Add support for vde+bridge versions compilation

Author: Skazza94

.gitignore

@@ -1,3 +1,4 @@
 .idea/
 katharanp
+vde_ext
 tmp

Makefile

@@ -1,44 +1,26 @@
 #!/usr/bin/make -f
 
-PLUGIN_NAME=kathara/katharanp
-PLUGIN_CONTAINER=katharanp
-
 .PHONY: create-builder delete-builder test all_arm64 all_push_arm64 all_amd64 all_push_amd64
 
-all_arm64: test clean_arm64 plugin_arm64 delete-builder
-all_push_arm64: all_arm64 push_arm64 delete-builder
+clean_%: delete-builder
+	cd bridge && make clean_$*
+	cd vde && make clean_$*
+
+all_arm64: create-builder
+	cd bridge && make all_arm64
+	cd vde && make all_arm64
 
-all_amd64: test clean_amd64 plugin_amd64 delete-builder
-all_push_amd64: all_amd64 push_amd64 delete-builder
+all_push_arm64: create-builder
+	cd bridge && make all_push_arm64
+	cd vde && make all_push_arm64
 
-test:
-	cat ./plugin-src/config.json | python3 -m json.tool
+all_amd64: create-builder
+	cd bridge && make all_amd64
+	cd vde && make all_amd64
 
-clean_%: delete-builder
-	docker plugin rm -f ${PLUGIN_NAME}:$* || true
-	docker rm -f ${PLUGIN_CONTAINER}_rootfs || true
-	rm -rf ./img-src/katharanp
-	rm -rf ./go-src/src/katharanp
-	rm -rf ./plugin-src/rootfs
-
-gobuild_docker_%:
-	docker run -ti --rm -v `pwd`/go-src/:/root/go-src golang:alpine3.18 /bin/sh -c "apk add -U make && cd /root/go-src && make gobuild_$*"
-
-image_%: gobuild_docker_% create-builder
-	mv ./go-src/src/katharanp ./img-src/
-	docker buildx build --platform linux/$* --load -t ${PLUGIN_CONTAINER}:rootfs ./img-src/
-	docker create --platform linux/$* --name ${PLUGIN_CONTAINER}_rootfs ${PLUGIN_CONTAINER}:rootfs
-	mkdir -p ./plugin-src/rootfs
-	docker export ${PLUGIN_CONTAINER}_rootfs | tar -x -C ./plugin-src/rootfs
-	docker rm -vf ${PLUGIN_CONTAINER}_rootfs
-	docker rmi ${PLUGIN_CONTAINER}:rootfs
-
-plugin_%: image_%
-	docker plugin create ${PLUGIN_NAME}:$* ./plugin-src/
-	rm -rf ./plugin-src/rootfs
-
-push_%: clean_% plugin_%
-	docker plugin push ${PLUGIN_NAME}:$*
+all_push_amd64: create-builder
+	cd bridge && make all_push_amd64
+	cd vde && make all_push_amd64
 
 create-builder: delete-builder
 	docker buildx create --name kat-np-builder --use

bridge/Makefile

@@ -0,0 +1,41 @@
+#!/usr/bin/make -f
+
+PLUGIN_NAME=kathara/katharanp
+PLUGIN_CONTAINER=katharanp
+
+.PHONY: test all_arm64 all_push_arm64 all_amd64 all_push_amd64
+
+all_arm64: test clean_arm64 plugin_arm64
+all_push_arm64: all_arm64 push_arm64
+
+all_amd64: test clean_amd64 plugin_amd64
+all_push_amd64: all_amd64 push_amd64
+
+test:
+	cat ./plugin-src/config.json | python3 -m json.tool
+
+clean_%:
+	docker plugin rm -f ${PLUGIN_NAME}:$* || true
+	docker rm -f ${PLUGIN_CONTAINER}_rootfs || true
+	rm -rf ./img-src/katharanp
+	rm -rf ./go-src/katharanp
+	rm -rf ./plugin-src/rootfs
+
+gobuild_docker_%:
+	docker run -ti --rm -v `pwd`/go-src/:/root/go-src golang:alpine3.14 /bin/sh -c "apk add -U make && cd /root/go-src && make gobuild_$*"
+
+image_%: gobuild_docker_%
+	mv ./go-src/katharanp ./img-src/
+	docker buildx build --platform linux/$* --load -t ${PLUGIN_CONTAINER}:rootfs ./img-src/
+	docker create --platform linux/$* --name ${PLUGIN_CONTAINER}_rootfs ${PLUGIN_CONTAINER}:rootfs
+	mkdir -p ./plugin-src/rootfs
+	docker export ${PLUGIN_CONTAINER}_rootfs | tar -x -C ./plugin-src/rootfs
+	docker rm -vf ${PLUGIN_CONTAINER}_rootfs
+	docker rmi ${PLUGIN_CONTAINER}:rootfs
+
+plugin_%: image_%
+	docker plugin create ${PLUGIN_NAME}:$* ./plugin-src/
+	rm -rf ./plugin-src/rootfs
+
+push_%: clean_% plugin_%
+	docker plugin push ${PLUGIN_NAME}:$*

