npm - conlink - Versions diffs - 2.0.3 → 2.2.0 - Mend

conlink 2.0.3 → 2.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (15) hide show

package/.github/workflows/push.yml +9 -2
package/Dockerfile +2 -2
package/README.md +135 -29
package/examples/test10-compose.yaml +38 -0
package/examples/test4-multiple/modes/web/compose.yaml +5 -0
package/examples/test7-compose.yaml +4 -1
package/examples/test9-compose.yaml +32 -0
package/link-add.sh +2 -0
package/link-forward.sh +45 -0
package/link-mirred.sh +114 -0
package/mdc +1 -0
package/package.json +1 -1
package/run-tests.sh +219 -0
package/schema.yaml +10 -0
package/src/conlink/core.cljs +274 -144

package/src/conlink/core.cljs CHANGED Viewed

@@ -27,9 +27,11 @@ General Options:
   -v, --verbose                     Show verbose output (stderr)
                                     [env: VERBOSE]
   --show-config                     Print loaded network config JSON and exit
-  --bridge-mode BRIDGE-MODE         Bridge mode (ovs, linux, or auto)
+  --default-bridge-mode BRIDGE-MODE Default bridge mode (ovs, linux, patch, or auto)
                                     to use for bridge/switch connections
                                     [default: auto] [env: CONLINK_BRIDGE_MODE]
+  --default-mtu MTU                 Default link MTU (for non *vlan types)
+                                    [default: 65535]
   --network-file NETWORK-FILE...    Network config file
   --compose-file COMPOSE-FILE...    Docker compose file with network config
   --compose-project NAME            Docker compose project name for resolving
@@ -57,11 +59,14 @@ General Options:
 (def VLAN-TYPES #{:vlan :macvlan :macvtap :ipvlan :ipvtap})
 (def LINK-ADD-OPTS [:ip :mac :route :mtu :nat :netem :mode :vlanid :remote :vni])
 (def INTF-MAX-LEN 15)
+(def DOCKER-INTF "DOCKER-ETH0")
-(def ctx (atom {:error #(apply Eprintln "ERROR:" %&)
-                :warn  #(apply Eprintln "WARNING:" %&)
-                :log   Eprintln
-                :info  list}))
+(def ctx (atom {:error        #(apply Eprintln "ERROR:" %&)
+                :warn         #(apply Eprintln "WARNING:" %&)
+                :log          Eprintln
+                :info         #(identity nil)
+                :kmod-ovs?    false
+                :kmod-mirred? false}))
 ;; Simple utility functions
 (defn json-str [obj]
@@ -94,34 +99,95 @@ General Options:
     net-cfg))
 (defn enrich-link
-  "Add default values to a link:
+  "Check and enrich link config
+  - Resolve bridge name to full bridge map.
+  - Add default values to a link:
     - type: veth
     - dev: eth0
-    - mtu: 9000 (for non *vlan type)
+    - mtu: --default-mtu (for non *vlan type)
     - base: :conlink for veth type, :host for *vlan types, :local otherwise"
-  [{:as link :keys [type base bridge ip vlanid]}]
-  (let [type (keyword (or type "veth"))
+  [{:as link :keys [type base bridge ip forward]} bridges]
+  (let [{:keys [default-mtu docker-eth0?]} @ctx
+        type (keyword (or type "veth"))
+        dev (get link :dev "eth0")
         base-default (cond (= :veth type)     :conlink
                            (VLAN-TYPES type)  :host
                            :else              :local)
         base (get link :base base-default)
+        bridge (get bridges bridge)
         link (merge
                link
                {:type type
-                :dev  (get link :dev "eth0")
+                :dev  dev
                 :base base}
+               (when bridge
+                 {:bridge bridge})
                (when (not (VLAN-TYPES type))
-                 {:mtu  (get link :mtu 9000)}))]
+                 {:mtu  (get link :mtu default-mtu)})
+               (when forward
+                 {:forward
+                  (map #(let [[port_a port_b proto] (S/split % #"[:/]")]
+                          [(js/parseInt port_a) (js/parseInt port_b) proto])
+                       forward)}))]
+    (when forward
+      (let [link-id (str (or (:service link) (:container link)) ":" dev)
+            pre (str "link '" link-id "' has forward setting")]
+        (when (not= :veth type)
+          (fatal 1 (str pre " but is not of type :veth")))
+        (when (not (#{:ovs :linux} (:mode bridge)))
+          (fatal 1 (str pre " but bridge mode is not 'ovs' or 'linux'")))
+        (when (not ip)
+          (fatal 1 (str pre " but does not have IP")))
+        (when (not docker-eth0?)
