-
Notifications
You must be signed in to change notification settings - Fork 0
/
do.go
111 lines (94 loc) · 3.67 KB
/
do.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
package neslink
import (
"errors"
"fmt"
"runtime"
)
// TODO: Handle NsFd close errors in Do (currently as defers)
var (
// errDirtyThread is returned when some action that moves a thread over to a
// netns fails to return the thread back to the netns of the caller. In the
// scenario where this happens, the os thread can be considered dirty and
// should not be reused. This error may also be wrapped into others, so
// errors.Is should be used to check for its presence.
errDirtyThread error = errors.New("system thread failed to move to expected final network namespace")
)
// Do executes a given set of actions in a specified network namespace. It does
// so in a separate OS thread in order to allow the rest of the program to
// continue on the current network namespace. An error is returned if any netns
// move fails or any provided action fails. Do note that if the spawned system
// thread fails to be reverted to the network namespace of the caller, the
// thread is considered dirty and is never unlocked (thus can not be reused).
func Do(nsP NsProvider, actions ...Action) error {
// 1. get new network namespace fd to switch to
targetNs, err := nsP.Provide()
if err != nil {
return fmt.Errorf("failed to get target netns: %w", err)
}
targetNsFd, err := targetNs.open()
if err != nil {
return fmt.Errorf("failed to open the target netns file descriptor: %w", err)
}
defer targetNsFd.close()
return DoFd(targetNsFd, actions...)
}
// DoFd executes a given set of actions in a specified network namespace. It
// does so in a separate OS thread in order to allow the rest of the program to
// continue on the current network namespace. An error is returned if any netns
// move fails or any provided action fails. Do note that if the spawned system
// thread fails to be reverted to the network namespace of the caller, the
// thread is considered dirty and is never unlocked (thus can not be reused).
// This function is useful when the network namespace file descriptor is
// already available and can be passed directly. Otherwise, Do should be used.
func DoFd(targetNsFd NsFd, actions ...Action) error {
// 1. get origin network namespace fd to revert back to
originNs, err := NPNow().Provide()
if err != nil {
return fmt.Errorf("failed to get origin netns: %w", err)
}
originNsFd, err := originNs.open()
if err != nil {
return fmt.Errorf("failed to open the origin netns file descriptor: %w", err)
}
defer originNsFd.close()
// 2. create error channel for new routine
errChan := make(chan error, 1)
defer close(errChan)
// 3. create new go routine
go func(oNs, tNs NsFd, actions ...Action) {
// 1. lock os thread for goroutine
runtime.LockOSThread()
// 2. switch to new netns
if err := tNs.set(); err != nil {
errChan <- fmt.Errorf("failed to set netns to the target: %w", err)
return
}
// -?- thread now dirty - perpare for cleanup
errSet := errors.Join(nil)
// 3. exec actions
for idx, action := range actions {
if err := action.act(); err != nil {
errSet = errors.Join(errSet, fmt.Errorf("failed to perform action %d (%s)", idx+1, action.name()), err)
break
}
}
// 4. switch to origin netns
if err := oNs.set(); err != nil {
errSet = errors.Join(errSet, fmt.Errorf("failed to switch to origin ns"), err, errDirtyThread)
}
// 5. if thread is dirty, don't unlock thread and sleep routine forever
if !errors.Is(errSet, errDirtyThread) {
runtime.UnlockOSThread()
errChan <- errSet
} else {
errChan <- errSet
dirtyThreadSleeper := make(chan struct{})
<-dirtyThreadSleeper
}
}(originNsFd, targetNsFd, actions...)
// 4. get error from goroutine and return
return <-errChan
}
func init() {
runtime.LockOSThread()
}