func()

in cmd/routed-eni-cni-plugin/driver/driver.go [275:324]

• 40 lines of code
• 11 McCabe index (conditional complexity)

func (n *linuxNetwork) SetupBranchENIPodNetwork(hostVethName string, contVethName string, netnsPath string, v4Addr *net.IPNet, v6Addr *net.IPNet,
	vlanID int, eniMAC string, subnetGW string, parentIfIndex int, mtu int, podSGEnforcingMode sgpp.EnforcingMode, log logger.Logger) error {
	log.Debugf("SetupBranchENIPodNetwork: hostVethName=%s, contVethName=%s, netnsPath=%s, v4Addr=%v, v6Addr=%v, vlanID=%d, eniMAC=%s, subnetGW=%s, parentIfIndex=%d, mtu=%d, podSGEnforcingMode=%v",
		hostVethName, contVethName, netnsPath, v4Addr, v6Addr, vlanID, eniMAC, subnetGW, parentIfIndex, mtu, podSGEnforcingMode)

	hostVeth, err := n.setupVeth(hostVethName, contVethName, netnsPath, v4Addr, v6Addr, mtu, log)
	if err != nil {
		return errors.Wrapf(err, "SetupBranchENIPodNetwork: failed to setup veth pair")
	}

	// clean up any previous hostVeth ip rule recursively. (when pod with same name are recreated multiple times).
	//
	// per our understanding, previous we obtain vlanID from pod spec, it could be possible the vlanID is already updated when deleting old pod, thus the hostVeth been cleaned up during oldPod deletion is incorrect.
	// now since we obtain vlanID from prevResult during pod deletion, we should be able to correctly purge hostVeth during pod deletion and thus don't need this logic.
	// this logic is kept here for safety purpose.
	oldFromHostVethRule := n.netLink.NewRule()
	oldFromHostVethRule.IifName = hostVethName
	oldFromHostVethRule.Priority = networkutils.VlanRulePriority
	if v6Addr != nil {
		oldFromHostVethRule.Family = unix.AF_INET6
	}
	if err := networkutils.NetLinkRuleDelAll(n.netLink, oldFromHostVethRule); err != nil {
		return errors.Wrapf(err, "SetupBranchENIPodNetwork: failed to delete hostVeth rule for %s", hostVethName)
	}

	rtTable := vlanID + 100
	vlanLink, err := n.setupVlan(vlanID, eniMAC, subnetGW, parentIfIndex, rtTable, log)
	if err != nil {
		return errors.Wrapf(err, "SetupBranchENIPodNetwork: failed to setup vlan")
	}

	var containerAddr *net.IPNet
	if v4Addr != nil {
		containerAddr = v4Addr
	} else if v6Addr != nil {
		containerAddr = v6Addr
	}

	switch podSGEnforcingMode {
	case sgpp.EnforcingModeStrict:
		if err := n.setupIIFBasedContainerRouteRules(hostVeth, containerAddr, vlanLink, rtTable, log); err != nil {
			return errors.Wrapf(err, "SetupBranchENIPodNetwork: unable to setup IIF based container routes and rules")
		}
	case sgpp.EnforcingModeStandard:
		if err := n.setupIPBasedContainerRouteRules(hostVeth, containerAddr, rtTable, log); err != nil {
			return errors.Wrapf(err, "SetupBranchENIPodNetwork: unable to setup IP based container routes and rules")
		}
	}
	return nil
}