Lucas Servén Marín
12
vendor/github.com/vishvananda/netns/README.md
generated
vendored
12
vendor/github.com/vishvananda/netns/README.md
generated
vendored
@@ -37,7 +37,6 @@ func main() {
|
||||
|
||||
// Create a new network namespace
|
||||
newns, _ := netns.New()
|
||||
netns.Set(newns)
|
||||
defer newns.Close()
|
||||
|
||||
// Do something with the network namespace
|
||||
@@ -49,3 +48,14 @@ func main() {
|
||||
}
|
||||
|
||||
```
|
||||
|
||||
## NOTE
|
||||
|
||||
The library can be safely used only with Go >= 1.10 due to [golang/go#20676](https://github.com/golang/go/issues/20676).
|
||||
|
||||
After locking a goroutine to its current OS thread with `runtime.LockOSThread()`
|
||||
and changing its network namespace, any new subsequent goroutine won't be
|
||||
scheduled on that thread while it's locked. Therefore, the new goroutine
|
||||
will run in a different namespace leading to unexpected results.
|
||||
|
||||
See [here](https://www.weave.works/blog/linux-namespaces-golang-followup) for more details.
|
||||
|
||||
19
vendor/github.com/vishvananda/netns/netns.go
generated
vendored
19
vendor/github.com/vishvananda/netns/netns.go
generated
vendored
@@ -10,7 +10,8 @@ package netns
|
||||
|
||||
import (
|
||||
"fmt"
|
||||
"syscall"
|
||||
|
||||
"golang.org/x/sys/unix"
|
||||
)
|
||||
|
||||
// NsHandle is a handle to a network namespace. It can be cast directly
|
||||
@@ -24,11 +25,11 @@ func (ns NsHandle) Equal(other NsHandle) bool {
|
||||
if ns == other {
|
||||
return true
|
||||
}
|
||||
var s1, s2 syscall.Stat_t
|
||||
if err := syscall.Fstat(int(ns), &s1); err != nil {
|
||||
var s1, s2 unix.Stat_t
|
||||
if err := unix.Fstat(int(ns), &s1); err != nil {
|
||||
return false
|
||||
}
|
||||
if err := syscall.Fstat(int(other), &s2); err != nil {
|
||||
if err := unix.Fstat(int(other), &s2); err != nil {
|
||||
return false
|
||||
}
|
||||
return (s1.Dev == s2.Dev) && (s1.Ino == s2.Ino)
|
||||
@@ -36,11 +37,11 @@ func (ns NsHandle) Equal(other NsHandle) bool {
|
||||
|
||||
// String shows the file descriptor number and its dev and inode.
|
||||
func (ns NsHandle) String() string {
|
||||
var s syscall.Stat_t
|
||||
if ns == -1 {
|
||||
return "NS(None)"
|
||||
}
|
||||
if err := syscall.Fstat(int(ns), &s); err != nil {
|
||||
var s unix.Stat_t
|
||||
if err := unix.Fstat(int(ns), &s); err != nil {
|
||||
return fmt.Sprintf("NS(%d: unknown)", ns)
|
||||
}
|
||||
return fmt.Sprintf("NS(%d: %d, %d)", ns, s.Dev, s.Ino)
|
||||
@@ -49,11 +50,11 @@ func (ns NsHandle) String() string {
|
||||
// UniqueId returns a string which uniquely identifies the namespace
|
||||
// associated with the network handle.
|
||||
func (ns NsHandle) UniqueId() string {
|
||||
var s syscall.Stat_t
|
||||
if ns == -1 {
|
||||
return "NS(none)"
|
||||
}
|
||||
if err := syscall.Fstat(int(ns), &s); err != nil {
|
||||
var s unix.Stat_t
|
||||
if err := unix.Fstat(int(ns), &s); err != nil {
|
||||
return "NS(unknown)"
|
||||
}
|
||||
return fmt.Sprintf("NS(%d:%d)", s.Dev, s.Ino)
|
||||
@@ -67,7 +68,7 @@ func (ns NsHandle) IsOpen() bool {
|
||||
// Close closes the NsHandle and resets its file descriptor to -1.
|
||||
// It is not safe to use an NsHandle after Close() is called.
