dev-sys-do · mfernd · Aug 31, 2023
diff --git a/network/.gitignore b/network/.gitignore
@@ -0,0 +1,3 @@
+*.log
+plugins/**/vendors/
+builds/
diff --git a/network/Documentation/bridge.md b/network/Documentation/bridge.md
@@ -0,0 +1,81 @@
+# bridge plugin
+
+## Overview
+
+With bridge plugin, all containers (on the same host) are plugged into a bridge (virtual switch) that resides in the host network namespace. The containers receive one end of the veth pair with the other end connected to the bridge. An IP address is only assigned to one end of the veth pair – one residing in the container. The bridge itself can also be assigned an IP address, turning it into a gateway for the containers. 
+
+The network configuration specifies the name of the bridge to be used. If the bridge is missing, the plugin will create one on first use and, if gateway mode is used, assign it an IP that was returned by IPAM plugin via the gateway field.
+
+## Summary
+
+- [bridge plugin](#bridge-plugin)
+  - [Overview](#overview)
+  - [Summary](#summary)
+  - [Section 1: Network configuration reference](#section-1-network-configuration-reference)
+    - [Required keys](#required-keys)
+    - [Optional keys](#optional-keys)
+    - [Example configuration](#example-configuration)
+  - [Section 2: Interface configuration arguments reference](#section-2-interface-configuration-arguments-reference)
+
+
+## Section 1: Network configuration reference
+
+This section provides details about the configuration options for the "bridge" CNI plugin.
+
+### Required keys
+
+| Implemented | Field           | Description              |
+| ----------- | --------------- | ------------------------ |
+| ✅           | `name` (string) | The name of the network. |
+| ✅           | `type` (string) | “bridge”.                |
+
+### Optional keys
+
+| Implemented | Field                           | Description                                                                                                                                                                |
+| ----------- | ------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
+| ✅           | `bridge` (string)               | Name of the bridge to use/create. Defaults to “cni0”.                                                                                                                      |
+| ✅           | `isGateway` (boolean)           | Assign an IP address to the bridge. Defaults to false.                                                                                                                     |
+| ✅           | `isDefaultGateway` (boolean)    | Sets isGateway to true and makes the assigned IP the default route. Defaults to false.                                                                                     |
+| ✅           | `forceAddress` (boolean)        | Indicates if a new IP address should be set if the previous value has been changed. Defaults to false.                                                                     |
+| ❌           | `ipMasq` (boolean)              | Set up IP Masquerade on the host for traffic originating from this network and destined outside of it. Defaults to false.                                                  |
+| ❌           | `mtu` (integer)                 | Explicitly set MTU to the specified value. Defaults to the value chosen by the kernel.                                                                                     |
+| ❌           | `hairpinMode` (boolean)         | Set hairpin mode for interfaces on the bridge. Defaults to false.                                                                                                          |
+| ✅           | `ipam` (dictionary)             | IPAM configuration to be used for this network. Refer to [host-local](https://github.com/lapsus-ord/orka/blob/cni-impl/network/Documentation/host-local.md) documentation. |
+| ✅           | `promiscMode` (boolean)         | Set promiscuous mode on the bridge. Defaults to false.                                                                                                                     |
+| ❌           | `vlan` (integer)                | Assign VLAN tag. Defaults to none.                                                                                                                                         |
+| ❌           | `preserveDefaultVlan` (boolean) | Indicates whether the default vlan must be preserved on the veth end connected to the bridge. Defaults to true.                                                            |
+| ❌           | `vlanTrunk` (list)              | Assign VLAN trunk tag. Defaults to none.                                                                                                                                   |
+| ❌           | `enabledad` (boolean)           | Enables duplicate address detection for the container side veth. Defaults to false.                                                                                        |
+| ❌           | `macspoofchk` (boolean)         | Enables mac spoof check, limiting the traffic originating from the container to the mac address of the interface. Defaults to false.                                       |
+
+
+Note: The VLAN parameter configures the VLAN tag on the host end of the veth and also enables the vlan_filtering feature on the bridge interface.