+          (fatal 1 (str pre " but no docker eth0 is present")))))
     link))
+(defn enrich-bridge
+  "Check and enrich bridge config.
+  If bridge mode is :auto then return :ovs if the 'openvswitch' kernel module
+  is loaded otherwise fall back to :linux. Exit with an error if mode is :ovs
+  or :patch and the 'openvswitch' or 'act_mirred' kernel modules are not
+  loaded respectively."
+  [{:as bridge-opts :keys [bridge mode]}]
+  (let [{:keys [warn default-bridge-mode kmod-ovs? kmod-mirred?]} @ctx
+        mode (keyword (or mode default-bridge-mode))
+        _ (when (and (= :ovs mode) (not kmod-ovs?))
+            (fatal 1 (str "bridge " bridge " mode is 'ovs', "
+                          "but no 'openvswitch' kernel module loaded")))
+        _ (when (and (= :patch mode) (not kmod-mirred?))
+            (warn (str "bridge " bridge " mode is 'patch', "
+                       "but no 'act_mirred' kernel module loaded, "
+                       " assuming it will load when needed.")))
+        _ (when (and (= :auto mode) (not kmod-ovs?))
+            (warn (str "bridge " bridge " mode is 'auto', "
+                       " but no 'openvswitch' kernel module loaded, "
+                       " so falling back to 'linux'")))
+        mode (if (= :auto mode)
+              (if kmod-ovs? :ovs :linux)
+              mode)]
+    (assoc bridge-opts :mode mode)))
 (defn enrich-network-config
-  "Validate and update each link (enrich-link) and add
-  :containers and :services maps with restructured link and command
-  configuration to provide a more efficient structure for looking up
-  configuration later."
-  [{:as cfg :keys [links commands]}]
-  (let [links (vec (map enrich-link links))
-        cfg (merge cfg {:links links :containers {} :services {}})
+  "Validate and update each bridge (enrich-bridge) and link (enrich-link) and
+  add :bridges, :containers, and :services maps with restructured bridge, link,
+  and command configuration to provide a more efficient structure for looking
+  up configuration later."
+  [{:as cfg :keys [links commands bridges]}]
+  (let [bridge-map (reduce (fn [acc b] (assoc acc (:bridge b) b))
+                           {} bridges)
+        ;; Add bridges specified in links only
+        all-bridges (reduce (fn [bs b]
+                              (assoc bs b (get bs b {:bridge b})))
+                            bridge-map
+                            (keep :bridge links))
+        ;; Enrich each bridge
+        bridges (reduce (fn [bs [k v]] (assoc bs k (enrich-bridge v)))
+                        {} all-bridges)
+        links (mapv #(enrich-link % bridges) links)
+        cfg (merge cfg {:links links
+                        :bridges bridges
+                        :containers {}
+                        :services {}})
         rfn (fn [kind cfg {:as x :keys [container service]}]
               (cond-> cfg
                 container (update-in [:containers container kind] conjv x)
@@ -153,15 +219,17 @@ General Options:
                         "\nUser config:\n" (indent-pprint-str data "  "))
                       "\nValidation errors:\n" msg))))))
+;;; Runtime state related
 (defn gen-network-state
   "Generate network state/context from network configuration. Adds
   empty :devices map and :bridges map containing nil status for
   each bridge mentioned in the network config :links and :tunnels."
-  [{:keys [links tunnels]}]
-  (reduce (fn [state bridge]
-            (assoc-in state [:bridges bridge :status] nil))
-          {:devices {} :bridges {}}
-          (keep :bridge (concat links tunnels))))
+  [{:keys [links tunnels bridges]}]
+  {:devices {}
+   :bridges (into {} (for [[k v] bridges]
+                       [k (merge v {:status nil :links #{}})]))})
 (defn link-outer-dev
   "outer-dev format:
@@ -179,7 +247,7 @@ General Options:
   "Add offset value to ip and mac keys in a link definition to account
   for multiple instances of that link i.e. a compose service with
   multiple replicas (scale >= 2)."
