moby--moby/libnetwork/drivers/bridge/setup_ipv4.go

// +build linux

package bridge

import (
	"errors"
	"fmt"
	"io/ioutil"
	"net"
	"path/filepath"

	"github.com/docker/docker/libnetwork/types"
	"github.com/sirupsen/logrus"
	"github.com/vishvananda/netlink"
)

func selectIPv4Address(addresses []netlink.Addr, selector *net.IPNet) (netlink.Addr, error) {
	if len(addresses) == 0 {
		return netlink.Addr{}, errors.New("unable to select an address as the address pool is empty")
	}
	if selector != nil {
		for _, addr := range addresses {
			if selector.Contains(addr.IP) {
				return addr, nil
			}
		}
	}
	return addresses[0], nil
}

func setupBridgeIPv4(config *networkConfiguration, i *bridgeInterface) error {
	if !config.InhibitIPv4 {
		addrv4List, _, err := i.addresses()
		if err != nil {
			return fmt.Errorf("failed to retrieve bridge interface addresses: %v", err)
		}

		addrv4, _ := selectIPv4Address(addrv4List, config.AddressIPv4)

		if !types.CompareIPNet(addrv4.IPNet, config.AddressIPv4) {
			if addrv4.IPNet != nil {
				if err := i.nlh.AddrDel(i.Link, &addrv4); err != nil {
					return fmt.Errorf("failed to remove current ip address from bridge: %v", err)
				}
			}
			logrus.Debugf("Assigning address to bridge interface %s: %s", config.BridgeName, config.AddressIPv4)
			if err := i.nlh.AddrAdd(i.Link, &netlink.Addr{IPNet: config.AddressIPv4}); err != nil {
				return &IPv4AddrAddError{IP: config.AddressIPv4, Err: err}
			}
		}
	}

	// Store bridge network and default gateway
	i.bridgeIPv4 = config.AddressIPv4
	i.gatewayIPv4 = config.AddressIPv4.IP

	return nil
}

func setupGatewayIPv4(config *networkConfiguration, i *bridgeInterface) error {
	if !i.bridgeIPv4.Contains(config.DefaultGatewayIPv4) {
		return &ErrInvalidGateway{}
	}

	// Store requested default gateway
	i.gatewayIPv4 = config.DefaultGatewayIPv4

	return nil
}

func setupLoopbackAddressesRouting(config *networkConfiguration, i *bridgeInterface) error {
	sysPath := filepath.Join("/proc/sys/net/ipv4/conf", config.BridgeName, "route_localnet")
	ipv4LoRoutingData, err := ioutil.ReadFile(sysPath)
	if err != nil {
		return fmt.Errorf("Cannot read IPv4 local routing setup: %v", err)
	}
	// Enable loopback addresses routing only if it isn't already enabled
	if ipv4LoRoutingData[0] != '1' {
		if err := ioutil.WriteFile(sysPath, []byte{'1', '\n'}, 0644); err != nil {
			return fmt.Errorf("Unable to enable local routing for hairpin mode: %v", err)
		}
	}
	return nil
}
Fix some windows issues in libnetwork tests Fix build constraints for linux-only network drivers Signed-off-by: Brian Goff <cpuguy83@gmail.com> 2021-05-25 23:48:54 +00:00			`// +build linux`

WIP - Bridge refactoring Signed-off-by: Arnaud Porterie <arnaud.porterie@docker.com> 2015-02-22 17:24:22 -08:00			`package bridge`

			`import (`
Remove unnecessary string formats Signed-off-by: Ke Li <kel@splunk.com> 2016-11-22 09:29:53 +08:00			`"errors"`
Optional Userland Proxy - Port https://github.com/docker/docker/pull/12165 to libnetwork - More tests will be added later Signed-off-by: Alessandro Boch <aboch@docker.com> 2015-05-18 16:49:12 -07:00			`"fmt"`
			`"io/ioutil"`
Fix issue for `--fixed-cidr` when bridge has multiple addresses This fix tries to address the issue raised in: https://github.com/docker/docker/issues/26341 where multiple addresses in a bridge may cause `--fixed-cidr` to not have the correct addresses. The issue is that `netutils.ElectInterfaceAddresses(bridgeName)` only returns the first IPv4 address. This fix changes `ElectInterfaceAddresses()` and `addresses()` so that all IPv4 addresses are returned. This will allow the possibility of selectively choose the address needed. Signed-off-by: Yong Tang <yong.tang.github@outlook.com> 2016-09-16 22:40:44 -07:00			`"net"`
Optional Userland Proxy - Port https://github.com/docker/docker/pull/12165 to libnetwork - More tests will be added later Signed-off-by: Alessandro Boch <aboch@docker.com> 2015-05-18 16:49:12 -07:00			`"path/filepath"`

