vendor/github.com/docker/libnetwork/drivers/overlay/joinleave.go - third_party/github.com/moby/moby - Git at Google

 package overlay

 import (
 	"fmt"
 	"net"
 	"syscall"

 	"github.com/Sirupsen/logrus"
 	"github.com/docker/libnetwork/driverapi"
 	"github.com/docker/libnetwork/ns"
 	"github.com/docker/libnetwork/types"
 	"github.com/gogo/protobuf/proto"
 )

 // Join method is invoked when a Sandbox is attached to an endpoint.
 func (d *driver) Join(nid, eid string, sboxKey string, jinfo driverapi.JoinInfo, options map[string]interface{}) error {
 	if err := validateID(nid, eid); err != nil {
 		return err
 	}

 	n := d.network(nid)
 	if n == nil {
 		return fmt.Errorf("could not find network with id %s", nid)
 	}

 	ep := n.endpoint(eid)
 	if ep == nil {
 		return fmt.Errorf("could not find endpoint with id %s", eid)
 	}

 	if n.secure && len(d.keys) == 0 {
 		return fmt.Errorf("cannot join secure network: encryption keys not present")
 	}

 	nlh := ns.NlHandle()

 	if n.secure && !nlh.SupportsNetlinkFamily(syscall.NETLINK_XFRM) {
 		return fmt.Errorf("cannot join secure network: required modules to install IPSEC rules are missing on host")
 	}

 	s := n.getSubnetforIP(ep.addr)
 	if s == nil {
 		return fmt.Errorf("could not find subnet for endpoint %s", eid)
 	}

 	if err := n.obtainVxlanID(s); err != nil {
 		return fmt.Errorf("couldn't get vxlan id for %q: %v", s.subnetIP.String(), err)
 	}

 	if err := n.joinSandbox(false); err != nil {
 		return fmt.Errorf("network sandbox join failed: %v", err)
 	}

 	if err := n.joinSubnetSandbox(s, false); err != nil {
 		return fmt.Errorf("subnet sandbox join failed for %q: %v", s.subnetIP.String(), err)
 	}

 	// joinSubnetSandbox gets called when an endpoint comes up on a new subnet in the
 	// overlay network. Hence the Endpoint count should be updated outside joinSubnetSandbox
 	n.incEndpointCount()

 	sbox := n.sandbox()

 	overlayIfName, containerIfName, err := createVethPair()
 	if err != nil {
 		return err
 	}

 	ep.ifName = containerIfName

 	if err := d.writeEndpointToStore(ep); err != nil {
 		return fmt.Errorf("failed to update overlay endpoint %s to local data store: %v", ep.id[0:7], err)
 	}

 	// Set the container interface and its peer MTU to 1450 to allow
 	// for 50 bytes vxlan encap (inner eth header(14) + outer IP(20) +
 	// outer UDP(8) + vxlan header(8))
 	mtu := n.maxMTU()

 	veth, err := nlh.LinkByName(overlayIfName)
 	if err != nil {
 		return fmt.Errorf("cound not find link by name %s: %v", overlayIfName, err)
 	}
 	err = nlh.LinkSetMTU(veth, mtu)
 	if err != nil {
 		return err
 	}

 	if err := sbox.AddInterface(overlayIfName, "veth",
 		sbox.InterfaceOptions().Master(s.brName)); err != nil {
 		return fmt.Errorf("could not add veth pair inside the network sandbox: %v", err)
 	}

 	veth, err = nlh.LinkByName(containerIfName)
 	if err != nil {
 		return fmt.Errorf("could not find link by name %s: %v", containerIfName, err)
 	}
 	err = nlh.LinkSetMTU(veth, mtu)
 	if err != nil {
 		return err
 	}

 	if err := nlh.LinkSetHardwareAddr(veth, ep.mac); err != nil {
 		return fmt.Errorf("could not set mac address (%v) to the container interface: %v", ep.mac, err)
 	}

