From: tomponline <tomp@tomp.uk>
Date: Wed, 3 Apr 2019 11:57:32 +0000 (+0000)
Subject: doc: Documents the lxc.net.[i].veth.mode option
X-Git-Tag: lxc-3.2.0~3^2
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=3e5c2e691bc3993800a37591512ba3e0e88f1fd5;p=thirdparty%2Flxc.git

doc: Documents the lxc.net.[i].veth.mode option

Signed-off-by: Thomas Parrott <thomas.parrott@canonical.com>
---

diff --git a/doc/api-extensions.md b/doc/api-extensions.md
index 03ece1e0c..75681a33c 100644
--- a/doc/api-extensions.md
+++ b/doc/api-extensions.md
@@ -96,3 +96,12 @@ This is primarily intended for use with layer 3 networking devices, such as IPVL
 
 This introduces the ability to specify a custom MTU for `phys` and `macvlan` devices using the
 `lxc.net.[i].mtu` property.
+
+# network\_veth\_router
+
+This introduces the ability to specify a `lxc.net.[i].veth.mode` setting, which takes a value of
+"bridge" or "router". This defaults to "bridge".
+
+In "router" mode static routes are created on the host for the container's IP addresses pointing to
+the host side veth interface. In addition to the routes, a static IP neighbour proxy is added to
+the host side veth interface for the IPv4 and IPv6 gateway IPs.
diff --git a/doc/lxc.container.conf.sgml.in b/doc/lxc.container.conf.sgml.in
index fc586b17c..a24ee3bae 100644
--- a/doc/lxc.container.conf.sgml.in
+++ b/doc/lxc.container.conf.sgml.in
@@ -443,14 +443,23 @@ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
             <para>
               <option>veth:</option> a virtual ethernet pair
               device is created with one side assigned to the container
-              and the other side attached to a bridge specified by
+              and the other side on the host.
+              <option>lxc.net.[i].veth.mode</option> specifies the
+              mode the veth parent will use on the host.
+              The accepted  modes are <option>bridge</option> and <option>router</option>.
+              The mode defaults to bridge if not specified.
+              In <option>bridge</option> mode the host side is attached to a bridge specified by
               the <option>lxc.net.[i].link</option> option.
-              If the bridge is not specified, then the veth pair device
+              If the bridge link is not specified, then the veth pair device
               will be created but not attached to any bridge.
               Otherwise, the bridge has to be created on the system
               before starting the container.
               <command>lxc</command> won't handle any
               configuration outside of the container.
+              In <option>router</option> mode static routes are created on the host for the
+              container's IP addresses pointing to the host side veth interface.
+              Additionally Proxy ARP and Proxy NDP entries are added on the host side veth interface
+              for the gateway IPs defined in the container to allow the container to reach the host.
               By default, <command>lxc</command> chooses a name for the
               network device belonging to the outside of the
               container, but if you wish to handle
diff --git a/src/lxc/api_extensions.h b/src/lxc/api_extensions.h
index 3df9de9ba..a063c0a75 100644
--- a/src/lxc/api_extensions.h
+++ b/src/lxc/api_extensions.h
@@ -49,6 +49,7 @@ static char *api_extensions[] = {
 	"network_l2proxy",
 	"network_gateway_device_route",
 	"network_phys_macvlan_mtu",
+	"network_veth_router",
 };
 
 static size_t nr_api_extensions = sizeof(api_extensions) / sizeof(*api_extensions);