CHECK fails with ptp plugin and non default routes
champtar opened this issue · comments
I'm trying to switch from containerd to cri-o, and one big difference seems to be that cri-o call CheckNetworkList() https://github.com/cri-o/ocicni/blob/4fcbe80ee01fbc4c0401ae96537b3ee807c92c2c/pkg/ocicni/ocicni.go#L731
Here an example config that fails with Error checking network: Expected Route {Dst:{IP:198.18.128.0 Mask:ffff8000} GW:<nil>} not found in routing table
{
"cniVersion": "0.4.0",
"name": "mgmt",
"type": "ptp",
"ipMasq": true,
"ipam": {
"type": "host-local",
"ranges": [
[{"subnet": "198.18.0.0/17"}],
[{"subnet": "fd61:7465:6d65:1000::/112"}]
],
"routes": [
{ "dst": "0.0.0.0/0" },
{ "dst": "198.18.128.0/17" },
{ "dst": "198.19.254.254/32" },
{ "dst": "::/0" },
{ "dst": "fd61:7465:6d65:2000::/112" },
{ "dst": "fd61:7465:6d65:ffff::/128" }
]
}
}
Using "cniVersion": "0.3.1" to bypass the check, the routes are created but with a gateway
# ip r
default via 198.18.0.1 dev eth0
198.18.0.0/17 via 198.18.0.1 dev eth0 src 198.18.66.190
198.18.0.1 dev eth0 scope link src 198.18.66.190
198.18.128.0/17 via 198.18.0.1 dev eth0
198.19.254.254 via 198.18.0.1 dev eth0
If I keep only the default routes (v4 & v6) it works, but I actually need the more precise routes as my full use case is with multus and being able to configure some extra interfaces with any routes (/1 included)
Looking at the code I fail to see why default routes are a special case:
Line 82 in 9f1f9a5
related review: #264 (comment)