moby--moby/libnetwork/drivers/bridge/setup_verify.go

// +build linux

package bridge

import (
	"fmt"
	"strings"

	"github.com/docker/docker/libnetwork/ns"
	"github.com/docker/docker/libnetwork/types"
	"github.com/sirupsen/logrus"
	"github.com/vishvananda/netlink"
)

func setupVerifyAndReconcile(config *networkConfiguration, i *bridgeInterface) error {
	// Fetch a slice of IPv4 addresses and a slice of IPv6 addresses from the bridge.
	addrsv4, addrsv6, err := i.addresses()
	if err != nil {
		return fmt.Errorf("Failed to verify ip addresses: %v", err)
	}

	addrv4, _ := selectIPv4Address(addrsv4, config.AddressIPv4)

	// Verify that the bridge does have an IPv4 address.
	if addrv4.IPNet == nil {
		return &ErrNoIPAddr{}
	}

	// Verify that the bridge IPv4 address matches the requested configuration.
	if config.AddressIPv4 != nil && !addrv4.IP.Equal(config.AddressIPv4.IP) {
		return &IPv4AddrNoMatchError{IP: addrv4.IP, CfgIP: config.AddressIPv4.IP}
	}

	// Verify that one of the bridge IPv6 addresses matches the requested
	// configuration.
	if config.EnableIPv6 && !findIPv6Address(netlink.Addr{IPNet: bridgeIPv6}, addrsv6) {
		return (*IPv6AddrNoMatchError)(bridgeIPv6)
	}

	// Release any residual IPv6 address that might be there because of older daemon instances
	for _, addrv6 := range addrsv6 {
		addrv6 := addrv6
		if addrv6.IP.IsGlobalUnicast() && !types.CompareIPNet(addrv6.IPNet, i.bridgeIPv6) {
			if err := i.nlh.AddrDel(i.Link, &addrv6); err != nil {
				logrus.Warnf("Failed to remove residual IPv6 address %s from bridge: %v", addrv6.IPNet, err)
			}
		}
	}

	return nil
}

func findIPv6Address(addr netlink.Addr, addresses []netlink.Addr) bool {
	for _, addrv6 := range addresses {
		if addrv6.String() == addr.String() {
			return true
		}
	}
	return false
}

func bridgeInterfaceExists(name string) (bool, error) {
	nlh := ns.NlHandle()
	link, err := nlh.LinkByName(name)
	if err != nil {
		if strings.Contains(err.Error(), "Link not found") {
			return false, nil
		}
		return false, fmt.Errorf("failed to check bridge interface existence: %v", err)
	}

	if link.Type() == "bridge" {
		return true, nil
	}
	return false, fmt.Errorf("existing interface %s is not a bridge", name)
}
Fix some windows issues in libnetwork tests Fix build constraints for linux-only network drivers Signed-off-by: Brian Goff <cpuguy83@gmail.com> 2021-05-25 19:48:54 -04:00			`// +build linux`

WIP - Bridge refactoring Signed-off-by: Arnaud Porterie <arnaud.porterie@docker.com> 2015-02-22 20:58:52 -05:00			`package bridge`

