From 2ddbf89cbccfe1d1cca7aa20e7e796656e8b8d92 Mon Sep 17 00:00:00 2001 From: mushiboy Date: Fri, 5 Sep 2025 14:12:30 +0100 Subject: [PATCH 1/9] feat: add SkipDefaultRoutes field to network container request and responses --- cni/network/multitenancy.go | 1 + cns/NetworkContainerContract.go | 6 ++++-- cns/restserver/util.go | 4 ++++ 3 files changed, 9 insertions(+), 2 deletions(-) diff --git a/cni/network/multitenancy.go b/cni/network/multitenancy.go index 67013863bd..e617afb7d6 100644 --- a/cni/network/multitenancy.go +++ b/cni/network/multitenancy.go @@ -230,6 +230,7 @@ func (m *Multitenancy) GetAllNetworkContainers( ifInfo.IPConfigs = append(ifInfo.IPConfigs, ipconfig) ifInfo.Routes = routes ifInfo.NICType = cns.InfraNIC + ifInfo.SkipDefaultRoutes = ncResponses[i].SkipDefaultRoutes // assuming we only assign infra nics in this function ipamResult.interfaceInfo[m.getInterfaceInfoKey(ifInfo.NICType, i)] = ifInfo diff --git a/cns/NetworkContainerContract.go b/cns/NetworkContainerContract.go index 406c45b554..8acf320094 100644 --- a/cns/NetworkContainerContract.go +++ b/cns/NetworkContainerContract.go @@ -126,6 +126,7 @@ type CreateNetworkContainerRequest struct { Routes []Route AllowHostToNCCommunication bool AllowNCToHostCommunication bool + SkipDefaultRoutes bool EndpointPolicies []NetworkContainerRequestPolicies NCStatus v1alpha.NCStatus NetworkInterfaceInfo NetworkInterfaceInfo //nolint // introducing new field for backendnic, to be used later by cni code @@ -161,10 +162,10 @@ func (req *CreateNetworkContainerRequest) String() string { return fmt.Sprintf("CreateNetworkContainerRequest"+ "{Version: %s, NetworkContainerType: %s, NetworkContainerid: %s, PrimaryInterfaceIdentifier: %s, "+ "LocalIPConfiguration: %+v, IPConfiguration: %+v, SecondaryIPConfigs: %+v, MultitenancyInfo: %+v, "+ - "AllowHostToNCCommunication: %t, AllowNCToHostCommunication: %t, NCStatus: %s, NetworkInterfaceInfo: %+v}", + "AllowHostToNCCommunication: %t, AllowNCToHostCommunication: %t, SkipDefaultRoutes: %t, NCStatus: %s, NetworkInterfaceInfo: %+v}", req.Version, req.NetworkContainerType, req.NetworkContainerid, req.PrimaryInterfaceIdentifier, req.LocalIPConfiguration, req.IPConfiguration, req.SecondaryIPConfigs, req.MultiTenancyInfo, req.AllowHostToNCCommunication, req.AllowNCToHostCommunication, - string(req.NCStatus), req.NetworkInterfaceInfo) + req.SkipDefaultRoutes, string(req.NCStatus), req.NetworkInterfaceInfo) } // NetworkContainerRequestPolicies - specifies policies associated with create network request @@ -497,6 +498,7 @@ type GetNetworkContainerResponse struct { Response Response AllowHostToNCCommunication bool AllowNCToHostCommunication bool + SkipDefaultRoutes bool NetworkInterfaceInfo NetworkInterfaceInfo } diff --git a/cns/restserver/util.go b/cns/restserver/util.go index 43d1e1aef9..29daa59acb 100644 --- a/cns/restserver/util.go +++ b/cns/restserver/util.go @@ -530,6 +530,7 @@ func (service *HTTPRestService) getAllNetworkContainerResponses( LocalIPConfiguration: savedReq.LocalIPConfiguration, AllowHostToNCCommunication: savedReq.AllowHostToNCCommunication, AllowNCToHostCommunication: savedReq.AllowNCToHostCommunication, + SkipDefaultRoutes: savedReq.SkipDefaultRoutes, NetworkInterfaceInfo: savedReq.NetworkInterfaceInfo, } @@ -831,6 +832,8 @@ func (service *HTTPRestService) populateIPConfigInfoUntransacted(ipConfigStatus primaryIPCfg := ncStatus.CreateNetworkContainerRequest.IPConfiguration + podIPInfo.SkipDefaultRoutes = ncStatus.CreateNetworkContainerRequest.SkipDefaultRoutes + podIPInfo.PodIPConfig = cns.IPSubnet{ IPAddress: ipConfigStatus.IPAddress, PrefixLength: primaryIPCfg.IPSubnet.PrefixLength, @@ -933,6 +936,7 @@ func (service *HTTPRestService) handleGetNetworkContainers(w http.ResponseWriter LocalIPConfiguration: ncDetails.CreateNetworkContainerRequest.LocalIPConfiguration, AllowHostToNCCommunication: ncDetails.CreateNetworkContainerRequest.AllowHostToNCCommunication, AllowNCToHostCommunication: ncDetails.CreateNetworkContainerRequest.AllowNCToHostCommunication, + SkipDefaultRoutes: ncDetails.CreateNetworkContainerRequest.SkipDefaultRoutes, } networkContainers[i] = getNcResp i++ From 2f33a42e1b77d4a9c8a5a379346bf0fcba5a25d4 Mon Sep 17 00:00:00 2001 From: Mugesh SP Date: Tue, 23 Sep 2025 17:42:21 +0100 Subject: [PATCH 2/9] feat: implement ARP proxy setting and custom route addition for VLAN interfaces --- .../transparent_vlan_endpointclient_linux.go | 69 ++++++++++++++++++- 1 file changed, 67 insertions(+), 2 deletions(-) diff --git a/network/transparent_vlan_endpointclient_linux.go b/network/transparent_vlan_endpointclient_linux.go index 326fc0c87e..9bf953efc3 100644 --- a/network/transparent_vlan_endpointclient_linux.go +++ b/network/transparent_vlan_endpointclient_linux.go @@ -400,6 +400,18 @@ func (client *TransparentVlanEndpointClient) PopulateVnet(epInfo *EndpointInfo) return nil } +// Set ARP proxy on the vlan interface to respond to ARP requests for the gateway IP +func (client *TransparentVlanEndpointClient) setArpProxy(ifName string) error { + cmd := fmt.Sprintf("echo 1 > /proc/sys/net/ipv4/conf/%v/proxy_arp", ifName) + _, err := client.plClient.ExecuteRawCommand(cmd) + if err != nil { + logger.Error("Failed to set ARP proxy", zap.String("interface", ifName), zap.Error(err)) + } else { + logger.Info("ARP proxy enabled", zap.String("interface", ifName)) + } + return err +} + func (client *TransparentVlanEndpointClient) AddEndpointRules(epInfo *EndpointInfo) error { if err := client.AddSnatEndpointRules(); err != nil { return errors.Wrap(err, "failed to add snat endpoint rules") @@ -408,6 +420,17 @@ func (client *TransparentVlanEndpointClient) AddEndpointRules(epInfo *EndpointIn err := ExecuteInNS(client.nsClient, client.vnetNSName, func() error { return client.AddVnetRules(epInfo) }) + if err == nil { + logger.Info("calling setArpProxy for", zap.String("vlanIfName", client.vlanIfName)) + if err := client.setArpProxy(client.vlanIfName); err != nil { + logger.Error("setArpProxy failed with", zap.Error(err)) + return err + } + if err != nil { + logger.Error("setArpProxy failed for VLAN interface", zap.Error(err)) + } + } + return err } @@ -519,9 +542,19 @@ func (client *TransparentVlanEndpointClient) ConfigureContainerInterfacesAndRout } } - if err := client.addDefaultRoutes(client.containerVethName, 0); err != nil { - return errors.Wrap(err, "failed container ns add default routes") + if epInfo.SkipDefaultRoutes { + logger.Info("Skipping adding default routes in container ns as requested") + if err := client.addCustomRoutes(client.containerVethName, epInfo.Subnets[0].Gateway, epInfo.IPAddresses[0]); err != nil { + return errors.Wrap(err, "failed container ns add custom routes") + } + return nil + } else { + logger.Info("Adding default routes in container ns") + if err := client.addDefaultRoutes(client.containerVethName, 0); err != nil { + return errors.Wrap(err, "failed container ns add default routes") + } } + if err := client.AddDefaultArp(client.containerVethName, client.vnetMac.String()); err != nil { return errors.Wrap(err, "failed container ns add default arp") } @@ -614,6 +647,38 @@ func (client *TransparentVlanEndpointClient) addDefaultRoutes(linkToName string, return nil } +// Helper that creates routing rules for the current NS which direct packets +// to the virtual gateway ip on linkToName device interface +// Route 1: 169.254.2.1 dev +// Route 2: default via 169.254.2.1 dev +func (client *TransparentVlanEndpointClient) addCustomRoutes(linkToName string, gatewayIP net.IP, subnetCIDR net.IPNet, table int) error { + // Add route for virtualgwip (ip route add dev ) + gWIP, gwNet, _ := net.ParseCIDR(gatewayIP.String() + "/32") + routeInfo := RouteInfo{ + Dst: *gwNet, + Scope: netlink.RT_SCOPE_LINK, + Table: table, + } + // Difference between interface name in addRoutes and DevName: in RouteInfo? + if err := addRoutes(client.netlink, client.netioshim, linkToName, []RouteInfo{routeInfo}); err != nil { + return err + } + + // Add subnet route (ip route add via dev ) + _, subnetIPNet, _ := net.ParseCIDR(subnetCIDR.String()) + dstIP := net.IPNet{IP: net.ParseIP(defaultGw), Mask: subnetIPNet.Mask} + routeInfo = RouteInfo{ + Dst: dstIP, + Gw: gWIP, + Table: table, + } + + if err := addRoutes(client.netlink, client.netioshim, linkToName, []RouteInfo{routeInfo}); err != nil { + return err + } + return nil +} + // Helper that creates arp entry for the current NS which maps the virtual // gateway (169.254.2.1) to destMac on a particular interfaceName // Example: (169.254.2.1) at 12:34:56:78:9a:bc [ether] PERM on From 776430c0215b0c2839cc9c16163ff8d3e6f5f81a Mon Sep 17 00:00:00 2001 From: mushiboy Date: Tue, 23 Sep 2025 21:41:53 +0100 Subject: [PATCH 3/9] feat: enable dual NIC feature support and improve ARP proxy handling in transparent VLAN client --- cni/network/network_linux.go | 2 +- .../transparent_vlan_endpointclient_linux.go | 25 ++++++++++--------- 2 files changed, 14 insertions(+), 13 deletions(-) diff --git a/cni/network/network_linux.go b/cni/network/network_linux.go index 2b090523c0..67ba6b2d49 100644 --- a/cni/network/network_linux.go +++ b/cni/network/network_linux.go @@ -127,7 +127,7 @@ func platformInit(cniConfig *cni.NetworkConfig) {} // isDualNicFeatureSupported returns if the dual nic feature is supported. Currently it's only supported for windows hnsv2 path func (plugin *NetPlugin) isDualNicFeatureSupported(netNs string) bool { - return false + return true } func getOverlayGateway(_ *net.IPNet) (net.IP, error) { diff --git a/network/transparent_vlan_endpointclient_linux.go b/network/transparent_vlan_endpointclient_linux.go index 9bf953efc3..b028854c1d 100644 --- a/network/transparent_vlan_endpointclient_linux.go +++ b/network/transparent_vlan_endpointclient_linux.go @@ -418,18 +418,19 @@ func (client *TransparentVlanEndpointClient) AddEndpointRules(epInfo *EndpointIn } logger.Info("[transparent-vlan] Adding tunneling rules in vnet namespace") err := ExecuteInNS(client.nsClient, client.vnetNSName, func() error { - return client.AddVnetRules(epInfo) - }) - if err == nil { - logger.Info("calling setArpProxy for", zap.String("vlanIfName", client.vlanIfName)) - if err := client.setArpProxy(client.vlanIfName); err != nil { - logger.Error("setArpProxy failed with", zap.Error(err)) + if err := client.AddVnetRules(epInfo); err != nil { return err } - if err != nil { - logger.Error("setArpProxy failed for VLAN interface", zap.Error(err)) + + // Set ARP proxy on vnet veth (inside vnet namespace) + logger.Info("calling setArpProxy for", zap.String("vnetVethName", client.vnetVethName)) + if err := client.setArpProxy(client.vnetVethName); err != nil { + logger.Error("setArpProxy failed with", zap.Error(err)) + return err } - } + + return nil + }) return err } @@ -544,7 +545,7 @@ func (client *TransparentVlanEndpointClient) ConfigureContainerInterfacesAndRout if epInfo.SkipDefaultRoutes { logger.Info("Skipping adding default routes in container ns as requested") - if err := client.addCustomRoutes(client.containerVethName, epInfo.Subnets[0].Gateway, epInfo.IPAddresses[0]); err != nil { + if err := client.addCustomRoutes(client.containerVethName, epInfo.Subnets[0].Gateway, epInfo.Subnets[0].Prefix, 0); err != nil { return errors.Wrap(err, "failed container ns add custom routes") } return nil @@ -665,8 +666,8 @@ func (client *TransparentVlanEndpointClient) addCustomRoutes(linkToName string, } // Add subnet route (ip route add via dev ) - _, subnetIPNet, _ := net.ParseCIDR(subnetCIDR.String()) - dstIP := net.IPNet{IP: net.ParseIP(defaultGw), Mask: subnetIPNet.Mask} + subnetPrefix, subnetIPNet, _ := net.ParseCIDR(subnetCIDR.String()) + dstIP := net.IPNet{IP: subnetPrefix, Mask: subnetIPNet.Mask} routeInfo = RouteInfo{ Dst: dstIP, Gw: gWIP, From 7cc5010d0a522d26d44c931238838db2ecd6ed65 Mon Sep 17 00:00:00 2001 From: mushiboy Date: Tue, 30 Sep 2025 17:29:06 +0100 Subject: [PATCH 4/9] feat: add tests for SkipDefaultRoutes handling in network container requests --- cns/NetworkContainerContract_test.go | 37 ++++++++++ .../transparent_vlan_endpointclient_linux.go | 8 +-- ...nsparent_vlan_endpointclient_linux_test.go | 72 +++++++++++++++++++ 3 files changed, 113 insertions(+), 4 deletions(-) diff --git a/cns/NetworkContainerContract_test.go b/cns/NetworkContainerContract_test.go index fc17a58a4d..28cfa8fe9e 100644 --- a/cns/NetworkContainerContract_test.go +++ b/cns/NetworkContainerContract_test.go @@ -240,3 +240,40 @@ func TestPostNetworkContainersRequest_Validate(t *testing.T) { }) } } + +func TestCreateNetworkContainerRequest_SkipDefaultRoutes(t *testing.T) { + tests := []struct { + name string + req CreateNetworkContainerRequest + expected bool + }{ + { + name: "SkipDefaultRoutesTrue", + req: CreateNetworkContainerRequest{ + NetworkContainerid: "f47ac10b-58cc-0372-8567-0e02b2c3d479", + SkipDefaultRoutes: true, + }, + expected: true, + }, + { + name: "SkipDefaultRoutesFalse", + req: CreateNetworkContainerRequest{ + NetworkContainerid: "f47ac10b-58cc-0372-8567-0e02b2c3d479", + SkipDefaultRoutes: false, + }, + expected: false, + }, + { + name: "SkipDefaultRoutesIgnored", + req: CreateNetworkContainerRequest{ + NetworkContainerid: "f47ac10b-58cc-0372-8567-0e02b2c3d479", + }, + expected: false, + }, + } + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + assert.Equal(t, tt.expected, tt.req.SkipDefaultRoutes, "SkipDefaultRoutes value should match expected") + }) + } +} diff --git a/network/transparent_vlan_endpointclient_linux.go b/network/transparent_vlan_endpointclient_linux.go index b028854c1d..7c6d3513ce 100644 --- a/network/transparent_vlan_endpointclient_linux.go +++ b/network/transparent_vlan_endpointclient_linux.go @@ -649,11 +649,11 @@ func (client *TransparentVlanEndpointClient) addDefaultRoutes(linkToName string, } // Helper that creates routing rules for the current NS which direct packets -// to the virtual gateway ip on linkToName device interface -// Route 1: 169.254.2.1 dev -// Route 2: default via 169.254.2.1 dev +// to the subnet gateway ip on linkToName device interface +// Route 1: dev +// Route 2: via dev func (client *TransparentVlanEndpointClient) addCustomRoutes(linkToName string, gatewayIP net.IP, subnetCIDR net.IPNet, table int) error { - // Add route for virtualgwip (ip route add dev ) + // Add route for subnetgwIP (ip route add dev ) gWIP, gwNet, _ := net.ParseCIDR(gatewayIP.String() + "/32") routeInfo := RouteInfo{ Dst: *gwNet, diff --git a/network/transparent_vlan_endpointclient_linux_test.go b/network/transparent_vlan_endpointclient_linux_test.go index 79e70adb98..1c9c5cd933 100644 --- a/network/transparent_vlan_endpointclient_linux_test.go +++ b/network/transparent_vlan_endpointclient_linux_test.go @@ -867,6 +867,74 @@ func TestTransparentVlanConfigureContainerInterfacesAndRoutes(t *testing.T) { wantErr: true, wantErrMsg: "failed container ns add default routes: addRoutes failed: " + netio.ErrMockNetIOFail.Error() + ":B1veth0", }, + { + name: "Configure interface and routes good path with SkipDefaultRoutes set to true for container", + client: &TransparentVlanEndpointClient{ + primaryHostIfName: "eth0", + vlanIfName: "eth0.1", + vnetVethName: "A1veth0", + containerVethName: "B1veth0", + vnetNSName: "az_ns_1", + vnetMac: vnetMac, + netlink: netlink.NewMockNetlink(false, ""), + plClient: platform.NewMockExecClient(false), + netUtilsClient: networkutils.NewNetworkUtils(nl, plc), + netioshim: netio.NewMockNetIO(false, 0), + }, + epInfo: &EndpointInfo{ + SkipDefaultRoutes: true, + IPAddresses: []net.IPNet{ + { + IP: net.ParseIP("192.168.0.4"), + Mask: net.CIDRMask(subnetv4Mask, ipv4Bits), + }, + }, + Subnets: []SubnetInfo{ + { + Gateway: net.ParseIP("192.168.0.1"), + Prefix: net.IPNet{ + IP: net.ParseIP("192.168.0.0"), + Mask: net.CIDRMask(subnetv4Mask, ipv4Bits), + }, + }, + }, + }, + wantErr: false, + }, + { + name: "Configure interface and routes good path with SkipDefaultRoutes set to false for container", + client: &TransparentVlanEndpointClient{ + primaryHostIfName: "eth0", + vlanIfName: "eth0.1", + vnetVethName: "A1veth0", + containerVethName: "B1veth0", + vnetNSName: "az_ns_1", + vnetMac: vnetMac, + netlink: netlink.NewMockNetlink(false, ""), + plClient: platform.NewMockExecClient(false), + netUtilsClient: networkutils.NewNetworkUtils(nl, plc), + netioshim: netio.NewMockNetIO(false, 0), + }, + epInfo: &EndpointInfo{ + SkipDefaultRoutes: true, + IPAddresses: []net.IPNet{ + { + IP: net.ParseIP("192.168.0.4"), + Mask: net.CIDRMask(subnetv4Mask, ipv4Bits), + }, + }, + Subnets: []SubnetInfo{ + { + Gateway: net.ParseIP("192.168.0.1"), + Prefix: net.IPNet{ + IP: net.ParseIP("192.168.0.0"), + Mask: net.CIDRMask(subnetv4Mask, ipv4Bits), + }, + }, + }, + }, + wantErr: false, + }, } for _, tt := range tests { @@ -1008,3 +1076,7 @@ func TestRunWithRetries(t *testing.T) { }) } } + +func TestAddCustomRoutes(t *testing.T) { + +} From c31176e69c88a57e78f1286ff9d7b2e91e07bd61 Mon Sep 17 00:00:00 2001 From: mushiboy Date: Fri, 3 Oct 2025 16:37:28 +0100 Subject: [PATCH 5/9] feat: remove addition of custom routes --- .../transparent_vlan_endpointclient_linux.go | 47 +++---------------- 1 file changed, 6 insertions(+), 41 deletions(-) diff --git a/network/transparent_vlan_endpointclient_linux.go b/network/transparent_vlan_endpointclient_linux.go index 7c6d3513ce..0de72c1842 100644 --- a/network/transparent_vlan_endpointclient_linux.go +++ b/network/transparent_vlan_endpointclient_linux.go @@ -544,16 +544,13 @@ func (client *TransparentVlanEndpointClient) ConfigureContainerInterfacesAndRout } if epInfo.SkipDefaultRoutes { - logger.Info("Skipping adding default routes in container ns as requested") - if err := client.addCustomRoutes(client.containerVethName, epInfo.Subnets[0].Gateway, epInfo.Subnets[0].Prefix, 0); err != nil { - return errors.Wrap(err, "failed container ns add custom routes") - } + logger.Info("Skipping adding routes in container ns as requested") return nil - } else { - logger.Info("Adding default routes in container ns") - if err := client.addDefaultRoutes(client.containerVethName, 0); err != nil { - return errors.Wrap(err, "failed container ns add default routes") - } + } + + logger.Info("Adding default routes in container ns") + if err := client.addDefaultRoutes(client.containerVethName, 0); err != nil { + return errors.Wrap(err, "failed container ns add default routes") } if err := client.AddDefaultArp(client.containerVethName, client.vnetMac.String()); err != nil { @@ -648,38 +645,6 @@ func (client *TransparentVlanEndpointClient) addDefaultRoutes(linkToName string, return nil } -// Helper that creates routing rules for the current NS which direct packets -// to the subnet gateway ip on linkToName device interface -// Route 1: dev -// Route 2: via dev -func (client *TransparentVlanEndpointClient) addCustomRoutes(linkToName string, gatewayIP net.IP, subnetCIDR net.IPNet, table int) error { - // Add route for subnetgwIP (ip route add dev ) - gWIP, gwNet, _ := net.ParseCIDR(gatewayIP.String() + "/32") - routeInfo := RouteInfo{ - Dst: *gwNet, - Scope: netlink.RT_SCOPE_LINK, - Table: table, - } - // Difference between interface name in addRoutes and DevName: in RouteInfo? - if err := addRoutes(client.netlink, client.netioshim, linkToName, []RouteInfo{routeInfo}); err != nil { - return err - } - - // Add subnet route (ip route add via dev ) - subnetPrefix, subnetIPNet, _ := net.ParseCIDR(subnetCIDR.String()) - dstIP := net.IPNet{IP: subnetPrefix, Mask: subnetIPNet.Mask} - routeInfo = RouteInfo{ - Dst: dstIP, - Gw: gWIP, - Table: table, - } - - if err := addRoutes(client.netlink, client.netioshim, linkToName, []RouteInfo{routeInfo}); err != nil { - return err - } - return nil -} - // Helper that creates arp entry for the current NS which maps the virtual // gateway (169.254.2.1) to destMac on a particular interfaceName // Example: (169.254.2.1) at 12:34:56:78:9a:bc [ether] PERM on From 44417879b6fba8ebeb21a4299e912f5a595d6f54 Mon Sep 17 00:00:00 2001 From: mushiboy Date: Fri, 3 Oct 2025 17:33:43 +0100 Subject: [PATCH 6/9] fix: improve ARP proxy error handling --- network/transparent_vlan_endpointclient_linux.go | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/network/transparent_vlan_endpointclient_linux.go b/network/transparent_vlan_endpointclient_linux.go index 0de72c1842..14ee77ba19 100644 --- a/network/transparent_vlan_endpointclient_linux.go +++ b/network/transparent_vlan_endpointclient_linux.go @@ -406,10 +406,9 @@ func (client *TransparentVlanEndpointClient) setArpProxy(ifName string) error { _, err := client.plClient.ExecuteRawCommand(cmd) if err != nil { logger.Error("Failed to set ARP proxy", zap.String("interface", ifName), zap.Error(err)) - } else { - logger.Info("ARP proxy enabled", zap.String("interface", ifName)) + return err } - return err + return nil } func (client *TransparentVlanEndpointClient) AddEndpointRules(epInfo *EndpointInfo) error { @@ -547,7 +546,6 @@ func (client *TransparentVlanEndpointClient) ConfigureContainerInterfacesAndRout logger.Info("Skipping adding routes in container ns as requested") return nil } - logger.Info("Adding default routes in container ns") if err := client.addDefaultRoutes(client.containerVethName, 0); err != nil { return errors.Wrap(err, "failed container ns add default routes") From 6fde3f8ee4f8c20836fda4fda263826dfc9c27f5 Mon Sep 17 00:00:00 2001 From: mushiboy Date: Mon, 6 Oct 2025 11:33:52 +0100 Subject: [PATCH 7/9] fix: Lint Errors --- network/transparent_vlan_endpointclient_linux.go | 3 +-- network/transparent_vlan_endpointclient_linux_test.go | 4 ---- 2 files changed, 1 insertion(+), 6 deletions(-) diff --git a/network/transparent_vlan_endpointclient_linux.go b/network/transparent_vlan_endpointclient_linux.go index 14ee77ba19..eb25d8a290 100644 --- a/network/transparent_vlan_endpointclient_linux.go +++ b/network/transparent_vlan_endpointclient_linux.go @@ -292,7 +292,6 @@ func (client *TransparentVlanEndpointClient) PopulateVM(epInfo *EndpointInfo) er _, err = client.netioshim.GetNetworkInterfaceByName(client.vlanIfName) return errors.Wrap(err, "failed to get vlan