adds optional loopbackDSR argument to cni conf

cni/cni.go

@@ -108,6 +108,7 @@ type OptionalFlags struct {
 	AllowAclPortMapping   bool `json:"allowAclPortMapping"`
 	ForceBridgeGateway    bool `json:"forceBridgeGateway"` // Intended to be temporary workaround
 	EnableDualStack       bool `json:"enableDualStack"`
+	LoopbackDSR           bool `json:"loopbackDSR"`
 }
 
 func (r *Result) Print() {
@@ -192,7 +193,13 @@ func (config *NetworkConfig) Serialize() []byte {
 }
 
 // GetNetworkInfo from the NetworkConfig
-func (config *NetworkConfig) GetNetworkInfo(podNamespace string) *network.NetworkInfo {
+func (config *NetworkConfig) GetNetworkInfo(podNamespace string) (ninfo *network.NetworkInfo, err error) {
+	if config.OptionalFlags.LoopbackDSR {
+		if err := hcn.DSRSupported(); err != nil {
+			logrus.Errorf("[cni-net] Failed to enable loopbackDSR on unsupported HCN version, err:%v.", err)
+			return nil, err
+		}
+	}
 	var subnets []network.SubnetInfo
 	// Note the code below is looking inside the ipam specific configuration.
 	if config.Ipam.Subnet != "" {
@@ -234,7 +241,7 @@ func (config *NetworkConfig) GetNetworkInfo(podNamespace string) *network.Networ
 		dnsSettings.Options = config.RuntimeConfig.DNS.Options
 	}
 
-	ninfo := &network.NetworkInfo{
+	ninfo = &network.NetworkInfo{
 		ID:            config.Name,
 		Name:          config.Name,
 		Type:          network.NetworkType(config.Name),
@@ -251,7 +258,7 @@ func (config *NetworkConfig) GetNetworkInfo(podNamespace string) *network.Networ
 		}
 	}
 
-	return ninfo
+	return ninfo, err
 }
 
 // getInACLRule generates an In ACLs for mapped ports
@@ -364,14 +371,14 @@ func GetCurrResult(network *network.NetworkInfo, endpoint *network.EndpointInfo,
 
 		var ip = GetIP(network, endpoint)
 		ip.InterfaceIndex = 0
-			
+
 		cIP := cniTypesCurr.IPConfig{
-				Version: ip.Version,
-				Address: net.IPNet{
-					IP:		ip.Address.IP,
-					Mask:	ip.Address.Mask},
-				Gateway: ip.Gateway,
-				Interface: &ip.InterfaceIndex,
+			Version: ip.Version,
+			Address: net.IPNet{
+				IP:   ip.Address.IP,
+				Mask: ip.Address.Mask},
+			Gateway:   ip.Gateway,
+			Interface: &ip.InterfaceIndex,
 		}
 
 		result.IPs = append(result.IPs, &cIP)
@@ -383,29 +390,29 @@ func GetCurrResult(network *network.NetworkInfo, endpoint *network.EndpointInfo,
 		ip4.InterfaceIndex = 0
 
 		cIP4 := cniTypesCurr.IPConfig{
-				Version: ip4.Version,
-				Address: net.IPNet{
-					IP:		ip4.Address.IP,
-					Mask:	ip4.Address.Mask},
-				Gateway: ip4.Gateway,
-				Interface: &ip4.InterfaceIndex,
+			Version: ip4.Version,
+			Address: net.IPNet{
+				IP:   ip4.Address.IP,
+				Mask: ip4.Address.Mask},
+			Gateway:   ip4.Gateway,
+			Interface: &ip4.InterfaceIndex,
 		}
-	
+
 		result.IPs = append(result.IPs, &cIP4)
 
