moby--moby/libnetwork/drivers/bridge/setup_ipv4.go

package bridge

import (
	"fmt"
	"io/ioutil"
	"net"
	"path/filepath"

	log "github.com/Sirupsen/logrus"
	"github.com/docker/libnetwork/netutils"
	"github.com/vishvananda/netlink"
)

var bridgeNetworks []*net.IPNet

func init() {
	// Here we don't follow the convention of using the 1st IP of the range for the gateway.
	// This is to use the same gateway IPs as the /24 ranges, which predate the /16 ranges.
	// In theory this shouldn't matter - in practice there's bound to be a few scripts relying
	// on the internal addressing or other stupid things like that.
	// They shouldn't, but hey, let's not break them unless we really have to.
	// Don't use 172.16.0.0/16, it conflicts with EC2 DNS 172.16.0.23

	// 172.[17-31].42.1/16
	mask := []byte{255, 255, 0, 0}
	for i := 17; i < 32; i++ {
		bridgeNetworks = append(bridgeNetworks, &net.IPNet{IP: []byte{172, byte(i), 42, 1}, Mask: mask})
	}
	// 10.[0-255].42.1/16
	for i := 0; i < 256; i++ {
		bridgeNetworks = append(bridgeNetworks, &net.IPNet{IP: []byte{10, byte(i), 42, 1}, Mask: mask})
	}
	// 192.168.[42-44].1/24
	mask24 := []byte{255, 255, 255, 0}
	for i := 42; i < 45; i++ {
		bridgeNetworks = append(bridgeNetworks, &net.IPNet{IP: []byte{192, 168, byte(i), 1}, Mask: mask24})
	}
}

func setupBridgeIPv4(config *networkConfiguration, i *bridgeInterface) error {
	addrv4, _, err := i.addresses()
	if err != nil {
		return err
	}

	// Check if we have an IP address already on the bridge.
	if addrv4.IPNet != nil {
		// Make sure to store bridge network and default gateway before getting out.
		i.bridgeIPv4 = addrv4.IPNet
		i.gatewayIPv4 = addrv4.IPNet.IP
		return nil
	}

	// Do not try to configure IPv4 on a non-default bridge unless you are
	// specifically asked to do so.
	if config.BridgeName != DefaultBridgeName && config.DefaultBridge {
		return NonDefaultBridgeNeedsIPError(config.BridgeName)
	}

	bridgeIPv4, err := electBridgeIPv4(config)
	if err != nil {
		return err
	}

	log.Debugf("Creating bridge interface %s with network %s", config.BridgeName, bridgeIPv4)
	if err := netlink.AddrAdd(i.Link, &netlink.Addr{IPNet: bridgeIPv4}); err != nil {
		return &IPv4AddrAddError{IP: bridgeIPv4, Err: err}
	}

	// Store bridge network and default gateway
	i.bridgeIPv4 = bridgeIPv4
	i.gatewayIPv4 = i.bridgeIPv4.IP

	return nil
}

func electBridgeIPv4(config *networkConfiguration) (*net.IPNet, error) {
	// Use the requested IPv4 CIDR when available.
	if config.AddressIPv4 != nil {
		return config.AddressIPv4, nil
	}

	// We don't check for an error here, because we don't really care if we
	// can't read /etc/resolv.conf. So instead we skip the append if resolvConf
	// is nil. It either doesn't exist, or we can't read it for some reason.
	nameservers := []string{}
	if resolvConf, _ := readResolvConf(); resolvConf != nil {
		nameservers = append(nameservers, getNameserversAsCIDR(resolvConf)...)
	}

	// Try to automatically elect appropriate bridge IPv4 settings.
	for _, n := range bridgeNetworks {
		if err := netutils.CheckNameserverOverlaps(nameservers, n); err == nil {
			if err := netutils.CheckRouteOverlaps(n); err == nil {
				return n, nil
			}
		}
	}

	return nil, IPv4AddrRangeError(config.BridgeName)
}

func setupGatewayIPv4(config *networkConfiguration, i *bridgeInterface) error {
	if !i.bridgeIPv4.Contains(config.DefaultGatewayIPv4) {
		return &ErrInvalidGateway{}
	}

