Use libcontainer in vendor locally for enhanced debugging

Signed-off-by: Guvenc Gulce <[email protected]>

Author: guvenc

Cargo.lock

@@ -5,7 +5,7 @@
       <libosinfo:os id="http://libosinfo.org/linux/2022"/>
     </libosinfo:libosinfo>
   </metadata>
-  <memory unit='MiB'>2048</memory>
+  <memory unit='MiB'>8048</memory>
   <vcpu>4</vcpu>
   <os firmware="efi">
     <type arch="x86_64" machine="q35">hvm</type>
@@ -17,7 +17,7 @@
     <acpi/>
     <apic/>
   </features>
-  <cpu mode="host-passthrough"/>
+  <cpu mode="host-passthrough" check='none' migratable='on'/>
   <clock offset="utc">
     <timer name="rtc" tickpolicy="catchup"/>
     <timer name="pit" tickpolicy="delay"/>

hack/libvirt/libvirt-kvm.xml

@@ -1,20 +1,7 @@
-use log::{debug, error, info};
+use log::{debug, info};
 use nix::mount::{mount, MsFlags};
-use std::fs;
-
-fn list_cgroup2_contents() {
-    match fs::read_dir("/sys/fs/cgroup") {
-        Ok(entries) => {
-            info!("Contents of /sys/fs/cgroup:");
-            for entry in entries.flatten() {
-                info!(" - {}", entry.file_name().to_string_lossy());
-            }
-        }
-        Err(e) => {
-            error!("Failed to read /sys/fs/cgroup: {}", e);
-        }
-    }
-}
+use std::fs::{self, File};
+use std::io::{Error, Write};
 
 pub fn mount_virtual_filesystems() {
     const NONE: Option<&'static [u8]> = None;
@@ -70,5 +57,16 @@ pub fn mount_virtual_filesystems() {
     )
     .unwrap_or_else(|e| panic!("/sys/fs/cgroup mount failed: {e}"));
 
-    list_cgroup2_contents();
+    enable_ipv6_forwarding().unwrap_or_else(|e| panic!("Failed to enable ipv6 forwarding: {e}"));
+}
+
+fn enable_ipv6_forwarding() -> Result<(), Error> {
+    let forwarding_paths = ["/proc/sys/net/ipv6/conf/all/forwarding"];
+
+    for path in forwarding_paths {
+        let mut file = File::create(path)?;
+        file.write_all(b"1")?;
+    }
+
+    Ok(())
 }

src/filesystem.rs

@@ -8,10 +8,12 @@ use hyper_util::rt::TokioIo;
 use isolated_container_service::isolated_container_service_server::IsolatedContainerService;
 use log::info;
 use std::sync::Arc;
+use std::time::Duration;
 use std::{collections::HashMap, sync::Mutex};
 use std::{fmt::Debug, io, path::PathBuf};
 use tokio::io::{AsyncReadExt, AsyncWriteExt};
 use tokio::net::UnixStream;
+use tokio::time::sleep;
 use tonic::transport::{Channel, Endpoint, Uri};
 use tonic::{transport, Request, Response, Status};
 use tower::service_fn;
@@ -117,7 +119,7 @@ impl IsolatedContainerAPI {
                 id,
                 2,
                 // TODO make configurable through container request
-                536870912,
+                4294967296,
                 vm::BootMode::KernelBoot(vm::KernelBootMode {
                     kernel: PathBuf::from("/usr/share/feos/vmlinuz"),
                     initramfs: PathBuf::from("/usr/share/feos/initramfs"),
@@ -129,15 +131,15 @@ impl IsolatedContainerAPI {
             )
             .map_err(Error::VMError)?;
 
-        self.vmm.boot_vm(id).map_err(Error::VMError)?;
-
         self.vmm
             .add_net_device(
                 id,
                 NetworkMode::TAPDeviceName(network::Manager::device_name(&id)),
             )
             .map_err(Error::VMError)?;
 
+        self.vmm.boot_vm(id).map_err(Error::VMError)?;
+
         Ok(())
     }
 
@@ -191,6 +193,7 @@ impl IsolatedContainerService for IsolatedContainerAPI {
         let id = Uuid::new_v4();
 
         self.prepare_vm(id).map_err(|e| self.handle_error(e))?;
+        sleep(Duration::from_secs(2)).await;
 
         self.network
             .start_dhcp(id)

src/isolated_container/mod.rs

@@ -9,7 +9,7 @@ use std::{env::args, ffi::CString};
 use tokio::io;
 use tokio::io::{AsyncBufReadExt, BufReader};
 
-#[tokio::main]
+#[tokio::main(flavor = "current_thread")]
 async fn main() -> Result<(), String> {
     let mut ipv6_address = Ipv6Addr::UNSPECIFIED;
     let mut prefix_length = 64;

src/main.rs

@@ -1007,7 +1007,7 @@ pub fn add_to_ipv6(addr: Ipv6Addr, prefix_length: u8, increment: u128) -> Ipv6Ad
     Ipv6Addr::from(new_addr)
 }
 
