summaryrefslogtreecommitdiffhomepage
path: root/runsc/sandbox
diff options
context:
space:
mode:
Diffstat (limited to 'runsc/sandbox')
-rw-r--r--runsc/sandbox/network.go52
1 files changed, 35 insertions, 17 deletions
diff --git a/runsc/sandbox/network.go b/runsc/sandbox/network.go
index d0ff64067..62dcdd9e9 100644
--- a/runsc/sandbox/network.go
+++ b/runsc/sandbox/network.go
@@ -188,14 +188,14 @@ func createInterfacesAndRoutesFromNS(conn *urpc.Client, nsPath string) error {
continue
}
- ifaddrs, err := iface.Addrs()
+ allAddrs, err := iface.Addrs()
if err != nil {
return fmt.Errorf("error fetching interface addresses for %q: %v", iface.Name, err)
}
// We build our own loopback devices.
if iface.Flags&net.FlagLoopback != 0 {
- links, err := loopbackLinks(iface, ifaddrs)
+ links, err := loopbackLinks(iface, allAddrs)
if err != nil {
return fmt.Errorf("error getting loopback routes and links for iface %q: %v", iface.Name, err)
}
@@ -203,6 +203,24 @@ func createInterfacesAndRoutesFromNS(conn *urpc.Client, nsPath string) error {
continue
}
+ // Keep only IPv4 addresses.
+ var ip4addrs []*net.IPNet
+ for _, ifaddr := range allAddrs {
+ ipNet, ok := ifaddr.(*net.IPNet)
+ if !ok {
+ return fmt.Errorf("address is not IPNet: %+v", ifaddr)
+ }
+ if ipNet.IP.To4() == nil {
+ log.Warningf("IPv6 is not supported, skipping: %v", ipNet)
+ continue
+ }
+ ip4addrs = append(ip4addrs, ipNet)
+ }
+ if len(ip4addrs) == 0 {
+ log.Warningf("No IPv4 address found for interface %q, skipping", iface.Name)
+ continue
+ }
+
// Get the link for the interface.
ifaceLink, err := netlink.LinkByName(iface.Name)
if err != nil {
@@ -250,16 +268,12 @@ func createInterfacesAndRoutesFromNS(conn *urpc.Client, nsPath string) error {
// Collect the addresses for the interface, enable forwarding,
// and remove them from the host.
- for _, ifaddr := range ifaddrs {
- ipNet, ok := ifaddr.(*net.IPNet)
- if !ok {
- return fmt.Errorf("address is not IPNet: %t %+v", ifaddr, ifaddr)
- }
- link.Addresses = append(link.Addresses, ipNet.IP)
+ for _, addr := range ip4addrs {
+ link.Addresses = append(link.Addresses, addr.IP)
// Steal IP address from NIC.
- if err := removeAddress(ifaceLink, ipNet.String()); err != nil {
- return fmt.Errorf("error removing address %v from device %q: %v", iface.Name, ipNet, err)
+ if err := removeAddress(ifaceLink, addr.String()); err != nil {
+ return fmt.Errorf("error removing address %v from device %q: %v", iface.Name, addr, err)
}
}
@@ -280,7 +294,7 @@ func loopbackLinks(iface net.Interface, addrs []net.Addr) ([]boot.LoopbackLink,
for _, addr := range addrs {
ipNet, ok := addr.(*net.IPNet)
if !ok {
- return nil, fmt.Errorf("address is not IPNet: %t %+v", addr, addr)
+ return nil, fmt.Errorf("address is not IPNet: %+v", addr)
}
links = append(links, boot.LoopbackLink{
Name: iface.Name,
@@ -314,21 +328,25 @@ func routesForIface(iface net.Interface) ([]boot.Route, *boot.Route, error) {
if r.Gw == nil {
return nil, nil, fmt.Errorf("default route with no gateway %q: %+v", iface.Name, r)
}
+ if r.Gw.To4() == nil {
+ log.Warningf("IPv6 is not supported, skipping default route: %v", r)
+ continue
+ }
if def != nil {
return nil, nil, fmt.Errorf("more than one default route found %q, def: %+v, route: %+v", iface.Name, def, r)
}
- emptyAddr := net.IPv6zero
- if r.Gw.To4() != nil {
- emptyAddr = net.IPv4zero
- }
// Create a catch all route to the gateway.
def = &boot.Route{
- Destination: emptyAddr,
- Mask: net.IPMask(emptyAddr),
+ Destination: net.IPv4zero,
+ Mask: net.IPMask(net.IPv4zero),
Gateway: r.Gw,
}
continue
}
+ if r.Dst.IP.To4() == nil {
+ log.Warningf("IPv6 is not supported, skipping route: %v", r)
+ continue
+ }
routes = append(routes, boot.Route{
Destination: r.Dst.IP.Mask(r.Dst.Mask),
Mask: r.Dst.Mask,