Fix libnetwork imports After moving libnetwork to this repo, we need to update all the import paths for libnetwork to point to docker/docker/libnetwork instead of docker/libnetwork. This change implements that. Signed-off-by: Brian Goff <cpuguy83@gmail.com> 2021-04-06 00:24:47 +00:00			`"github.com/docker/docker/libnetwork/types"`
Update logrus to v1.0.1 Fix case sensitivity issue Update docker and runc vendors Signed-off-by: Derek McGowan <derek@mcgstyle.net> 2017-07-26 14:18:31 -07:00			`"github.com/sirupsen/logrus"`
WIP - Bridge refactoring Signed-off-by: Arnaud Porterie <arnaud.porterie@docker.com> 2015-02-22 17:24:22 -08:00			`"github.com/vishvananda/netlink"`
			`)`

Fix issue for `--fixed-cidr` when bridge has multiple addresses This fix tries to address the issue raised in: https://github.com/docker/docker/issues/26341 where multiple addresses in a bridge may cause `--fixed-cidr` to not have the correct addresses. The issue is that `netutils.ElectInterfaceAddresses(bridgeName)` only returns the first IPv4 address. This fix changes `ElectInterfaceAddresses()` and `addresses()` so that all IPv4 addresses are returned. This will allow the possibility of selectively choose the address needed. Signed-off-by: Yong Tang <yong.tang.github@outlook.com> 2016-09-16 22:40:44 -07:00			`func selectIPv4Address(addresses []netlink.Addr, selector *net.IPNet) (netlink.Addr, error) {`
			`if len(addresses) == 0 {`
Remove unnecessary string formats Signed-off-by: Ke Li <kel@splunk.com> 2016-11-22 09:29:53 +08:00			`return netlink.Addr{}, errors.New("unable to select an address as the address pool is empty")`
Fix issue for `--fixed-cidr` when bridge has multiple addresses This fix tries to address the issue raised in: https://github.com/docker/docker/issues/26341 where multiple addresses in a bridge may cause `--fixed-cidr` to not have the correct addresses. The issue is that `netutils.ElectInterfaceAddresses(bridgeName)` only returns the first IPv4 address. This fix changes `ElectInterfaceAddresses()` and `addresses()` so that all IPv4 addresses are returned. This will allow the possibility of selectively choose the address needed. Signed-off-by: Yong Tang <yong.tang.github@outlook.com> 2016-09-16 22:40:44 -07:00			`}`
			`if selector != nil {`
			`for _, addr := range addresses {`
			`if selector.Contains(addr.IP) {`
			`return addr, nil`
			`}`
			`}`
			`}`
			`return addresses[0], nil`
			`}`