 	for _, sub := range n.subnets {
 		if sub == s {
 			continue
 		}
 		if err := jinfo.AddStaticRoute(sub.subnetIP, types.NEXTHOP, s.gwIP.IP); err != nil {
 			logrus.Errorf("Adding subnet %s static route in network %q failed\n", s.subnetIP, n.id)
 		}
 	}

 	if iNames := jinfo.InterfaceName(); iNames != nil {
 		err = iNames.SetNames(containerIfName, "eth")
 		if err != nil {
 			return err
 		}
 	}

 	d.peerAdd(nid, eid, ep.addr.IP, ep.addr.Mask, ep.mac, net.ParseIP(d.advertiseAddress), true, false, false, true)

 	if err := d.checkEncryption(nid, nil, n.vxlanID(s), true, true); err != nil {
 		logrus.Warn(err)
 	}

 	buf, err := proto.Marshal(&PeerRecord{
 		EndpointIP:       ep.addr.String(),
 		EndpointMAC:      ep.mac.String(),
 		TunnelEndpointIP: d.advertiseAddress,
 	})
 	if err != nil {
 		return err
 	}

 	if err := jinfo.AddTableEntry(ovPeerTable, eid, buf); err != nil {
 		logrus.Errorf("overlay: Failed adding table entry to joininfo: %v", err)
 	}

 	d.pushLocalEndpointEvent("join", nid, eid)

 	return nil
 }

 func (d *driver) DecodeTableEntry(tablename string, key string, value []byte) (string, map[string]string) {
 	if tablename != ovPeerTable {
 		logrus.Errorf("DecodeTableEntry: unexpected table name %s", tablename)
 		return "", nil
 	}

 	var peer PeerRecord
 	if err := proto.Unmarshal(value, &peer); err != nil {
 		logrus.Errorf("DecodeTableEntry: failed to unmarshal peer record for key %s: %v", key, err)
 		return "", nil
 	}

 	return key, map[string]string{
 		"Host IP": peer.TunnelEndpointIP,
 	}
 }

 func (d *driver) EventNotify(etype driverapi.EventType, nid, tableName, key string, value []byte) {
 	if tableName != ovPeerTable {
 		logrus.Errorf("Unexpected table notification for table %s received", tableName)
 		return
 	}

 	eid := key

 	var peer PeerRecord
 	if err := proto.Unmarshal(value, &peer); err != nil {
 		logrus.Errorf("Failed to unmarshal peer record: %v", err)
 		return
 	}

 	// Ignore local peers. We already know about them and they
 	// should not be added to vxlan fdb.
 	if peer.TunnelEndpointIP == d.advertiseAddress {
 		return
 	}

 	addr, err := types.ParseCIDR(peer.EndpointIP)
 	if err != nil {
 		logrus.Errorf("Invalid peer IP %s received in event notify", peer.EndpointIP)
 		return
 	}

 	mac, err := net.ParseMAC(peer.EndpointMAC)
 	if err != nil {
 		logrus.Errorf("Invalid mac %s received in event notify", peer.EndpointMAC)
 		return
 	}

 	vtep := net.ParseIP(peer.TunnelEndpointIP)
 	if vtep == nil {
 		logrus.Errorf("Invalid VTEP %s received in event notify", peer.TunnelEndpointIP)
 		return
 	}

 	if etype == driverapi.Delete {
 		d.peerDelete(nid, eid, addr.IP, addr.Mask, mac, vtep, true)
 		return
 	}

 	d.peerAdd(nid, eid, addr.IP, addr.Mask, mac, vtep, true, false, false, false)
 }

 // Leave method is invoked when a Sandbox detaches from an endpoint.
 func (d *driver) Leave(nid, eid string) error {
 	if err := validateID(nid, eid); err != nil {
 		return err
 	}

 	n := d.network(nid)
 	if n == nil {
 		return fmt.Errorf("could not find network with id %s", nid)
 	}

 	ep := n.endpoint(eid)

 	if ep == nil {
 		return types.InternalMaskableErrorf("could not find endpoint with id %s", eid)
 	}

 	if d.notifyCh != nil {
 		d.notifyCh <- ovNotify{
 			action: "leave",
 			nw:     n,
 			ep:     ep,
 		}
 	}

 	n.leaveSandbox()

 	if err := d.checkEncryption(nid, nil, 0, true, false); err != nil {
 		logrus.Warn(err)
 	}

 	return nil
 }
	package overlay

	import (
	"fmt"
	"net"
	"syscall"

