]> git.ipfire.org Git - thirdparty/lxc.git/commit
projects / thirdparty / lxc.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 101beec) | patch
network: handle name collisions when renaming network devices
authorChristian Brauner <christian.brauner@ubuntu.com>
Fri, 26 Feb 2021 12:02:10 +0000 (13:02 +0100)
committerChristian Brauner <christian.brauner@ubuntu.com>
Fri, 26 Feb 2021 20:48:57 +0000 (21:48 +0100)
commitf6a3d6ece9b8b6c447a0556415d9e32a9222e327
tree9c734936a32396ac7b5f23d24c95c1a357dc6cfatree | snapshot
parent101beec53dea299ccfd644b993f7fb5898f4b827commit | diff
network: handle name collisions when renaming network devices

LXC moves network devices into the target namespace based on their created
name. The created name can either be randomly generated for e.g. veth
devices or it can be the name of the existing device in the server's
namespaces. This is e.g. the case when moving physical devices. However this
can lead to weird clashes. Consider we have a network namespace that has the
following devices:

4: eth1: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000
   link/ether 00:16:3e:91:d3:ae brd ff:ff:ff:ff:ff:ff permaddr 00:16:3e:e7:5d:10
   altname enp7s0
5: eth2: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000
   link/ether 00:16:3e:e7:5d:10 brd ff:ff:ff:ff:ff:ff permaddr 00:16:3e:91:d3:ae
   altname enp8s0

and the user generates the following network config for their container:

 lxc.net.0.type = phys
 lxc.net.0.name = eth1
 lxc.net.0.link = eth2

 lxc.net.1.type = phys
 lxc.net.1.name = eth2
 lxc.net.1.link = eth1

This would cause LXC to move the devices eth1 and eth2 from the server's
network namespace into the container's network namespace:

24: eth1: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000
    link/ether 00:16:3e:91:d3:ae brd ff:ff:ff:ff:ff:ff permaddr 00:16:3e:e7:5d:10
    altname enp7s0
25: eth2: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000
    link/ether 00:16:3e:e7:5d:10 brd ff:ff:ff:ff:ff:ff permaddr 00:16:3e:91:d3:ae
     altname enp8s0

According to the network config above we now need to rename the network
devices in the container's network namespace. Let's say we start with
renaming eth2 to eth1. This would immediately lead to a clash since the
container's network namespace already contains a network device with that
name. Renaming the other device would have the same problem.

There are multiple ways to fix this but I'm concerned with keeping the logic
somewhat reasonable which is why we simply start creating transient device
names that are unique which we'll use to move and rename the network device
in the container's network namespace at the same time. And then we rename
based on those random devices names to the target name.

Fixes: #3696
Reported-by: Sam Boyles <sam.boyles@alliedtelesis.co.nz>
Reported-by: Blair Steven <blair.steven@alliedtelesis.co.nz>
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
src/lxc/network.c diff | blob | blame | history
src/lxc/network.h diff | blob | blame | history
Mirror of https://github.com/lxc/lxc.git