masquerade and route forwarded packets from host's loopback to the pod

[steveej]

This implementation is not ideal because it uses heuristics to find interface names.

The host's veth interface has to be found with the only thing that's known, it's IP address. The names are randomly generated by CNI and are not returned in the CNI result. Further, due to the way the PTP plugin works, multiple veth interfaces have the same address, so they are all candidates for needing route_localnet enabled.

Fixes #1256.

• Implementation
• Tests, we have no port forwarding tests at all!

Follow-Up:

• Improve IPv4 / IPv6 address detection code
• Cleanup network tests comments
• Retrieve interface names by CNI instead of using heuristics

[iaguis]

A future improvement should bump to a CNI version which contains more information in the result which can be used instead of the heuristics.

Is this already implemented on CNI?

[steveej]

No, otherwise I would've made use of that.

[alban]

Can it use case net.ParseIP(defaultHostIPstring).To4() != nil?

[steveej]

I will try that, thanks!

[steveej]

Unfortunately .ToIPv16() is a false positive in this case. I'm digging for the origin but I'm leaving the code as is (working).

        2016/01/28 17:41:39 unexpected IPv6 Address returned for default host interface: "172.16.28.1"
        Failed to setup network: unexpected IPv6 Address returned for default host interface: "172.16.28.1"

FAIL
exit status 1
FAIL    github.com/coreos/rkt/tests 3.150s

[jonboulle]

A TODO to follow up would be nice.

[steveej]

I'd prefer to put it in an issue since we need a follow-up for this already. Are you okay with that?

[jonboulle]

Sure

Stefan Junker notifications@github.com schrieb am Fr., 29. Jan. 2016
15:37:

In networking/networking.go
#2027 (comment):

@@ -116,6 +125,54 @@ func Setup(podRoot string, podID types.UUID, fps []ForwardedPort, netList common
return &n, nil
}

+// enableDefaultLocalnetRouting enables the route_localnet attribute on the supposedly default network interface.
+// This allows to setup a loopback NAT to access port forwardings to Pods on the host with the localhost address.
+func (n *Networking) enableDefaultLocalnetRouting() error {

• routeLocalnetFormat := ""

• defaultHostIP, err := n.GetDefaultHostIP()
• if err != nil {

•   return err
  

• }

• defaultHostIPstring := defaultHostIP.String()
• switch {
• case strings.Contains(defaultHostIPstring, "."):

I'd prefer to put it in an issue since we need a follow-up for this
already. Are you okay with that?

—
Reply to this email directly or view it on GitHub
https://github.com/coreos/rkt/pull/2027/files#r51266774.

[jonboulle]

@steveej could you document the potential scaling issue (?) with this we discussed in the sync?

[steveej]

@jonboulle yes, I'll create an issue as soon as this gets merged!

[jonboulle]

remove

[steveej]

Thanks, such a bad habit.

[jonboulle]

style nits, but LGTM wenn es funktioniert.

[jonboulle]

if != 0 continue maybe nicer..

[steveej]

Indeed, makes it a little easier to read

[jonboulle]

LGTM modulo previous requests for (two?) follow ups
maybe worth another pair of eyes

[iaguis]

double on

[iaguis]

LGTM after fixing a couple of nits.

[alban]

s/on this host/from this host? (x2)

[alban]

Where does this IP come from? 172.16.28.1
I guess it is the first IP available in the default network. What happens if another rkt pod is running with this IP while the tests are being run?

[steveej]

This is the IP of the host in the default network, it's not affected by other rkt instances.

[alban]

Oh, right. Thanks for the explanation. You can use a comment to say that, or a constant if it already exists.

[jonboulle]

sick

On Mon, Feb 1, 2016 at 6:30 PM, Iago López Galeiras <
notifications@github.com> wrote:

Merged #2027 #2027.

—
Reply to this email directly or view it on GitHub
#2027 (comment).