	"github.com/Sirupsen/logrus"
	"github.com/docker/libnetwork/driverapi"
	"github.com/docker/libnetwork/ns"
	"github.com/docker/libnetwork/types"
	"github.com/gogo/protobuf/proto"
	)

	// Join method is invoked when a Sandbox is attached to an endpoint.
	func (d *driver) Join(nid, eid string, sboxKey string, jinfo driverapi.JoinInfo, options map[string]interface{}) error {
	if err := validateID(nid, eid); err != nil {
	return err
	}

	n := d.network(nid)
	if n == nil {
	return fmt.Errorf("could not find network with id %s", nid)
	}

	ep := n.endpoint(eid)
	if ep == nil {
	return fmt.Errorf("could not find endpoint with id %s", eid)
	}

	if n.secure && len(d.keys) == 0 {
	return fmt.Errorf("cannot join secure network: encryption keys not present")
	}

	nlh := ns.NlHandle()

	if n.secure && !nlh.SupportsNetlinkFamily(syscall.NETLINK_XFRM) {
	return fmt.Errorf("cannot join secure network: required modules to install IPSEC rules are missing on host")
	}

	s := n.getSubnetforIP(ep.addr)
	if s == nil {
	return fmt.Errorf("could not find subnet for endpoint %s", eid)
	}

	if err := n.obtainVxlanID(s); err != nil {
	return fmt.Errorf("couldn't get vxlan id for %q: %v", s.subnetIP.String(), err)
	}

	if err := n.joinSandbox(false); err != nil {
	return fmt.Errorf("network sandbox join failed: %v", err)
	}

	if err := n.joinSubnetSandbox(s, false); err != nil {
	return fmt.Errorf("subnet sandbox join failed for %q: %v", s.subnetIP.String(), err)
	}

	// joinSubnetSandbox gets called when an endpoint comes up on a new subnet in the
	// overlay network. Hence the Endpoint count should be updated outside joinSubnetSandbox
	n.incEndpointCount()

	sbox := n.sandbox()

	overlayIfName, containerIfName, err := createVethPair()
	if err != nil {
	return err
	}

	ep.ifName = containerIfName

	if err := d.writeEndpointToStore(ep); err != nil {
	return fmt.Errorf("failed to update overlay endpoint %s to local data store: %v", ep.id[0:7], err)
	}

	// Set the container interface and its peer MTU to 1450 to allow
	// for 50 bytes vxlan encap (inner eth header(14) + outer IP(20) +
	// outer UDP(8) + vxlan header(8))
	mtu := n.maxMTU()

	veth, err := nlh.LinkByName(overlayIfName)
	if err != nil {
	return fmt.Errorf("cound not find link by name %s: %v", overlayIfName, err)
	}
	err = nlh.LinkSetMTU(veth, mtu)
	if err != nil {
	return err
	}

	if err := sbox.AddInterface(overlayIfName, "veth",
	sbox.InterfaceOptions().Master(s.brName)); err != nil {
	return fmt.Errorf("could not add veth pair inside the network sandbox: %v", err)
	}

	veth, err = nlh.LinkByName(containerIfName)
	if err != nil {
	return fmt.Errorf("could not find link by name %s: %v", containerIfName, err)
	}
	err = nlh.LinkSetMTU(veth, mtu)
	if err != nil {
	return err
	}

	if err := nlh.LinkSetHardwareAddr(veth, ep.mac); err != nil {
	return fmt.Errorf("could not set mac address (%v) to the container interface: %v", ep.mac, err)
	}

