Skip to content

Makes interface gateway configuration optional. #156

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
crosbymichael merged 1 commit into from
Jun 27, 2025
Merged

Makes interface gateway configuration optional. #156

crosbymichael merged 1 commit into from
Jun 27, 2025

Conversation

@jglogan
Copy link
Contributor

@jglogan jglogan commented Jun 20, 2025
edited
Loading

Here we implement the mechanism for ensuring that container doesn't set up two default routes on containers that connect to multiple networks. We'll implement the policy in apple/container#243.

@jglogan jglogan mentioned this pull request Jun 21, 2025
Merged
@jglogan jglogan force-pushed the users/jglogan/single-gateway branch from f72115e to 9a82cc0 Compare June 23, 2025 20:54
katiewasnothere
katiewasnothere reviewed Jun 23, 2025
View reviewed changes
Sources/Containerization/LinuxContainer.swift Outdated
Comment on lines 508 to 510
// Configure the gateway only on the first interface
if !self.interfaces.isEmpty {
try await agent.routeAddDefault(name: "eth0", gateway: self.interfaces[0].gateway)
Copy link
Contributor

@katiewasnothere katiewasnothere Jun 23, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I feel like we should just be configuring whatever is given to us here. Like if the network has a gateway on it, we configure it. There could be cases where we want all the gateways configured as routes and only a single one as the default gateway.

Copy link
Contributor Author

@jglogan jglogan Jun 24, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

That makes sense, thanks! IMO the default policy should prevent folks from shooting themselves in the foot with multiple default routes, but it makes sense that that policy should exist in the sandbox service and not here. I'll look into how to rework the PR to do that without blowing up the scope of this change.

Copy link
Contributor

@crosbymichael crosbymichael Jun 25, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I agree with making the gateway optional and only configuring it when provided. That still is not a great design because of the "default" route. I don't know if we should add any additional information to the interface type that would denote the "default" route.

Copy link
Contributor Author

@jglogan jglogan Jun 26, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Agree, let's do the minimum in this one and get the mechanism/policy split correct. We can consider how Interface evolves over time elsewhere.

@jglogan jglogan force-pushed the users/jglogan/single-gateway branch 2 times, most recently from 39e79ba to a582c71 Compare June 26, 2025 23:12
@jglogan jglogan changed the title Configure only a single gateway if there are multiple interfaces. Makes interface gateway configuration optional. Jun 26, 2025
@jglogan jglogan force-pushed the users/jglogan/single-gateway branch 3 times, most recently from 8366de5 to ae69e9c Compare June 27, 2025 15:51
@jglogan jglogan force-pushed the users/jglogan/single-gateway branch from ae69e9c to 98b509e Compare June 27, 2025 18:56
crosbymichael
crosbymichael approved these changes Jun 27, 2025
View reviewed changes
Copy link
Contributor

@crosbymichael crosbymichael left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM. Lets make sure we have an issue so we don't drop the second half of this work.

@crosbymichael crosbymichael merged commit 1a59de8 into apple:main Jun 27, 2025
2 checks passed
katiewasnothere pushed a commit to apple/container that referenced this pull request Jun 27, 2025
@jglogan
Adds container network for macOS 26. (#243)
3b5c253 
See discussion below for example. For multiple network interfaces in a
single container we'll want to integrate against a containerization that
includes apple/containerization#156.

The change bumps the containerization dependency to 0.2.0 and addresses
the breaking API changes.

```console
% container network
OVERVIEW: Manage container networks

USAGE: container network <subcommand>

OPTIONS:
  --version               Show the version.
  -h, --help              Show help information.

SUBCOMMANDS:
  create                  Create a new network
  delete, rm              Delete one or more networks
  list, ls                List networks
  inspect                 Display information about one or more networks

  See 'container help network <subcommand>' for detailed help.
```
@jglogan jglogan mentioned this pull request Jun 28, 2025
Open
1 task
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@crosbymichael crosbymichael crosbymichael approved these changes

@katiewasnothere katiewasnothere katiewasnothere approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@jglogan @crosbymichael @katiewasnothere