Hello community,
here is the log from the commit of package flannel for openSUSE:Factory checked
in at 2018-05-29 16:53:11
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/flannel (Old)
and /work/SRC/openSUSE:Factory/.flannel.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "flannel"
Tue May 29 16:53:11 2018 rev:10 rq:612836 version:0.9.1
Changes:
--------
--- /work/SRC/openSUSE:Factory/flannel/flannel.changes 2018-02-02
22:22:20.593704617 +0100
+++ /work/SRC/openSUSE:Factory/.flannel.new/flannel.changes 2018-05-29
16:53:14.885669995 +0200
@@ -1,0 +2,10 @@
+Tue May 29 11:11:34 UTC 2018 - rfernandezlo...@suse.com
+
+- Add use-32-prefix-udp-backend.patch: backend/udp: Use a /32 prefix for the
flannel0 interface
+ This avoids the kernel's creation of broadcast routes, which prevent
+ communication from the host with the zeroth subnet to containers on any
+ other hosts.
+
+Fixes: bsc#1094364
+
+-------------------------------------------------------------------
New:
----
use-32-prefix-udp-backend.patch
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ flannel.spec ++++++
--- /var/tmp/diff_new_pack.3vTI5S/_old 2018-05-29 16:53:18.153549766 +0200
+++ /var/tmp/diff_new_pack.3vTI5S/_new 2018-05-29 16:53:18.157549620 +0200
@@ -33,6 +33,7 @@
Source2: flanneld.service
Source3: flannel-docker.conf
Source4: flannel-tmpfiles.conf
+Patch1: use-32-prefix-udp-backend.patch
BuildRequires: golang-packaging
BuildRequires: systemd
BuildRequires: xz
@@ -54,6 +55,7 @@
%prep
%setup -q
+%patch1 -p1
%build
gofmt -w -r "x -> \"%{version}\"" version/version.go
++++++ use-32-prefix-udp-backend.patch ++++++
>From ed425bdd6fefacb0f06b35fa8f4caedf042dc84d Mon Sep 17 00:00:00 2001
From: "Cel A. Skeggs" <c...@mit.edu>
Date: Thu, 1 Feb 2018 17:49:12 -0500
Subject: [PATCH] backend/udp: Use a /32 prefix for the flannel0 interface
This avoids the kernel's creation of broadcast routes, which prevent
communication from the host with the zeroth subnet to containers on any
other hosts.
---
backend/udp/udp_network.go | 10 ++++++++--
1 file changed, 8 insertions(+), 2 deletions(-)
diff --git a/backend/udp/udp_network.go b/backend/udp/udp_network.go
index 1f9752f8..242ebf49 100644
--- a/backend/udp/udp_network.go
+++ b/backend/udp/udp_network.go
@@ -153,9 +153,15 @@ func configureIface(ifname string, ipn ip.IP4Net, mtu int)
error {
return fmt.Errorf("failed to lookup interface %v", ifname)
}
- err = netlink.AddrAdd(iface, &netlink.Addr{IPNet: ipn.ToIPNet(), Label:
""})
+ // Ensure that the device has a /32 address so that no broadcast routes
are created.
+ // This IP is just used as a source address for host to workload
traffic (so
+ // the return path for the traffic has an address on the flannel
network to use as the destination)
+ ipnLocal := ipn
+ ipnLocal.PrefixLen = 32
+
+ err = netlink.AddrAdd(iface, &netlink.Addr{IPNet: ipnLocal.ToIPNet(),
Label: ""})
if err != nil {
- return fmt.Errorf("failed to add IP address %v to %v: %v",
ipn.String(), ifname, err)
+ return fmt.Errorf("failed to add IP address %v to %v: %v",
ipnLocal.String(), ifname, err)
}
err = netlink.LinkSetMTU(iface, mtu)