bridge/go-src/Makefile

@@ -0,0 +1,9 @@
+#!/usr/bin/make -f
+
+.PHONY: gobuild_%
+
+gobuild_%:
+	go mod download
+	GOOS=linux GOARCH=$* go build src/katharanp.go src/common_utils.go src/bridge_utils.go src/veth_utils.go
+	chmod 777 ./katharanp
+	

bridge/go-src/go.mod

@@ -0,0 +1,20 @@
+module github.com/KatharaFramework/NetworkPlugin
+
+replace github.com/Sirupsen/logrus => github.com/sirupsen/logrus v1.8.1
+
+go 1.16
+
+require (
+	github.com/Microsoft/go-winio v0.5.0 // indirect
+	github.com/coreos/go-systemd v0.0.0-20191104093116-d3cd4ed1dbcf // indirect
+	github.com/docker/go-connections v0.4.0 // indirect
+	github.com/docker/go-plugins-helpers v0.0.0-20210623094020-7ef169fb8b8e
+	github.com/docker/libnetwork v0.8.0-dev.2.0.20210525090646-64b7a4574d14
+	github.com/godbus/dbus/v5 v5.0.4 // indirect
+	github.com/google/uuid v1.3.0
+	github.com/ishidawataru/sctp v0.0.0-20210707070123-9a39160e9062 // indirect
+	github.com/vishvananda/netlink v1.1.0
+	golang.org/x/net v0.0.0-20210716203947-853a461950ff // indirect
+	golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c
+	gotest.tools/v3 v3.0.3 // indirect
+)

