aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMatthew Heon <matthew.heon@gmail.com>2018-09-25 11:35:16 -0400
committerMatthew Heon <matthew.heon@gmail.com>2018-10-04 17:34:59 -0400
commite4ded6ce7fa7db246d7e13d17abdbadeb7ec8cfe (patch)
tree18cdd1603eb0c6bcff25ad3802f6608ca940097b
parent094b8b73505cb084d632ebb08e2a014e68f5e1b1 (diff)
downloadpodman-e4ded6ce7fa7db246d7e13d17abdbadeb7ec8cfe.tar.gz
podman-e4ded6ce7fa7db246d7e13d17abdbadeb7ec8cfe.tar.bz2
podman-e4ded6ce7fa7db246d7e13d17abdbadeb7ec8cfe.zip
Switch to using libnetwork's resolvconf package
Libnetwork provides a well-tested package for generating resolv.conf from the host's that has some features our current implementation does not. Swap to using their code and remove our built-in implementation. Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
-rw-r--r--libpod/container_internal.go102
-rw-r--r--vendor.conf1
-rw-r--r--vendor/github.com/docker/libnetwork/LICENSE202
-rw-r--r--vendor/github.com/docker/libnetwork/README.md89
-rw-r--r--vendor/github.com/docker/libnetwork/netutils/utils.go201
-rw-r--r--vendor/github.com/docker/libnetwork/netutils/utils_linux.go50
-rw-r--r--vendor/github.com/docker/libnetwork/resolvconf/README.md1
-rw-r--r--vendor/github.com/docker/libnetwork/resolvconf/dns/resolvconf.go17
-rw-r--r--vendor/github.com/docker/libnetwork/resolvconf/resolvconf.go247
-rw-r--r--vendor/github.com/docker/libnetwork/types/types.go609
10 files changed, 1448 insertions, 71 deletions
diff --git a/libpod/container_internal.go b/libpod/container_internal.go
index c925f070b..9a2777efc 100644
--- a/libpod/container_internal.go
+++ b/libpod/container_internal.go
@@ -17,11 +17,12 @@ import (
"github.com/containers/libpod/pkg/hooks/exec"
"github.com/containers/libpod/pkg/rootless"
"github.com/containers/libpod/pkg/secrets"
- "github.com/containers/libpod/pkg/util"
"github.com/containers/storage"
"github.com/containers/storage/pkg/archive"
"github.com/containers/storage/pkg/chrootarchive"
"github.com/containers/storage/pkg/mount"
+ "github.com/docker/libnetwork/netutils"
+ "github.com/docker/libnetwork/resolvconf"
spec "github.com/opencontainers/runtime-spec/specs-go"
"github.com/opencontainers/runtime-tools/generate"
"github.com/opencontainers/selinux/go-selinux/label"
@@ -1017,12 +1018,6 @@ func (c *Container) writeStringToRundir(destFile, output string) (string, error)
return filepath.Join(c.state.DestinationRunDir, destFile), nil
}
-type resolvConf struct {
- nameServers []string
- searchDomains []string
- options []string
-}
-
// generateResolvConf generates a containers resolv.conf
func (c *Container) generateResolvConf() (string, error) {
// Determine the endpoint for resolv.conf in case it is a symlink
@@ -1030,86 +1025,51 @@ func (c *Container) generateResolvConf() (string, error) {
if err != nil {
return "", err
}
- orig, err := ioutil.ReadFile(resolvPath)
+
+ contents, err := ioutil.ReadFile(resolvPath)
if err != nil {
return "", errors.Wrapf(err, "unable to read %s", resolvPath)
}
- if len(c.config.DNSServer) == 0 && len(c.config.DNSSearch) == 0 && len(c.config.DNSOption) == 0 {
- return c.writeStringToRundir("resolv.conf", fmt.Sprintf("%s", orig))
- }
-
- // Read and organize the hosts /etc/resolv.conf
- resolv := createResolv(string(orig[:]))
- // Populate the resolv struct with user's dns search domains
- if len(c.config.DNSSearch) > 0 {
- resolv.searchDomains = nil
- // The . character means the user doesnt want any search domains in the container
- if !util.StringInSlice(".", c.config.DNSSearch) {
- resolv.searchDomains = append(resolv.searchDomains, c.Config().DNSSearch...)