Support network options in rest api - Also unexporting configuration structures in bridge - Changes in dnet/network.go to set bridge name = network name Signed-off-by: Alessandro Boch <aboch@docker.com> 2015-05-22 10:56:36 -07:00			`func setupBridgeIPv4(config networkConfiguration, i bridgeInterface) error {`
Allow bridge net driver to skip IPv4 configuration of bridge interface Introduce "com.docker.network.bridge.inhibit_ipv4" option to the bridge network driver. If set, this option will prevent docker from setting or modifying Layer-3 (IP) configuration on the bridge interface in any way. This option should allow connecting containers to pre-existing network segments (with e.g., pre-existing default gateways) while simultaneously preserving our ability to communicate with the host and/or configure the properties of the host-side container virtual network interface (e.g., delay/loss/jitter via netem), which can not be done using macvlan. Signed-off-by: Gabriel Somlo <gsomlo@gmail.com> 2018-12-23 19:05:20 -05:00			`if !config.InhibitIPv4 {`
			`addrv4List, _, err := i.addresses()`
			`if err != nil {`
			`return fmt.Errorf("failed to retrieve bridge interface addresses: %v", err)`
			`}`
WIP - Bridge refactoring Signed-off-by: Arnaud Porterie <arnaud.porterie@docker.com> 2015-02-22 17:24:22 -08:00
Allow bridge net driver to skip IPv4 configuration of bridge interface Introduce "com.docker.network.bridge.inhibit_ipv4" option to the bridge network driver. If set, this option will prevent docker from setting or modifying Layer-3 (IP) configuration on the bridge interface in any way. This option should allow connecting containers to pre-existing network segments (with e.g., pre-existing default gateways) while simultaneously preserving our ability to communicate with the host and/or configure the properties of the host-side container virtual network interface (e.g., delay/loss/jitter via netem), which can not be done using macvlan. Signed-off-by: Gabriel Somlo <gsomlo@gmail.com> 2018-12-23 19:05:20 -05:00			`addrv4, _ := selectIPv4Address(addrv4List, config.AddressIPv4)`
Fix issue for `--fixed-cidr` when bridge has multiple addresses This fix tries to address the issue raised in: https://github.com/docker/docker/issues/26341 where multiple addresses in a bridge may cause `--fixed-cidr` to not have the correct addresses. The issue is that `netutils.ElectInterfaceAddresses(bridgeName)` only returns the first IPv4 address. This fix changes `ElectInterfaceAddresses()` and `addresses()` so that all IPv4 addresses are returned. This will allow the possibility of selectively choose the address needed. Signed-off-by: Yong Tang <yong.tang.github@outlook.com> 2016-09-16 22:40:44 -07:00
Allow bridge net driver to skip IPv4 configuration of bridge interface Introduce "com.docker.network.bridge.inhibit_ipv4" option to the bridge network driver. If set, this option will prevent docker from setting or modifying Layer-3 (IP) configuration on the bridge interface in any way. This option should allow connecting containers to pre-existing network segments (with e.g., pre-existing default gateways) while simultaneously preserving our ability to communicate with the host and/or configure the properties of the host-side container virtual network interface (e.g., delay/loss/jitter via netem), which can not be done using macvlan. Signed-off-by: Gabriel Somlo <gsomlo@gmail.com> 2018-12-23 19:05:20 -05:00			`if !types.CompareIPNet(addrv4.IPNet, config.AddressIPv4) {`
			`if addrv4.IPNet != nil {`
			`if err := i.nlh.AddrDel(i.Link, &addrv4); err != nil {`
			`return fmt.Errorf("failed to remove current ip address from bridge: %v", err)`
			`}`
			`}`
			`logrus.Debugf("Assigning address to bridge interface %s: %s", config.BridgeName, config.AddressIPv4)`
			`if err := i.nlh.AddrAdd(i.Link, &netlink.Addr{IPNet: config.AddressIPv4}); err != nil {`
			`return &IPv4AddrAddError{IP: config.AddressIPv4, Err: err}`
Phase-2 bridge driver changes to support IPAM - Set bridge ipv4 address when bridge is present - IPv6 changes for bridge - Convert unit tests to the new model Signed-off-by: Alessandro Boch <aboch@docker.com> 2015-10-05 14:53:25 -07:00			`}`
			`}`
Test coverage Signed-off-by: Arnaud Porterie <arnaud.porterie@docker.com> 2015-02-27 09:11:53 -08:00			`}`

Issue #88: Handle default v4/v6 gw setting - Basically this is porting docker PR #9381 to libnetwork - Added a Config.Validate() method where to consolidate a priori validation of bridge configuration - Have bridgeInterface store the current v4/v6 default gateways - Introduced two setupStep functions to set the requested def gateways Signed-off-by: Alessandro Boch <aboch@docker.com> 2015-04-24 15:13:44 -07:00			`// Store bridge network and default gateway`
Phase-2 bridge driver changes to support IPAM - Set bridge ipv4 address when bridge is present - IPv6 changes for bridge - Convert unit tests to the new model Signed-off-by: Alessandro Boch <aboch@docker.com> 2015-10-05 14:53:25 -07:00			`i.bridgeIPv4 = config.AddressIPv4`
			`i.gatewayIPv4 = config.AddressIPv4.IP`
- Added support to bridgeNetwork.Link - Removed MAC and MTU configuration via AddInterface Signed-off-by: Jana Radhakrishnan <mrjana@docker.com> 2015-04-10 16:02:25 +00:00
Test coverage Signed-off-by: Arnaud Porterie <arnaud.porterie@docker.com> 2015-02-27 09:11:53 -08:00			`return nil`
WIP - Bridge refactoring Signed-off-by: Arnaud Porterie <arnaud.porterie@docker.com> 2015-02-22 17:24:22 -08:00			`}`

