The previous veth interface naming scheme tried to find the lowest unused
index for both the parent and container veth interfaces. That's susceptible
to race conditions when multiple containers are started at the same time.
Try to pick a random unused interface id for the parent if one wasn't given
by the caller and use that as a template for the container interface name.
This should prevent races to create two uniquely named interfaces for each
container. The caller can still assign the parent interface name manually
and that name is used for in container (before the interface is moved to the
container namespace and renamed.)
Signed-off-by: Oskari Saarenmaa
---
My previous two patches for this issue were rejected because of concerns
with the naming scheme (in v1) or leaving fixing the race condition to the
caller (v2) and I mostly forgot about this issue after implementing a
workaround in my application, but yesterday someone else on #virt ran into
the same issue and I took another look at my patches.
The third iteration of this patch uses random identifiers and makes sure
they're not already in use, but still does not retry interface creation on
failure. I believe this is good enough as the likelihood of two containers
starting up at the same time and coming up with the same random 32-bit
identifier should be rather low.
This does change the interface names from nice low integers to random larger
integers, but I don't see that an issue. And the caller can select any
other name they like if that's not acceptable.
src/util/virnetdevveth.c | 95 ++--
1 file changed, 27 insertions(+), 68 deletions(-)
diff --git a/src/util/virnetdevveth.c b/src/util/virnetdevveth.c
index 039767f..9a5bc63 100644
--- a/src/util/virnetdevveth.c
+++ b/src/util/virnetdevveth.c
@@ -23,6 +23,7 @@
#include
+#include
#include
#include "virnetdevveth.h"
@@ -33,119 +34,77 @@
#include "virfile.h"
#include "virstring.h"
#include "virutil.h"
+#include "virrandom.h"
#define VIR_FROM_THIS VIR_FROM_NONE
/* Functions */
/**
- * virNetDevVethGetFreeName:
- * @veth: pointer to store returned name for veth device
- * @startDev: device number to start at (x in vethx)
- *
- * Looks in /sys/class/net/ to find the first available veth device
- * name.
- *
- * Returns non-negative device number on success or -1 in case of error
- */
-static int virNetDevVethGetFreeName(char **veth, int startDev)
-{
-int devNum = startDev-1;
-char *path = NULL;
-
-VIR_DEBUG("Find free from veth%d", startDev);
-do {
-VIR_FREE(path);
-++devNum;
-if (virAsprintf(&path, "/sys/class/net/veth%d/", devNum) < 0)
-return -1;
-VIR_DEBUG("Probe %s", path);
-} while (virFileExists(path));
-VIR_FREE(path);
-
-if (virAsprintf(veth, "veth%d", devNum) < 0)
-return -1;
-
-return devNum;
-}
-
-/**
* virNetDevVethCreate:
* @veth1: pointer to name for parent end of veth pair
- * @veth2: pointer to return name for container end of veth pair
+ * @veth2: pointer to name for container end of veth pair
*
* Creates a veth device pair using the ip command:
* ip link add veth1 type veth peer name veth2
- * If veth1 points to NULL on entry, it will be a valid interface on
- * return. veth2 should point to NULL on entry.
*
- * NOTE: If veth1 and veth2 names are not specified, ip will auto assign
- * names. There seems to be two problems here -
- * 1) There doesn't seem to be a way to determine the names of the
- * devices that it creates. They show up in ip link show and
- * under /sys/class/net/ however there is no guarantee that they
- * are the devices that this process just created.
- * 2) Once one of the veth devices is moved to another namespace, it
- * is no longer visible in the parent namespace. This seems to
- * confuse the name assignment causing it to fail with File exists.
- * Because of these issues, this function currently allocates names
- * prior to using the ip command, and returns any allocated names
- * to the caller.
+ * If veth1 or veth2 points to NULL on entry, they will be
+ * a valid interface on return.
*
* Returns 0 on success or -1 in case of error
*/
int virNetDevVethCreate(char** veth1, char** veth2)
{
-int rc = -1;
const char *argv[] = {
"ip", "link", "add", NULL, "type", "veth", "peer", "name", NULL, NULL
};
-int vethDev = 0;
bool veth1_alloc = false;
bool veth2_alloc = false;
VIR_DEBUG("Host: %s guest: %s", NULLSTR(*veth1), NULLSTR(*veth2));
if (*veth1 == NULL) {
-if ((vethDev = virNetDevVethGetFreeName(veth1, vethDev)) < 0)
-goto cleanup;
+size_t veth_path_max = sizeof("/sys/class/net//") + IF_NAMESIZE;
+char *veth1_path;
+
+if (VIR_ALLOC_N(*veth1, IF_NAMESIZE) < 0 ||
+VIR_ALLOC_N(veth1_path, veth_