- }
+ // Process the file to remove localhost nameservers
+ // TODO: set ipv6 enable bool more sanely
+ resolv, err := resolvconf.FilterResolvDNS(contents, true)
+ if err != nil {
+ return "", errors.Wrapf(err, "error parsing host resolv.conf")
}
- // Populate the resolv struct with user's dns servers
+ // Make a new resolv.conf
+ nameservers := resolvconf.GetNameservers(resolv.Content, netutils.IP)
if len(c.config.DNSServer) > 0 {
- resolv.nameServers = nil
- for _, i := range c.config.DNSServer {
- resolv.nameServers = append(resolv.nameServers, i.String())
+ // We store DNS servers as net.IP, so need to convert to string
+ nameservers = []string{}
+ for _, server := range c.config.DNSServer {
+ nameservers = append(nameservers, server.String())
}
}
- // Populate the resolve struct with the users dns options
- if len(c.config.DNSOption) > 0 {
- resolv.options = nil
- resolv.options = append(resolv.options, c.Config().DNSOption...)
+ search := resolvconf.GetSearchDomains(resolv.Content)
+ if len(c.config.DNSSearch) > 0 {
+ search = c.config.DNSSearch
}
- return c.writeStringToRundir("resolv.conf", resolv.ToString())
-}
-// createResolv creates a resolv struct from an input string
-func createResolv(input string) resolvConf {
- var resolv resolvConf
- for _, line := range strings.Split(input, "\n") {
- if strings.HasPrefix(line, "search") {
- fields := strings.Fields(line)
- if len(fields) < 2 {
- logrus.Debugf("invalid resolv.conf line %s", line)
- continue
- }
- resolv.searchDomains = append(resolv.searchDomains, fields[1:]...)
- } else if strings.HasPrefix(line, "nameserver") {
- fields := strings.Fields(line)
- if len(fields) < 2 {
- logrus.Debugf("invalid resolv.conf line %s", line)
- continue
- }
- resolv.nameServers = append(resolv.nameServers, fields[1])
- } else if strings.HasPrefix(line, "options") {
- fields := strings.Fields(line)
- if len(fields) < 2 {
- logrus.Debugf("invalid resolv.conf line %s", line)
- continue
- }
- resolv.options = append(resolv.options, fields[1:]...)
- }
+ options := resolvconf.GetOptions(resolv.Content)
+ if len(c.config.DNSOption) > 0 {
+ options = c.config.DNSOption
}
- return resolv
-}
-//ToString returns a resolv struct in the form of a resolv.conf
-func (r resolvConf) ToString() string {
- var result string
- // Populate the output string with search domains
- result += fmt.Sprintf("search %s\n", strings.Join(r.searchDomains, " "))
- // Populate the output string with name servers
- for _, i := range r.nameServers {
- result += fmt.Sprintf("nameserver %s\n", i)
+ destPath := filepath.Join(c.state.RunDir, "resolv.conf")
+
+ if err := os.Remove(destPath); err != nil && !os.IsNotExist(err) {
+ return "", errors.Wrapf(err, "error removing resolv.conf for container %s", c.ID())
}
- // Populate the output string with dns options
- for _, i := range r.options {
- result += fmt.Sprintf("options %s\n", i)
+
+ // Build resolv.conf
+ if _, err = resolvconf.Build(destPath, nameservers, search, options); err != nil {
+ return "", errors.Wrapf(err, "error building resolv.conf for container %s")
}
- return result
+
+ return destPath, nil
}
// generateHosts creates a containers hosts file
diff --git a/vendor.conf b/vendor.conf
index ccad28c0b..48f127773 100644
--- a/vendor.conf
+++ b/vendor.conf
@@ -97,3 +97,4 @@ github.com/openshift/imagebuilder master
github.com/ulikunitz/xz v0.5.4
github.com/mailru/easyjson 03f2033d19d5860aef995fe360ac7d395cd8ce65
github.com/coreos/go-iptables 25d087f3cffd9aedc0c2b7eff25f23cbf3c20fe1
+github.com/docker/libnetwork v0.7.2-rc.1 \ No newline at end of file
diff --git a/vendor/github.com/docker/libnetwork/LICENSE b/vendor/github.com/docker/libnetwork/LICENSE
new file mode 100644
index 000000000..e06d20818
--- /dev/null
+++ b/vendor/github.com/docker/libnetwork/LICENSE
@@ -0,0 +1,202 @@
+Apache License
+ Version 2.0, January 2004
+ http://www.apache.org/licenses/
+
+ TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+ 1. Definitions.
