github.com/containerd/nerdctl@v1.7.7/pkg/netutil/cni_plugin_unix.go

github.com/containerd/nerdctl@v1.7.7/pkg/netutil/cni_plugin_unix.go (about)

     1  //go:build freebsd || linux
     2  
     3  /*
     4     Copyright The containerd Authors.
     5  
     6     Licensed under the Apache License, Version 2.0 (the "License");
     7     you may not use this file except in compliance with the License.
     8     You may obtain a copy of the License at
     9  
    10         http://www.apache.org/licenses/LICENSE-2.0
    11  
    12     Unless required by applicable law or agreed to in writing, software
    13     distributed under the License is distributed on an "AS IS" BASIS,
    14     WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    15     See the License for the specific language governing permissions and
    16     limitations under the License.
    17  */
    18  
    19  package netutil
    20  
    21  import "github.com/containerd/nerdctl/pkg/rootlessutil"
    22  
    23  // bridgeConfig describes the bridge plugin
    24  type bridgeConfig struct {
    25  	PluginType   string                 `json:"type"`
    26  	BrName       string                 `json:"bridge,omitempty"`
    27  	IsGW         bool                   `json:"isGateway,omitempty"`
    28  	IsDefaultGW  bool                   `json:"isDefaultGateway,omitempty"`
    29  	ForceAddress bool                   `json:"forceAddress,omitempty"`
    30  	IPMasq       bool                   `json:"ipMasq,omitempty"`
    31  	MTU          int                    `json:"mtu,omitempty"`
    32  	HairpinMode  bool                   `json:"hairpinMode,omitempty"`
    33  	PromiscMode  bool                   `json:"promiscMode,omitempty"`
    34  	Vlan         int                    `json:"vlan,omitempty"`
    35  	IPAM         map[string]interface{} `json:"ipam"`
    36  	Capabilities map[string]bool        `json:"capabilities,omitempty"`
    37  }
    38  
    39  func newBridgePlugin(bridgeName string) *bridgeConfig {
    40  	return &bridgeConfig{
    41  		PluginType:   "bridge",
    42  		BrName:       bridgeName,
    43  		Capabilities: map[string]bool{},
    44  	}
    45  }
    46  
    47  func (*bridgeConfig) GetPluginType() string {
    48  	return "bridge"
    49  }
    50  
    51  // vlanConfig describes the macvlan/ipvlan config
    52  type vlanConfig struct {
    53  	PluginType   string                 `json:"type"`
    54  	Master       string                 `json:"master"`
    55  	Mode         string                 `json:"mode,omitempty"`
    56  	MTU          int                    `json:"mtu,omitempty"`
    57  	IPAM         map[string]interface{} `json:"ipam"`
    58  	Capabilities map[string]bool        `json:"capabilities,omitempty"`
    59  }
    60  
    61  func newVLANPlugin(pluginType string) *vlanConfig {
    62  	return &vlanConfig{
    63  		PluginType:   pluginType,
    64  		Capabilities: map[string]bool{},
    65  	}
    66  }
    67  
    68  func (c *vlanConfig) GetPluginType() string {
    69  	return c.PluginType
    70  }
    71  
    72  // portMapConfig describes the portmapping plugin
    73  type portMapConfig struct {
    74  	PluginType   string          `json:"type"`
    75  	Capabilities map[string]bool `json:"capabilities"`
    76  }
    77  
    78  func newPortMapPlugin() *portMapConfig {
    79  	return &portMapConfig{
    80  		PluginType: "portmap",
    81  		Capabilities: map[string]bool{
    82  			"portMappings": true,
    83  		},
    84  	}
    85  }
    86  
    87  func (*portMapConfig) GetPluginType() string {
    88  	return "portmap"
    89  }
    90  
    91  // firewallConfig describes the firewall plugin
    92  type firewallConfig struct {
    93  	PluginType string `json:"type"`
    94  	Backend    string `json:"backend,omitempty"`
    95  
    96  	// IngressPolicy is supported since firewall plugin v1.1.0.
    97  	// "same-bridge" mode replaces the deprecated "isolation" plugin.
    98  	IngressPolicy string `json:"ingressPolicy,omitempty"`
    99  }
   100  
   101  func newFirewallPlugin() *firewallConfig {
   102  	c := &firewallConfig{
   103  		PluginType:    "firewall",
   104  		IngressPolicy: "same-bridge",
   105  	}
   106  	if rootlessutil.IsRootless() {
   107  		// https://github.com/containerd/nerdctl/issues/2818
   108  		c.Backend = "iptables"
   109  	}
   110  	return c
   111  }
   112  
   113  func (*firewallConfig) GetPluginType() string {
   114  	return "firewall"
   115  }
   116  
   117  // tuningConfig describes the tuning plugin
   118  type tuningConfig struct {
   119  	PluginType string `json:"type"`
   120  }
   121  
   122  func newTuningPlugin() *tuningConfig {
   123  	return &tuningConfig{
   124  		PluginType: "tuning",
   125  	}
   126  }
   127  
   128  func (*tuningConfig) GetPluginType() string {
   129  	return "tuning"
   130  }
   131  
   132  // https://github.com/containernetworking/plugins/blob/v1.0.1/plugins/ipam/host-local/backend/allocator/config.go#L47-L56
   133  type hostLocalIPAMConfig struct {
   134  	Type        string        `json:"type"`
   135  	Routes      []IPAMRoute   `json:"routes,omitempty"`
   136  	ResolveConf string        `json:"resolveConf,omitempty"`
   137  	DataDir     string        `json:"dataDir,omitempty"`
   138  	Ranges      [][]IPAMRange `json:"ranges,omitempty"`
   139  }
   140  
   141  func newHostLocalIPAMConfig() *hostLocalIPAMConfig {
   142  	return &hostLocalIPAMConfig{
   143  		Type: "host-local",
   144  	}
   145  }
   146  
   147  // https://github.com/containernetworking/plugins/blob/v1.1.0/plugins/ipam/dhcp/main.go#L43-L54
   148  type dhcpIPAMConfig struct {
   149  	Type             string `json:"type"`
   150  	DaemonSocketPath string `json:"daemonSocketPath,omitempty"`
   151  }
   152  
   153  func newDHCPIPAMConfig() *dhcpIPAMConfig {
   154  	return &dhcpIPAMConfig{
   155  		Type: "dhcp",
   156  	}
   157  }