network

package
v0.10.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jun 10, 2026 License: Apache-2.0 Imports: 26 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	// Note: use slash as separator so we can have dots in interface name (VLANs)
	DisableIPv6SysctlTemplate = "net/ipv6/conf/%s/disable_ipv6"
)

Variables

View Source 
var (
	V4all = netip.MustParsePrefix("0.0.0.0/0")
	V6all = netip.MustParsePrefix("::/0")
)
View Source 
var ErrAddressesExhausted = errors.New("no more addresses")

Functions

func BridgeByName 

func BridgeByName(name string) (*netlink.Bridge, error)

func CGroupAddress 

func CGroupAddress(log *slog.Logger, pid int) ([]netip.Prefix, error)

func CalculateGateway 

func CalculateGateway(pr netip.Prefix) netip.Prefix

func CheckBridgeStatus 

func CheckBridgeStatus(name string) error

func ConfigureGW 

func ConfigureGW(br netlink.Link, ec *EndpointConfig) error

func ConfigureIface 

func ConfigureIface(log *slog.Logger, ifName string, nc *EndpointConfig) error

func ConfigureNetNS 

func ConfigureNetNS(log *slog.Logger, pid int, ec *EndpointConfig) error

func MasqueradeEndpoint 

func MasqueradeEndpoint(ec *EndpointConfig) error

MasqueradeEndpoint adds a POSTROUTING jump for each address in `ec` to the per-bridge MIREN-* chain, so packets with that source pod IP get masqueraded on egress to non-pod-subnet destinations. The bridge-scope chain content (per-subnet ACCEPTs followed by the MASQUERADE catch-all) is owned by ReconcileBridgeAddresses, which runs at controller init before any sandbox is created.

func ReconcileBridgeAddresses added in v0.8.0 

func ReconcileBridgeAddresses(log *slog.Logger, br netlink.Link, desired []netip.Prefix) error

ReconcileBridgeAddresses owns the per-bridge NAT chain shape and removes bridge addresses + POSTROUTING jumps that belong to subnets no longer in `desired`. It runs at sandbox controller init so the chain is in the right shape before any sandbox is created. Drift happens when a runner's flannel lease rotates (typically after the runner is offline long enough for its etcd lease to expire) and a fresh subnet is allocated; without this reconcile the host bridge accumulates stale addresses across lease eras, and the per-bridge MIREN-* chain accumulates rules that interfere with traffic on the new subnet (MIR-1108).

func SetupBridge 

func SetupBridge(n *BridgeConfig) (*netlink.Bridge, error)

func SetupVeth 

func SetupVeth(netns ns.NetNS, br *netlink.Bridge, ifName string, mtu int, hairpinMode bool, vlanID int, mac string) (*current.Interface, *current.Interface, error)

func TeardownBridge 

func TeardownBridge(name string) error

Types

type BridgeConfig 

type BridgeConfig struct {
	Name      string
	Addresses []netip.Prefix

	MTU         int
	Vlan        int
	PromiscMode bool
}

type BridgeServices 

type BridgeServices struct {
	// contains filtered or unexported fields
}

BridgeServices holds the services running for a specific bridge

type EndpointConfig 

type EndpointConfig struct {
	Addresses []netip.Prefix

	Routes []*Route

	Bridge *BridgeConfig
}

func AllocateOnBridge 

func AllocateOnBridge(name string, subnet *netdb.Subnet) (*EndpointConfig, error)

func SetupOnBridge 

func SetupOnBridge(name string, subnet *netdb.Subnet, prefixes []netip.Prefix) (*EndpointConfig, error)

func (*EndpointConfig) DeriveDefaultGateway 

func (e *EndpointConfig) DeriveDefaultGateway() error

func (*EndpointConfig) FindRoute 

func (e *EndpointConfig) FindRoute(dest netip.Addr) *Route

type IPPool 

type IPPool struct {
	// contains filtered or unexported fields
}

func (*IPPool) Allocate 

func (i *IPPool) Allocate() (netip.Prefix, error)

func (*IPPool) Deallocate 

func (i *IPPool) Deallocate(addr netip.Prefix) error

func (*IPPool) Init 

func (i *IPPool) Init(cidr string, allocRouter bool) error

func (*IPPool) MarshalBinary 

func (i *IPPool) MarshalBinary() ([]byte, error)

func (*IPPool) Router 

func (i *IPPool) Router() netip.Prefix

func (*IPPool) UnmarshalBinary 

func (i *IPPool) UnmarshalBinary(data []byte) error

type Route 

type Route struct {
	Dest netip.Prefix
	Via  netip.Addr
}

type ServiceManager 

type ServiceManager struct {
	Log *slog.Logger
	EAC *entityserver_v1alpha.EntityAccessClient
	// contains filtered or unexported fields
}

ServiceManager handles network services (DNS, etc) for bridges

func NewServiceManager added in v0.3.0 

func NewServiceManager(log *slog.Logger, eac *entityserver_v1alpha.EntityAccessClient) *ServiceManager

NewServiceManager creates a new ServiceManager.

func (*ServiceManager) AddTestDNSServer added in v0.10.0 

func (sm *ServiceManager) AddTestDNSServer(t interface{ Helper() }, setup func(*dns.Server))

AddTestDNSServer adds a DNS server to the ServiceManager for testing. The setup function is called with the server to populate test data.

func (*ServiceManager) LookupSandboxByIP added in v0.10.0 

func (sm *ServiceManager) LookupSandboxByIP(ip string) (sandboxID, appName string, ok bool)

LookupSandboxByIP searches across all bridge DNS servers for a sandbox matching the given IP.

func (*ServiceManager) SetupDNS 

func (sm *ServiceManager) SetupDNS(ctx context.Context, bc *BridgeConfig) error

SetupDNS ensures a DNS server is running for the given bridge

func (*ServiceManager) ShutdownAll 

func (sm *ServiceManager) ShutdownAll() error

ShutdownAll stops all services on all bridges

func (*ServiceManager) ShutdownBridge 

func (sm *ServiceManager) ShutdownBridge(bridgeName string) error

ShutdownBridge stops all services for a given bridge

type Subnet 

type Subnet struct {
	Id     string
	IP     []netip.Prefix
	OSName string
}

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.