[CORE-10981] Move bandwidth code to pkg/bandwidth

coutinhop · coutinhop · commit 030d859d1715 · 2025-01-27T15:49:01.000-08:00
Move bandwidth functionality to pkg/bandwidth, make it an importable
module. Import it and use it in plugins/meta/bandwidth/main.go.

Add a qdiscType arg to CreateEgressQdisc() so that both "ingress" and
"clsact" qdiscs may be used ("ingress" is the default used by the
bandwidth plugin).

All of this has the objective of enabling Calico to apply the netlink
qdisc configuration natively by importing this module.
diff --git a/pkg/bandwidth/bandwidth.go b/pkg/bandwidth/bandwidth.go
@@ -0,0 +1,138 @@
+// Copyright 2025 CNI authors
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package bandwidth
+
+import (
+	"fmt"
+	"math"
+
+	"github.com/vishvananda/netlink"
+
+	"github.com/containernetworking/cni/pkg/types"
+	current "github.com/containernetworking/cni/pkg/types/100"
+	"github.com/containernetworking/plugins/pkg/ip"
+	"github.com/containernetworking/plugins/pkg/ns"
+	"github.com/containernetworking/plugins/pkg/utils"
+)
+
+const (
+	MaxIfbDeviceLength = 15
+	IfbDevicePrefix    = "bwp"
+)
+
+// BandwidthEntry corresponds to a single entry in the bandwidth argument,
+// see CONVENTIONS.md
+type BandwidthEntry struct {
+	IngressRate  uint64 `json:"ingressRate"`  // Bandwidth rate in bps for traffic through container. 0 for no limit. If ingressRate is set, ingressBurst must also be set
+	IngressBurst uint64 `json:"ingressBurst"` // Bandwidth burst in bits for traffic through container. 0 for no limit. If ingressBurst is set, ingressRate must also be set
+
+	EgressRate  uint64 `json:"egressRate"`  // Bandwidth rate in bps for traffic through container. 0 for no limit. If egressRate is set, egressBurst must also be set
+	EgressBurst uint64 `json:"egressBurst"` // Bandwidth burst in bits for traffic through container. 0 for no limit. If egressBurst is set, egressRate must also be set
+}
+
+func (bw *BandwidthEntry) IsZero() bool {
+	return bw.IngressBurst == 0 && bw.IngressRate == 0 && bw.EgressBurst == 0 && bw.EgressRate == 0
+}
+
+type PluginConf struct {
+	types.NetConf
+
+	RuntimeConfig struct {
+		Bandwidth *BandwidthEntry `json:"bandwidth,omitempty"`
+	} `json:"runtimeConfig,omitempty"`
+
+	*BandwidthEntry
+}
+
+func SafeQdiscList(link netlink.Link) ([]netlink.Qdisc, error) {
+	qdiscs, err := netlink.QdiscList(link)
+	if err != nil {
+		return nil, err
+	}
+	result := []netlink.Qdisc{}
+	for _, qdisc := range qdiscs {
+		// filter out pfifo_fast qdiscs because
+		// older kernels don't return them
+		_, pfifo := qdisc.(*netlink.PfifoFast)
+		if !pfifo {
+			result = append(result, qdisc)
+		}
+	}
+	return result, nil
+}
+
+func ValidateRateAndBurst(rate, burst uint64) error {
+	switch {
+	case burst == 0 && rate != 0:
+		return fmt.Errorf("if rate is set, burst must also be set")
+	case rate == 0 && burst != 0:
+		return fmt.Errorf("if burst is set, rate must also be set")
+	case burst/8 >= math.MaxUint32:
+		return fmt.Errorf("burst cannot be more than 4GB")
+	}
+
+	return nil
+}
+
+func GetBandwidth(conf *PluginConf) *BandwidthEntry {
+	if conf.BandwidthEntry == nil && conf.RuntimeConfig.Bandwidth != nil {
+		return conf.RuntimeConfig.Bandwidth
+	}
+	return conf.BandwidthEntry
+}
+
+func GetIfbDeviceName(networkName string, containerID string) string {
+	return utils.MustFormatHashWithPrefix(MaxIfbDeviceLength, IfbDevicePrefix, networkName+containerID)
+}
+
+func GetMTU(deviceName string) (int, error) {
+	link, err := netlink.LinkByName(deviceName)
+	if err != nil {
+		return -1, err
+	}
+
+	return link.Attrs().MTU, nil
+}
+
+// get the veth peer of container interface in host namespace
+func GetHostInterface(interfaces []*current.Interface, containerIfName string, netns ns.NetNS) (*current.Interface, error) {
+	if len(interfaces) == 0 {
+		return nil, fmt.Errorf("no interfaces provided")
+	}
+
+	// get veth peer index of container interface
+	var peerIndex int
+	var err error
+	_ = netns.Do(func(_ ns.NetNS) error {
+		_, peerIndex, err = ip.GetVethPeerIfindex(containerIfName)
+		return nil
+	})
+	if peerIndex <= 0 {
+		return nil, fmt.Errorf("container interface %s has no veth peer: %v", containerIfName, err)
+	}
+
+	// find host interface by index
+	link, err := netlink.LinkByIndex(peerIndex)
+	if err != nil {
+		return nil, fmt.Errorf("veth peer with index %d is not in host ns", peerIndex)
+	}
+	for _, iface := range interfaces {
+		if iface.Sandbox == "" && iface.Name == link.Attrs().Name {
+			return iface, nil
+		}
+	}
+
+	return nil, fmt.Errorf("no veth peer of container interface found in host ns")
+}
diff --git a/pkg/bandwidth/ifb_creator.go b/pkg/bandwidth/ifb_creator.go
@@ -12,7 +12,7 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.
 