+
+### Example configuration
+
+Here's an example configuration for the "bridge" CNI plugin:
+
+```conf
+{
+  "cniVersion": "1.0.0",
+  "name": "orknet",
+  "type": "bridge",
+  "bridge": "ork0",
+  "isDefaultGateway": true,
+  "ipam": {
+    "type": "host-local",
+    "subnet": "10.244.0.0/24",
+  }
+}
+```
+
+This example demonstrates how to configure the "bridge" plugin, specifying the network name, type, bridge name, default gateway settings, and IPAM configuration.
+
+## Section 2: Interface configuration arguments reference
+
+The following `CNI_ARGS` are supported:
+
+
+| Implemented | Field          | Description                                                                                   |
+| ----------- | -------------- | --------------------------------------------------------------------------------------------- |
+| ❌           | `MAC` (string) | Request a specific MAC address for the interface (example: CNI_ARGS=“MAC=c2:11:22:33:44:55”). |
diff --git a/network/README.md b/network/README.md
@@ -0,0 +1,48 @@
+# Software Defined Network: `orkanet`
+
+## Overview
+
+The main plugin used by the runtime (or the CRI) is `orka-cni`,
+this plugin will then delegate the creation of interfaces and IPAM
+to other plugins like `bridge` and `host-local`.
+
+The inspiration for this plugin comes from the [CNI plugin](https://github.com/flannel-io/cni-plugin)
+of flannel.
+
+## Summary
+
+- [Software Defined Network: `orkanet`](#software-defined-network-orkanet)
+  - [Overview](#overview)
+  - [Summary](#summary)
+  - [Section 1: Protocol parameters](#section-1-protocol-parameters)
+    - [Environment variables](#environment-variables)
+    - [Errors](#errors)
+    - [CNI operations](#cni-operations)
+  - [Section 2: Getting started](#section-2-getting-started)
+
+
+## Section 1: Protocol parameters
+
+Protocol parameters are passed to the plugins via OS environment variables.
+
+### Environment variables
+
+- `CNI_COMMAND`: indicates the desired operation; ADD, DEL, CHECK or VERSION.
+- `CNI_CONTAINERID`: Container ID. A unique plaintext identifier for a container, allocated by the runtime. Must not be empty. Must start with an alphanumeric character, optionally followed by any combination of one or more alphanumeric characters, underscore (_), dot (.) or hyphen (-)
+- `CNI_NETNS`: A reference to the container's “isolation domain”. If using network namespaces, then a path to the network namespace (e.g., `/run/netns/[nsname]`)
+- `CNI_IFNAME`: Name of the interface to create inside the container; if the plugin is unable to use this interface name it must return an error
+- `CNI_ARGS`: Extra arguments passed in by the user at invocation time. Alphanumeric key-value pairs separated by semicolons; for example, “FOO=BAR;ABC=123”
+- `CNI_PATH`: List of paths to search for CNI plugin executables. Paths are separated by an OS-specific list separator; for example ‘:’ on Linux and ‘;’ on Windows
+
+### Errors
+
+A plugin must exit with a return code of 0 on success, and non-zero on failure. If the plugin encounters an error, it should output an “error” result structure (see below).
+
+### CNI operations
+
+CNI defines 4 operations: `ADD`, `DEL`, `CHECK`, and `VERSION`. These are passed to the plugin via the `CNI_COMMAND` environment variable.
+
+## Section 2: Getting started
+
+To test our CNI plugin, you can use [`cnitool`](https://github.com/containernetworking/cni/tree/main/cnitool),
+it is a tool in go to execute CNI configuration.