+
+ "License" shall mean the terms and conditions for use, reproduction,
+ and distribution as defined by Sections 1 through 9 of this document.
+
+ "Licensor" shall mean the copyright owner or entity authorized by
+ the copyright owner that is granting the License.
+
+ "Legal Entity" shall mean the union of the acting entity and all
+ other entities that control, are controlled by, or are under common
+ control with that entity. For the purposes of this definition,
+ "control" means (i) the power, direct or indirect, to cause the
+ direction or management of such entity, whether by contract or
+ otherwise, or (ii) ownership of fifty percent (50%) or more of the
+ outstanding shares, or (iii) beneficial ownership of such entity.
+
+ "You" (or "Your") shall mean an individual or Legal Entity
+ exercising permissions granted by this License.
+
+ "Source" form shall mean the preferred form for making modifications,
+ including but not limited to software source code, documentation
+ source, and configuration files.
+
+ "Object" form shall mean any form resulting from mechanical
+ transformation or translation of a Source form, including but
+ not limited to compiled object code, generated documentation,
+ and conversions to other media types.
+
+ "Work" shall mean the work of authorship, whether in Source or
+ Object form, made available under the License, as indicated by a
+ copyright notice that is included in or attached to the work
+ (an example is provided in the Appendix below).
+
+ "Derivative Works" shall mean any work, whether in Source or Object
+ form, that is based on (or derived from) the Work and for which the
+ editorial revisions, annotations, elaborations, or other modifications
+ represent, as a whole, an original work of authorship. For the purposes
+ of this License, Derivative Works shall not include works that remain
+ separable from, or merely link (or bind by name) to the interfaces of,
+ the Work and Derivative Works thereof.
+
+ "Contribution" shall mean any work of authorship, including
+ the original version of the Work and any modifications or additions
+ to that Work or Derivative Works thereof, that is intentionally
+ submitted to Licensor for inclusion in the Work by the copyright owner
+ or by an individual or Legal Entity authorized to submit on behalf of
+ the copyright owner. For the purposes of this definition, "submitted"
+ means any form of electronic, verbal, or written communication sent
+ to the Licensor or its representatives, including but not limited to
+ communication on electronic mailing lists, source code control systems,
+ and issue tracking systems that are managed by, or on behalf of, the
+ Licensor for the purpose of discussing and improving the Work, but
+ excluding communication that is conspicuously marked or otherwise
+ designated in writing by the copyright owner as "Not a Contribution."
+
+ "Contributor" shall mean Licensor and any individual or Legal Entity
+ on behalf of whom a Contribution has been received by Licensor and
+ subsequently incorporated within the Work.
+
+ 2. Grant of Copyright License. Subject to the terms and conditions of
+ this License, each Contributor hereby grants to You a perpetual,
+ worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+ copyright license to reproduce, prepare Derivative Works of,
+ publicly display, publicly perform, sublicense, and distribute the
+ Work and such Derivative Works in Source or Object form.
+
+ 3. Grant of Patent License. Subject to the terms and conditions of
+ this License, each Contributor hereby grants to You a perpetual,
+ worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+ (except as stated in this section) patent license to make, have made,
+ use, offer to sell, sell, import, and otherwise transfer the Work,
+ where such license applies only to those patent claims licensable
+ by such Contributor that are necessarily infringed by their
+ Contribution(s) alone or by combination of their Contribution(s)
+ with the Work to which such Contribution(s) was submitted. If You
+ institute patent litigation against any entity (including a
+ cross-claim or counterclaim in a lawsuit) alleging that the Work
+ or a Contribution incorporated within the Work constitutes direct
+ or contributory patent infringement, then any patent licenses
+ granted to You under this License for that Work shall terminate
+ as of the date such litigation is filed.
+
+ 4. Redistribution. You may reproduce and distribute copies of the
+ Work or Derivative Works thereof in any medium, with or without
+ modifications, and in Source or Object form, provided that You
+ meet the following conditions:
+
+ (a) You must give any other recipients of the Work or
+ Derivative Works a copy of this License; and
+
+ (b) You must cause any modified files to carry prominent notices
+ stating that You changed the files; and
+
+ (c) You must retain, in the Source form of any Derivative Works
+ that You distribute, all copyright, patent, trademark, and
+ attribution notices from the Source form of the Work,
+ excluding those notices that do not pertain to any part of
+ the Derivative Works; and
+
+ (d) If the Work includes a "NOTICE" text file as part of its
+ distribution, then any Derivative Works that You distribute must
+ include a readable copy of the attribution notices contained
+ within such NOTICE file, excluding those notices that do not
+ pertain to any part of the Derivative Works, in at least one
+ of the following places: within a NOTICE text file distributed
+ as part of the Derivative Works; within the Source form or
+ documentation, if provided along with the Derivative Works; or,
+ within a display generated by the Derivative Works, if and
+ wherever such third-party notices normally appear. The contents
+ of the NOTICE file are for informational purposes only and
+ do not modify the License. You may add Your own attribution
+ notices within Derivative Works that You distribute, alongside
+ or as an addendum to the NOTICE text from the Work, provided
+ that such additional attribution notices cannot be construed
+ as modifying the License.
+
+ You may add Your own copyright statement to Your modifications and
+ may provide additional or different license terms and conditions
+ for use, reproduction, or distribution of Your modifications, or
+ for any such Derivative Works as a whole, provided Your use,
+ reproduction, and distribution of the Work otherwise complies with
+ the conditions stated in this License.
+
+ 5. Submission of Contributions. Unless You explicitly state otherwise,
+ any Contribution intentionally submitted for inclusion in the Work
+ by You to the Licensor shall be under the terms and conditions of
+ this License, without any additional terms or conditions.
+ Notwithstanding the above, nothing herein shall supersede or modify
+ the terms of any separate license agreement you may have executed
+ with Licensor regarding such Contributions.
+
+ 6. Trademarks. This License does not grant permission to use the trade
+ names, trademarks, service marks, or product names of the Licensor,
+ except as required for reasonable and customary use in describing the
+ origin of the Work and reproducing the content of the NOTICE file.
+
+ 7. Disclaimer of Warranty. Unless required by applicable law or
+ agreed to in writing, Licensor provides the Work (and each
+ Contributor provides its Contributions) on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+ implied, including, without limitation, any warranties or conditions
+ of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
+ PARTICULAR PURPOSE. You are solely responsible for determining the
+ appropriateness of using or redistributing the Work and assume any
+ risks associated with Your exercise of permissions under this License.
+
+ 8. Limitation of Liability. In no event and under no legal theory,
+ whether in tort (including negligence), contract, or otherwise,
+ unless required by applicable law (such as deliberate and grossly
+ negligent acts) or agreed to in writing, shall any Contributor be
+ liable to You for damages, including any direct, indirect, special,
+ incidental, or consequential damages of any character arising as a
+ result of this License or out of the use or inability to use the
+ Work (including but not limited to damages for loss of goodwill,
+ work stoppage, computer failure or malfunction, or any and all
+ other commercial damages or losses), even if such Contributor
+ has been advised of the possibility of such damages.
+
+ 9. Accepting Warranty or Additional Liability. While redistributing
+ the Work or Derivative Works thereof, You may choose to offer,
+ and charge a fee for, acceptance of support, warranty, indemnity,
+ or other liability obligations and/or rights consistent with this
+ License. However, in accepting such obligations, You may act only
+ on Your own behalf and on Your sole responsibility, not on behalf
+ of any other Contributor, and only if You agree to indemnify,
+ defend, and hold each Contributor harmless for any liability
+ incurred by, or claims asserted against, such Contributor by reason
+ of your accepting any such warranty or additional liability.
+
+ END OF TERMS AND CONDITIONS
+
+ APPENDIX: How to apply the Apache License to your work.
+
+ To apply the Apache License to your work, attach the following
+ boilerplate notice, with the fields enclosed by brackets "{}"
+ replaced with your own identifying information. (Don't include
+ the brackets!) The text should be enclosed in the appropriate
+ comment syntax for the file format. We also recommend that a
+ file or class name and description of purpose be included on the
+ same "printed page" as the copyright notice for easier
+ identification within third-party archives.
+
+ Copyright {yyyy} {name of copyright owner}
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+
diff --git a/vendor/github.com/docker/libnetwork/README.md b/vendor/github.com/docker/libnetwork/README.md
new file mode 100644
index 000000000..3f10a0311
--- /dev/null
+++ b/vendor/github.com/docker/libnetwork/README.md
@@ -0,0 +1,89 @@
+# libnetwork - networking for containers
+
+[![Circle CI](https://circleci.com/gh/docker/libnetwork/tree/master.svg?style=svg)](https://circleci.com/gh/docker/libnetwork/tree/master) [![Coverage Status](https://coveralls.io/repos/docker/libnetwork/badge.svg)](https://coveralls.io/r/docker/libnetwork) [![GoDoc](https://godoc.org/github.com/docker/libnetwork?status.svg)](https://godoc.org/github.com/docker/libnetwork)
+
+Libnetwork provides a native Go implementation for connecting containers
+
+The goal of libnetwork is to deliver a robust Container Network Model that provides a consistent programming interface and the required network abstractions for applications.
+
+#### Design
+Please refer to the [design](docs/design.md) for more information.
+
+#### Using libnetwork
+
+There are many networking solutions available to suit a broad range of use-cases. libnetwork uses a driver / plugin model to support all of these solutions while abstracting the complexity of the driver implementations by exposing a simple and consistent Network Model to users.
+
+
+```go
+func main() {
+ if reexec.Init() {
+ return
+ }
+
+ // Select and configure the network driver
+ networkType := "bridge"
+
+ // Create a new controller instance
+ driverOptions := options.Generic{}
+ genericOption := make(map[string]interface{})
+ genericOption[netlabel.GenericData] = driverOptions
+ controller, err := libnetwork.New(config.OptionDriverConfig(networkType, genericOption))
+ if err != nil {
+ log.Fatalf("libnetwork.New: %s", err)
+ }
+
+ // Create a network for containers to join.
+ // NewNetwork accepts Variadic optional arguments that libnetwork and Drivers can use.
+ network, err := controller.NewNetwork(networkType, "network1")
+ if err != nil {
+ log.Fatalf("controller.NewNetwork: %s", err)
+ }
+
+ // For each new container: allocate IP and interfaces. The returned network
+ // settings will be used for container infos (inspect and such), as well as
+ // iptables rules for port publishing. This info is contained or accessible
+ // from the returned endpoint.
+ ep, err := network.CreateEndpoint("Endpoint1")
+ if err != nil {
+ log.Fatalf("network.CreateEndpoint: %s", err)
+ }
+
+ // Create the sandbox for the container.
+ // NewSandbox accepts Variadic optional arguments which libnetwork can use.
+ sbx, err := controller.NewSandbox("container1",
+ libnetwork.OptionHostname("test"),
+ libnetwork.OptionDomainname("docker.io"))
+ if err != nil {
+ log.Fatalf("controller.NewSandbox: %s", err)
+ }
+
+ // A sandbox can join the endpoint via the join api.
+ err = ep.Join(sbx)
+ if err != nil {
+ log.Fatalf("ep.Join: %s", err)
+ }
+
+ // libnetwork client can check the endpoint's operational data via the Info() API
+ epInfo, err := ep.DriverInfo()
+ if err != nil {
+ log.Fatalf("ep.DriverInfo: %s", err)
+ }
+
+ macAddress, ok := epInfo[netlabel.MacAddress]
+ if !ok {
+ log.Fatalf("failed to get mac address from endpoint info")
+ }
+
+ fmt.Printf("Joined endpoint %s (%s) to sandbox %s (%s)\n", ep.Name(), macAddress, sbx.ContainerID(), sbx.Key())
+}
+```
+
+## Future
+Please refer to [roadmap](ROADMAP.md) for more information.
+
+## Contributing
+
+Want to hack on libnetwork? [Docker's contributions guidelines](https://github.com/docker/docker/blob/master/CONTRIBUTING.md) apply.
+
+## Copyright and license
+Code and documentation copyright 2015 Docker, inc. Code released under the Apache 2.0 license. Docs released under Creative commons.
diff --git a/vendor/github.com/docker/libnetwork/netutils/utils.go b/vendor/github.com/docker/libnetwork/netutils/utils.go
new file mode 100644
index 000000000..482e4f038
--- /dev/null
+++ b/vendor/github.com/docker/libnetwork/netutils/utils.go
@@ -0,0 +1,201 @@
+// Network utility functions.
