Google Git
Sign in
quiche / quiche / 65db4b0891480a9f2e049b6c7b904709fb67fca9^! / . / quic / qbone / bonnet / tun_device.cc
commit65db4b0891480a9f2e049b6c7b904709fb67fca9[log] [tgz]
authorQUICHE team <quiche-dev@google.com>Thu Dec 12 15:14:08 2019 -0800
committerCopybara-Service <copybara-worker@google.com>Thu Dec 12 15:14:44 2019 -0800
treec6319c4bb23b89b3337e6f1c44d99be3b5e465f8
parent8ee29a04698acb5e1531f46a5dff9266b17ce1ec [diff] [blame]
Configure the Bonnet's bootstrapping process in a Kubernetes pod. Should do the following:

TODO: Need to handle graceful handoff of connections between bonnets on restart. As it is now, the old Bonnet being connected causes the new one to be blocked (and the old one isn't killed by the kubemaster until the new one initializes...).

1) Start Bonnet as an init container, configuring the TUN device and setting permissions to allow the Bonnet sidecar to pick up the TUN without NET_ADMIN permissions.
2) Have the init container shut down upon successful configuration (should we forcefully terminate after some number of failed initial attempts?).
3) Start Bonnet again as a sidecar (without NET_ADMIN), allowing the primary task within the pod to run without requiring any privileges.

gfe-relnote: n/a (QBONE-only change)
PiperOrigin-RevId: 285281727
Change-Id: Ie78ffb1d441f605e41ead80c16069271fbe102f3

diff --git a/quic/qbone/bonnet/tun_device.cc b/quic/qbone/bonnet/tun_device.cc
index e266654..6fa3cc3 100644
--- a/quic/qbone/bonnet/tun_device.cc
+++ b/quic/qbone/bonnet/tun_device.cc

@@ -22,10 +22,12 @@
 TunDevice::TunDevice(const string& interface_name,
                      int mtu,
                      bool persist,
+                     bool setup_tun,
                      KernelInterface* kernel)
     : interface_name_(interface_name),
       mtu_(mtu),
       persist_(persist),
+      setup_tun_(setup_tun),
       file_descriptor_(kInvalidFd),
       kernel_(*kernel) {}
 
@@ -56,7 +58,7 @@
 // TODO(pengg): might be better to use netlink socket, once we have a library to
 // use
 bool TunDevice::Up() {
-  if (!is_interface_up_) {
+  if (setup_tun_ && !is_interface_up_) {
     struct ifreq if_request;
     memset(&if_request, 0, sizeof(if_request));
     // copy does not zero-terminate the result string, but we've memset the
@@ -75,7 +77,7 @@
 // TODO(pengg): might be better to use netlink socket, once we have a library to
 // use
 bool TunDevice::Down() {
-  if (is_interface_up_) {
+  if (setup_tun_ && is_interface_up_) {
     struct ifreq if_request;
     memset(&if_request, 0, sizeof(if_request));
     // copy does not zero-terminate the result string, but we've memset the
@@ -145,6 +147,10 @@
 // TODO(pengg): might be better to use netlink socket, once we have a library to
 // use
 bool TunDevice::ConfigureInterface() {
+  if (!setup_tun_) {
+    return true;
+  }
+
   struct ifreq if_request;
   memset(&if_request, 0, sizeof(if_request));
   // copy does not zero-terminate the result string, but we've memset the entire