-package main
+package bandwidth
 
 import (
 	"fmt"
@@ -24,7 +24,7 @@ import (
 	"github.com/vishvananda/netlink"
 )
 
-const latencyInMillis = 25
+const LatencyInMillis = 25
 
 func CreateIfb(ifbDeviceName string, mtu int) error {
 	err := netlink.LinkAdd(&netlink.Ifb{
@@ -58,7 +58,7 @@ func CreateIngressQdisc(rateInBits, burstInBits uint64, hostDeviceName string) e
 	return createTBF(rateInBits, burstInBits, hostDevice.Attrs().Index)
 }
 
-func CreateEgressQdisc(rateInBits, burstInBits uint64, hostDeviceName string, ifbDeviceName string) error {
+func CreateEgressQdisc(qdiscType string, rateInBits, burstInBits uint64, hostDeviceName string, ifbDeviceName string) error {
 	ifbDevice, err := netlink.LinkByName(ifbDeviceName)
 	if err != nil {
 		return fmt.Errorf("get ifb device: %s", err)
@@ -68,41 +68,52 @@ func CreateEgressQdisc(rateInBits, burstInBits uint64, hostDeviceName string, if
 		return fmt.Errorf("get host device: %s", err)
 	}
 
-	// add qdisc ingress on host device
-	ingress := &netlink.Ingress{
-		QdiscAttrs: netlink.QdiscAttrs{
-			LinkIndex: hostDevice.Attrs().Index,
-			Handle:    netlink.MakeHandle(0xffff, 0), // ffff:
-			Parent:    netlink.HANDLE_INGRESS,
-		},
+	var qdisc netlink.Qdisc
+	var filterHandle uint32
+	switch qdiscType {
+	case "ingress":
+		// add ingress qdisc on host device
+		qdisc = &netlink.Ingress{
+			QdiscAttrs: netlink.QdiscAttrs{
+				LinkIndex: hostDevice.Attrs().Index,
+				Handle:    netlink.MakeHandle(0xffff, 0), // ffff:
+				Parent:    netlink.HANDLE_INGRESS,
+			},
+		}
+		filterHandle = qdisc.Attrs().Handle
+	case "clsact":
+		// add clsact qdisc on host device
+		qdisc = &netlink.Clsact{
+			QdiscAttrs: netlink.QdiscAttrs{
+				LinkIndex: hostDevice.Attrs().Index,
+				Handle:    netlink.MakeHandle(0xffff, 0), // ffff:
+				Parent:    netlink.HANDLE_CLSACT,
+			},
+		}
+		filterHandle = netlink.HANDLE_MIN_EGRESS
+	default:
+		return fmt.Errorf("unknown qdisc type: %s", qdiscType)
 	}
 
