add MAC, IPv4, IPv6 addresses to nework inspect

[coderbirju]

Current network inspect respone provides only container names
This PR adds other fields in the EndpointResource Struct

Testing:

CIDR Notation:

$ sudo nerdctl network create test-net --subnet 10.88.0.0/16
$ sudo nerdctl run -d --name test-container --network test-net nginx:alpine
$ sudo nerdctl network inspect test-net | jq -r '.[].Containers'

Result

{
  "70aaec372b1f...": {
    "Name": "test-container",
    "MacAddress": "fe:5d:85:64:d2:96",
    "IPv4Address": "10.88.0.2/16", 
    "IPv6Address": ""
  }
}

Multi-Network Container:

$ sudo nerdctl network create hoge --subnet 10.91.0.0/16
$ sudo nerdctl network create fuga --subnet 10.92.0.0/16
$ sudo nerdctl run -d --name test2 --network hoge --network fuga nginx:alpine

-hoge

$ sudo nerdctl network inspect hoge | jq -r '.[].Containers'

{
  "0d7e17a42d25...": {
    "Name": "test2",
    "MacAddress": "ca:ad:6d:42:7a:03",  ← Unique to hoge
    "IPv4Address": "10.91.0.3/16",      ← From hoge subnet
    "IPv6Address": ""
  }
}

-fuga

$ sudo nerdctl network inspect fuga | jq -r '.[].Containers'


{
  "0d7e17a42d25...": {
    "Name": "test2",
    "MacAddress": "ca:f2:87:2c:4e:df",  ← Different MAC
    "IPv4Address": "10.92.0.2/16",      ← Different IP from fuga subnet
    "IPv6Address": ""
  }
}

[coderbirju]

Apologies for the late reply, you're right we can skip the assert statements as the field existence is already validated through struct unmarshaling.

@haytok

[haytok]

There are no tests for the items added in this PR's changes. Should add assertions for IPv4Address, MacAddress, and IPv6Address.

[coderbirju]

Failures seem to be unrelated to the changes
PTAL
@haytok @Shubhranshu153

[haytok]

Thanks for fixes. I'll reply within this week 🙏

[haytok]

I've added some comments but, can we add a test for when a container belongs to two networks?

(There were a few points I wasn’t able to comment on in my previous review. I apologize for the inconvenience 🙏)

[haytok]

What situations can lead to an empty subnets list?

[haytok]

IMO, it would be better to verify that the container IP is within the subnet, in addition to checking that container.IPv4Address contains /.

Example:

_, subnet, _ := net.ParseCIDR(dc[0].IPAM.Config[0].Subnet)
containerIP, _, _ := net.ParseCIDR(container.IPv4Address)
assert.Assert(t, subnet.Contains(containerIP), "IPv4Address should be within the network's subnet")

[haytok]

When checking CI logs, there are below messages:

network_inspect_test.go:446: assertion failed: container.IPv4Address is "": IPv4Address should not be empty

This is because nerdctl network inspect on windows environments does not return NetNS information.

nerdctl/pkg/containerinspector/containerinspector_windows.go

Lines 25 to 29 in deec874

	func InspectNetNS(ctx context.Context, pid int) (*native.NetNS, error) {
	r := &native.NetNS{}
	return r, nil
	}

[haytok]

In the current implementation, when a container belongs to a dual-stack network with both IPv4 and IPv6, only one IP address is displayed. Both IPv4 and IPv6 addresses should be displayed.

sudo nerdctl network create --ipv6 --subnet 10.1.0.0/24 --subnet fd00::/64 test-dual-stack
sudo nerdctl run -d --name test-container --network test-dual-stack alpine sleep infinity
sudo nerdctl network inspect test-dual-stack | jq -r '.[].Containers'

[Shubhranshu153]

+1 here we are returning true but we are parsing a range of subnets.

[Shubhranshu153]

nit: and interface is up.

[Shubhranshu153]

nit: handle error and other conditional separately. Not important but the purpose is different.

[Shubhranshu153]

we are parsing a range of subnets but we are supposed take the first IPV4 and one IPV6 address i think for docker compatibility, how that is decided?

[Shubhranshu153]

nit: GlobalIPV6Address
compatible with convention in https://docs.docker.com/reference/api/engine/version/v1.44/#tag/Container/operation/ContainerInspect