supported with macvlan") + } + if network.NetworkInterface != "" { + interfaceNames, err := internalutil.GetLiveNetworkNames() + if err != nil { + return err + } + if !util.StringInSlice(network.NetworkInterface, interfaceNames) { + return errors.Errorf("parent interface %s does not exist", network.NetworkInterface) + } + } + if len(network.Subnets) == 0 { + return errors.Errorf("macvlan driver needs at least one subnet specified, DHCP is not supported with netavark") + } + network.IPAMOptions["driver"] = types.HostLocalIPAMDriver + + // validate the given options, we do not need them but just check to make sure they are valid + for key, value := range network.Options { + switch key { + case "mode": + if !util.StringInSlice(value, types.ValidMacVLANModes) { + return errors.Errorf("unknown macvlan mode %q", value) + } + case "mtu": + _, err := internalutil.ParseMTU(value) + if err != nil { + return err + } + default: + return errors.Errorf("unsupported macvlan network option %s", key) + } + } + return nil +} + // NetworkRemove will remove the Network with the given name or ID. // It does not ensure that the network is unused. func (n *netavarkNetwork) NetworkRemove(nameOrID string) error { diff --git a/libnetwork/netavark/config_test.go b/libnetwork/netavark/config_test.go index 401ddc4c9..ec4a566fc 100644 --- a/libnetwork/netavark/config_test.go +++ b/libnetwork/netavark/config_test.go @@ -910,6 +910,24 @@ var _ = Describe("Config", func() { Expect(err.Error()).To(Equal("unsupported macvlan network option abc")) }) + It("create macvlan config with mtu", func() { + subnet := "10.1.0.0/24" + n, _ := types.ParseCIDR(subnet) + network := types.Network{ + Driver: "macvlan", + Subnets: []types.Subnet{ + {Subnet: n}, + }, + Options: map[string]string{ + "mtu": "9000", + }, + } + network1, err := libpodNet.NetworkCreate(network) + Expect(err).To(BeNil()) + Expect(network1.Name).ToNot(BeEmpty()) + Expect(network1.Options).To(HaveKeyWithValue("mtu", "9000")) + }) + }) Context("network load valid existing ones", func() {