-  [{:as link :keys [ip mac]} offset]
+  [{:as link :keys [ip mac forward]} offset]
   ;; TODO: add vlanid
   (let [mac (when mac
               (addrs/int->mac
@@ -188,8 +256,15 @@ General Options:
              (let [[ip prefix] (S/split ip #"/")]
                (str (addrs/int->ip
                       (+ offset (addrs/ip->int ip)))
-                    "/" prefix)))]
-    (merge link (when mac {:mac mac}) (when ip {:ip ip}))))
+                    "/" prefix)))
+        forward (when forward
+                  (map #(let [[port_a port_b proto] %]
+                          [(+ offset port_a) port_b proto])
+                       forward))]
+    (merge link
+           (when mac {:mac mac})
+           (when ip {:ip ip})
+           (when forward {:forward forward}))))
 (defn link-instance-enrich
@@ -261,26 +336,36 @@ General Options:
         (P/recur cmds)
         res))))
+(defn kmod-loaded?
+  "Return whether kernel module 'kmod' is loaded."
+  [kmod]
+  (P/let [cmd (str "grep -o '^" kmod "\\>' /proc/modules")
+          res (run cmd {:quiet true})]
+    (and (= 0 (:code res)) (= kmod (trim (:stdout res))))))
+(defn intf-exists?
+  "Return whether network interface exists"
+  [intf]
+  (P/let [cmd (str "[ -d /sys/class/net/" intf " ]")
+          res (run cmd {:quiet true})]
+    (= 0 (:code res))))
 (defn rename-docker-eth0
-  "If eth0 exists, then rename it to DOCKER-ETH0 to prevent 'RTNETLINK
+  "Rename docker's provided eth0 to DOCKER-INTF to prevent 'RTNETLINK
   answers: File exists' errors during creation of links that use
   'eth0' device name. This is necessary because even if the netns is
   specified with the same link create command, the creation and move
   does not appear to be idempotent and results in the conflict."
   []
   (P/let [{:keys [log]} @ctx
-          res (run "[ -d /sys/class/net/eth0 ]" {:quiet true})]
-    (if (not= 0 (:code res))
-      (log "No eth0 docker network interface detected")
-      (P/let [_ (log "Renaming eth0 to DOCKER-ETH0")
-              res (run* [(str "ip route save dev eth0 > /tmp/routesave")
-                         (str "ip link set eth0 down")
-                         (str "ip link set eth0 name DOCKER-ETH0")
-                         (str "ip link set DOCKER-ETH0 up")
-                         (str "ip route restore < /tmp/routesave")]
-                        {:id "rename"})]
-        (when (not= 0 (:code res))
-          (fatal 1 "Could not rename docker eth0 interface"))))))
+          res (run* [(str "ip route save dev eth0 > /tmp/routesave")
+                     (str "ip link set eth0 down")
+                     (str "ip link set eth0 name " DOCKER-INTF)
+                     (str "ip link set " DOCKER-INTF " up")
+                     (str "ip route restore < /tmp/routesave")]
+                    {:id "rename"})]
+    (when (not= 0 (:code res))
+      (fatal 1 "Could not rename docker eth0 interface"))))
 (defn start-ovs
   "Start and initialize the openvswitch daemons. Exit with error if it
@@ -291,88 +376,127 @@ General Options:
       (fatal 1 (str "Failed starting OVS: " (:stderr res)))
       res)))
-(defn kmod-loaded?
-  "Return whether kernel module 'kmod' is loaded."
-  [kmod]
-  (P/let [cmd (str "grep -o '^" kmod "\\>' /proc/modules")
-          res (run cmd {:quiet true})]
-    (and (= 0 (:code res)) (= kmod (trim (:stdout res))))))
-;;; Link and bridge commands
+;;; Bridge commands
 (defn check-no-bridge
   "Check that no bridge named 'bridge' is currently configured.