-		if ip6  != nil {
+		if ip6 != nil {
 
 			ip6.InterfaceIndex = 0
 
 			cIP6 := cniTypesCurr.IPConfig{
-					Version: ip6.Version,
-					Address: net.IPNet{
-						IP:		ip6.Address.IP,
-						Mask:	ip6.Address.Mask},
-					Gateway:	ip6.Gateway,
-					Interface: &ip6.InterfaceIndex,
+				Version: ip6.Version,
+				Address: net.IPNet{
+					IP:   ip6.Address.IP,
+					Mask: ip6.Address.Mask},
+				Gateway:   ip6.Gateway,
+				Interface: &ip6.InterfaceIndex,
 			}
-	
+
 			result.IPs = append(result.IPs, &cIP6)
 		}
 	}
@@ -440,23 +447,23 @@ func GetDualStackAddresses(endpoint *network.EndpointInfo) (*IP, *IP) {
 
 	var ip4 *IP
 	var ip6 *IP
-	
+
 	ip4address := net.IPNet{}
 	ip4address.IP = endpoint.IPAddress
- 	ip4address.Mask = endpoint.IP4Mask
+	ip4address.Mask = endpoint.IP4Mask
 
 	ip4 = &IP{
-		Version: "4",
-		Address: cniTypes.IPNet(ip4address),
-		Gateway: endpoint.Gateway,
+		Version:        "4",
+		Address:        cniTypes.IPNet(ip4address),
+		Gateway:        endpoint.Gateway,
 		InterfaceIndex: 0,
 	}
 
 	if endpoint.IPAddress6.IP != nil {
 		ip6 = &IP{
-			Version: "6",
-			Address: cniTypes.IPNet(endpoint.IPAddress6),
-			Gateway: endpoint.Gateway6,
+			Version:        "6",
+			Address:        cniTypes.IPNet(endpoint.IPAddress6),
+			Gateway:        endpoint.Gateway6,
 			InterfaceIndex: 0,
 		}
 	}

common/core/network.go

@@ -121,7 +121,11 @@ func (plugin *netPlugin) Add(args *cniSkel.CmdArgs) (resultError error) {
 
 	// Convert cniConfig to NetworkInfo
 	// We don't set namespace, setting namespace is not valid for EP creation
-	networkInfo := cniConfig.GetNetworkInfo(k8sNamespace)
+	networkInfo, err := cniConfig.GetNetworkInfo(k8sNamespace)
+	if err != nil {
+		logrus.Errorf("[cni-net] Failed to get network information from network configuration, err:%v.", err)
+		return err
+	}
 	epInfo, err := cniConfig.GetEndpointInfo(networkInfo, args.ContainerID, "")
 
 	if err != nil {
@@ -203,6 +207,12 @@ func (plugin *netPlugin) Add(args *cniSkel.CmdArgs) (resultError error) {
 	// Apply the Network Policy for Endpoint
 	epInfo.Policies = append(epInfo.Policies, networkInfo.Policies...)
 
+	// If LoopbackDSR is set, add to policies
+	if cniConfig.OptionalFlags.LoopbackDSR {
+		hcnLoopbackRoute, _ := network.GetLoopbackDSRPolicy(&epInfo.IPAddress)
+		epInfo.Policies = append(epInfo.Policies, hcnLoopbackRoute)
+	}
+
 	epInfo, err = plugin.nm.CreateEndpoint(nwConfig.ID, epInfo, args.Netns)
 	if err != nil {
 		logrus.Errorf("[cni-net] Failed to create endpoint, error : %v.", err)
@@ -217,7 +227,7 @@ func (plugin *netPlugin) Add(args *cniSkel.CmdArgs) (resultError error) {
 	}
 
 	result.Print()
-	logrus.Debugf("[cni-net] result: %v", result.String())
+	logrus.Debugf("[cni-net] result: %+v", result)
 	return nil
 }
 
@@ -381,7 +391,11 @@ func (plugin *netPlugin) Delete(args *cniSkel.CmdArgs) error {
 	}
 
