Hello community, here is the log from the commit of package flannel for openSUSE:Factory checked in at 2018-05-29 16:53:11 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/flannel (Old) and /work/SRC/openSUSE:Factory/.flannel.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "flannel" Tue May 29 16:53:11 2018 rev:10 rq:612836 version:0.9.1 Changes: -------- --- /work/SRC/openSUSE:Factory/flannel/flannel.changes 2018-02-02 22:22:20.593704617 +0100 +++ /work/SRC/openSUSE:Factory/.flannel.new/flannel.changes 2018-05-29 16:53:14.885669995 +0200 @@ -1,0 +2,10 @@ +Tue May 29 11:11:34 UTC 2018 - rfernandezlo...@suse.com + +- Add use-32-prefix-udp-backend.patch: backend/udp: Use a /32 prefix for the flannel0 interface + This avoids the kernel's creation of broadcast routes, which prevent + communication from the host with the zeroth subnet to containers on any + other hosts. + +Fixes: bsc#1094364 + +------------------------------------------------------------------- New: ---- use-32-prefix-udp-backend.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ flannel.spec ++++++ --- /var/tmp/diff_new_pack.3vTI5S/_old 2018-05-29 16:53:18.153549766 +0200 +++ /var/tmp/diff_new_pack.3vTI5S/_new 2018-05-29 16:53:18.157549620 +0200 @@ -33,6 +33,7 @@ Source2: flanneld.service Source3: flannel-docker.conf Source4: flannel-tmpfiles.conf +Patch1: use-32-prefix-udp-backend.patch BuildRequires: golang-packaging BuildRequires: systemd BuildRequires: xz @@ -54,6 +55,7 @@ %prep %setup -q +%patch1 -p1 %build gofmt -w -r "x -> \"%{version}\"" version/version.go ++++++ use-32-prefix-udp-backend.patch ++++++ >From ed425bdd6fefacb0f06b35fa8f4caedf042dc84d Mon Sep 17 00:00:00 2001 From: "Cel A. Skeggs" <c...@mit.edu> Date: Thu, 1 Feb 2018 17:49:12 -0500 Subject: [PATCH] backend/udp: Use a /32 prefix for the flannel0 interface This avoids the kernel's creation of broadcast routes, which prevent communication from the host with the zeroth subnet to containers on any other hosts. --- backend/udp/udp_network.go | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/backend/udp/udp_network.go b/backend/udp/udp_network.go index 1f9752f8..242ebf49 100644 --- a/backend/udp/udp_network.go +++ b/backend/udp/udp_network.go @@ -153,9 +153,15 @@ func configureIface(ifname string, ipn ip.IP4Net, mtu int) error { return fmt.Errorf("failed to lookup interface %v", ifname) } - err = netlink.AddrAdd(iface, &netlink.Addr{IPNet: ipn.ToIPNet(), Label: ""}) + // Ensure that the device has a /32 address so that no broadcast routes are created. + // This IP is just used as a source address for host to workload traffic (so + // the return path for the traffic has an address on the flannel network to use as the destination) + ipnLocal := ipn + ipnLocal.PrefixLen = 32 + + err = netlink.AddrAdd(iface, &netlink.Addr{IPNet: ipnLocal.ToIPNet(), Label: ""}) if err != nil { - return fmt.Errorf("failed to add IP address %v to %v: %v", ipn.String(), ifname, err) + return fmt.Errorf("failed to add IP address %v to %v: %v", ipnLocal.String(), ifname, err) } err = netlink.LinkSetMTU(iface, mtu)