2016-08-23 17:12:43 -04:00
|
|
|
#!/usr/bin/env bash
|
|
|
|
|
|
|
|
# Required tools
|
|
|
|
DOCKER="${DOCKER:-docker}"
|
|
|
|
NSENTER="${NSENTER:-nsenter}"
|
|
|
|
BRIDGE="${BRIDGE:-bridge}"
|
|
|
|
IPTABLES="${IPTABLES:-iptables}"
|
2018-01-04 16:35:35 -05:00
|
|
|
IPVSADM="${IPVSADM:-ipvsadm}"
|
|
|
|
IP="${IP:-ip}"
|
2016-08-23 17:12:43 -04:00
|
|
|
|
2018-03-05 13:14:53 -05:00
|
|
|
networks=0
|
|
|
|
containers=0
|
|
|
|
ip_overlap=0
|
|
|
|
|
2016-08-23 17:12:43 -04:00
|
|
|
NSDIR=/var/run/docker/netns
|
|
|
|
|
|
|
|
function die {
|
|
|
|
echo $*
|
|
|
|
exit 1
|
|
|
|
}
|
|
|
|
|
2018-01-04 16:35:35 -05:00
|
|
|
function echo_and_run {
|
|
|
|
echo "#" "$@"
|
|
|
|
eval $(printf '%q ' "$@") < /dev/stdout
|
|
|
|
}
|
|
|
|
|
2018-03-05 13:14:53 -05:00
|
|
|
function check_ip_overlap {
|
|
|
|
inspect=$1
|
2018-03-27 17:39:40 -04:00
|
|
|
overlap=$(echo "$inspect_output" | grep "EndpointIP\|VIP" | cut -d':' -f2 | sort | uniq -c | grep -v "1 ")
|
2018-03-05 13:14:53 -05:00
|
|
|
if [ ! -z "$overlap" ]; then
|
|
|
|
echo -e "\n\n*** OVERLAP on Network ${networkID} ***";
|
|
|
|
echo -e "${overlap} \n\n"
|
|
|
|
((ip_overlap++))
|
|
|
|
else
|
|
|
|
echo "No overlap"
|
|
|
|
fi
|
|
|
|
}
|
|
|
|
|
2018-01-04 16:35:35 -05:00
|
|
|
type -P ${DOCKER} > /dev/null || echo "This tool requires the docker binary"
|
|
|
|
type -P ${NSENTER} > /dev/null || echo "This tool requires nsenter"
|
|
|
|
type -P ${BRIDGE} > /dev/null || echo "This tool requires bridge"
|
|
|
|
type -P ${IPTABLES} > /dev/null || echo "This tool requires iptables"
|
|
|
|
type -P ${IPVSADM} > /dev/null || echo "This tool requires ipvsadm"
|
|
|
|
type -P ${IP} > /dev/null || echo "This tool requires ip"
|
|
|
|
|
|
|
|
if ${DOCKER} network inspect --help | grep -q -- --verbose; then
|
|
|
|
NETINSPECT_VERBOSE_SUPPORT="--verbose"
|
|
|
|
else
|
|
|
|
NETINSPECT_VERBOSE_SUPPORT=""
|
|
|
|
fi
|
2016-08-23 17:12:43 -04:00
|
|
|
|
2018-06-13 16:27:54 -04:00
|
|
|
echo "Host iptables"
|
2018-01-04 16:35:35 -05:00
|
|
|
echo_and_run ${IPTABLES} -w1 -n -v -L -t filter | grep -v '^$'
|
|
|
|
echo_and_run ${IPTABLES} -w1 -n -v -L -t nat | grep -v '^$'
|
|
|
|
echo_and_run ${IPTABLES} -w1 -n -v -L -t mangle | grep -v '^$'
|
|
|
|
printf "\n"
|
|
|
|
|
2018-06-13 16:27:54 -04:00
|
|
|
echo "Host links addresses and routes"
|
|
|
|
echo_and_run ${IP} -o link show
|
2018-01-04 16:35:35 -05:00
|
|
|
echo_and_run ${IP} -o -4 address show
|
|
|
|
echo_and_run ${IP} -4 route show
|
|
|
|
printf "\n"
|
2016-08-23 17:12:43 -04:00
|
|
|
|
|
|
|
echo "Overlay network configuration"
|
2018-01-04 16:35:35 -05:00
|
|
|
for networkID in $(${DOCKER} network ls --no-trunc --filter driver=overlay -q) "ingress_sbox"; do
|
|
|
