From 19b21a9f18a6ea7b5f44b39a9def59ca5e8eb1a410d6ff062f5a416c47afaa45 Mon Sep 17 00:00:00 2001 From: Jordi Massaguer Date: Tue, 29 May 2018 10:59:23 +0000 Subject: [PATCH 1/2] Accepting request 612661 from home:ereslibre:branches:devel:CaaSP:Head:ControllerNode OBS-URL: https://build.opensuse.org/request/show/612661 OBS-URL: https://build.opensuse.org/package/show/devel:CaaSP:Head:ControllerNode/flannel?expand=0&rev=7 --- flannel.spec | 2 ++ use-32-prefix-udp-backend.patch | 34 +++++++++++++++++++++++++++++++++ 2 files changed, 36 insertions(+) create mode 100644 use-32-prefix-udp-backend.patch diff --git a/flannel.spec b/flannel.spec index 63c2970..eb13903 100644 --- a/flannel.spec +++ b/flannel.spec @@ -33,6 +33,7 @@ Source1: flanneld.sysconf Source2: flanneld.service Source3: flannel-docker.conf Source4: flannel-tmpfiles.conf +Patch1: use-32-prefix-udp-backend.patch BuildRequires: golang-packaging BuildRequires: systemd BuildRequires: xz @@ -54,6 +55,7 @@ reduces the complexity of doing port mapping. %prep %setup -q +%patch1 -p1 %build gofmt -w -r "x -> \"%{version}\"" version/version.go diff --git a/use-32-prefix-udp-backend.patch b/use-32-prefix-udp-backend.patch new file mode 100644 index 0000000..e639242 --- /dev/null +++ b/use-32-prefix-udp-backend.patch @@ -0,0 +1,34 @@ +From ed425bdd6fefacb0f06b35fa8f4caedf042dc84d Mon Sep 17 00:00:00 2001 +From: "Cel A. Skeggs" +Date: Thu, 1 Feb 2018 17:49:12 -0500 +Subject: [PATCH] backend/udp: Use a /32 prefix for the flannel0 interface + +This avoids the kernel's creation of broadcast routes, which prevent +communication from the host with the zeroth subnet to containers on any +other hosts. +--- + backend/udp/udp_network.go | 10 ++++++++-- + 1 file changed, 8 insertions(+), 2 deletions(-) + +diff --git a/backend/udp/udp_network.go b/backend/udp/udp_network.go +index 1f9752f8..242ebf49 100644 +--- a/backend/udp/udp_network.go ++++ b/backend/udp/udp_network.go +@@ -153,9 +153,15 @@ func configureIface(ifname string, ipn ip.IP4Net, mtu int) error { + return fmt.Errorf("failed to lookup interface %v", ifname) + } + +- err = netlink.AddrAdd(iface, &netlink.Addr{IPNet: ipn.ToIPNet(), Label: ""}) ++ // Ensure that the device has a /32 address so that no broadcast routes are created. ++ // This IP is just used as a source address for host to workload traffic (so ++ // the return path for the traffic has an address on the flannel network to use as the destination) ++ ipnLocal := ipn ++ ipnLocal.PrefixLen = 32 ++ ++ err = netlink.AddrAdd(iface, &netlink.Addr{IPNet: ipnLocal.ToIPNet(), Label: ""}) + if err != nil { +- return fmt.Errorf("failed to add IP address %v to %v: %v", ipn.String(), ifname, err) ++ return fmt.Errorf("failed to add IP address %v to %v: %v", ipnLocal.String(), ifname, err) + } + + err = netlink.LinkSetMTU(iface, mtu) From 00fb19121c5380fb3e037ba132b41c010ddd4a935d7eb5104ee69b3bc1c62b01 Mon Sep 17 00:00:00 2001 From: Jordi Massaguer Date: Tue, 29 May 2018 11:14:31 +0000 Subject: [PATCH 2/2] Accepting request 612835 from home:ereslibre:branches:devel:CaaSP:Head:ControllerNode - Add use-32-prefix-udp-backend.patch: backend/udp: Use a /32 prefix for the flannel0 interface This avoids the kernel's creation of broadcast routes, which prevent communication from the host with the zeroth subnet to containers on any other hosts. Fixes: bsc#1094364 OBS-URL: https://build.opensuse.org/request/show/612835 OBS-URL: https://build.opensuse.org/package/show/devel:CaaSP:Head:ControllerNode/flannel?expand=0&rev=8 --- flannel.changes | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/flannel.changes b/flannel.changes index 055637a..fd7cb89 100644 --- a/flannel.changes +++ b/flannel.changes @@ -1,3 +1,13 @@ +------------------------------------------------------------------- +Tue May 29 11:11:34 UTC 2018 - rfernandezlopez@suse.com + +- Add use-32-prefix-udp-backend.patch: backend/udp: Use a /32 prefix for the flannel0 interface + This avoids the kernel's creation of broadcast routes, which prevent + communication from the host with the zeroth subnet to containers on any + other hosts. + +Fixes: bsc#1094364 + ------------------------------------------------------------------- Thu Feb 1 16:58:22 CET 2018 - ro@suse.de