-	err = netlink.QdiscAdd(ingress)
+	err = netlink.QdiscAdd(qdisc)
 	if err != nil {
-		return fmt.Errorf("create ingress qdisc: %s", err)
+		return fmt.Errorf("create %s qdisc: %s", qdisc.Type(), err)
 	}
 
-	// add filter on host device to mirror traffic to ifb device
 	filter := &netlink.U32{
 		FilterAttrs: netlink.FilterAttrs{
 			LinkIndex: hostDevice.Attrs().Index,
-			Parent:    ingress.QdiscAttrs.Handle,
+			Parent:    filterHandle,
 			Priority:  1,
 			Protocol:  syscall.ETH_P_ALL,
 		},
 		ClassId:    netlink.MakeHandle(1, 1),
 		RedirIndex: ifbDevice.Attrs().Index,
-		Actions: []netlink.Action{
-			&netlink.MirredAction{
-				ActionAttrs:  netlink.ActionAttrs{},
-				MirredAction: netlink.TCA_EGRESS_REDIR,
-				Ifindex:      ifbDevice.Attrs().Index,
-			},
-		},
+		Actions:    []netlink.Action{netlink.NewMirredAction(ifbDevice.Attrs().Index)},
 	}
 	err = netlink.FilterAdd(filter)
 	if err != nil {
-		return fmt.Errorf("add filter: %s", err)
+		return fmt.Errorf("add egress filter: %s", err)
 	}
 
 	// throttle traffic on ifb device
@@ -126,9 +137,9 @@ func createTBF(rateInBits, burstInBits uint64, linkIndex int) error {
 	}
 	rateInBytes := rateInBits / 8
 	burstInBytes := burstInBits / 8
-	bufferInBytes := buffer(uint64(rateInBytes), uint32(burstInBytes))
-	latency := latencyInUsec(latencyInMillis)
-	limitInBytes := limit(uint64(rateInBytes), latency, uint32(burstInBytes))
+	bufferInBytes := Buffer(rateInBytes, uint32(burstInBytes))
+	latency := LatencyInUsec(LatencyInMillis)
+	limitInBytes := Limit(rateInBytes, latency, uint32(burstInBytes))
 
 	qdisc := &netlink.Tbf{
 		QdiscAttrs: netlink.QdiscAttrs{
@@ -155,14 +166,14 @@ func time2Tick(time uint32) uint32 {
 	return uint32(float64(time) * float64(netlink.TickInUsec()))
 }
 
-func buffer(rate uint64, burst uint32) uint32 {
+func Buffer(rate uint64, burst uint32) uint32 {
 	return time2Tick(uint32(float64(burst) * float64(netlink.TIME_UNITS_PER_SEC) / float64(rate)))
 }
 
-func limit(rate uint64, latency float64, buffer uint32) uint32 {
+func Limit(rate uint64, latency float64, buffer uint32) uint32 {
 	return uint32(float64(rate)*latency/float64(netlink.TIME_UNITS_PER_SEC)) + buffer
 }
 
-func latencyInUsec(latencyInMillis float64) float64 {
+func LatencyInUsec(latencyInMillis float64) float64 {
 	return float64(netlink.TIME_UNITS_PER_SEC) * (latencyInMillis / 1000.0)
 }
diff --git a/plugins/meta/bandwidth/bandwidth_linux_test.go b/plugins/meta/bandwidth/bandwidth_linux_test.go
@@ -28,7 +28,8 @@ import (
 	"github.com/containernetworking/cni/pkg/invoke"
 	"github.com/containernetworking/cni/pkg/skel"
 	"github.com/containernetworking/cni/pkg/types"
-	"github.com/containernetworking/cni/pkg/types/100"
+	types100 "github.com/containernetworking/cni/pkg/types/100"
+	bw "github.com/containernetworking/plugins/pkg/bandwidth"
 	"github.com/containernetworking/plugins/pkg/ns"
 	"github.com/containernetworking/plugins/pkg/testutils"
 