	// Store requested default gateway
	i.gatewayIPv4 = config.DefaultGatewayIPv4

	return nil
}

func setupLoopbackAdressesRouting(config *networkConfiguration, i *bridgeInterface) error {
	sysPath := filepath.Join("/proc/sys/net/ipv4/conf", config.BridgeName, "route_localnet")
	ipv4LoRoutingData, err := ioutil.ReadFile(sysPath)
	if err != nil {
		return fmt.Errorf("Cannot read IPv4 local routing setup: %v", err)
	}
	// Enable loopback adresses routing only if it isn't already enabled
	if ipv4LoRoutingData[0] != '1' {
		if err := ioutil.WriteFile(sysPath, []byte{'1', '\n'}, 0644); err != nil {
			return fmt.Errorf("Unable to enable local routing for hairpin mode: %v", err)
		}
	}
	return nil
}
WIP - Bridge refactoring Signed-off-by: Arnaud Porterie <arnaud.porterie@docker.com> 2015-02-23 01:24:22 +00:00			`package bridge`

			`import (`
Optional Userland Proxy - Port https://github.com/docker/docker/pull/12165 to libnetwork - More tests will be added later Signed-off-by: Alessandro Boch <aboch@docker.com> 2015-05-18 23:49:12 +00:00			`"fmt"`
			`"io/ioutil"`
WIP - Bridge refactoring Signed-off-by: Arnaud Porterie <arnaud.porterie@docker.com> 2015-02-23 01:24:22 +00:00			`"net"`
Optional Userland Proxy - Port https://github.com/docker/docker/pull/12165 to libnetwork - More tests will be added later Signed-off-by: Alessandro Boch <aboch@docker.com> 2015-05-18 23:49:12 +00:00			`"path/filepath"`

WIP - Bridge refactoring Signed-off-by: Arnaud Porterie <arnaud.porterie@docker.com> 2015-02-23 01:24:22 +00:00			`log "github.com/Sirupsen/logrus"`
Libnetwork refactor for container network model - Added controller, network, endpoint and sandbox interfaces - Created netutils package for miscallaneous network utilities - Created driverapi package to break cyclic dependency b/w driver and libnetwork - Made libnetwork multithread safe - Made bridge driver multithread safe - Fixed README.md Signed-off-by: Jana Radhakrishnan <mrjana@docker.com> 2015-04-13 18:40:42 +00:00			`"github.com/docker/libnetwork/netutils"`
WIP - Bridge refactoring Signed-off-by: Arnaud Porterie <arnaud.porterie@docker.com> 2015-02-23 01:24:22 +00:00			`"github.com/vishvananda/netlink"`
			`)`

			`var bridgeNetworks []*net.IPNet`

			`func init() {`
			`// Here we don't follow the convention of using the 1st IP of the range for the gateway.`
			`// This is to use the same gateway IPs as the /24 ranges, which predate the /16 ranges.`
			`// In theory this shouldn't matter - in practice there's bound to be a few scripts relying`
			`// on the internal addressing or other stupid things like that.`
			`// They shouldn't, but hey, let's not break them unless we really have to.`
Bridge driver to support multiple networks Signed-off-by: Alessandro Boch <aboch@docker.com> 2015-05-21 20:13:19 +00:00			`// Don't use 172.16.0.0/16, it conflicts with EC2 DNS 172.16.0.23`

			`// 172.[17-31].42.1/16`
			`mask := []byte{255, 255, 0, 0}`
			`for i := 17; i < 32; i++ {`
			`bridgeNetworks = append(bridgeNetworks, &net.IPNet{IP: []byte{172, byte(i), 42, 1}, Mask: mask})`
			`}`
			`// 10.[0-255].42.1/16`
			`for i := 0; i < 256; i++ {`
			`bridgeNetworks = append(bridgeNetworks, &net.IPNet{IP: []byte{10, byte(i), 42, 1}, Mask: mask})`
			`}`
			`// 192.168.[42-44].1/24`
Bug in bridge network mask - that was causing all networks to be /24 Signed-off-by: Alessandro Boch <aboch@docker.com> 2015-08-03 22:37:56 +00:00			`mask24 := []byte{255, 255, 255, 0}`
Bridge driver to support multiple networks Signed-off-by: Alessandro Boch <aboch@docker.com> 2015-05-21 20:13:19 +00:00			`for i := 42; i < 45; i++ {`
Bug in bridge network mask - that was causing all networks to be /24 Signed-off-by: Alessandro Boch <aboch@docker.com> 2015-08-03 22:37:56 +00:00			`bridgeNetworks = append(bridgeNetworks, &net.IPNet{IP: []byte{192, 168, byte(i), 1}, Mask: mask24})`
WIP - Bridge refactoring Signed-off-by: Arnaud Porterie <arnaud.porterie@docker.com> 2015-02-23 01:24:22 +00:00			`}`
			`}`

