github.com/tonistiigi/docker@v0.10.1-0.20240229224939-974013b0dc6a/libnetwork/drivers/bridge/setup_device_linux.go (about) 1 package bridge 2 3 import ( 4 "context" 5 "errors" 6 "fmt" 7 "os" 8 "path/filepath" 9 "syscall" 10 11 "github.com/containerd/log" 12 "github.com/docker/docker/libnetwork/netutils" 13 "github.com/vishvananda/netlink" 14 ) 15 16 // SetupDevice create a new bridge interface/ 17 func setupDevice(config *networkConfiguration, i *bridgeInterface) error { 18 // We only attempt to create the bridge when the requested device name is 19 // the default one. The default bridge name can be overridden with the 20 // DOCKER_TEST_CREATE_DEFAULT_BRIDGE env var. It should be used only for 21 // test purpose. 22 var defaultBridgeName string 23 if defaultBridgeName = os.Getenv("DOCKER_TEST_CREATE_DEFAULT_BRIDGE"); defaultBridgeName == "" { 24 defaultBridgeName = DefaultBridgeName 25 } 26 if config.BridgeName != defaultBridgeName && config.DefaultBridge { 27 return NonDefaultBridgeExistError(config.BridgeName) 28 } 29 30 // Set the bridgeInterface netlink.Bridge. 31 i.Link = &netlink.Bridge{ 32 LinkAttrs: netlink.LinkAttrs{ 33 Name: config.BridgeName, 34 }, 35 } 36 37 // Set the bridge's MAC address. Requires kernel version 3.3 or up. 38 hwAddr := netutils.GenerateRandomMAC() 39 i.Link.Attrs().HardwareAddr = hwAddr 40 log.G(context.TODO()).Debugf("Setting bridge mac address to %s", hwAddr) 41 42 if err := i.nlh.LinkAdd(i.Link); err != nil { 43 log.G(context.TODO()).WithError(err).Errorf("Failed to create bridge %s via netlink", config.BridgeName) 44 return err 45 } 46 47 return nil 48 } 49 50 func setupMTU(config *networkConfiguration, i *bridgeInterface) error { 51 if err := i.nlh.LinkSetMTU(i.Link, config.Mtu); err != nil { 52 // Before Linux v4.17, bridges couldn't be configured "manually" with an MTU greater than 1500, although it 53 // could be autoconfigured with such a value when interfaces were added to the bridge. In that case, the 54 // bridge MTU would be set automatically by the kernel to the lowest MTU of all interfaces attached. To keep 55 // compatibility with older kernels, we need to discard -EINVAL. 56 // TODO(aker): remove this once we drop support for CentOS/RHEL 7. 57 if config.Mtu > 1500 && config.Mtu <= 0xFFFF && errors.Is(err, syscall.EINVAL) { 58 return nil 59 } 60 log.G(context.TODO()).WithError(err).Errorf("Failed to set bridge MTU %s via netlink", config.BridgeName) 61 return err 62 } 63 return nil 64 } 65 66 func setupDefaultSysctl(config *networkConfiguration, i *bridgeInterface) error { 67 // Disable IPv6 router advertisements originating on the bridge 68 sysPath := filepath.Join("/proc/sys/net/ipv6/conf/", config.BridgeName, "accept_ra") 69 if _, err := os.Stat(sysPath); err != nil { 70 log.G(context.TODO()). 71 WithField("bridge", config.BridgeName). 72 WithField("syspath", sysPath). 73 Info("failed to read ipv6 net.ipv6.conf.<bridge>.accept_ra") 74 return nil 75 } 76 if err := os.WriteFile(sysPath, []byte{'0', '\n'}, 0o644); err != nil { 77 log.G(context.TODO()).WithError(err).Warn("unable to disable IPv6 router advertisement") 78 } 79 return nil 80 } 81 82 // SetupDeviceUp ups the given bridge interface. 83 func setupDeviceUp(config *networkConfiguration, i *bridgeInterface) error { 84 err := i.nlh.LinkSetUp(i.Link) 85 if err != nil { 86 return fmt.Errorf("Failed to set link up for %s: %v", config.BridgeName, err) 87 } 88 89 // Attempt to update the bridge interface to refresh the flags status, 90 // ignoring any failure to do so. 91 if lnk, err := i.nlh.LinkByName(config.BridgeName); err == nil { 92 i.Link = lnk 93 } else { 94 log.G(context.TODO()).Warnf("Failed to retrieve link for interface (%s): %v", config.BridgeName, err) 95 } 96 return nil 97 }