wip

frits-v · frits-v · commit 7c24e6557823 · 2025-11-12T20:19:20.000-08:00
diff --git a/cmd/nerdctl/network/network_create_linux_test.go b/cmd/nerdctl/network/network_create_linux_test.go
@@ -156,6 +156,83 @@ func TestNetworkCreate(t *testing.T) {
 				}
 			},
 		},
+		{
+			Description: "with static IPv4 address",
+			Setup: func(data test.Data, helpers test.Helpers) {
+				networkName := data.Identifier()
+				staticIP := "172.19.0.100"
+				data.Labels().Set("networkName", networkName)
+				data.Labels().Set("staticIP", staticIP)
+				helpers.Ensure("network", "create", networkName, "--driver", "bridge", "--subnet", "172.19.0.0/24")
+			},
+			Cleanup: func(data test.Data, helpers test.Helpers) {
+				helpers.Anyhow("network", "rm", data.Labels().Get("networkName"))
+			},
+			Command: func(data test.Data, helpers test.Helpers) test.TestableCommand {
+				return helpers.Command("run", "--rm", "--net", data.Labels().Get("networkName"), "--ip", data.Labels().Get("staticIP"), testutil.CommonImage, "ip", "addr", "show", "eth0")
+			},
+			Expected: func(data test.Data, helpers test.Helpers) *test.Expected {
+				return &test.Expected{
+					ExitCode: 0,
+					Output: func(stdout string, t tig.T) {
+						assert.Assert(t, strings.Contains(stdout, fmt.Sprintf("inet %s/24", data.Labels().Get("staticIP"))))
+					},
+				}
+			},
+		},
+		{
+			Description: "with static IPv6 address",
+			Require:     nerdtest.OnlyIPv6,
+			Setup: func(data test.Data, helpers test.Helpers) {
+				networkName := data.Identifier()
+				staticIPv6 := "2001:db8:1::100"
+				data.Labels().Set("networkName", networkName)
+				data.Labels().Set("staticIPv6", staticIPv6)
+				helpers.Ensure("network", "create", networkName, "--driver", "bridge", "--ipv6", "--subnet", "2001:db8:1::/64")
+			},
+			Cleanup: func(data test.Data, helpers test.Helpers) {
+				helpers.Anyhow("network", "rm", data.Labels().Get("networkName"))
+			},
+			Command: func(data test.Data, helpers test.Helpers) test.TestableCommand {
+				return helpers.Command("run", "--rm", "--net", data.Labels().Get("networkName"), "--ip", data.Labels().Get("staticIPv6"), testutil.CommonImage, "ip", "addr", "show", "eth0")
+			},
+			Expected: func(data test.Data, helpers test.Helpers) *test.Expected {
+				return &test.Expected{
+					ExitCode: 0,
+					Output: func(stdout string, t tig.T) {
+						assert.Assert(t, strings.Contains(stdout, fmt.Sprintf("inet6 %s/64", data.Labels().Get("staticIPv6"))))
+					},
+				}
+			},
+		},
+		{
+			Description: "with dual-stack static IP addresses",
+			Require:     nerdtest.OnlyIPv6,
+			Setup: func(data test.Data, helpers test.Helpers) {
+				networkName := data.Identifier()
+				staticIPv4 := "172.20.0.100"
+				staticIPv6 := "2001:db8:2::100"
+				data.Labels().Set("networkName", networkName)
+				data.Labels().Set("staticIPv4", staticIPv4)
+				data.Labels().Set("staticIPv6", staticIPv6)
+				helpers.Ensure("network", "create", networkName, "--driver", "bridge", "--subnet", "172.20.0.0/24", "--ipv6", "--subnet", "2001:db8:2::/64")
+			},
+			Cleanup: func(data test.Data, helpers test.Helpers) {
+				helpers.Anyhow("network", "rm", data.Labels().Get("networkName"))
+			},
+			Command: func(data test.Data, helpers test.Helpers) test.TestableCommand {
+				return helpers.Command("run", "--rm", "--net", data.Labels().Get("networkName"), "--ip", data.Labels().Get("staticIPv4"), "--ip", data.Labels().Get("staticIPv6"), testutil.CommonImage, "ip", "addr", "show", "eth0")
+			},
+			Expected: func(data test.Data, helpers test.Helpers) *test.Expected {
+				return &test.Expected{
+					ExitCode: 0,
+					Output: func(stdout string, t tig.T) {
+						assert.Assert(t, strings.Contains(stdout, fmt.Sprintf("inet %s/24", data.Labels().Get("staticIPv4"))))
+						assert.Assert(t, strings.Contains(stdout, fmt.Sprintf("inet6 %s/64", data.Labels().Get("staticIPv6"))))
+					},
+				}
+			},
+		},
 	}
 
 	testCase.Run(t)
diff --git a/pkg/netutil/cni_plugin_unix.go b/pkg/netutil/cni_plugin_unix.go
@@ -136,11 +136,12 @@ func (*tuningConfig) GetPluginType() string {
 
 // https://github.com/containernetworking/plugins/blob/v1.0.1/plugins/ipam/host-local/backend/allocator/config.go#L47-L56
 type hostLocalIPAMConfig struct {
-	Type        string        `json:"type"`
-	Routes      []IPAMRoute   `json:"routes,omitempty"`
-	ResolveConf string        `json:"resolveConf,omitempty"`
-	DataDir     string        `json:"dataDir,omitempty"`
-	Ranges      [][]IPAMRange `json:"ranges,omitempty"`
+	Type         string          `json:"type"`
+	Routes       []IPAMRoute     `json:"routes,omitempty"`
+	ResolveConf  string          `json:"resolveConf,omitempty"`
+	DataDir      string          `json:"dataDir,omitempty"`
+	Ranges       [][]IPAMRange   `json:"ranges,omitempty"`
+	Capabilities map[string]bool `json:"capabilities,omitempty"`
 }
 
 func newHostLocalIPAMConfig() *hostLocalIPAMConfig {
diff --git a/pkg/netutil/netutil_unix.go b/pkg/netutil/netutil_unix.go
@@ -138,6 +138,8 @@ func (e *CNIEnv) generateCNIPlugins(driver string, name string, ipam map[string]
 		bridge.HairpinMode = true
 		if ipv6 {
 			bridge.Capabilities["ips"] = true
+			// Add "dns" capability to test the hypothesis that it's being implicitly dropped.
+			bridge.Capabilities["dns"] = true
 		}
 
 		// Determine the appropriate firewall ingress policy based on icc setting

Original file line number	Diff line number	Diff line change
`@@ -138,6 +138,8 @@ func (e *CNIEnv) generateCNIPlugins(driver string, name string, ipam map[string]`
`138`	`138`	`bridge.HairpinMode = true`
`139`	`139`	`if ipv6 {`
`140`	`140`	`bridge.Capabilities["ips"] = true`
	`141`	`+ // Add "dns" capability to test the hypothesis that it's being implicitly dropped.`
	`142`	`+ bridge.Capabilities["dns"] = true`
`141`	`143`	`}`
`142`	`144`
`143`	`145`	`// Determine the appropriate firewall ingress policy based on icc setting`