bridge/go-src/go.sum

@@ -0,0 +1,55 @@
+github.com/Microsoft/go-winio v0.5.0 h1:Elr9Wn+sGKPlkaBvwu4mTrxtmOp3F3yV9qhaHbXGjwU=
+github.com/Microsoft/go-winio v0.5.0/go.mod h1:JPGBdM1cNvN/6ISo+n8V5iA4v8pBzdOpzfwIujj1a84=
+github.com/coreos/go-systemd v0.0.0-20191104093116-d3cd4ed1dbcf h1:iW4rZ826su+pqaw19uhpSCzhj44qo35pNgKFGqzDKkU=
+github.com/coreos/go-systemd v0.0.0-20191104093116-d3cd4ed1dbcf/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4=
+github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
+github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/docker/go-connections v0.4.0 h1:El9xVISelRB7BuFusrZozjnkIM5YnzCViNKohAFqRJQ=
+github.com/docker/go-connections v0.4.0/go.mod h1:Gbd7IOopHjR8Iph03tsViu4nIes5XhDvyHbTtUxmeec=
+github.com/docker/go-plugins-helpers v0.0.0-20210623094020-7ef169fb8b8e h1:/PFdW1q3vu60M64mEZqAGbJdS5UHxJr/nTwEZ8KTyjs=
+github.com/docker/go-plugins-helpers v0.0.0-20210623094020-7ef169fb8b8e/go.mod h1:LFyLie6XcDbyKGeVK6bHe+9aJTYCxWLBg5IrJZOaXKA=
+github.com/docker/libnetwork v0.8.0-dev.2.0.20210525090646-64b7a4574d14 h1:GZvuJOpa10/Yl2EinacWoMqJ+XtNPbikclDZvNXBNO8=
+github.com/docker/libnetwork v0.8.0-dev.2.0.20210525090646-64b7a4574d14/go.mod h1:93m0aTqz6z+g32wla4l4WxTrdtvBRmVzYRkYvasA5Z8=
+github.com/godbus/dbus/v5 v5.0.4 h1:9349emZab16e7zQvpmsbtjc18ykshndd8y2PG3sgJbA=
+github.com/godbus/dbus/v5 v5.0.4/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA=
+github.com/google/go-cmp v0.4.0 h1:xsAVV57WRhGj6kEIi8ReJzQlHHqcBYCElAvkovg3B/4=
+github.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
+github.com/google/uuid v1.3.0 h1:t6JiXgmwXMjEs8VusXIJk2BXHsn+wx8BZdTaoZ5fu7I=
+github.com/google/uuid v1.3.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
+github.com/ishidawataru/sctp v0.0.0-20210707070123-9a39160e9062 h1:G1+wBT0dwjIrBdLy0MIG0i+E4CQxEnedHXdauJEIH6g=
+github.com/ishidawataru/sctp v0.0.0-20210707070123-9a39160e9062/go.mod h1:co9pwDoBCm1kGxawmb4sPq0cSIOOWNPT4KnHotMP1Zg=
+github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
+github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
+github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
+github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
+github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
+github.com/sirupsen/logrus v1.7.0 h1:ShrD1U9pZB12TX0cVy0DtePoCH97K8EtX+mg7ZARUtM=
+github.com/sirupsen/logrus v1.7.0/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic61uBYv0=
+github.com/spf13/pflag v1.0.3/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4=
+github.com/stretchr/testify v1.2.2 h1:bSDNvY7ZPG5RlJ8otE/7V6gMiyenm9RtJ7IUVIAoJ1w=
+github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
+github.com/vishvananda/netlink v1.1.0 h1:1iyaYNBLmP6L0220aDnYQpo1QEV4t4hJ+xEEhhJH8j0=
+github.com/vishvananda/netlink v1.1.0/go.mod h1:cTgwzPIzzgDAYoQrMm0EdrjRUBkTqKYppBueQtXaqoE=
+github.com/vishvananda/netns v0.0.0-20191106174202-0a2b9b5464df h1:OviZH7qLw/7ZovXvuNyL3XQl8UFofeikI1NW1Gypu7k=
+github.com/vishvananda/netns v0.0.0-20191106174202-0a2b9b5464df/go.mod h1:JP3t17pCcGlemwknint6hfoeCVQrEMVwxRLRjXpq+BU=
+golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
+golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
+golang.org/x/net v0.0.0-20210716203947-853a461950ff h1:j2EK/QoxYNBsXI4R7fQkkRUk8y6wnOBI+6hgPdP/6Ds=
+golang.org/x/net v0.0.0-20210716203947-853a461950ff/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
+golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+golang.org/x/sys v0.0.0-20190606203320-7fc4e5ec1444/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20191026070338-33540a1f6037/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20210124154548-22da62e12c0c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c h1:F1jZWGFhYfh0Ci55sIpILtKKK8p3i2/krTr0H1rg74I=
+golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
+golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
+golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
+golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
+golang.org/x/tools v0.0.0-20190624222133-a101b041ded4/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc=
+golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
+gotest.tools/v3 v3.0.3 h1:4AuOwCGf4lLR9u3YOe2awrHygurzhO/HeQ6laiA6Sx0=
+gotest.tools/v3 v3.0.3/go.mod h1:Z7Lb0S5l+klDB31fvDQX8ss/FlKDxtlFlw3Oa8Ymbl8=