-  Bridge type is dependent on bridge-mode (:ovs or :linux). Exit with
+  Bridge type is dependent on mode (:ovs or :linux). Exit with
   error if the bridge already exists."
-  [bridge]
-  (P/let [{:keys [info bridge-mode]} @ctx
+  [{:keys [bridge mode]}]
+  (P/let [{:keys [info]} @ctx
           cmd (get {:ovs (str "ovs-vsctl list-ifaces " bridge)
-                    :linux (str "ip link show type bridge " bridge)}
-                   bridge-mode)
-          res (run cmd {:quiet true})]
-    (if (= 0 (:code res))
-      ;; TODO: maybe mark as :exists and use without cleanup
-      (fatal 1 (str "Bridge " bridge " already exists"))
-      (if (re-seq #"(does not exist|no bridge named)" (:stderr res))
-        true
-        (fatal 1 (str "Unable to run '" cmd "': " (:stderr res)))))))
+                    :linux (str "ip link show type bridge " bridge)
+                    :patch nil}
+                   mode)]
+    (if (not cmd)
+      true
+      (P/let [res (run cmd {:quiet true})]
+        (if (= 0 (:code res))
+          ;; TODO: maybe mark as :exists and use without cleanup
+          (fatal 1 (str "Bridge " bridge " already exists"))
+          (if (re-seq #"(does not exist|no bridge named)" (:stderr res))
+            true
+            (fatal 1 (str "Unable to run '" cmd "': " (:stderr res)))))))))
 (defn bridge-create
   "Create a bridge named 'bridge'.
-  Bridge type is dependent on bridge-mode (:ovs or :linux)."
-  [bridge]
-  (P/let [{:keys [info error bridge-mode]} @ctx
-          _ (info "Creating bridge/switch" bridge)
+  Bridge type is dependent on mode (:ovs or :linux)."
+  [{:keys [bridge mode]}]
+  (P/let [{:keys [info error]} @ctx
           cmd (get {:ovs (str "ovs-vsctl add-br " bridge)
-                    :linux (str "ip link add " bridge " up type bridge")}
-                   bridge-mode)
-          res (run cmd)]
-    (if (not= 0 (:code res))
-      (error (str "Unable to create bridge/switch " bridge))
-      (swap! ctx assoc-in [:network-state :bridges bridge :status] :created))
-    res))
+                    :linux (str "ip link add " bridge " up type bridge")
+                    :patch nil}
+                   mode)]
+    (if (not cmd)
+      (info (str "Ignoring bridge/switch " bridge " for mode " mode))
+      (P/let [_ (info "Creating bridge/switch" bridge)
+              res (run* [cmd (str "ip link set " bridge " up")])]
+        (if (not= 0 (:code res))
+          (error (str "Unable to create bridge/switch " bridge))
+          (swap! ctx assoc-in [:network-state :bridges bridge :status] :created))
+        true))))
 (defn bridge-del
   "Delete the bridge named 'bridge'.
-  Bridge type is dependent on bridge-mode (:ovs or :linux)."
-  [bridge]
-  (P/let [{:keys [info error bridge-mode]} @ctx
-          _ (info "Deleting bridge/switch" bridge)
+  Bridge type is dependent on mode (:ovs or :linux)."
+  [{:keys [bridge mode]}]
+  (P/let [{:keys [info error]} @ctx
           cmd (get {:ovs (str "ovs-vsctl del-br " bridge)
-                    :linux (str "ip link del " bridge)} bridge-mode)
-          res (run cmd)]
-    (if (not= 0 (:code res))
-      (error (str "Unable to delete bridge " bridge))
-      (swap! ctx assoc-in [:network-state :bridges bridge :status] nil))
-    res))
+                    :linux (str "ip link del " bridge)
+                    :patch nil} mode)]
+    (if (not cmd)
+      (info (str "Ignoring bridge/switch " bridge " for mode " mode))
+      (P/let [_ (info "Deleting bridge/switch" bridge)
+              res (run cmd)]
+        (if (not= 0 (:code res))
+          (error (str "Unable to delete bridge " bridge))
+          (swap! ctx assoc-in [:network-state :bridges bridge :status] nil))
+        true))))
 (defn bridge-add-link
   "Add the link/interface 'dev' to the bridge 'bridge'.
