RFC: podman: Add support for blackhole routes#28230
RFC: podman: Add support for blackhole routes#28230p12tic wants to merge 1 commit intocontainers:mainfrom
Conversation
Add support for blackhole, unreachable, and prohibit route types in podman networks. These route types allow silently discarding packets (blackhole), rejecting with destination unreachable (unreachable), or rejecting with administratively prohibited (prohibit). Note: Blackhole routes require netavark >= 2.0.0. Regular unicast routes remain backward compatible with all netavark versions. Signed-off-by: Povilas Kanapickas <povilas@radix.lt>
|
A friendly reminder that this PR had no activity for 30 days. |
|
@github-actions Waiting for containers/netavark#1417 to land |
|
blocked on new CI images (#28520) |
|
@p12tic You cannot modify vendor/ files directly uou will need to post the chnage for the type as PR on container-libs first, can you do that? |
|
opened a PR in common to add the type there so we can move some bits forward, we getting close to the 6.0 deadline containers/container-libs#802 |
Added in netavark in containers/netavark#1417 Needed for containers/podman#28230 The invalid gw test was somewhat broken, as the go type uses net.IP the parsing of the ip failed in the test and the ip was just left nil. This means the json marshal just sends an empty string to netavark and well that failed parsing in NV then. However now with the route type the gateway is optional an omitempty and therefore no longer is send to NV. Instead NV will no fail with a different error about the missing gateway for unicast routes. But because the other test checks that once already I rather remove the checks here as they do not really add value to do this for each network driver. Signed-off-by: Paul Holzinger <pholzing@redhat.com>
|
once #28612 merges you should be able to rebase and use the new type from container libs. Let me know if you can handle that until early/mid next week, otherwise I will try to finish this here. |
|
#28612 is merged |
|
Sorry I was away for some time. I will update the PR this week. |
3 participants
Add support for blackhole, unreachable, and prohibit route types in podman networks. These route types allow silently discarding packets (blackhole), rejecting with destination unreachable (unreachable), or rejecting with administratively prohibited (prohibit).
Blackhole routes require netavark >= 2.0.0. Regular unicast routes remain backward compatible with all netavark versions.
Likely fixes #20222
Exposes this netavark feature: containers/netavark#1417
Currently market as draft to get early feedback before I move libnetwork changes to common repository.
Checklist
Ensure you have completed the following checklist for your pull request to be reviewed:
commits. (
git commit -s). (If needed, usegit commit -s --amend). The author email must matchthe sign-off email address. See CONTRIBUTING.md
for more information.
Fixes: #00000in commit message (if applicable)make validatepr(format/lint checks)Noneif no user-facing changes)Does this PR introduce a user-facing change?