2015-02-22 20:24:22 -05:00
|
|
|
package bridge
|
|
|
|
|
|
|
|
import (
|
2015-05-18 19:49:12 -04:00
|
|
|
"fmt"
|
|
|
|
"io/ioutil"
|
2015-02-22 20:24:22 -05:00
|
|
|
"net"
|
|
|
|
|
2015-05-18 19:49:12 -04:00
|
|
|
"path/filepath"
|
|
|
|
|
2015-02-22 20:24:22 -05:00
|
|
|
log "github.com/Sirupsen/logrus"
|
2015-04-13 14:40:42 -04:00
|
|
|
"github.com/docker/libnetwork/netutils"
|
2015-02-22 20:24:22 -05:00
|
|
|
"github.com/vishvananda/netlink"
|
|
|
|
)
|
|
|
|
|
|
|
|
var bridgeNetworks []*net.IPNet
|
|
|
|
|
|
|
|
func init() {
|
|
|
|
// Here we don't follow the convention of using the 1st IP of the range for the gateway.
|
|
|
|
// This is to use the same gateway IPs as the /24 ranges, which predate the /16 ranges.
|
|
|
|
// In theory this shouldn't matter - in practice there's bound to be a few scripts relying
|
|
|
|
// on the internal addressing or other stupid things like that.
|
|
|
|
// They shouldn't, but hey, let's not break them unless we really have to.
|
|
|
|
for _, addr := range []string{
|
|
|
|
"172.17.42.1/16", // Don't use 172.16.0.0/16, it conflicts with EC2 DNS 172.16.0.23
|
|
|
|
"10.0.42.1/16", // Don't even try using the entire /8, that's too intrusive
|
|
|
|
"10.1.42.1/16",
|
|
|
|
"10.42.42.1/16",
|
|
|
|
"172.16.42.1/24",
|
|
|
|
"172.16.43.1/24",
|
|
|
|
"172.16.44.1/24",
|
|
|
|
"10.0.42.1/24",
|
|
|
|
"10.0.43.1/24",
|
|
|
|
"192.168.42.1/24",
|
|
|
|
"192.168.43.1/24",
|
|
|
|
"192.168.44.1/24",
|
|
|
|
} {
|
|
|
|
ip, net, err := net.ParseCIDR(addr)
|
|
|
|
if err != nil {
|
|
|
|
log.Errorf("Failed to parse address %s", addr)
|
|
|
|
continue
|
|
|
|
}
|
2015-05-05 01:31:16 -04:00
|
|
|
net.IP = ip.To4()
|
2015-02-22 20:24:22 -05:00
|
|
|
bridgeNetworks = append(bridgeNetworks, net)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2015-05-06 01:51:26 -04:00
|
|
|
func setupBridgeIPv4(config *NetworkConfiguration, i *bridgeInterface) error {
|
2015-05-03 16:23:52 -04:00
|
|
|
addrv4, _, err := i.addresses()
|
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
|
|
|
|
// Check if we have an IP address already on the bridge.
|
|
|
|
if addrv4.IPNet != nil {
|
|
|
|
// Make sure to store bridge network and default gateway before getting out.
|
|
|
|
i.bridgeIPv4 = addrv4.IPNet
|
|
|
|
i.gatewayIPv4 = addrv4.IPNet.IP
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
|
|
|
|
// Do not try to configure IPv4 on a non-default bridge unless you are
|
|
|
|
// specifically asked to do so.