|
||||
func (ns *NsHandle) Close() error {
|
||||
if err := syscall.Close(int(*ns)); err != nil {
|
||||
if err := unix.Close(int(*ns)); err != nil {
|
||||
return err
|
||||
}
|
||||
(*ns) = -1
|
||||
|
||||
106
vendor/github.com/vishvananda/netns/netns_linux.go
generated
vendored
106
vendor/github.com/vishvananda/netns/netns_linux.go
generated
vendored
@@ -1,4 +1,4 @@
|
||||
// +build linux
|
||||
// +build linux,go1.10
|
||||
|
||||
package netns
|
||||
|
||||
@@ -6,44 +6,30 @@ import (
|
||||
"fmt"
|
||||
"io/ioutil"
|
||||
"os"
|
||||
"path"
|
||||
"path/filepath"
|
||||
"runtime"
|
||||
"strconv"
|
||||
"strings"
|
||||
"syscall"
|
||||
)
|
||||
|
||||
// SYS_SETNS syscall allows changing the namespace of the current process.
|
||||
var SYS_SETNS = map[string]uintptr{
|
||||
"386": 346,
|
||||
"amd64": 308,
|
||||
"arm64": 268,
|
||||
"arm": 375,
|
||||
"mips": 4344,
|
||||
"mipsle": 4344,
|
||||
"ppc64": 350,
|
||||
"ppc64le": 350,
|
||||
"s390x": 339,
|
||||
}[runtime.GOARCH]
|
||||
"golang.org/x/sys/unix"
|
||||
)
|
||||
|
||||
// Deprecated: use syscall pkg instead (go >= 1.5 needed).
|
||||
const (
|
||||
CLONE_NEWUTS = 0x04000000 /* New utsname group? */
|
||||
CLONE_NEWIPC = 0x08000000 /* New ipcs */
|
||||
CLONE_NEWUSER = 0x10000000 /* New user namespace */
|
||||
CLONE_NEWPID = 0x20000000 /* New pid namespace */
|
||||
CLONE_NEWNET = 0x40000000 /* New network namespace */
|
||||
CLONE_IO = 0x80000000 /* Get io context */
|
||||
CLONE_NEWUTS = 0x04000000 /* New utsname group? */
|
||||
CLONE_NEWIPC = 0x08000000 /* New ipcs */
|
||||
CLONE_NEWUSER = 0x10000000 /* New user namespace */
|
||||
CLONE_NEWPID = 0x20000000 /* New pid namespace */
|
||||
CLONE_NEWNET = 0x40000000 /* New network namespace */
|
||||
CLONE_IO = 0x80000000 /* Get io context */
|
||||
bindMountPath = "/run/netns" /* Bind mount path for named netns */
|
||||
)
|
||||
|
||||
// Setns sets namespace using syscall. Note that this should be a method
|
||||
// in syscall but it has not been added.
|
||||
func Setns(ns NsHandle, nstype int) (err error) {
|
||||
_, _, e1 := syscall.Syscall(SYS_SETNS, uintptr(ns), uintptr(nstype), 0)
|
||||
if e1 != 0 {
|
||||
err = e1
|
||||
}
|
||||
return
|
||||
return unix.Setns(int(ns), nstype)
|
||||
}
|
||||
|
||||
// Set sets the current network namespace to the namespace represented
|
||||
@@ -52,23 +38,67 @@ func Set(ns NsHandle) (err error) {
|
||||
return Setns(ns, CLONE_NEWNET)
|
||||
}
|
||||
|
||||
// New creates a new network namespace and returns a handle to it.
|
||||
// New creates a new network namespace, sets it as current and returns
|
||||
// a handle to it.
