-
Notifications
You must be signed in to change notification settings - Fork 790
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Bridge plugin leak ip masq if netns is empty #810
Labels
Comments
qkboy
pushed a commit
to qkboy/plugins
that referenced
this issue
Jan 18, 2023
In the Del command it didn't clean ip masq when netns is empty. Add the clean-up code if ip address can fetch from prevResult in StdinData. Fix containernetworking#810
qkboy
pushed a commit
to qkboy/plugins
that referenced
this issue
Jan 18, 2023
In the Del command it didn't clean ip masq when netns is empty. Add the clean-up code if ip address can fetch from prevResult in StdinData. Fix containernetworking#810 Signed-off-by: hyphen.wang <[email protected]>
qkboy
pushed a commit
to qkboy/plugins
that referenced
this issue
Aug 23, 2024
In the Del command it didn't clean ip masq when netns is empty. Add the clean-up code if ip address can fetch from prevResult in StdinData. Fix containernetworking#810 Signed-off-by: hyphen.wang <[email protected]>
qkboy
pushed a commit
to qkboy/plugins
that referenced
this issue
Aug 23, 2024
In the Del command it didn't clean ip masq when netns is empty. Add the clean-up code if ip address can fetch from prevResult in StdinData. Fix containernetworking#810 Signed-off-by: hyphen.wang <[email protected]>
qkboy
pushed a commit
to qkboy/plugins
that referenced
this issue
Aug 26, 2024
In the Del command it didn't clean ip masq when netns is empty. Add the clean-up code if ip address can fetch from prevResult in StdinData. Fix containernetworking#810 Signed-off-by: hyphen.wang <[email protected]>
qkboy
pushed a commit
to qkboy/plugins
that referenced
this issue
Aug 26, 2024
In the Del command it didn't clean ip masq when netns is empty. Add the clean-up code if ip address can fetch from prevResult in StdinData. Fix containernetworking#810 Signed-off-by: hyphen.wang <[email protected]>
qkboy
pushed a commit
to qkboy/plugins
that referenced
this issue
Sep 2, 2024
In the Del command it didn't clean ip masq when netns is empty. Add the clean-up code if ip address can fetch from prevResult in StdinData. Fix containernetworking#810 Signed-off-by: hyphen.wang <[email protected]>
qkboy
pushed a commit
to qkboy/plugins
that referenced
this issue
Sep 8, 2024
In the Del command it didn't clean ip masq when netns is empty. Add the clean-up code if ip address can fetch from prevResult in StdinData. Fix containernetworking#810 Signed-off-by: hyphen.wang <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
When calling bridge to create a container through nerdctl, if set
"ipMasq": true
, three iptables rules will be created. These rules are not deleted after the container is deleted, but remain on the system.The reason is that, nerdctl calling cni Del will put
Netns=""
into the StdinData.and ctr also do the same action.
But bridge plugin only execute ipamDel() and didn't teardown ip masq when Netns is empty .
In another case, even if Netns is not empty, but the container has stopped. Bridge plugin try to obtain the ip address from container's netns will be fail too. So teardown ip masq will not execute too. The current handling method is to skip.
When nerdctl calls cni Del, the container has been stopped. This problem is difficult to solve on nerdctl or ctr.
Actually, nerdctl or ctr will inserts the network metadata into the prevResult structure of the StdinData.
We can solve this problem by getting the IP address from prevResult and adjusting the order of executing ip masq.
The text was updated successfully, but these errors were encountered: