From cf89f97a14c6d6c0965ad765a13f82de020f3e6d Mon Sep 17 00:00:00 2001
From: Flavio Crisciani <flavio.crisciani@docker.com>
Date: Mon, 5 Mar 2018 10:14:53 -0800
Subject: [PATCH] Add check for IP overlap in support.sh

Add a simple check and a summary report for the support script.

Report:
==SUMMARY==
         Processed 3 networks
         IP overlap found: 1
         Processed 167 containers

Overlap found:
*** OVERLAP on Network 0ewr5iqraa8zv9l4qskp93wxo ***
      2  "192.168.1.138",

Signed-off-by: Flavio Crisciani <flavio.crisciani@docker.com>
---
 libnetwork/support.sh | 27 ++++++++++++++++++++++++++-
 1 file changed, 26 insertions(+), 1 deletion(-)

diff --git a/libnetwork/support.sh b/libnetwork/support.sh
index 57fd0a017c..158d6b329a 100755
--- a/libnetwork/support.sh
+++ b/libnetwork/support.sh
@@ -8,6 +8,10 @@ IPTABLES="${IPTABLES:-iptables}"
 IPVSADM="${IPVSADM:-ipvsadm}"
 IP="${IP:-ip}"
 
+networks=0
+containers=0
+ip_overlap=0
+
 NSDIR=/var/run/docker/netns
 
 function die {
@@ -20,6 +24,18 @@ function echo_and_run {
   eval $(printf '%q ' "$@") < /dev/stdout
 }
 
+function check_ip_overlap {
+  inspect=$1
+  overlap=$(echo "$inspect_output" | grep "EndpointIP\|VIP" | awk -F ':' '{print $2}' | sort | uniq -c | grep -v "1 ")
+  if [ ! -z "$overlap" ]; then
+    echo -e "\n\n*** OVERLAP on Network ${networkID} ***";
+    echo -e "${overlap} \n\n"
+    ((ip_overlap++))
+  else
+    echo "No overlap"
+  fi
+}
+
 type -P ${DOCKER} > /dev/null || echo "This tool requires the docker binary"
 type -P ${NSENTER} > /dev/null || echo "This tool requires nsenter"
 type -P ${BRIDGE} > /dev/null || echo "This tool requires bridge"
@@ -49,7 +65,9 @@ for networkID in $(${DOCKER} network ls --no-trunc --filter driver=overlay -q) "
     echo "nnn Network ${networkID}"
     if [ "${networkID}" != "ingress_sbox" ]; then
         nspath=(${NSDIR}/*-${networkID:0:10})
-        ${DOCKER} network inspect ${NETINSPECT_VERBOSE_SUPPORT} ${networkID}
+        inspect_output=$(${DOCKER} network inspect ${NETINSPECT_VERBOSE_SUPPORT} ${networkID})
+        echo "$inspect_output"
+        check_ip_overlap $inspect_output
     else
         nspath=(${NSDIR}/${networkID})
     fi
@@ -62,6 +80,7 @@ for networkID in $(${DOCKER} network ls --no-trunc --filter driver=overlay -q) "
     echo_and_run ${NSENTER} --net=${nspath[0]} ${IPTABLES} -w1 -n -v -L -t mangle | grep -v '^$'
     echo_and_run ${NSENTER} --net=${nspath[0]} ${IPVSADM} -l -n
     printf "\n"
+    ((networks++))
 done
 
 echo "Container network configuration"
@@ -76,4 +95,10 @@ for containerID in $(${DOCKER} container ls -q); do
     echo_and_run ${NSENTER} --net=${nspath[0]} ${IPTABLES} -w1 -n -v -L -t mangle | grep -v '^$'
     echo_and_run ${NSENTER} --net=${nspath[0]} ${IPVSADM} -l -n
     printf "\n"
+    ((containers++))
 done
+
+echo -e "\n\n==SUMMARY=="
+echo -e "\t Processed $networks networks"
+echo -e "\t IP overlap found: $ip_overlap"
+echo -e "\t Processed $containers containers"