-async fn _set_ipv6_gateway(
+pub async fn set_ipv6_gateway(
     handle: &Handle,
     interface_name: &str,
     ipv6_gateway: Ipv6Addr,

src/network/dhcpv6.rs

@@ -1,9 +1,10 @@
+use std::error::Error;
 use std::io;
 
 use crate::network::dhcpv6::*;
 use futures::stream::TryStreamExt;
-use log::{info, warn};
-use rtnetlink::new_connection;
+use log::{debug, info, warn};
+use rtnetlink::{new_connection, Handle, IpVersion};
 use std::net::Ipv6Addr;
 use tokio::fs::{read_link, OpenOptions};
 use tokio::io::{AsyncReadExt, AsyncWriteExt};
@@ -20,6 +21,7 @@ use pnet::packet::udp::UdpPacket;
 use pnet::packet::Packet;
 
 use netlink_packet_route::neighbour::*;
+use netlink_packet_route::route::{RouteAddress, RouteAttribute};
 
 const INTERFACE_NAME: &str = "eth0";
 
@@ -122,6 +124,13 @@ pub async fn configure_network_devices() -> Result<Option<(Ipv6Addr, u8)>, Strin
                 } else {
                     info!("No prefix delegation received.");
                 }
+                info!(
+                    "Setting IPv6 gateway to {} on interface {}",
+                    ipv6_gateway, interface_name
+                );
+                if let Err(e) = set_ipv6_gateway(&handle, &interface_name, ipv6_gateway).await {
+                    warn!("Failed to set IPv6 gateway: {}", e);
+                }
             }
             Err(e) => warn!("Error: {}", e),
         }
@@ -148,6 +157,116 @@ pub async fn configure_network_devices() -> Result<Option<(Ipv6Addr, u8)>, Strin
     Ok(delegated_prefix_option)
 }
 
+// Keep for debugging purposes
+async fn _print_ipv6_routes(
+    handle: &Handle,
+    iface_index: u32,
+    interface_name: &str,
+) -> Result<(), Box<dyn Error>> {
+    info!("IPv6 Routes:");
+
+    let mut route_ts = handle.route().get(IpVersion::V6).execute();
+
+    while let Some(route_msg) = route_ts
+        .try_next()
+        .await
+        .map_err(|e| format!("Could not get route: {}", e))?
+    {
+        let mut destination: Option<String> = None;
+        let mut gateway: Option<String> = None;
+        let mut oif: Option<u32> = None;
+
+        for attr in &route_msg.attributes {
+            match attr {
+                RouteAttribute::Oif(oif_idx) => {
+                    oif = Some(*oif_idx);
+                    debug!("Route OIF: {}", oif_idx);
+                }
+
+                RouteAttribute::Destination(dest) => {
+                    match dest {
+                        RouteAddress::Inet6(addr) => {
+                            destination = Some(format!(
+                                "{}/{}",
+                                addr, route_msg.header.destination_prefix_length
+                            ));
+                            debug!("Parsed IPv6 Destination: {}", addr);
+                        }
+                        RouteAddress::Other(v) => {
+                            if v.is_empty() {
+                                destination = Some("::/0".to_string());
+                                debug!("Parsed Default Route");
+                            } else {
+                                // Unknown or unsupported address
+                                let hex_str = v
+                                    .iter()
+                                    .map(|b| format!("{:02x}", b))
+                                    .collect::<Vec<String>>()
+                                    .join(":");
+                                destination = Some(format!("unknown({})", hex_str));
+                                debug!("Parsed Unknown Destination: {}", hex_str);
+                            }
+                        }
+                        _ => {
+                            debug!("Unhandled Destination variant");
+                        }
+                    }
+                }
+
+                RouteAttribute::Gateway(gw) => {
+                    match gw {
+                        RouteAddress::Inet6(addr) => {
+                            gateway = Some(addr.to_string());
+                            debug!("Parsed IPv6 Gateway: {}", addr);
+                        }
+                        RouteAddress::Other(v) => {
+                            // Some other form of gateway, handle if needed
+                            if v.is_empty() {
+                                debug!("Parsed Empty Gateway");
+                            } else {
+                                let hex_str = v
+                                    .iter()
+                                    .map(|b| format!("{:02x}", b))
+                                    .collect::<Vec<String>>()
+                                    .join(":");
+                                gateway = Some(format!("unknown({})", hex_str));
+                                debug!("Parsed Unknown Gateway: {}", hex_str);
+                            }
+                        }
+                        _ => {
+                            debug!("Unhandled Gateway variant");
+                        }
+                    }
+                }
+                _ => {}
+            }
+        }
+
+        if oif != Some(iface_index) {
+            debug!(
+                "Skipping route not associated with interface '{}'",
+                interface_name
+            );
+            continue;
+        }
+
+        if route_msg.header.destination_prefix_length == 0 && destination.is_none() {
+            destination = Some("::/0".to_string());
+            debug!("Default route detected (no destination attribute)");
+        }
+
+        let dest_str = destination.unwrap_or_else(|| "unknown".to_string());
+        let mut route_str = dest_str.to_string();
+        if let Some(gw) = gateway {
+            route_str.push_str(&format!(" via {}", gw));
+        }
+        route_str.push_str(&format!(" dev {}", interface_name));
+
+        info!("- {}", route_str);
+    }
+    Ok(())
+}
+
 fn format_mac(bytes: Vec<u8>) -> String {
     bytes
         .iter()