-  Bridge type is dependent on bridge-mode (:ovs or :linux)."
-  [bridge dev]
-  (P/let [{:keys [error bridge-mode]} @ctx
+  Bridge type is dependent on mode (:ovs or :linux)."
+  [{:keys [bridge mode]} dev]
+  (P/let [{:keys [error]} @ctx
           cmd (get {:ovs (str "ovs-vsctl add-port " bridge " " dev)
                     :linux (str "ip link set dev " dev " master " bridge)}
-                   bridge-mode)
+                   mode)
           res (run cmd)]
-    (when (not= 0 (:code res))
-      (error (str "Unable to add link " dev " into " bridge)))
-    res))
+    (if (= 0 (:code res))
+      (swap! ctx update-in [:network-state :bridges bridge :links] conj dev)
+      (error (str "Unable to add link " dev " into " bridge)))))
 (defn bridge-drop-link
   "Remove the link/interface 'dev' from the bridge 'bridge'.
-  Bridge type is dependent on bridge-mode (:ovs or :linux)."
-  [bridge dev]
-  (P/let [{:keys [error bridge-mode]} @ctx
+  Bridge type is dependent on mode (:ovs or :linux)."
+  [{:keys [bridge mode]} dev]
+  (P/let [{:keys [error]} @ctx
           cmd (get {:ovs (str "ovs-vsctl del-port " bridge " " dev)
                     :linux (str "ip link set dev " dev " nomaster")}
-                   bridge-mode)
+                   mode)
           res (run cmd)]
-    (when (not= 0 (:code res))
-      (error (str "Unable to drop link " dev " from " bridge)))
-    res))
+    (if (= 0 (:code res))
+      (swap! ctx update-in [:network-state :bridges bridge :links] disj dev)
+      (error (str "Unable to drop link " dev " from " bridge)))))
+(defn patch-add-link
+  "Setup patch between 'dev' and its peer link using tc qdisc mirred
+  filter action. Peer links are tracked in pseudo-bridge 'bridge'."
+  [{:keys [bridge mode]} dev]
+  (let [{:keys [info error]} @ctx
+        links-path [:network-state :bridges bridge :links]
+        links (get-in @ctx links-path)
+        peers (disj links dev)]
+    (condp = (count peers)
+      0
+      (P/do
+        (info (str "Registering first peer link "
+                   dev " in :patch 'bridge' " bridge))
+        (swap! ctx update-in links-path conj dev))
+      1
+      (P/let [cmd (str "link-mirred.sh " dev " " (first peers))
+              res (run cmd)]
+        (if (= 0 (:code res))
+          (swap! ctx update-in links-path conj dev)
+          (error (str "Failed to setup tc filter action for "
+                      dev " in :patch 'bridge' " bridge))))
+      (error "Cannot add third peer link "
+             dev " to :patch 'bridge' " bridge))))
+(defn patch-drop-link
+  "Remove tracking of 'dev' from pseudo-bridge 'bridge'."
+  [{:keys [bridge mode]} dev]
+  (let [{:keys [info error]} @ctx
+        links-path [:network-state :bridges bridge :links]]
+    (info (str "Removing peer link "
+               dev " from :patch 'bridge' " bridge))
+    ;; State is in the links, no extra cleanup
+    (swap! ctx update-in links-path conj dev)))
+;;; Link commands
 (defn link-add
   "Create a link/interface defined by 'link' in a container by calling
@@ -380,7 +504,7 @@ General Options:
   line arguments from the 'link' definition and reports the results."
   [link]
   (P/let [{:keys [error]} @ctx
-          {:keys [type dev outer-dev pid outer-pid container dev-id]} link
+          {:keys [type dev outer-dev pid outer-pid dev-id]} link
           cmd (str "link-add.sh"
                    " '" (name type) "' '" pid "' '" dev "'"
                    (when outer-pid (str " --pid1 " outer-pid))
@@ -409,6 +533,26 @@ General Options:
         (error (str "Unable to delete " dev-id ": " (:stderr res)))))
     res))
+;;; Port forward command
+(defn forward-modify
+  "Depending on 'action' create ('add') or delete ('del') port
+  forwards defined by :forward property of 'link'."