diff --git a/network/build_linux.sh b/network/build_linux.sh
@@ -0,0 +1,16 @@
+#!/bin/bash
+
+# Build plugin binaries
+export RUSTFLAGS='-A warnings'
+mkdir -p builds/
+cd ./plugins/bridge || exit
+plugins_names=("bridge" "host-local" "orka-cni")
+for str in "${plugins_names[@]}"; do
+	cd ../"$str" || exit
+  cargo build --release
+  cp ./target/release/"$str" ../../builds
+done
+
+# tar them into an archive
+cd ../../builds/ || exit
+tar czfv ./cni_plugins.tar.gz bridge host-local orka-cni
diff --git a/network/plugins/bridge/Cargo.toml b/network/plugins/bridge/Cargo.toml
@@ -0,0 +1,20 @@
+[package]
+name = "bridge"
+version = "0.1.0"
+edition = "2021"
+
+[dependencies]
+async-trait = "0.1.73"
+cni-plugin = { version = "0.2", features = ["with-tokio"] }
+digest = "0.10.7"
+futures = "0.3.28"
+libc = "0.2.147"
+log = "0.4.20"
+netlink-packet-route = "0.17.1"
+nix = "0.26.2"
+rand = { version = "0.8.5", features = ["small_rng"] }
+rtnetlink = "0.13.1"
+serde_json = "1.0.105"
+sha2 = "0.10.7"
+tokio = { version = "1.32.0", features = ["full"] }
+which = "4.4.0"
diff --git a/network/plugins/bridge/Makefile b/network/plugins/bridge/Makefile
@@ -0,0 +1,32 @@
+PLUGINS_PATH='./target/debug:./vendors'
+NET_CONF_PATH='./test'
+CNITOOL_PATH='$(HOME)/go/bin/cnitool'
+BUILT_BIN_PATH='./target/debug/bridge'
+
+NETWORK_NAME='orknet'
+NS_NAME='testing'
+
+.cargo-build:
+	@cargo build
+
+add: .cargo-build
+	@sudo CNI_PATH=$(PLUGINS_PATH) NETCONFPATH=$(NET_CONF_PATH) $(CNITOOL_PATH) add $(NETWORK_NAME) /var/run/netns/$(NS_NAME)
+	@echo ''
+
+del: .cargo-build
+	@sudo CNI_PATH=$(PLUGINS_PATH) NETCONFPATH=$(NET_CONF_PATH) $(CNITOOL_PATH) del $(NETWORK_NAME) /var/run/netns/$(NS_NAME)
+	@echo ''
+
+check: .cargo-build
+	@sudo CNI_PATH=$(PLUGINS_PATH) NETCONFPATH=$(NET_CONF_PATH) $(CNITOOL_PATH) check $(NETWORK_NAME) /var/run/netns/$(NS_NAME)
+	@echo ''
+
+version: .cargo-build
+	@echo '{"cniVersion": "1.0.0", "supportedVersions": [ "0.1.0", "0.2.0", "0.3.0", "0.3.1", "0.4.0", "1.0.0" ]}' | sudo CNI_COMMAND=VERSION $(BUILT_BIN_PATH)
+	@echo ''
+
+download_vendors:
+	@mkdir -p ./vendors
+	@wget -O ./vendors.tgz https://github.com/containernetworking/plugins/releases/download/v1.3.0/cni-plugins-linux-amd64-v1.3.0.tgz
+	@tar -xvf vendors.tgz -C ./vendors ./host-local
+	@rm ./vendors.tgz
diff --git a/network/plugins/bridge/README.md b/network/plugins/bridge/README.md
@@ -0,0 +1,39 @@
+**Note**: This document has moved to [https://github.com/lapsus-ord/orka/blob/cni-impl/network/Documentation/bridge.md](https://github.com/lapsus-ord/orka/blob/cni-impl/network/Documentation/bridge.md).
+
+## Debug with `cnitool`
+
+First, install cnitool:
+
+```bash
+go install github.com/containernetworking/cni/cnitool@latest
+```
+
+Download `host-local` plugin:
+
+```bash
+make download_vendors
+```
+
+Create a network namespace. This will be called `testing`:
+
+```bash
+sudo ip netns add testing
+```
+
+**Add** the container to the network:
+
+```bash
+make add
+```
+
+**Check** whether the container's networking is as expected (ONLY for spec v0.4.0+):
+
+```bash
+make check
+```
+
+And clean up:
+
+```bash
+make del
+```