	for _, sub := range n.subnets {
	if sub == s {
	continue
	}
	if err := jinfo.AddStaticRoute(sub.subnetIP, types.NEXTHOP, s.gwIP.IP); err != nil {
	logrus.Errorf("Adding subnet %s static route in network %q failed\n", s.subnetIP, n.id)
	}
	}

	if iNames := jinfo.InterfaceName(); iNames != nil {
	err = iNames.SetNames(containerIfName, "eth")
	if err != nil {
	return err
	}
	}

	d.peerAdd(nid, eid, ep.addr.IP, ep.addr.Mask, ep.mac, net.ParseIP(d.advertiseAddress), true, false, false, true)

	if err := d.checkEncryption(nid, nil, n.vxlanID(s), true, true); err != nil {
	logrus.Warn(err)
	}

	buf, err := proto.Marshal(&PeerRecord{
	EndpointIP: ep.addr.String(),
	EndpointMAC: ep.mac.String(),
	TunnelEndpointIP: d.advertiseAddress,
	})
	if err != nil {
	return err
	}

	if err := jinfo.AddTableEntry(ovPeerTable, eid, buf); err != nil {
	logrus.Errorf("overlay: Failed adding table entry to joininfo: %v", err)
	}

	d.pushLocalEndpointEvent("join", nid, eid)

	return nil
	}

	func (d *driver) DecodeTableEntry(tablename string, key string, value []byte) (string, map[string]string) {
	if tablename != ovPeerTable {
	logrus.Errorf("DecodeTableEntry: unexpected table name %s", tablename)
	return "", nil
	}

	var peer PeerRecord
	if err := proto.Unmarshal(value, &peer); err != nil {
	logrus.Errorf("DecodeTableEntry: failed to unmarshal peer record for key %s: %v", key, err)
	return "", nil
	}

	return key, map[string]string{
	"Host IP": peer.TunnelEndpointIP,
	}
	}

	func (d *driver) EventNotify(etype driverapi.EventType, nid, tableName, key string, value []byte) {
	if tableName != ovPeerTable {
	logrus.Errorf("Unexpected table notification for table %s received", tableName)
	return
	}

	eid := key

	var peer PeerRecord
	if err := proto.Unmarshal(value, &peer); err != nil {
	logrus.Errorf("Failed to unmarshal peer record: %v", err)
	return
	}

	// Ignore local peers. We already know about them and they
	// should not be added to vxlan fdb.
	if peer.TunnelEndpointIP == d.advertiseAddress {
	return
	}

	addr, err := types.ParseCIDR(peer.EndpointIP)
	if err != nil {
	logrus.Errorf("Invalid peer IP %s received in event notify", peer.EndpointIP)
	return
	}

	mac, err := net.ParseMAC(peer.EndpointMAC)
	if err != nil {
	logrus.Errorf("Invalid mac %s received in event notify", peer.EndpointMAC)
	return
	}

	vtep := net.ParseIP(peer.TunnelEndpointIP)
	if vtep == nil {
	logrus.Errorf("Invalid VTEP %s received in event notify", peer.TunnelEndpointIP)
	return
	}

	if etype == driverapi.Delete {
	d.peerDelete(nid, eid, addr.IP, addr.Mask, mac, vtep, true)
	return
	}

	d.peerAdd(nid, eid, addr.IP, addr.Mask, mac, vtep, true, false, false, false)
	}

	// Leave method is invoked when a Sandbox detaches from an endpoint.
	func (d *driver) Leave(nid, eid string) error {
	if err := validateID(nid, eid); err != nil {
	return err
	}

	n := d.network(nid)
	if n == nil {
	return fmt.Errorf("could not find network with id %s", nid)
	}

	ep := n.endpoint(eid)

	if ep == nil {
	return types.InternalMaskableErrorf("could not find endpoint with id %s", eid)
	}

	if d.notifyCh != nil {
	d.notifyCh <- ovNotify{
	action: "leave",
	nw: n,
	ep: ep,
	}
	}

	n.leaveSandbox()

	if err := d.checkEncryption(nid, nil, 0, true, false); err != nil {
	logrus.Warn(err)
	}

	return nil
	}