interface") }, numRetries, sleepInMs) - if err != nil { deleteNSIfNotNilErr = errors.Wrapf(err, "failed to get vlan interface: %s", client.vlanIfName) return deleteNSIfNotNilErr @@ -406,7 +405,7 @@ func (client *TransparentVlanEndpointClient) setArpProxy(ifName string) error { _, err := client.plClient.ExecuteRawCommand(cmd) if err != nil { logger.Error("Failed to set ARP proxy", zap.String("interface", ifName), zap.Error(err)) - return err + return errors.Wrap(err, "failed to set arp proxy") } return nil } diff --git a/network/transparent_vlan_endpointclient_linux_test.go b/network/transparent_vlan_endpointclient_linux_test.go index 1c9c5cd933..3639608dbd 100644 --- a/network/transparent_vlan_endpointclient_linux_test.go +++ b/network/transparent_vlan_endpointclient_linux_test.go @@ -1076,7 +1076,3 @@ func TestRunWithRetries(t *testing.T) { }) } } - -func TestAddCustomRoutes(t *testing.T) { - -} From 3ddc19e21769b803d289ef49e68906b7be46ff36 Mon Sep 17 00:00:00 2001 From: mushiboy Date: Tue, 7 Oct 2025 17:43:43 +0100 Subject: [PATCH 8/9] refactor: streamline ARP proxy setup in AddEndpointRules --- network/transparent_vlan_endpointclient_linux.go | 7 +------ 1 file changed, 1 insertion(+), 6 deletions(-) diff --git a/network/transparent_vlan_endpointclient_linux.go b/network/transparent_vlan_endpointclient_linux.go index eb25d8a290..3c96244539 100644 --- a/network/transparent_vlan_endpointclient_linux.go +++ b/network/transparent_vlan_endpointclient_linux.go @@ -422,12 +422,7 @@ func (client *TransparentVlanEndpointClient) AddEndpointRules(epInfo *EndpointIn // Set ARP proxy on vnet veth (inside vnet namespace) logger.Info("calling setArpProxy for", zap.String("vnetVethName", client.vnetVethName)) - if err := client.setArpProxy(client.vnetVethName); err != nil { - logger.Error("setArpProxy failed with", zap.Error(err)) - return err - } - - return nil + return client.setArpProxy(client.vnetVethName) }) return err From 304db5283bf1f5885a11c284cab9eab6852f3ec4 Mon Sep 17 00:00:00 2001 From: mushiboy Date: Wed, 15 Oct 2025 13:45:52 +0100 Subject: [PATCH 9/9] fix: update comments for dual NIC support and clarify ARP proxy function --- cni/network/network_linux.go | 2 +- network/transparent_vlan_endpointclient_linux.go | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/cni/network/network_linux.go b/cni/network/network_linux.go index 67ba6b2d49..ba146c3a96 100644 --- a/cni/network/network_linux.go +++ b/cni/network/network_linux.go @@ -125,7 +125,7 @@ func getNATInfo(_ *cni.NetworkConfig, _ interface{}, _ bool) (natInfo []policy.N func platformInit(cniConfig *cni.NetworkConfig) {} -// isDualNicFeatureSupported returns if the dual nic feature is supported. Currently it's only supported for windows hnsv2 path +// isDualNicFeatureSupported returns true as the dual nic feature is supported on Linux. func (plugin *NetPlugin) isDualNicFeatureSupported(netNs string) bool { return true } diff --git a/network/transparent_vlan_endpointclient_linux.go b/network/transparent_vlan_endpointclient_linux.go index 3c96244539..227ed29ca4 100644 --- a/network/transparent_vlan_endpointclient_linux.go +++ b/network/transparent_vlan_endpointclient_linux.go @@ -399,7 +399,7 @@ func (client *TransparentVlanEndpointClient) PopulateVnet(epInfo *EndpointInfo) return nil } -// Set ARP proxy on the vlan interface to respond to ARP requests for the gateway IP +// Set ARP proxy on the specified interface to respond to ARP requests for the gateway IP func (client *TransparentVlanEndpointClient) setArpProxy(ifName string) error { cmd := fmt.Sprintf("echo 1 > /proc/sys/net/ipv4/conf/%v/proxy_arp", ifName) _, err := client.plClient.ExecuteRawCommand(cmd)