|
echo "nnn Network ${networkID}"
|
|
|
|
if [ "${networkID}" != "ingress_sbox" ]; then
|
|
|
|
nspath=(${NSDIR}/*-${networkID:0:10})
|
2018-03-05 13:14:53 -05:00
|
|
|
inspect_output=$(${DOCKER} network inspect ${NETINSPECT_VERBOSE_SUPPORT} ${networkID})
|
|
|
|
echo "$inspect_output"
|
|
|
|
check_ip_overlap $inspect_output
|
2018-01-04 16:35:35 -05:00
|
|
|
else
|
|
|
|
nspath=(${NSDIR}/${networkID})
|
|
|
|
fi
|
|
|
|
echo_and_run ${NSENTER} --net=${nspath[0]} ${IP} -o -4 address show
|
|
|
|
echo_and_run ${NSENTER} --net=${nspath[0]} ${IP} -4 route show
|
|
|
|
echo_and_run ${NSENTER} --net=${nspath[0]} ${IP} -4 neigh show
|
|
|
|
echo_and_run ${NSENTER} --net=${nspath[0]} ${BRIDGE} fdb show
|
|
|
|
echo_and_run ${NSENTER} --net=${nspath[0]} ${IPTABLES} -w1 -n -v -L -t filter | grep -v '^$'
|
|
|
|
echo_and_run ${NSENTER} --net=${nspath[0]} ${IPTABLES} -w1 -n -v -L -t nat | grep -v '^$'
|
|
|
|
echo_and_run ${NSENTER} --net=${nspath[0]} ${IPTABLES} -w1 -n -v -L -t mangle | grep -v '^$'
|
|
|
|
echo_and_run ${NSENTER} --net=${nspath[0]} ${IPVSADM} -l -n
|
|
|
|
printf "\n"
|
2018-03-05 13:14:53 -05:00
|
|
|
((networks++))
|
2018-01-04 16:35:35 -05:00
|
|
|
done
|
|
|
|
|
|
|
|
echo "Container network configuration"
|
|
|
|
for containerID in $(${DOCKER} container ls -q); do
|
|
|
|
echo "ccc Container ${containerID}"
|
|
|
|
${DOCKER} container inspect ${containerID} --format 'Name:{{json .Name | printf "%s\n"}}Id:{{json .Id | printf "%s\n"}}Hostname:{{json .Config.Hostname | printf "%s\n"}}CreatedAt:{{json .Created | printf "%s\n"}}State:{{json .State|printf "%s\n"}}RestartCount:{{json .RestartCount | printf "%s\n" }}Labels:{{json .Config.Labels | printf "%s\n"}}NetworkSettings:{{json .NetworkSettings}}' | sed '/^State:/ {s/\\"/QUOTE/g; s/,"Output":"[^"]*"//g;}'
|
|
|
|
nspath=$(docker container inspect --format {{.NetworkSettings.SandboxKey}} ${containerID})
|
|
|
|
echo_and_run ${NSENTER} --net=${nspath[0]} ${IP} -o -4 address show
|
|
|
|
echo_and_run ${NSENTER} --net=${nspath[0]} ${IP} -4 route show
|
|
|
|
echo_and_run ${NSENTER} --net=${nspath[0]} ${IP} -4 neigh show
|
|
|
|
echo_and_run ${NSENTER} --net=${nspath[0]} ${IPTABLES} -w1 -n -v -L -t nat | grep -v '^$'
|
|
|
|
echo_and_run ${NSENTER} --net=${nspath[0]} ${IPTABLES} -w1 -n -v -L -t mangle | grep -v '^$'
|
|
|
|
echo_and_run ${NSENTER} --net=${nspath[0]} ${IPVSADM} -l -n
|
|
|
|
printf "\n"
|
2018-03-05 13:14:53 -05:00
|
|
|
((containers++))
|
2016-08-23 17:12:43 -04:00
|
|
|
done
|
2018-03-05 13:14:53 -05:00
|
|
|
|
|
|
|
echo -e "\n\n==SUMMARY=="
|
|
|
|
echo -e "\t Processed $networks networks"
|
|
|
|
echo -e "\t IP overlap found: $ip_overlap"
|
|
|
|
echo -e "\t Processed $containers containers"
|