Support network options in rest api - Also unexporting configuration structures in bridge - Changes in dnet/network.go to set bridge name = network name Signed-off-by: Alessandro Boch <aboch@docker.com> 2015-05-22 17:56:36 +00:00			`func setupBridgeIPv4(config networkConfiguration, i bridgeInterface) error {`
Fixed a bug in bridge driver when docker0 has no IP address it doesn't select and configure a proper IP address. Signed-off-by: Jana Radhakrishnan <mrjana@docker.com> 2015-05-03 20:23:52 +00:00			`addrv4, _, err := i.addresses()`
			`if err != nil {`
			`return err`
			`}`

			`// Check if we have an IP address already on the bridge.`
			`if addrv4.IPNet != nil {`
			`// Make sure to store bridge network and default gateway before getting out.`
			`i.bridgeIPv4 = addrv4.IPNet`
			`i.gatewayIPv4 = addrv4.IPNet.IP`
			`return nil`
			`}`

			`// Do not try to configure IPv4 on a non-default bridge unless you are`
			`// specifically asked to do so.`
Fixed a few more issues observed during docker integration - DisableBridgeCreation is misleading. change it to DefaultBridge - Dont fail the init if localstore cannot be initialized - added a convenience function to get endpoint for a container Signed-off-by: Madhu Venugopal <madhu@docker.com> 2015-09-25 16:02:18 +00:00			`if config.BridgeName != DefaultBridgeName && config.DefaultBridge {`
Flip the default for the flag AllowNonDefaultBridge in bridge driver Replaced it with DisableBridgeCreation and it can be used ONLY in a special case for docker0 bridge from docker, instead of calling it from all other case. Signed-off-by: Madhu Venugopal <madhu@docker.com> 2015-09-24 01:01:04 +00:00			`return NonDefaultBridgeNeedsIPError(config.BridgeName)`
Fixed a bug in bridge driver when docker0 has no IP address it doesn't select and configure a proper IP address. Signed-off-by: Jana Radhakrishnan <mrjana@docker.com> 2015-05-03 20:23:52 +00:00			`}`

Added driver specific config support - Added api enhancement to pass driver specific config - Refactored simple bridge driver code for driver specific config - Added an undocumented option to add non-default bridges without manual pre-provisioning to help libnetwork testing - Reenabled libnetwork test to do api testing - Updated README.md Signed-off-by: Jana Radhakrishnan <mrjana@docker.com> 2015-04-15 05:25:42 +00:00			`bridgeIPv4, err := electBridgeIPv4(config)`
WIP - Bridge refactoring Signed-off-by: Arnaud Porterie <arnaud.porterie@docker.com> 2015-02-23 01:24:22 +00:00			`if err != nil {`
			`return err`
			`}`

Fixes ip allocation for multi bridge networks - Do not discard errors on ip allocation for gw and bridge - Release addresses on network delete - Add some context on top of ipallocator returned error - Create ip allocator instance at driver creation, not at package init, otherwise this affects bridge test code where ip db is carried over test functions Signed-off-by: Alessandro Boch <aboch@docker.com> 2015-08-06 22:45:38 +00:00			`log.Debugf("Creating bridge interface %s with network %s", config.BridgeName, bridgeIPv4)`
Fix govet warnings Signed-off-by: Arnaud Porterie <arnaud.porterie@docker.com> 2015-03-04 22:56:22 +00:00			`if err := netlink.AddrAdd(i.Link, &netlink.Addr{IPNet: bridgeIPv4}); err != nil {`
Provide interface to categorize errors - Package types to define the interfaces libnetwork errors may implement, so that caller can categorize them. Signed-off-by: Alessandro Boch <aboch@docker.com> 2015-05-14 21:56:15 +00:00			`return &IPv4AddrAddError{IP: bridgeIPv4, Err: err}`
Test coverage Signed-off-by: Arnaud Porterie <arnaud.porterie@docker.com> 2015-02-27 17:11:53 +00:00			`}`