bridge/go-src/src/bridge_utils.go

@@ -0,0 +1,166 @@
+package main
+
+import (
+	"fmt"
+	"strings"
+
+	"github.com/docker/libnetwork/iptables"
+	"github.com/docker/libnetwork/ns"
+	"github.com/vishvananda/netlink"
+	"github.com/vishvananda/netlink/nl"
+	"golang.org/x/sys/unix"
+)
+
+const (
+	bridgePrefix    = "kt"
+	bridgeLen   	= 12
+)
+
+func getBridgeName(netID string) string {
+	return bridgePrefix + "-" + netID[:bridgeLen]
+}
+
+func createBridge(netID string) (string, error) {
+	bridgeName := getBridgeName(netID)
+
+	exists, err := bridgeInterfaceExists(bridgeName)
+	if err != nil {
+		return "", err
+	}
+
+	if !exists {
+		linkAttrs := netlink.NewLinkAttrs()
+		linkAttrs.Name = bridgeName
+
+		if err := netlink.LinkAdd(&netlink.Bridge{
+			LinkAttrs: linkAttrs,
+		}); err != nil {
+			return "", err
+		}
+	}
+
+	bridge, err := netlink.LinkByName(bridgeName)
+	if err != nil {
+		return "", err
+	}
+
+	var bridgeRule = []string{"-i", bridgeName, "-o", bridgeName, "-j", "ACCEPT"}
+
+    // Install rule in IPv4
+	var iptablev4 = iptables.GetIptable(iptables.IPv4)
+	if err := iptablev4.ProgramRule(iptables.Filter, "FORWARD", iptables.Append, bridgeRule); err != nil {
+		return "", err
+	}
+
+	// Install rule in IPv6
+	var iptablev6 = iptables.GetIptable(iptables.IPv6)
+	if err := iptablev6.ProgramRule(iptables.Filter, "FORWARD", iptables.Append, bridgeRule); err != nil {
+		return "", err
+	}
+
+	if err := patchBridge(bridge); err != nil {
+		return "", err
+	}
+
+	return bridgeName, nil
+}
+
+func patchBridge(bridge netlink.Link) error {
+	// Creates a new RTM_NEWLINK request
+	// NLM_F_ACK is used to receive acks when operations are executed
+	req := nl.NewNetlinkRequest(unix.RTM_NEWLINK, unix.NLM_F_ACK)
+
+	// Search for the bridge interface by its index (and bring it UP too)
+	msg := nl.NewIfInfomsg(unix.AF_UNSPEC)
+	msg.Change = unix.IFF_UP
+	msg.Flags = unix.IFF_UP
+	msg.Index = int32(bridge.Attrs().Index)
+	req.AddData(msg)
+
+	// Patch ageing_time and group_fwd_mask
+	linkInfo := nl.NewRtAttr(unix.IFLA_LINKINFO, nil)
+	linkInfo.AddRtAttr(nl.IFLA_INFO_KIND, nl.NonZeroTerminated(bridge.Type()))
+
+	data := linkInfo.AddRtAttr(nl.IFLA_INFO_DATA, nil)
+	data.AddRtAttr(nl.IFLA_BR_AGEING_TIME, nl.Uint32Attr(0))
+	data.AddRtAttr(nl.IFLA_BR_GROUP_FWD_MASK, nl.Uint16Attr(0xfff8))
+
+	req.AddData(linkInfo)
+
+	// Execute the request. NETLINK_ROUTE is used to send link updates.
+	_, err := req.Execute(unix.NETLINK_ROUTE, 0)
+	if err != nil {
+		return err
+	}
+
+	return nil
+}
+
+func deleteBridge(netID string) error {
+	bridgeName := getBridgeName(netID)
+
+	bridge, err := netlink.LinkByName(bridgeName)
+	if err != nil {
+		return err
+	}
+
+	if err := netlink.LinkDel(bridge); err != nil {
+		return err
+	}
+
+	var bridgeRule = []string{"-i", bridgeName, "-o", bridgeName, "-j", "ACCEPT"}
+
+	// Delete rule in IPv4
+	var iptablev4 = iptables.GetIptable(iptables.IPv4)
+	if err := iptablev4.ProgramRule(iptables.Filter, "FORWARD", iptables.Delete, bridgeRule); err != nil {
+		return err
+	}
+
+	// Delete rule in IPv6
+	var iptablev6 = iptables.GetIptable(iptables.IPv6)
+	if err := iptablev6.ProgramRule(iptables.Filter, "FORWARD", iptables.Delete, bridgeRule); err != nil {
+		return err
+	}
+
+	return nil
+}
+
+func attachInterfaceToBridge(bridgeName string, interfaceName string) error {
+	bridge, err := netlink.LinkByName(bridgeName)
+	if err != nil {
+		return err
+	}
+
+	iface, err := netlink.LinkByName(interfaceName)
+	if err != nil {
+		return err
+	}
+
+	if err := netlink.LinkSetMaster(iface, bridge); err != nil {
+		return err
+	}
+	if err := netlink.LinkSetUp(iface); err != nil {
+		return err
+	}
+
+	return nil
+}
+
+func bridgeInterfaceExists(name string) (bool, error) {
+	nlh := ns.NlHandle()
+	link, err := nlh.LinkByName(name)
+
+	if err != nil {
+		if strings.Contains(err.Error(), "Link not found") {
+			return false, nil
+		}
+
+		return false, fmt.Errorf("failed to check bridge interface existence: %v", err)
+	}
+
+	if link.Type() == "bridge" {
+		return true, nil
+	}
+
+	return false, fmt.Errorf("existing interface %s is not a bridge", name)
+}