|
||||
func New() (ns NsHandle, err error) {
|
||||
if err := syscall.Unshare(CLONE_NEWNET); err != nil {
|
||||
if err := unix.Unshare(CLONE_NEWNET); err != nil {
|
||||
return -1, err
|
||||
}
|
||||
return Get()
|
||||
}
|
||||
|
||||
// NewNamed creates a new named network namespace and returns a handle to it
|
||||
func NewNamed(name string) (NsHandle, error) {
|
||||
if _, err := os.Stat(bindMountPath); os.IsNotExist(err) {
|
||||
err = os.MkdirAll(bindMountPath, 0755)
|
||||
if err != nil {
|
||||
return None(), err
|
||||
}
|
||||
}
|
||||
|
||||
newNs, err := New()
|
||||
if err != nil {
|
||||
return None(), err
|
||||
}
|
||||
|
||||
namedPath := path.Join(bindMountPath, name)
|
||||
|
||||
f, err := os.OpenFile(namedPath, os.O_CREATE|os.O_EXCL, 0444)
|
||||
if err != nil {
|
||||
return None(), err
|
||||
}
|
||||
f.Close()
|
||||
|
||||
nsPath := fmt.Sprintf("/proc/%d/task/%d/ns/net", os.Getpid(), syscall.Gettid())
|
||||
err = syscall.Mount(nsPath, namedPath, "bind", syscall.MS_BIND, "")
|
||||
if err != nil {
|
||||
return None(), err
|
||||
}
|
||||
|
||||
return newNs, nil
|
||||
}
|
||||
|
||||
// DeleteNamed deletes a named network namespace
|
||||
func DeleteNamed(name string) error {
|
||||
namedPath := path.Join(bindMountPath, name)
|
||||
|
||||
err := syscall.Unmount(namedPath, syscall.MNT_DETACH)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
return os.Remove(namedPath)
|
||||
}
|
||||
|
||||
// Get gets a handle to the current threads network namespace.
|
||||
func Get() (NsHandle, error) {
|
||||
return GetFromThread(os.Getpid(), syscall.Gettid())
|
||||
return GetFromThread(os.Getpid(), unix.Gettid())
|
||||
}
|
||||
|
||||
// GetFromPath gets a handle to a network namespace
|
||||
// identified by the path
|
||||
func GetFromPath(path string) (NsHandle, error) {
|
||||
fd, err := syscall.Open(path, syscall.O_RDONLY, 0)
|
||||
fd, err := unix.Open(path, unix.O_RDONLY|unix.O_CLOEXEC, 0)
|
||||
if err != nil {
|
||||
return -1, err
|
||||
}
|
||||
@@ -188,12 +218,18 @@ func getPidForContainer(id string) (int, error) {
|
||||
filepath.Join(cgroupRoot, "system.slice", "docker-"+id+".scope", "tasks"),
|
||||
// Even more recent docker versions under cgroup/systemd/docker/<id>/
|
||||
filepath.Join(cgroupRoot, "..", "systemd", "docker", id, "tasks"),
|
||||
// Kubernetes with docker and CNI is even more different
|
||||
// Kubernetes with docker and CNI is even more different. Works for BestEffort and Burstable QoS
|
||||
filepath.Join(cgroupRoot, "..", "systemd", "kubepods", "*", "pod*", id, "tasks"),
|
||||
// Another flavor of containers location in recent kubernetes 1.11+
|
||||
filepath.Join(cgroupRoot, cgroupThis, "kubepods.slice", "kubepods-besteffort.slice", "*", "docker-"+id+".scope", "tasks"),
|
||||
// When runs inside of a container with recent kubernetes 1.11+
|
||||
filepath.Join(cgroupRoot, "kubepods.slice", "kubepods-besteffort.slice", "*", "docker-"+id+".scope", "tasks"),
|
||||
// Same as above but for Guaranteed QoS
|
||||
filepath.Join(cgroupRoot, "..", "systemd", "kubepods", "pod*", id, "tasks"),
|
||||
// Another flavor of containers location in recent kubernetes 1.11+. Works for BestEffort and Burstable QoS
|
||||
filepath.Join(cgroupRoot, cgroupThis, "kubepods.slice", "*.slice", "*", "docker-"+id+".scope", "tasks"),
|
||||
// Same as above but for Guaranteed QoS
|
||||
filepath.Join(cgroupRoot, cgroupThis, "kubepods.slice", "*", "docker-"+id+".scope", "tasks"),
|
||||
// When runs inside of a container with recent kubernetes 1.11+. Works for BestEffort and Burstable QoS
|
||||
filepath.Join(cgroupRoot, "kubepods.slice", "*.slice", "*", "docker-"+id+".scope", "tasks"),
|
||||
// Same as above but for Guaranteed QoS
|
||||
filepath.Join(cgroupRoot, "kubepods.slice", "*", "docker-"+id+".scope", "tasks"),
|
||||
}
|
||||
|
||||
var filename string
|
||||
|
||||
Reference in New Issue
Block a user