Option to not enable hairpin on the host interface. (Azure#472)

Author: vipulha

cni/netconfig.go

@@ -42,22 +42,23 @@ type RuntimeDNSConfig struct {
 
 // NetworkConfig represents Azure CNI plugin network configuration.
 type NetworkConfig struct {
-CNIVersion string `json:"cniVersion"`
-Name string `json:"name"`
-Type string `json:"type"`
-Mode string `json:"mode"`
-Master string `json:"master"`
-Bridge string `json:"bridge,omitempty"`
-LogLevel string `json:"logLevel,omitempty"`
-LogTarget string `json:"logTarget,omitempty"`
-InfraVnetAddressSpace string `json:"infraVnetAddressSpace,omitempty"`
-PodNamespaceForDualNetwork []string `json:"podNamespaceForDualNetwork,omitempty"`
-MultiTenancy bool `json:"multiTenancy,omitempty"`
-EnableSnatOnHost bool `json:"enableSnatOnHost,omitempty"`
-EnableExactMatchForPodName bool `json:"enableExactMatchForPodName,omitempty"`
-DisableIPTableLock bool `json:"disableIPTableLock,omitempty"`
-CNSUrl string `json:"cnsurl,omitempty"`
-Ipam struct {
+CNIVersion string `json:"cniVersion"`
+Name string `json:"name"`
+Type string `json:"type"`
+Mode string `json:"mode"`
+Master string `json:"master"`
+Bridge string `json:"bridge,omitempty"`
+LogLevel string `json:"logLevel,omitempty"`
+LogTarget string `json:"logTarget,omitempty"`
+InfraVnetAddressSpace string `json:"infraVnetAddressSpace,omitempty"`
+PodNamespaceForDualNetwork []string `json:"podNamespaceForDualNetwork,omitempty"`
+MultiTenancy bool `json:"multiTenancy,omitempty"`
+EnableSnatOnHost bool `json:"enableSnatOnHost,omitempty"`
+EnableExactMatchForPodName bool `json:"enableExactMatchForPodName,omitempty"`
+DisableHairpinOnHostInterface bool `json:"disableHairpinOnHostInterface,omitempty"`
+DisableIPTableLock bool `json:"disableIPTableLock,omitempty"`
+CNSUrl string `json:"cnsurl,omitempty"`
+Ipam struct {
 Type string `json:"type"`
 Environment string `json:"environment,omitempty"`
 AddrSpace string `json:"addressSpace,omitempty"`

cni/network/network.go

@@ -466,11 +466,12 @@ func (plugin *netPlugin) Add(args *cniSkel.CmdArgs) error {
 Gateway: gateway,
 },
 },
-BridgeName: nwCfg.Bridge,
-EnableSnatOnHost: nwCfg.EnableSnatOnHost,
-DNS: nwDNSInfo,
-Policies: policies,
-NetNs: args.Netns,
+BridgeName: nwCfg.Bridge,
+EnableSnatOnHost: nwCfg.EnableSnatOnHost,
+DNS: nwDNSInfo,
+Policies: policies,
+NetNs: args.Netns,
+DisableHairpinOnHostInterface: nwCfg.DisableHairpinOnHostInterface,
 }
 
 nwInfo.Options = make(map[string]interface{})

network/network.go

@@ -51,16 +51,17 @@ type network struct {
 
 // NetworkInfo contains read-only information about a container network.
 type NetworkInfo struct {
-MasterIfName string
-Id string
-Mode string
-Subnets []SubnetInfo
-DNS DNSInfo
-Policies []policy.Policy
-BridgeName string
-EnableSnatOnHost bool
-NetNs string
-Options map[string]interface{}
+MasterIfName string
+Id string
+Mode string
+Subnets []SubnetInfo
+DNS DNSInfo
+Policies []policy.Policy
+BridgeName string
+EnableSnatOnHost bool
+NetNs string
+Options map[string]interface{}
+DisableHairpinOnHostInterface bool
 }
 
 // SubnetInfo contains subnet information for a container network.

network/network_linux.go

@@ -391,9 +391,11 @@ func (nm *networkManager) connectExternalInterface(extIf *externalInterface, nwI
 }
 
 // External interface hairpin on.
-log.Printf("[net] Setting link %v hairpin on.", hostIf.Name)
-if err := networkClient.SetHairpinOnHostInterface(true); err != nil {
-return err
+if !nwInfo.DisableHairpinOnHostInterface {
+log.Printf("[net] Setting link %v hairpin on.", hostIf.Name)
+if err := networkClient.SetHairpinOnHostInterface(true); err != nil {
+return err
+}
 }
 
 // Apply IP configuration to the bridge for host traffic.