Issue #88: Handle default v4/v6 gw setting - Basically this is porting docker PR #9381 to libnetwork - Added a Config.Validate() method where to consolidate a priori validation of bridge configuration - Have bridgeInterface store the current v4/v6 default gateways - Introduced two setupStep functions to set the requested def gateways Signed-off-by: Alessandro Boch <aboch@docker.com> 2015-04-24 22:13:44 +00:00			`// Store bridge network and default gateway`
- Added support to bridgeNetwork.Link - Removed MAC and MTU configuration via AddInterface Signed-off-by: Jana Radhakrishnan <mrjana@docker.com> 2015-04-10 16:02:25 +00:00			`i.bridgeIPv4 = bridgeIPv4`
Issue #88: Handle default v4/v6 gw setting - Basically this is porting docker PR #9381 to libnetwork - Added a Config.Validate() method where to consolidate a priori validation of bridge configuration - Have bridgeInterface store the current v4/v6 default gateways - Introduced two setupStep functions to set the requested def gateways Signed-off-by: Alessandro Boch <aboch@docker.com> 2015-04-24 22:13:44 +00:00			`i.gatewayIPv4 = i.bridgeIPv4.IP`
- Added support to bridgeNetwork.Link - Removed MAC and MTU configuration via AddInterface Signed-off-by: Jana Radhakrishnan <mrjana@docker.com> 2015-04-10 16:02:25 +00:00
Test coverage Signed-off-by: Arnaud Porterie <arnaud.porterie@docker.com> 2015-02-27 17:11:53 +00:00			`return nil`
WIP - Bridge refactoring Signed-off-by: Arnaud Porterie <arnaud.porterie@docker.com> 2015-02-23 01:24:22 +00:00			`}`

Support network options in rest api - Also unexporting configuration structures in bridge - Changes in dnet/network.go to set bridge name = network name Signed-off-by: Alessandro Boch <aboch@docker.com> 2015-05-22 17:56:36 +00:00			`func electBridgeIPv4(config networkConfiguration) (net.IPNet, error) {`
WIP - Fixed CIDR v4 and v6 Signed-off-by: Arnaud Porterie <arnaud.porterie@docker.com> 2015-02-23 05:32:48 +00:00			`// Use the requested IPv4 CIDR when available.`
WIP - Bridge refactoring Signed-off-by: Arnaud Porterie <arnaud.porterie@docker.com> 2015-02-23 01:24:22 +00:00			`if config.AddressIPv4 != nil {`
			`return config.AddressIPv4, nil`
			`}`

WIP - Bridge refactoring Signed-off-by: Arnaud Porterie <arnaud.porterie@docker.com> 2015-02-23 05:11:12 +00:00			`// We don't check for an error here, because we don't really care if we`
			`// can't read /etc/resolv.conf. So instead we skip the append if resolvConf`
			`// is nil. It either doesn't exist, or we can't read it for some reason.`
			`nameservers := []string{}`
Add tests Signed-off-by: Arnaud Porterie <arnaud.porterie@docker.com> 2015-02-24 19:19:00 +00:00			`if resolvConf, _ := readResolvConf(); resolvConf != nil {`
			`nameservers = append(nameservers, getNameserversAsCIDR(resolvConf)...)`
WIP - Bridge refactoring Signed-off-by: Arnaud Porterie <arnaud.porterie@docker.com> 2015-02-23 05:11:12 +00:00			`}`

fix some typos Signed-off-by: bin liu <liubin0329@gmail.com> 2015-04-20 04:04:08 +00:00			`// Try to automatically elect appropriate bridge IPv4 settings.`
WIP - Bridge refactoring Signed-off-by: Arnaud Porterie <arnaud.porterie@docker.com> 2015-02-23 01:24:22 +00:00			`for _, n := range bridgeNetworks {`
Libnetwork refactor for container network model - Added controller, network, endpoint and sandbox interfaces - Created netutils package for miscallaneous network utilities - Created driverapi package to break cyclic dependency b/w driver and libnetwork - Made libnetwork multithread safe - Made bridge driver multithread safe - Fixed README.md Signed-off-by: Jana Radhakrishnan <mrjana@docker.com> 2015-04-13 18:40:42 +00:00			`if err := netutils.CheckNameserverOverlaps(nameservers, n); err == nil {`
			`if err := netutils.CheckRouteOverlaps(n); err == nil {`
WIP - Bridge refactoring Signed-off-by: Arnaud Porterie <arnaud.porterie@docker.com> 2015-02-23 05:11:12 +00:00			`return n, nil`
			`}`
			`}`
WIP - Bridge refactoring Signed-off-by: Arnaud Porterie <arnaud.porterie@docker.com> 2015-02-23 01:24:22 +00:00			`}`