Provide interface to categorize errors - Package types to define the interfaces libnetwork errors may implement, so that caller can categorize them. Signed-off-by: Alessandro Boch <aboch@docker.com> 2015-05-14 17:56:15 -04:00			`import (`
Migrate libnetwork to use netlink.Handle Signed-off-by: Alessandro Boch <aboch@docker.com> 2016-05-16 14:51:40 -04:00			`"fmt"`
don't delete the bridge interface if it was not created by libnetwork Signed-off-by: Shijiang Wei <mountkin@gmail.com> 2016-06-27 23:42:50 -04:00			`"strings"`
Migrate libnetwork to use netlink.Handle Signed-off-by: Alessandro Boch <aboch@docker.com> 2016-05-16 14:51:40 -04:00
Fix libnetwork imports After moving libnetwork to this repo, we need to update all the import paths for libnetwork to point to docker/docker/libnetwork instead of docker/libnetwork. This change implements that. Signed-off-by: Brian Goff <cpuguy83@gmail.com> 2021-04-05 20:24:47 -04:00			`"github.com/docker/docker/libnetwork/ns"`
			`"github.com/docker/docker/libnetwork/types"`
Update logrus to v1.0.1 Fix case sensitivity issue Update docker and runc vendors Signed-off-by: Derek McGowan <derek@mcgstyle.net> 2017-07-26 17:18:31 -04:00			`"github.com/sirupsen/logrus"`
Provide interface to categorize errors - Package types to define the interfaces libnetwork errors may implement, so that caller can categorize them. Signed-off-by: Alessandro Boch <aboch@docker.com> 2015-05-14 17:56:15 -04:00			`"github.com/vishvananda/netlink"`
			`)`
WIP - Bridge refactoring Signed-off-by: Arnaud Porterie <arnaud.porterie@docker.com> 2015-02-22 20:58:52 -05:00
Support network options in rest api - Also unexporting configuration structures in bridge - Changes in dnet/network.go to set bridge name = network name Signed-off-by: Alessandro Boch <aboch@docker.com> 2015-05-22 13:56:36 -04:00			`func setupVerifyAndReconcile(config networkConfiguration, i bridgeInterface) error {`
Fix issue for `--fixed-cidr` when bridge has multiple addresses This fix tries to address the issue raised in: https://github.com/docker/docker/issues/26341 where multiple addresses in a bridge may cause `--fixed-cidr` to not have the correct addresses. The issue is that `netutils.ElectInterfaceAddresses(bridgeName)` only returns the first IPv4 address. This fix changes `ElectInterfaceAddresses()` and `addresses()` so that all IPv4 addresses are returned. This will allow the possibility of selectively choose the address needed. Signed-off-by: Yong Tang <yong.tang.github@outlook.com> 2016-09-17 01:40:44 -04:00			`// Fetch a slice of IPv4 addresses and a slice of IPv6 addresses from the bridge.`
			`addrsv4, addrsv6, err := i.addresses()`
WIP - Bridge refactoring Signed-off-by: Arnaud Porterie <arnaud.porterie@docker.com> 2015-02-22 20:58:52 -05:00			`if err != nil {`
Migrate libnetwork to use netlink.Handle Signed-off-by: Alessandro Boch <aboch@docker.com> 2016-05-16 14:51:40 -04:00			`return fmt.Errorf("Failed to verify ip addresses: %v", err)`
WIP - Bridge refactoring Signed-off-by: Arnaud Porterie <arnaud.porterie@docker.com> 2015-02-22 20:58:52 -05:00			`}`

Fix issue for `--fixed-cidr` when bridge has multiple addresses This fix tries to address the issue raised in: https://github.com/docker/docker/issues/26341 where multiple addresses in a bridge may cause `--fixed-cidr` to not have the correct addresses. The issue is that `netutils.ElectInterfaceAddresses(bridgeName)` only returns the first IPv4 address. This fix changes `ElectInterfaceAddresses()` and `addresses()` so that all IPv4 addresses are returned. This will allow the possibility of selectively choose the address needed. Signed-off-by: Yong Tang <yong.tang.github@outlook.com> 2016-09-17 01:40:44 -04:00			`addrv4, _ := selectIPv4Address(addrsv4, config.AddressIPv4)`

Test coverage on bridge Signed-off-by: Arnaud Porterie <arnaud.porterie@docker.com> 2015-02-24 21:41:17 -05:00			`// Verify that the bridge does have an IPv4 address.`
			`if addrv4.IPNet == nil {`
Provide interface to categorize errors - Package types to define the interfaces libnetwork errors may implement, so that caller can categorize them. Signed-off-by: Alessandro Boch <aboch@docker.com> 2015-05-14 17:56:15 -04:00			`return &ErrNoIPAddr{}`
Test coverage on bridge Signed-off-by: Arnaud Porterie <arnaud.porterie@docker.com> 2015-02-24 21:41:17 -05:00			`}`

WIP - Bridge refactoring Signed-off-by: Arnaud Porterie <arnaud.porterie@docker.com> 2015-02-22 20:58:52 -05:00			`// Verify that the bridge IPv4 address matches the requested configuration.`
Added driver specific config support - Added api enhancement to pass driver specific config - Refactored simple bridge driver code for driver specific config - Added an undocumented option to add non-default bridges without manual pre-provisioning to help libnetwork testing - Reenabled libnetwork test to do api testing - Updated README.md Signed-off-by: Jana Radhakrishnan <mrjana@docker.com> 2015-04-15 01:25:42 -04:00			`if config.AddressIPv4 != nil && !addrv4.IP.Equal(config.AddressIPv4.IP) {`
Provide interface to categorize errors - Package types to define the interfaces libnetwork errors may implement, so that caller can categorize them. Signed-off-by: Alessandro Boch <aboch@docker.com> 2015-05-14 17:56:15 -04:00			`return &IPv4AddrNoMatchError{IP: addrv4.IP, CfgIP: config.AddressIPv4.IP}`
WIP - Bridge refactoring Signed-off-by: Arnaud Porterie <arnaud.porterie@docker.com> 2015-02-22 20:58:52 -05:00			`}`

