Fault Injection - Multi-ENI detection for host mode tasks & IPv6-only task detection for all tasks

[amogh09]

Summary

This PR modifies the behavior of the GetTaskMetadataWithTaskNetworkConfig method of TMDSAgentState implementation to:

1. Return task ENI's IPv4 and IPv6 addresses for awsvpc mode tasks
2. Look up and return default IPv4 and IPv6 network interfaces and their IP addresses in the host network namespace for host mode tasks

The definition of IPv6-only tasks in the context of Fault Injection handlers has been updated accordingly. The new definition states that an IPv6-only task has a single network interface with no IPv4 addresses and at least one IPv6 address. This updated definition correctly identifies host mode tasks with separate default network interfaces for IPv4 and IPv6 as not IPv6-only. The isIPv6OnlyTask function has been updated to reflect this change.

Implementation details

1. TMDSAgentState.getTaskMetadata method that's responsible for populating task network configuration for all tasks on all platforms is updated so that it populates IP addresses for awsvpc tasks.
2. TMDSAgentState.GetTaskMetadataWithTaskNetworkConfig method for Linux specifically is updated so that for host mode tasks it looks up default network interfaces for IPv4 and IPv6 using the GetDefaultNetworkInterfaces utility function that was introduced in Net utils for finding default network interfaces #4665.
3. isIPv6OnlyTask function in ecs-agent/tmds/handlers/fault/v1/handlers/handlers.go is updated as per the new definition mentioned above.
4. Unit test updates.

Testing

Launched two instances, one IPv6-only and another one with two ENIs - IPv4-only and IPv6-only (we will call this v4v6 instance). On both instances I temporarily renamed ip6tables utility so that it is not found by Agent.

On v4v6 instance, verified that start blackhole port fault request do not fail but the fault is not injected for IPv6 traffic.

bash-5.2# curl -XPOST --data '{"Port": 80, "Protocol": "tcp", "TrafficType": "egress"}' ${ECS_AGENT_URI}/fault/v1/network-blackhole-port/start
{"Status":"running"}bash-5.2#
bash-5.2# curl -4 --connect-timeout 2 -w "IP: %{remote_ip}\nHTTP: %{response_code}\n" -s example.com -o /dev/null
IP:
HTTP: 000
bash-5.2# curl -6 --connect-timeout 2 -w "IP: %{remote_ip}\nHTTP: %{response_code}\n" -s example.com -o /dev/null
IP: 2600:1406:bc00:53::b81e:94c8
HTTP: 200

On the IPv6-only instance this causes an internal server error.

bash-5.2# curl -XPOST --data '{"Port": 80, "Protocol": "tcp", "TrafficType": "egress"}' ${ECS_AGENT_URI}/fault/v1/network-blackhole-port/start
{"Error":"internal error"}bash-5.2#
bash-5.2# curl -XPOST --data '{"Port": 80, "Protocol": "tcp", "TrafficType": "egress"}' ${ECS_AGENT_URI}/fault/v1/network-blackhole-port/stop
{"Error":"internal error"}bash-5.2# exit

Logs on IPv6-only instance -

[ec2-user@ipv6only ~]$ grep -i ip6tables /var/log/ecs/ecs-agent.log
level=error time=2025-06-03T23:07:28Z msg="Unable to execute the command" command="ip6tables -w 5 -N egress-tcp-80" output="" taskArn="arn:aws:ecs:us-west-2:979604884904:task/sc-test/9fa2dec442f34773b1e467eb7e607fba" error="exec: \"ip6tables\": executable file not found in $PATH" netns="host"
level=error time=2025-06-03T23:07:53Z msg="Unable to execute the command" netns="host" command="ip6tables -w 5 -F egress-tcp-80" output="" taskArn="arn:aws:ecs:us-west-2:979604884904:task/sc-test/9fa2dec442f34773b1e467eb7e607fba" error="exec: \"ip6tables\": executable file not found in $PATH"

New tests cover the changes: yes

Description for the changelog

enhancement: [TMDS Fault Injection] Improve network interface detection to handle multiple default interfaces in host mode and update IPv6-only task identification

Additional Information

Does this PR include breaking model changes? If so, Have you added transformation functions?

No

Does this PR include the addition of new environment variables in the README?

No

Licensing

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

[mye956]

nit: could better format the imports here

[amogh09]

Right.. let me do this as a follow-up.

[xxx0624]

https://github.com/daixiang0/gci can help you regroup imports which can be integrated into the repo if needed.

[amogh09]

Addressed in #4671

[mye956]

also true for "none" network mode as well

[amogh09]

Right.. let me do this as a follow-up.

[amogh09]

Addressed in #4671

[xxx0624]

https://github.com/daixiang0/gci can help you regroup imports which can be integrated into the repo if needed.