Skip to content

Commit

Permalink
tuning: fix cmdCheck when using IFNAME
Browse files Browse the repository at this point in the history
Fixes: c16cff9
Signed-off-by: Etienne Champetier <e.champetier@ateme.com>
  • Loading branch information
champtar committed Apr 20, 2023
1 parent 9f1f9a5 commit 5b7a263
Showing 1 changed file with 28 additions and 15 deletions.
43 changes: 28 additions & 15 deletions plugins/meta/tuning/tuning.go
Original file line number Diff line number Diff line change
Expand Up @@ -334,22 +334,13 @@ func cmdAdd(args *skel.CmdArgs) error {

err = ns.WithNetNSPath(args.Netns, func(_ ns.NetNS) error {
for key, value := range tuningConf.SysCtl {
key = strings.ReplaceAll(key, ".", string(os.PathSeparator))

// If the key contains `IFNAME` - substitute it with args.IfName
// to allow setting sysctls on a particular interface, on which
// other operations (like mac/mtu setting) are performed
key = strings.Replace(key, "IFNAME", args.IfName, 1)

fileName := filepath.Join("/proc/sys", key)

// Refuse to modify sysctl parameters that don't belong
// to the network subsystem.
if !strings.HasPrefix(fileName, "/proc/sys/net/") {
return fmt.Errorf("invalid net sysctl key: %q", key)
fileName, err := getSysctlFilename(key, args.IfName)
if err != nil {
return err
}

content := []byte(value)
err := os.WriteFile(fileName, content, 0o644)
err = os.WriteFile(fileName, content, 0o644)
if err != nil {
return err
}
Expand Down Expand Up @@ -439,7 +430,10 @@ func cmdCheck(args *skel.CmdArgs) error {
err = ns.WithNetNSPath(args.Netns, func(_ ns.NetNS) error {
// Check each configured value vs what's currently in the container
for key, confValue := range tuningConf.SysCtl {
fileName := filepath.Join("/proc/sys", strings.ReplaceAll(key, ".", "/"))
fileName, err := getSysctlFilename(key, args.IfName)
if err != nil {
return err
}

contents, err := os.ReadFile(fileName)
if err != nil {
Expand Down Expand Up @@ -583,3 +577,22 @@ func validateArgs(args *skel.CmdArgs) error {
}
return nil
}

func getSysctlFilename(key, ifName string) (string, error) {
key = strings.ReplaceAll(key, ".", string(os.PathSeparator))

// If the key contains `IFNAME` - substitute it with args.IfName
// to allow setting sysctls on a particular interface, on which
// other operations (like mac/mtu setting) are performed
key = strings.Replace(key, "IFNAME", ifName, 1)

fileName := filepath.Join("/proc/sys", key)

// Refuse to modify sysctl parameters that don't belong
// to the network subsystem.
if !strings.HasPrefix(fileName, "/proc/sys/net/") {
return "", fmt.Errorf("invalid net sysctl key: %q", key)
}

return fileName, nil
}

0 comments on commit 5b7a263

Please sign in to comment.