+  [link action]
+  (P/let [{:keys [error]} @ctx
+          {:keys [outer-dev dev-id bridge ip forward]} link]
+    (P/all (for [fwd forward]
+             (P/let [[port_a port_b proto] fwd
+                     ip (S/replace ip #"/.*" "")
+                     cmd (str "link-forward.sh " action
+                              " " DOCKER-INTF " " (:bridge bridge)
+                              " " port_a ":" ip ":" port_b "/" proto)
+                     res (run cmd {:id dev-id})]
+               (when (not= 0 (:code res))
+                 (error (str "Unable to " action " forward "
+                             "'" fwd "' for " dev-id)))
+               res)))))
 ;;; docker/docker-compose utilities
@@ -507,7 +651,7 @@ General Options:
   [link action]
   (P/let
     [{:keys [error log]} @ctx
-     {:keys [type outer-dev bridge dev-id]} link
+     {:keys [type outer-dev bridge dev-id forward]} link
      status-path [:network-state :devices dev-id :status]
      link-status (get-in @ctx status-path)]
     (log (str (get {"start" "Creating" "die" "Deleting"} action)
@@ -519,7 +663,11 @@ General Options:
         (P/do
           (swap! ctx assoc-in status-path :creating)
           (link-add link)
-          (when bridge (bridge-add-link bridge outer-dev))
+          (when bridge
+            (if (= :patch (:mode bridge))
+              (patch-add-link bridge outer-dev)
+              (bridge-add-link bridge outer-dev)))
+          (when forward (forward-modify link "add"))
           (swap! ctx assoc-in status-path :created)))
       "die"
@@ -527,7 +675,11 @@ General Options:
         (error (str "Link " dev-id " does not exist"))
         (P/do
           (swap! ctx assoc-in status-path :deleting)
-          (when bridge (bridge-drop-link bridge outer-dev))
+          (when forward (forward-modify link "del"))
+          (when bridge
+            (if (= :patch (:mode bridge))
+              (patch-drop-link bridge outer-dev)
+              (bridge-drop-link bridge outer-dev)))
           (link-del link)
           (swap! ctx assoc-in status-path nil))))))
@@ -635,7 +787,7 @@ General Options:
       (when (seq bridges)
         (P/do
           (log (str "Removing bridges: " (S/join ", " (keys bridges))))
-          (P/all (map bridge-del (keys bridges)))))
+          (P/all (map bridge-del (vals bridges)))))
       (js/process.exit 127))))
@@ -650,40 +802,6 @@ General Options:
   (when (empty? config-schema)
     (fatal 2 "Could not find config-schema" orig-config-schema)))
-(defn startup-checks
-  "Check startup state and return map of :bridge-mode, :docker, and
-  :podman. If bridge-mode is :auto then return :ovs if the
-  'openvswitch' kernel module is loaded otherwise fall back to :linux.
-  Exit with an error if bridge-mode is :ovs and the 'openvswitch'
-  kernel module is not loaded or if neither a docker or podman
-  connection could be established."
-  [{:keys [bridge-mode docker-socket podman-socket]}]
-  (P/let
-    [{:keys [info warn]} @ctx
-     ovs? (kmod-loaded? "openvswitch")
-     bridge-mode (condp = [bridge-mode ovs?]