@@ -37,7 +38,7 @@ import (
 	"github.com/onsi/gomega/gexec"
 )
 
-func buildOneConfig(name, cniVersion string, orig *PluginConf, prevResult types.Result) (*PluginConf, []byte, error) {
+func buildOneConfig(name, cniVersion string, orig *bw.PluginConf, prevResult types.Result) (*bw.PluginConf, []byte, error) {
 	var err error
 
 	inject := map[string]interface{}{
@@ -73,7 +74,7 @@ func buildOneConfig(name, cniVersion string, orig *PluginConf, prevResult types.
 		return nil, nil, err
 	}
 
-	conf := &PluginConf{}
+	conf := &bw.PluginConf{}
 	if err := json.Unmarshal(newBytes, &conf); err != nil {
 		return nil, nil, fmt.Errorf("error parsing configuration: %s", err)
 	}
@@ -948,11 +949,11 @@ var _ = Describe("bandwidth test", func() {
 					containerWithTbfResult, err := types100.GetResult(containerWithTbfRes)
 					Expect(err).NotTo(HaveOccurred())
 
-					tbfPluginConf := &PluginConf{}
+					tbfPluginConf := &bw.PluginConf{}
 					err = json.Unmarshal([]byte(ptpConf), &tbfPluginConf)
 					Expect(err).NotTo(HaveOccurred())
 
-					tbfPluginConf.RuntimeConfig.Bandwidth = &BandwidthEntry{
+					tbfPluginConf.RuntimeConfig.Bandwidth = &bw.BandwidthEntry{
 						IngressBurst: burstInBits,
 						IngressRate:  rateInBits,
 						EgressBurst:  burstInBits,
@@ -974,11 +975,11 @@ var _ = Describe("bandwidth test", func() {
 
 					if testutils.SpecVersionHasCHECK(ver) {
 						// Do CNI Check
-						checkConf := &PluginConf{}
+						checkConf := &bw.PluginConf{}
 						err = json.Unmarshal([]byte(ptpConf), &checkConf)
 						Expect(err).NotTo(HaveOccurred())
 
-						checkConf.RuntimeConfig.Bandwidth = &BandwidthEntry{
+						checkConf.RuntimeConfig.Bandwidth = &bw.BandwidthEntry{
 							IngressBurst: burstInBits,
 							IngressRate:  rateInBits,
 							EgressBurst:  burstInBits,
@@ -1056,15 +1057,15 @@ var _ = Describe("bandwidth test", func() {
 
 	Describe("Validating input", func() {
 		It("Should allow only 4GB burst rate", func() {
-			err := validateRateAndBurst(5000, 4*1024*1024*1024*8-16) // 2 bytes less than the max should pass
+			err := bw.ValidateRateAndBurst(5000, 4*1024*1024*1024*8-16) // 2 bytes less than the max should pass
 			Expect(err).NotTo(HaveOccurred())
-			err = validateRateAndBurst(5000, 4*1024*1024*1024*8) // we're 1 bit above MaxUint32
+			err = bw.ValidateRateAndBurst(5000, 4*1024*1024*1024*8) // we're 1 bit above MaxUint32
 			Expect(err).To(HaveOccurred())
-			err = validateRateAndBurst(0, 1)
+			err = bw.ValidateRateAndBurst(0, 1)
 			Expect(err).To(HaveOccurred())
-			err = validateRateAndBurst(1, 0)
+			err = bw.ValidateRateAndBurst(1, 0)
 			Expect(err).To(HaveOccurred())
-			err = validateRateAndBurst(0, 0)
+			err = bw.ValidateRateAndBurst(0, 0)
 			Expect(err).NotTo(HaveOccurred())
 		})
 	})
diff --git a/plugins/meta/bandwidth/main.go b/plugins/meta/bandwidth/main.go