 	// Convert cniConfig to NetworkInfo
-	networkInfo := cniConfig.GetNetworkInfo(k8sNamespace)
+	networkInfo, err := cniConfig.GetNetworkInfo(k8sNamespace)
+	if err != nil {
+		logrus.Errorf("[cni-net] Failed to get network information from network configuration, err:%v.", err)
+		return err
+	}
 	epInfo, err := cniConfig.GetEndpointInfo(networkInfo, args.ContainerID, args.Netns)
 	if err != nil {
 		return err

example/flannel_l2bridge.conf

@@ -7,9 +7,10 @@
         "dnsCapabilities": true
     },
     "delegate": {
-        "type": "sdnoverlay",
+        "type": "sdnbridge",
         "optionalFlags" : {
-            "forceBridgeGateway" : true
+            "forceBridgeGateway" : true,
+            "loopbackDSR": false
         },
         "AdditionalArgs": [
             {

example/flannel_overlay.conf

@@ -8,6 +8,9 @@
     },
     "delegate": {
         "type": "sdnoverlay",
+        "optionalFlags" : {
+            "loopbackDSR": false
+        },
         "AdditionalArgs": [
             {
                 "Name": "EndpointPolicy",

example/l2bridge.conf

@@ -7,6 +7,9 @@
         "portMappings": true,
         "dnsCapabilities": true
     },
+    "optionalFlags" : {
+        "loopbackDSR": false
+    },
     "ipam": {
         "subnet": "192.168.1.0/24",
         "routes": [

example/l2tunnel.conf

@@ -3,6 +3,9 @@
     "name": "l2tunnelNetwork",
     "type": "l2tunnel",
     "master": "Ethernet",
+    "optionalFlags" : {
+        "loopbackDSR": false
+    },
     "ipam": {
         "type": "azure-vnet-ipam",
         "Subnet": "10.240.0.0/12"

go.mod

@@ -3,21 +3,21 @@ module github.com/Microsoft/windows-container-networking
 go 1.12
 
 require (
-	github.com/Microsoft/go-winio v0.4.15-0.20190919025122-fc70bd9a86b5
-	github.com/Microsoft/hcsshim v0.8.9
-	github.com/Microsoft/hcsshim/test v0.0.0-20200715222032-5eafd1556990
+	github.com/Microsoft/go-winio v0.4.17-0.20210211115548-6eac466e5fa3
+	github.com/Microsoft/hcsshim v0.8.15
+	github.com/Microsoft/hcsshim/test v0.0.0-20201218223536-d3e5debf77da
 	github.com/blang/semver v3.5.1+incompatible // indirect
-	github.com/containerd/console v0.0.0-20181022165439-0650fd9eeb50 // indirect
-	github.com/containerd/go-runc v0.0.0-20190226155025-7d11b49dc076
-	github.com/containernetworking/cni v0.0.0-20190403160241-0471e018e593
+	github.com/containerd/cgroups v0.0.0-20210114181951-8a68de567b68 // indirect
+	github.com/containerd/go-runc v0.0.0-20200220073739-7016d3ce2328
+	github.com/containernetworking/cni v0.8.0
+	github.com/coreos/go-systemd v0.0.0-20190719114852-fd7a80b32e1f // indirect
+	github.com/godbus/dbus v4.1.0+incompatible // indirect
 	github.com/hashicorp/go-multierror v1.0.0 // indirect
-	github.com/konsorten/go-windows-terminal-sequences v1.0.2 // indirect
 	github.com/opencontainers/runtime-tools v0.0.0-20190313075039-7125f1d443b0
-	github.com/opencontainers/selinux v1.2.1 // indirect
-	github.com/pkg/errors v0.8.1
-	github.com/prometheus/procfs v0.0.5 // indirect
-	github.com/sirupsen/logrus v1.4.2
-	github.com/syndtr/gocapability v0.0.0-20180916011248-d98352740cb2 // indirect
+	github.com/pkg/errors v0.9.1
+	github.com/sirupsen/logrus v1.8.1
 	github.com/xeipuuv/gojsonschema v1.1.0 // indirect
-	golang.org/x/sync v0.0.0-20190423024810-112230192c58
+	go.opencensus.io v0.23.0 // indirect
+	golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9
+	golang.org/x/sys v0.0.0-20210309074719-68d13333faf2 // indirect
 )