|
|
|
|
if config.BridgeName != DefaultBridgeName && !config.AllowNonDefaultBridge {
|
|
|
|
return NonDefaultBridgeExistError(config.BridgeName)
|
|
|
|
}
|
|
|
|
|
2015-04-15 01:25:42 -04:00
|
|
|
bridgeIPv4, err := electBridgeIPv4(config)
|
2015-02-22 20:24:22 -05:00
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
|
2015-04-15 01:25:42 -04:00
|
|
|
log.Debugf("Creating bridge interface %q with network %s", config.BridgeName, bridgeIPv4)
|
2015-03-04 17:56:22 -05:00
|
|
|
if err := netlink.AddrAdd(i.Link, &netlink.Addr{IPNet: bridgeIPv4}); err != nil {
|
2015-05-14 17:56:15 -04:00
|
|
|
return &IPv4AddrAddError{IP: bridgeIPv4, Err: err}
|
2015-02-27 12:11:53 -05:00
|
|
|
}
|
|
|
|
|
2015-04-24 18:13:44 -04:00
|
|
|
// Store bridge network and default gateway
|
2015-04-10 12:02:25 -04:00
|
|
|
i.bridgeIPv4 = bridgeIPv4
|
2015-04-24 18:13:44 -04:00
|
|
|
i.gatewayIPv4 = i.bridgeIPv4.IP
|
2015-04-10 12:02:25 -04:00
|
|
|
|
2015-02-27 12:11:53 -05:00
|
|
|
return nil
|
2015-02-22 20:24:22 -05:00
|
|
|
}
|
|
|
|
|
2015-05-06 01:51:26 -04:00
|
|
|
func allocateBridgeIP(config *NetworkConfiguration, i *bridgeInterface) error {
|
2015-05-03 16:23:52 -04:00
|
|
|
ipAllocator.RequestIP(i.bridgeIPv4, i.bridgeIPv4.IP)
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
|
2015-05-06 01:51:26 -04:00
|
|
|
func electBridgeIPv4(config *NetworkConfiguration) (*net.IPNet, error) {
|
2015-02-23 00:32:48 -05:00
|
|
|
// Use the requested IPv4 CIDR when available.
|
2015-02-22 20:24:22 -05:00
|
|
|
if config.AddressIPv4 != nil {
|
|
|
|
return config.AddressIPv4, nil
|
|
|
|
}
|
|
|
|
|
2015-02-23 00:11:12 -05:00
|
|
|
// We don't check for an error here, because we don't really care if we
|
|
|
|
// can't read /etc/resolv.conf. So instead we skip the append if resolvConf
|
|
|
|
// is nil. It either doesn't exist, or we can't read it for some reason.
|
|
|
|
nameservers := []string{}
|
2015-02-24 14:19:00 -05:00
|
|
|
if resolvConf, _ := readResolvConf(); resolvConf != nil {
|
|
|
|
nameservers = append(nameservers, getNameserversAsCIDR(resolvConf)...)
|
2015-02-23 00:11:12 -05:00
|
|
|
}
|
|
|
|
|
2015-04-20 00:04:08 -04:00
|
|
|
// Try to automatically elect appropriate bridge IPv4 settings.
|
2015-02-22 20:24:22 -05:00
|
|
|
for _, n := range bridgeNetworks {
|
2015-04-13 14:40:42 -04:00
|
|
|
if err := netutils.CheckNameserverOverlaps(nameservers, n); err == nil {
|
|
|
|
if err := netutils.CheckRouteOverlaps(n); err == nil {
|
2015-02-23 00:11:12 -05:00
|
|
|
return n, nil
|
|
|
|
}
|
|
|
|
}
|
2015-02-22 20:24:22 -05:00
|
|
|
}
|
|
|
|
|
2015-04-16 22:47:12 -04:00
|
|
|
return nil, IPv4AddrRangeError(config.BridgeName)
|
2015-02-23 00:11:12 -05:00
|
|
|
}
|
2015-04-24 18:13:44 -04:00
|
|
|
|
2015-05-06 01:51:26 -04:00
|
|
|
func setupGatewayIPv4(config *NetworkConfiguration, i *bridgeInterface) error {
|
2015-04-24 18:13:44 -04:00
|
|
|
if !i.bridgeIPv4.Contains(config.DefaultGatewayIPv4) {
|
2015-05-14 17:56:15 -04:00
|
|
|
return &ErrInvalidGateway{}
|
2015-04-24 18:13:44 -04:00
|
|
|
}
|
|
|
|
if _, err := ipAllocator.RequestIP(i.bridgeIPv4, config.DefaultGatewayIPv4); err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
|
|
|
|
// Store requested default gateway
|
|
|
|
i.gatewayIPv4 = config.DefaultGatewayIPv4
|
|
|
|
|
|
|
|
return nil
|
|
|
|
}
|
2015-05-18 19:49:12 -04:00
|
|
|
|
|
|
|
func setupLoopbackAdressesRouting(config *NetworkConfiguration, i *bridgeInterface) error {
|
|
|
|
// Enable loopback adresses routing
|
|
|
|
sysPath := filepath.Join("/proc/sys/net/ipv4/conf", config.BridgeName, "route_localnet")
|
|
|
|
if err := ioutil.WriteFile(sysPath, []byte{'1', '\n'}, 0644); err != nil {
|
|
|
|
return fmt.Errorf("Unable to enable local routing for hairpin mode: %v", err)
|
|
|
|
}
|
|
|
|
return nil
|
|
|
|
}
|