Changed all the naked error returns in bridge driver to proper error types, except the naked error returns which were just prefixing strings to previously returned error strings. Signed-off-by: Jana Radhakrishnan <mrjana@docker.com> 2015-04-17 02:47:12 +00:00			`return nil, IPv4AddrRangeError(config.BridgeName)`
WIP - Bridge refactoring Signed-off-by: Arnaud Porterie <arnaud.porterie@docker.com> 2015-02-23 05:11:12 +00:00			`}`
Issue #88: Handle default v4/v6 gw setting - Basically this is porting docker PR #9381 to libnetwork - Added a Config.Validate() method where to consolidate a priori validation of bridge configuration - Have bridgeInterface store the current v4/v6 default gateways - Introduced two setupStep functions to set the requested def gateways Signed-off-by: Alessandro Boch <aboch@docker.com> 2015-04-24 22:13:44 +00:00
Support network options in rest api - Also unexporting configuration structures in bridge - Changes in dnet/network.go to set bridge name = network name Signed-off-by: Alessandro Boch <aboch@docker.com> 2015-05-22 17:56:36 +00:00			`func setupGatewayIPv4(config networkConfiguration, i bridgeInterface) error {`
Issue #88: Handle default v4/v6 gw setting - Basically this is porting docker PR #9381 to libnetwork - Added a Config.Validate() method where to consolidate a priori validation of bridge configuration - Have bridgeInterface store the current v4/v6 default gateways - Introduced two setupStep functions to set the requested def gateways Signed-off-by: Alessandro Boch <aboch@docker.com> 2015-04-24 22:13:44 +00:00			`if !i.bridgeIPv4.Contains(config.DefaultGatewayIPv4) {`
Provide interface to categorize errors - Package types to define the interfaces libnetwork errors may implement, so that caller can categorize them. Signed-off-by: Alessandro Boch <aboch@docker.com> 2015-05-14 21:56:15 +00:00			`return &ErrInvalidGateway{}`
Issue #88: Handle default v4/v6 gw setting - Basically this is porting docker PR #9381 to libnetwork - Added a Config.Validate() method where to consolidate a priori validation of bridge configuration - Have bridgeInterface store the current v4/v6 default gateways - Introduced two setupStep functions to set the requested def gateways Signed-off-by: Alessandro Boch <aboch@docker.com> 2015-04-24 22:13:44 +00:00			`}`
Pass a canonical subnet to ipallocator - Currently both network and host bits in the subnet are passed when requesting an address from ipallocator. The way ip allocator determines the first available IP is tainted when caller passes the subnet host bits. - Verified this patch applied to libnetwork vendored in docker fixes the issue when starting the daemon. - Fixes #287 Signed-off-by: Alessandro Boch <aboch@docker.com> 2015-06-12 06:21:50 +00:00
Issue #88: Handle default v4/v6 gw setting - Basically this is porting docker PR #9381 to libnetwork - Added a Config.Validate() method where to consolidate a priori validation of bridge configuration - Have bridgeInterface store the current v4/v6 default gateways - Introduced two setupStep functions to set the requested def gateways Signed-off-by: Alessandro Boch <aboch@docker.com> 2015-04-24 22:13:44 +00:00			`// Store requested default gateway`
			`i.gatewayIPv4 = config.DefaultGatewayIPv4`

			`return nil`
			`}`
Optional Userland Proxy - Port https://github.com/docker/docker/pull/12165 to libnetwork - More tests will be added later Signed-off-by: Alessandro Boch <aboch@docker.com> 2015-05-18 23:49:12 +00:00
Support network options in rest api - Also unexporting configuration structures in bridge - Changes in dnet/network.go to set bridge name = network name Signed-off-by: Alessandro Boch <aboch@docker.com> 2015-05-22 17:56:36 +00:00			`func setupLoopbackAdressesRouting(config networkConfiguration, i bridgeInterface) error {`
Optional Userland Proxy - Port https://github.com/docker/docker/pull/12165 to libnetwork - More tests will be added later Signed-off-by: Alessandro Boch <aboch@docker.com> 2015-05-18 23:49:12 +00:00			`sysPath := filepath.Join("/proc/sys/net/ipv4/conf", config.BridgeName, "route_localnet")`
modify /proc/sys only if needed fixes #405 Signed-off-by: Tomas Kral <tomas.kral@gmail.com> 2015-07-27 11:31:03 +00:00			`ipv4LoRoutingData, err := ioutil.ReadFile(sysPath)`
			`if err != nil {`
			`return fmt.Errorf("Cannot read IPv4 local routing setup: %v", err)`
			`}`
			`// Enable loopback adresses routing only if it isn't already enabled`
			`if ipv4LoRoutingData[0] != '1' {`
			`if err := ioutil.WriteFile(sysPath, []byte{'1', '\n'}, 0644); err != nil {`
			`return fmt.Errorf("Unable to enable local routing for hairpin mode: %v", err)`
			`}`
Optional Userland Proxy - Port https://github.com/docker/docker/pull/12165 to libnetwork - More tests will be added later Signed-off-by: Alessandro Boch <aboch@docker.com> 2015-05-18 23:49:12 +00:00			`}`
			`return nil`
			`}`