Enumerate docker network namespaces a different way (#11)

Should solve many of the issues where free-ips were not located correctly in Docker. Also cleans up some of the nl/desc logic repetition.

.gitignore

@@ -4,7 +4,7 @@
 vendor/
 vendor.orig/
 
-cni-ipvlan-vpc-k8s-*
+/cni-ipvlan-vpc-k8s-*
 *.tar.gz
 
 # Test binary, build with `go test -c`

nl/desc.go

@@ -5,13 +5,10 @@ import (
 	"io/ioutil"
 	"net"
 	"os"
+	"path/filepath"
 
+	"github.com/containernetworking/plugins/pkg/ns"
 	"github.com/vishvananda/netlink"
-	"github.com/vishvananda/netns"
-
-	"github.com/docker/docker/api/types"
-	"github.com/docker/docker/client"
-	"golang.org/x/net/context"
 )
 
 // BoundIP contains an IPNet / Label pair
@@ -46,44 +43,33 @@ func getIpsOnHandle(handle *netlink.Handle) ([]BoundIP, error) {
 	return foundIps, nil
 }
 
-// With a heavy heart and deep internal sadness, we support Docker
-func runningDockerContainers() (containerIds []string, err error) {
-	cli, err := client.NewEnvClient()
-	if err != nil {
-		return nil, err
-	}
-
-	containers, err := cli.ContainerList(context.Background(), types.ContainerListOptions{})
-	if err != nil {
-		return nil, err
-	}
-
-	for _, container := range containers {
-		containerIds = append(containerIds, container.ID)
-	}
-	return containerIds, nil
-}
-
 // GetIPs returns IPs allocated to interfaces, in all namespaces
 // TODO: Remove addresses on control plane interfaces, filters
 func GetIPs() ([]BoundIP, error) {
 
-	originNs, err := netns.Get()
-	if err != nil {
-		return nil, err
-	}
-	defer originNs.Close()
+	var namespaces []string
 
 	files, err := ioutil.ReadDir("/var/run/netns/")
 	if err != nil {
-		_, err = fmt.Fprintln(os.Stderr, "Couldn't enumerate named namespaces")
 		if err != nil {
 			// Ignore this error
 		}
 		files = []os.FileInfo{}
+	} else {
+		for _, file := range files {
+			namespaces = append(namespaces,
+				filepath.Join("/var/run/netns", file.Name()))
+		}
 	}
 
-	// First get all the IPs on the first handle
+	// Check for running docker containers
+	containers, err := runningDockerContainers()
+	if err == nil {
+		dockerNamespaces := dockerNetworkNamespaces(containers)
+		namespaces = append(namespaces, dockerNamespaces...)
+	}
+
+	// First get all the IPs in the main namespace
 	handle, err := netlink.NewHandle()
 	if err != nil {
 		return nil, err
@@ -93,55 +79,22 @@ func GetIPs() ([]BoundIP, error) {
 		return nil, err
 	}
 
-	// Enter each _named_ namesapce, get handles
-	for _, f := range files {
-		nsHandle, err := netns.GetFromName(f.Name())
-		if err != nil {
-			return nil, err
-		}
-		handle, err = netlink.NewHandleAt(nsHandle)
-		if err != nil {
-			return nil, err
-		}
-
-		newIps, err := getIpsOnHandle(handle)
-		if err != nil {
-			return nil, err
-		}
-		foundIps = append(foundIps, newIps...)
-
-		handle.Delete()
-		err = nsHandle.Close()
-		if err != nil {
-			panic(err)
-		}
-	}
+	// Enter each namesapce, get handles
+	for _, nsPath := range namespaces {
+		err := ns.WithNetNSPath(nsPath, func(_ ns.NetNS) error {
 
-	// Check for running docker containers
-	containers, err := runningDockerContainers()
-	if err == nil {
-		// Enter each docker container, get handles
-		for _, f := range containers {
-			nsHandle, err := netns.GetFromDocker(f)
+			handle, err = netlink.NewHandle()
 			if err != nil {
-				return nil, err
-			}
-			handle, err = netlink.NewHandleAt(nsHandle)
-			if err != nil {
-				return nil, err
+				return err
 			}
+			defer handle.Delete()
 
 			newIps, err := getIpsOnHandle(handle)
-			if err != nil {
-				return nil, err
-			}
 			foundIps = append(foundIps, newIps...)
-
-			handle.Delete()
-			err = nsHandle.Close()
-			if err != nil {
-				panic(err)
-			}
+			return err
+		})
+		if err != nil {
+			fmt.Fprintf(os.Stderr, "Enumerating namespace failure %v", err)
 		}
 	}
 

nl/docker.go

@@ -0,0 +1,57 @@
+package nl
+
+import (
+	"fmt"
+
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/client"
+	"golang.org/x/net/context"
+)
+
+// With a heavy heart and deep internal sadness, we support Docker
+func runningDockerContainers() (containerIDs []string, err error) {
+	cli, err := client.NewEnvClient()
+	if err != nil {
+		return nil, err
+	}
+	defer cli.Close()
+
+	containers, err := cli.ContainerList(context.Background(), types.ContainerListOptions{})
+	if err != nil {
+		return nil, err
+	}
+
+	for _, container := range containers {
+		containerIDs = append(containerIDs, container.ID)
+	}
+	return containerIDs, nil
+}
+
+func dockerNetworkNamespace(containerID string) (string, error) {
+	cli, err := client.NewEnvClient()
+	if err != nil {
+		return "", err
+	}
+	defer cli.Close()
+	r, err := cli.ContainerInspect(context.Background(), containerID)
+	if err != nil {
+		return "", nil
+	}
+
+	if r.State.Pid == 0 {
+		// Container has exited
+		return "", fmt.Errorf("Container has exited %v", containerID)
+	}
+	return fmt.Sprintf("/proc/%v/ns/net", r.State.Pid), nil
+}
+
+// Retrieve all namespaces from all running docker containers
+func dockerNetworkNamespaces(containerIDs []string) (namespaces []string) {
+	for _, containerID := range containerIDs {
+		cid, err := dockerNetworkNamespace(containerID)
+		if err == nil && len(cid) > 0 {
+			namespaces = append(namespaces, cid)
+		}
+	}
+	return
+}