-                   [:auto true]
-                   :ovs
-                   [:auto false]
-                   (do
-                     (warn (str "bridge-mode is 'auto' but no 'openvswitch' "
-                                "kernel module loaded, so using 'linux'"))
-                    :linux)
-                   [:ovs false]
-                   (fatal 1 (str "bridge-mode is 'ovs', but no 'openvswitch' "
-                                 "kernel module loaded"))
-                   bridge-mode)
-     docker (docker-client docker-socket)
-     podman (docker-client podman-socket)]
-    (when (and (not docker) (not podman))
-      (fatal 1 "Failed to start either docker or podman client/listener"))
-    {:bridge-mode bridge-mode
-     :docker docker
-     :podman podman}))
 (defn server
   "Process:
     - parse/validate command line options
@@ -692,7 +810,7 @@ General Options:
     - determine our own container ID and compose properties (if any)
     - generate runtime network state and other process context/state
     - install exit/cleanup handlers
-    - start/init openvswitch daemons/config (if :ovs bridge-mode)
+    - start/init openvswitch daemons/config (if any bridges use :ovs mode)
     - check that any defined bridges do not already exist
     - create any bridges defined in network config links
     - start listening/handling docker/podman container events
@@ -704,7 +822,7 @@ General Options:
      {:keys [log info]} (swap! ctx merge (when verbose {:info Eprintln}))
      opts (merge
             opts
-            {:bridge-mode (keyword (:bridge-mode opts))
+            {:default-bridge-mode (keyword (:default-bridge-mode opts))
              :orig-config-schema (:config-schema opts)
              :config-schema (resolve-path (:config-schema opts) SCHEMA-PATHS)
              :network-file (mapcat #(S/split % #":") (:network-file opts))
@@ -715,7 +833,16 @@ General Options:
      {:keys [network-file compose-file compose-project]} opts
      env (js->clj (js/Object.assign #js {} js/process.env))
      self-pid js/process.pid
+     self-cid (get-container-id)
      schema (load-config (:config-schema opts))
+     kmod-ovs? (kmod-loaded? "openvswitch")
+     kmod-mirred? (kmod-loaded? "act_mirred")
+     docker-eth0? (and self-cid (intf-exists? "eth0"))
+     _ (swap! ctx merge {:default-bridge-mode (:default-bridge-mode opts)
+                         :default-mtu (:default-mtu opts)
+                         :kmod-ovs? kmod-ovs?
+                         :kmod-mirred? kmod-mirred?
+                         :docker-eth0? docker-eth0?})
      network-config (P/-> (load-configs compose-file network-file)
                           (interpolate-walk env)
                           (check-schema schema verbose)
@@ -724,8 +851,11 @@ General Options:
          (println (js/JSON.stringify (->js network-config)))
          (js/process.exit 0))
-     {:keys [bridge-mode docker podman]} (startup-checks opts)
-     self-cid (get-container-id)
+     docker (docker-client (:docker-socket opts))
+     podman (docker-client (:podman-socket opts))
+     _ (when (and (not docker) (not podman))
+         (fatal 1 "Failed to start either docker or podman client/listener"))
      self-container-obj (when self-cid
                           (get-container (or docker podman) self-cid))
      self-container (inspect-container self-container-obj)
@@ -733,8 +863,7 @@ General Options:
                     {:project compose-project}
                     (get-compose-labels self-container))
      network-state (gen-network-state network-config)
-     ctx-data {:bridge-mode bridge-mode
-               :network-config network-config
+     ctx-data {:network-config network-config
                :network-state network-state
                :compose-opts compose-opts
                :docker docker
@@ -749,7 +878,6 @@ General Options:
     (js/process.on "SIGTERM" #(exit-handler % "signal"))
     (js/process.on "uncaughtException" #(exit-handler %1 %2))
-    (log "Bridge mode:" (name bridge-mode))
     (log (str "Using schema at '" (:config-schema opts) "'"))
     (info (str "Starting network config\n"
                (indent-pprint-str network-config "  ")))
@@ -761,18 +889,20 @@ General Options:
       (info "Detected compose context:" compose-project))
     (P/do
-      (when self-cid
+      (when docker-eth0?
+        (log "Renaming eth0 to" DOCKER-INTF)
         (rename-docker-eth0))
-      (when (= :ovs bridge-mode)
+      (when (some #(= :ovs (:mode %)) (-> network-config :bridges vals))
         (start-ovs))
       ;; Check that bridges/switches do not already exist
-      (P/all (for [bridge (-> network-state :bridges keys)]
+      (P/all (for [bridge (vals (:bridges network-state))]
                (check-no-bridge bridge)))
       ;; Create bridges/switch configs
       ;; TODO: should be done on-demand
-      (P/all (for [bridge (-> network-state :bridges keys)]
+      (P/all (for [bridge (vals (:bridges network-state))]
                (bridge-create bridge)))
       ;; Create tunnels configs