f155f828a2
Bump libnetwork to 430c00a6a6b3dfdd774f21e1abd4ad6b0216c629. This includes the following moby-affecting changes: * Update vendoring for go-sockaddr (8df9f31a) * Fix inconsistent subnet allocation by preventing allocation of overlapping subnets (8579c5d2) * Handle IPv6 literals correctly in port bindings (474fcaf4) * Update vendoring for miekg/dns (8f307ac8) * Avoid subnet reallocation until required (9756ff7ed) * Bump libnetwork build to use go version 1.10.2 (603d2c1a) * Unwrap error type returned by PluginGetter (aacec8e1) * Update vendored components to match moby (d768021dd) * Add retry field to cluster-peers probe (dbbd06a7) * Fix net driver response loss on createEndpoint (1ab6e506) (fixes https://github.com/docker/for-linux/issues/348) Signed-off-by: Chris Telfer <ctelfer@docker.com> |
||
|---|---|---|
| .. | ||
| doc.go | ||
| ifaddr.go | ||
| ifaddrs.go | ||
| ifattr.go | ||
| ipaddr.go | ||
| ipaddrs.go | ||
| ipv4addr.go | ||
| ipv6addr.go | ||
| LICENSE | ||
| README.md | ||
| rfc.go | ||
| route_info.go | ||
| route_info_bsd.go | ||
| route_info_default.go | ||
| route_info_linux.go | ||
| route_info_solaris.go | ||
| route_info_windows.go | ||
| sockaddr.go | ||
| sockaddrs.go | ||
| unixsock.go | ||
go-sockaddr
sockaddr Library
Socket address convenience functions for Go. go-sockaddr is a convenience
library that makes doing the right thing with IP addresses easy. go-sockaddr
is loosely modeled after the UNIX sockaddr_t and creates a union of the family
of sockaddr_t types (see below for an ascii diagram). Library documentation
is available
at
https://godoc.org/github.com/hashicorp/go-sockaddr.
The primary intent of the library was to make it possible to define heuristics
for selecting the correct IP addresses when a configuration is evaluated at
runtime. See
the
docs,
template package,
tests,
and
CLI utility
for details and hints as to how to use this library.
For example, with this library it is possible to find an IP address that:
- is attached to a default route
(
GetDefaultInterfaces()) - is contained within a CIDR block (
IfByNetwork()) - is an RFC1918 address
(
IfByRFC("1918")) - is ordered
(
OrderedIfAddrBy(args)whereargsincludes, but is not limited to,AscIfType,AscNetworkSize) - excludes all IPv6 addresses
(
IfByType("^(IPv4)$")) - is larger than a
/32(IfByMaskSize(32)) - is not on a
downinterface (ExcludeIfs("flags", "down")) - preferences an IPv6 address over an IPv4 address
(
SortIfByType()+ReverseIfAddrs()); and - excludes any IP in RFC6890 address
(
IfByRFC("6890"))
Or any combination or variation therein.
There are also a few simple helper functions such as GetPublicIP and
GetPrivateIP which both return strings and select the first public or private
IP address on the default interface, respectively. Similarly, there is also a
helper function called GetInterfaceIP which returns the first usable IP
address on the named interface.
sockaddr CLI
Given the possible complexity of the sockaddr library, there is a CLI utility
that accompanies the library, also
called
sockaddr.
The
sockaddr
utility exposes nearly all of the functionality of the library and can be used
either as an administrative tool or testing tool. To install
the
sockaddr,
run:
$ go get -u github.com/hashicorp/go-sockaddr/cmd/sockaddr
If you're familiar with UNIX's sockaddr struct's, the following diagram
mapping the C sockaddr (top) to go-sockaddr structs (bottom) and
interfaces will be helpful:
+-------------------------------------------------------+
| |
| sockaddr |
| SockAddr |
| |
| +--------------+ +----------------------------------+ |
| | sockaddr_un | | | |
| | SockAddrUnix | | sockaddr_in{,6} | |
| +--------------+ | IPAddr | |
| | | |
| | +-------------+ +--------------+ | |
| | | sockaddr_in | | sockaddr_in6 | | |
| | | IPv4Addr | | IPv6Addr | | |
| | +-------------+ +--------------+ | |
| | | |
| +----------------------------------+ |
| |
+-------------------------------------------------------+
Inspiration and Design
There were many subtle inspirations that led to this design, but the most direct
inspiration for the filtering syntax was
OpenBSD's
pf.conf(5) firewall
syntax that lets you select the first IP address on a given named interface.
The original problem stemmed from:
- needing to create immutable images using Packer that ran the Consul process (Consul can only use one IP address at a time);
- images that may or may not have multiple interfaces or IP addresses at runtime; and
- we didn't want to rely on configuration management to render out the correct IP address if the VM image was being used in an auto-scaling group.
Instead we needed some way to codify a heuristic that would correctly select the right IP address but the input parameters were not known when the image was created.