			`// Verify that one of the bridge IPv6 addresses matches the requested`
			`// configuration.`
Added driver specific config support - Added api enhancement to pass driver specific config - Refactored simple bridge driver code for driver specific config - Added an undocumented option to add non-default bridges without manual pre-provisioning to help libnetwork testing - Reenabled libnetwork test to do api testing - Updated README.md Signed-off-by: Jana Radhakrishnan <mrjana@docker.com> 2015-04-15 01:25:42 -04:00			`if config.EnableIPv6 && !findIPv6Address(netlink.Addr{IPNet: bridgeIPv6}, addrsv6) {`
Changed all the naked error returns in bridge driver to proper error types, except the naked error returns which were just prefixing strings to previously returned error strings. Signed-off-by: Jana Radhakrishnan <mrjana@docker.com> 2015-04-16 22:47:12 -04:00			`return (*IPv6AddrNoMatchError)(bridgeIPv6)`
WIP - Bridge refactoring Signed-off-by: Arnaud Porterie <arnaud.porterie@docker.com> 2015-02-22 20:58:52 -05:00			`}`

Check if present before programming IPv6 in bridge Signed-off-by: Alessandro Boch <aboch@docker.com> 2016-01-06 21:13:08 -05:00			`// Release any residual IPv6 address that might be there because of older daemon instances`
			`for _, addrv6 := range addrsv6 {`
Fix gosec complaints in libnetwork These were purposefully ignored before but this goes ahead and "fixes" most of them. Note that none of the things gosec flagged are problematic, just quieting the linter here. Signed-off-by: Brian Goff <cpuguy83@gmail.com> 2021-06-18 18:20:06 -04:00			`addrv6 := addrv6`
Check if present before programming IPv6 in bridge Signed-off-by: Alessandro Boch <aboch@docker.com> 2016-01-06 21:13:08 -05:00			`if addrv6.IP.IsGlobalUnicast() && !types.CompareIPNet(addrv6.IPNet, i.bridgeIPv6) {`
Fix gosec complaints in libnetwork These were purposefully ignored before but this goes ahead and "fixes" most of them. Note that none of the things gosec flagged are problematic, just quieting the linter here. Signed-off-by: Brian Goff <cpuguy83@gmail.com> 2021-06-18 18:20:06 -04:00			`if err := i.nlh.AddrDel(i.Link, &addrv6); err != nil {`
Refactoring logrus import and formatting This fix tries to fix logrus formatting by removing `f` from `logrus.[Error\|Warn\|Debug\|Fatal\|Panic\|Info]f` when formatting string is not present. Also fix import name to use original project name 'logrus' instead of 'log' Signed-off-by: Daehyeok Mun <daehyeok@gmail.com> 2016-11-01 00:26:14 -04:00			`logrus.Warnf("Failed to remove residual IPv6 address %s from bridge: %v", addrv6.IPNet, err)`
Check if present before programming IPv6 in bridge Signed-off-by: Alessandro Boch <aboch@docker.com> 2016-01-06 21:13:08 -05:00			`}`
			`}`
			`}`
Fixed a bug in bridge driver where when the bridge already exists the bridgeInterface.bridgeIPv4 is not getting initialized properly Signed-off-by: Jana Radhakrishnan <mrjana@docker.com> 2015-04-16 01:02:21 -04:00
Test coverage on bridge Signed-off-by: Arnaud Porterie <arnaud.porterie@docker.com> 2015-02-24 21:41:17 -05:00			`return nil`
			`}`

			`func findIPv6Address(addr netlink.Addr, addresses []netlink.Addr) bool {`
			`for _, addrv6 := range addresses {`
			`if addrv6.String() == addr.String() {`
			`return true`
			`}`
			`}`
			`return false`
WIP - Bridge refactoring Signed-off-by: Arnaud Porterie <arnaud.porterie@docker.com> 2015-02-22 20:58:52 -05:00			`}`
don't delete the bridge interface if it was not created by libnetwork Signed-off-by: Shijiang Wei <mountkin@gmail.com> 2016-06-27 23:42:50 -04:00
			`func bridgeInterfaceExists(name string) (bool, error) {`
			`nlh := ns.NlHandle()`
			`link, err := nlh.LinkByName(name)`
			`if err != nil {`
			`if strings.Contains(err.Error(), "Link not found") {`
			`return false, nil`
			`}`
			`return false, fmt.Errorf("failed to check bridge interface existence: %v", err)`
			`}`

			`if link.Type() == "bridge" {`
			`return true, nil`
			`}`
			`return false, fmt.Errorf("existing interface %s is not a bridge", name)`
			`}`