Support network options in rest api - Also unexporting configuration structures in bridge - Changes in dnet/network.go to set bridge name = network name Signed-off-by: Alessandro Boch <aboch@docker.com> 2015-05-22 10:56:36 -07:00			`func setupGatewayIPv4(config networkConfiguration, i bridgeInterface) error {`
Issue #88: Handle default v4/v6 gw setting - Basically this is porting docker PR #9381 to libnetwork - Added a Config.Validate() method where to consolidate a priori validation of bridge configuration - Have bridgeInterface store the current v4/v6 default gateways - Introduced two setupStep functions to set the requested def gateways Signed-off-by: Alessandro Boch <aboch@docker.com> 2015-04-24 15:13:44 -07:00			`if !i.bridgeIPv4.Contains(config.DefaultGatewayIPv4) {`
Provide interface to categorize errors - Package types to define the interfaces libnetwork errors may implement, so that caller can categorize them. Signed-off-by: Alessandro Boch <aboch@docker.com> 2015-05-14 14:56:15 -07:00			`return &ErrInvalidGateway{}`
Issue #88: Handle default v4/v6 gw setting - Basically this is porting docker PR #9381 to libnetwork - Added a Config.Validate() method where to consolidate a priori validation of bridge configuration - Have bridgeInterface store the current v4/v6 default gateways - Introduced two setupStep functions to set the requested def gateways Signed-off-by: Alessandro Boch <aboch@docker.com> 2015-04-24 15:13:44 -07:00			`}`
Pass a canonical subnet to ipallocator - Currently both network and host bits in the subnet are passed when requesting an address from ipallocator. The way ip allocator determines the first available IP is tainted when caller passes the subnet host bits. - Verified this patch applied to libnetwork vendored in docker fixes the issue when starting the daemon. - Fixes #287 Signed-off-by: Alessandro Boch <aboch@docker.com> 2015-06-11 23:21:50 -07:00
Issue #88: Handle default v4/v6 gw setting - Basically this is porting docker PR #9381 to libnetwork - Added a Config.Validate() method where to consolidate a priori validation of bridge configuration - Have bridgeInterface store the current v4/v6 default gateways - Introduced two setupStep functions to set the requested def gateways Signed-off-by: Alessandro Boch <aboch@docker.com> 2015-04-24 15:13:44 -07:00			`// Store requested default gateway`
			`i.gatewayIPv4 = config.DefaultGatewayIPv4`

			`return nil`
			`}`
Optional Userland Proxy - Port https://github.com/docker/docker/pull/12165 to libnetwork - More tests will be added later Signed-off-by: Alessandro Boch <aboch@docker.com> 2015-05-18 16:49:12 -07:00
typo: fix misspells in code and comments Signed-off-by: Yang Li <idealhack@gmail.com> 2018-05-29 17:07:06 +08:00			`func setupLoopbackAddressesRouting(config networkConfiguration, i bridgeInterface) error {`
Optional Userland Proxy - Port https://github.com/docker/docker/pull/12165 to libnetwork - More tests will be added later Signed-off-by: Alessandro Boch <aboch@docker.com> 2015-05-18 16:49:12 -07:00			`sysPath := filepath.Join("/proc/sys/net/ipv4/conf", config.BridgeName, "route_localnet")`
modify /proc/sys only if needed fixes #405 Signed-off-by: Tomas Kral <tomas.kral@gmail.com> 2015-07-27 13:31:03 +02:00			`ipv4LoRoutingData, err := ioutil.ReadFile(sysPath)`
			`if err != nil {`
			`return fmt.Errorf("Cannot read IPv4 local routing setup: %v", err)`
			`}`
typo: fix misspells in code and comments Signed-off-by: Yang Li <idealhack@gmail.com> 2018-05-29 17:07:06 +08:00			`// Enable loopback addresses routing only if it isn't already enabled`
modify /proc/sys only if needed fixes #405 Signed-off-by: Tomas Kral <tomas.kral@gmail.com> 2015-07-27 13:31:03 +02:00			`if ipv4LoRoutingData[0] != '1' {`
			`if err := ioutil.WriteFile(sysPath, []byte{'1', '\n'}, 0644); err != nil {`
			`return fmt.Errorf("Unable to enable local routing for hairpin mode: %v", err)`
			`}`
Optional Userland Proxy - Port https://github.com/docker/docker/pull/12165 to libnetwork - More tests will be added later Signed-off-by: Alessandro Boch <aboch@docker.com> 2015-05-18 16:49:12 -07:00			`}`
			`return nil`
			`}`