opensource/podman
1
0
Fork 0
mirror of https://github.com/containers/podman.git synced 2025-06-23 18:59:30 +08:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #10541 from Luap99/fix-10158

Browse Source 
add ipv6 nameservers only when the container has ipv6 enabled
This commit is contained in:
OpenShift Merge Robot
2021-06-03 17:31:25 +02:00
committed by GitHub
parent e4cce8f34f df2e7e00fc
commit 251f5b8d75
2 changed files with 84 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

34
libpod/container_internal_linux.go
View File

@ -1668,17 +1668,16 @@ func (c *Container) generateResolvConf() (string, error) {
return "", err return "", err
} }
// Ensure that the container's /etc/resolv.conf is compatible with its ipv6 := false
// network configuration.
// TODO: set ipv6 enable bool more sanely
resolv, err := resolvconf.FilterResolvDNS(contents, true, c.config.CreateNetNS)
if err != nil {
return "", errors.Wrapf(err, "error parsing host resolv.conf")
}
// Check if CNI gave back and DNS servers for us to add in // Check if CNI gave back and DNS servers for us to add in
cniResponse := c.state.NetworkStatus cniResponse := c.state.NetworkStatus
for _, i := range cniResponse { for _, i := range cniResponse {
for _, ip := range i.IPs {
// Note: only using To16() does not work since it also returns a vaild ip for ipv4
if ip.Address.IP.To4() == nil && ip.Address.IP.To16() != nil {
ipv6 = true
}
}
if i.DNS.Nameservers != nil { if i.DNS.Nameservers != nil {
cniNameServers = append(cniNameServers, i.DNS.Nameservers...) cniNameServers = append(cniNameServers, i.DNS.Nameservers...)
logrus.Debugf("adding nameserver(s) from cni response of '%q'", i.DNS.Nameservers) logrus.Debugf("adding nameserver(s) from cni response of '%q'", i.DNS.Nameservers)
@ -1689,6 +1688,25 @@ func (c *Container) generateResolvConf() (string, error) {
} }
} }
if c.config.NetMode.IsSlirp4netns() {
ctrNetworkSlipOpts := []string{}
if c.config.NetworkOptions != nil {
ctrNetworkSlipOpts = append(ctrNetworkSlipOpts, c.config.NetworkOptions["slirp4netns"]...)
}
slirpOpts, err := parseSlirp4netnsNetworkOptions(c.runtime, ctrNetworkSlipOpts)
if err != nil {
return "", err
}
ipv6 = slirpOpts.enableIPv6
}
// Ensure that the container's /etc/resolv.conf is compatible with its
// network configuration.
resolv, err := resolvconf.FilterResolvDNS(contents, ipv6, c.config.CreateNetNS)
if err != nil {
return "", errors.Wrapf(err, "error parsing host resolv.conf")
}
dns := make([]net.IP, 0, len(c.runtime.config.Containers.DNSServers)) dns := make([]net.IP, 0, len(c.runtime.config.Containers.DNSServers))
for _, i := range c.runtime.config.Containers.DNSServers { for _, i := range c.runtime.config.Containers.DNSServers {
result := net.ParseIP(i) result := net.ParseIP(i)

58
test/system/500-networking.bats
View File

@ -329,4 +329,62 @@ load helpers
run_podman network rm -f $mynetname run_podman network rm -f $mynetname
} }
@test "podman ipv6 in /etc/resolv.conf" {
ipv6_regex='([0-9A-Fa-f]{0,4}:){2,7}([0-9A-Fa-f]{0,4})(%\w+)?'
# Make sure to read the correct /etc/resolv.conf file in case of systemd-resolved.
resolve_file=$(readlink -f /etc/resolv.conf)
if [[ "$resolve_file" == "/run/systemd/resolve/stub-resolv.conf" ]]; then
resolve_file="/run/systemd/resolve/resolv.conf"
fi
# If the host doesn't have an ipv6 in resolv.conf skip this test.
# We should never modify resolv.conf on the host.
if ! grep -E "$ipv6_regex" "$resolve_file"; then
skip "This test needs an ipv6 nameserver in $resolve_file"
fi
# ipv4 slirp
run_podman run --rm --network slirp4netns:enable_ipv6=false $IMAGE cat /etc/resolv.conf
if grep -E "$ipv6_regex" <<< $output; then
die "resolv.conf contains a ipv6 nameserver"
fi
# ipv6 slirp
run_podman run --rm --network slirp4netns:enable_ipv6=true $IMAGE cat /etc/resolv.conf
# "is" does not like the ipv6 regex
if ! grep -E "$ipv6_regex" <<< $output; then
die "resolv.conf does not contain a ipv6 nameserver"
fi
# ipv4 cni
local mysubnet=$(random_rfc1918_subnet)
local netname=testnet-$(random_string 10)
run_podman network create --subnet $mysubnet.0/24 $netname
is "$output" ".*/cni/net.d/$netname.conflist" "output of 'network create'"
run_podman run --rm --network $netname $IMAGE cat /etc/resolv.conf
if grep -E "$ipv6_regex" <<< $output; then
die "resolv.conf contains a ipv6 nameserver"
fi
run_podman network rm -f $netname
# ipv6 cni
mysubnet=fd00:4:4:4:4::/64
netname=testnet-$(random_string 10)
run_podman network create --subnet $mysubnet $netname
is "$output" ".*/cni/net.d/$netname.conflist" "output of 'network create'"
run_podman run --rm --network $netname $IMAGE cat /etc/resolv.conf
# "is" does not like the ipv6 regex
if ! grep -E "$ipv6_regex" <<< $output; then
die "resolv.conf does not contain a ipv6 nameserver"
fi
run_podman network rm -f $netname
}
# vim: filetype=sh # vim: filetype=sh