+
+package netutils
+
+import (
+ "crypto/rand"
+ "encoding/hex"
+ "errors"
+ "fmt"
+ "io"
+ "net"
+ "strings"
+
+ "github.com/docker/libnetwork/types"
+)
+
+// constants for the IP address type
+const (
+ IP = iota // IPv4 and IPv6
+ IPv4
+ IPv6
+)
+
+var (
+ // ErrNetworkOverlapsWithNameservers preformatted error
+ ErrNetworkOverlapsWithNameservers = errors.New("requested network overlaps with nameserver")
+ // ErrNetworkOverlaps preformatted error
+ ErrNetworkOverlaps = errors.New("requested network overlaps with existing network")
+ // ErrNoDefaultRoute preformatted error
+ ErrNoDefaultRoute = errors.New("no default route")
+)
+
+// CheckNameserverOverlaps checks whether the passed network overlaps with any of the nameservers
+func CheckNameserverOverlaps(nameservers []string, toCheck *net.IPNet) error {
+ if len(nameservers) > 0 {
+ for _, ns := range nameservers {
+ _, nsNetwork, err := net.ParseCIDR(ns)
+ if err != nil {
+ return err
+ }
+ if NetworkOverlaps(toCheck, nsNetwork) {
+ return ErrNetworkOverlapsWithNameservers
+ }
+ }
+ }
+ return nil
+}
+
+// NetworkOverlaps detects overlap between one IPNet and another
+func NetworkOverlaps(netX *net.IPNet, netY *net.IPNet) bool {
+ return netX.Contains(netY.IP) || netY.Contains(netX.IP)
+}
+
+// NetworkRange calculates the first and last IP addresses in an IPNet
+func NetworkRange(network *net.IPNet) (net.IP, net.IP) {
+ if network == nil {
+ return nil, nil
+ }
+
+ firstIP := network.IP.Mask(network.Mask)
+ lastIP := types.GetIPCopy(firstIP)
+ for i := 0; i < len(firstIP); i++ {
+ lastIP[i] = firstIP[i] | ^network.Mask[i]
+ }
+
+ if network.IP.To4() != nil {
+ firstIP = firstIP.To4()
+ lastIP = lastIP.To4()
+ }
+
+ return firstIP, lastIP
+}
+
+// GetIfaceAddr returns the first IPv4 address and slice of IPv6 addresses for the specified network interface
+func GetIfaceAddr(name string) (net.Addr, []net.Addr, error) {
+ iface, err := net.InterfaceByName(name)
+ if err != nil {
+ return nil, nil, err
+ }
+ addrs, err := iface.Addrs()
+ if err != nil {
+ return nil, nil, err
+ }
+ var addrs4 []net.Addr
+ var addrs6 []net.Addr
+ for _, addr := range addrs {
+ ip := (addr.(*net.IPNet)).IP
+ if ip4 := ip.To4(); ip4 != nil {
+ addrs4 = append(addrs4, addr)
+ } else if ip6 := ip.To16(); len(ip6) == net.IPv6len {
+ addrs6 = append(addrs6, addr)
+ }
+ }
+ switch {
+ case len(addrs4) == 0:
+ return nil, nil, fmt.Errorf("Interface %v has no IPv4 addresses", name)
+ case len(addrs4) > 1:
+ fmt.Printf("Interface %v has more than 1 IPv4 address. Defaulting to using %v\n",
+ name, (addrs4[0].(*net.IPNet)).IP)
+ }
+ return addrs4[0], addrs6, nil
+}
+
+func genMAC(ip net.IP) net.HardwareAddr {
+ hw := make(net.HardwareAddr, 6)
+ // The first byte of the MAC address has to comply with these rules:
+ // 1. Unicast: Set the least-significant bit to 0.
+ // 2. Address is locally administered: Set the second-least-significant bit (U/L) to 1.
+ hw[0] = 0x02
+ // The first 24 bits of the MAC represent the Organizationally Unique Identifier (OUI).
+ // Since this address is locally administered, we can do whatever we want as long as
+ // it doesn't conflict with other addresses.
+ hw[1] = 0x42
+ // Fill the remaining 4 bytes based on the input
+ if ip == nil {
+ rand.Read(hw[2:])
+ } else {
+ copy(hw[2:], ip.To4())
+ }
+ return hw
+}
+
+// GenerateRandomMAC returns a new 6-byte(48-bit) hardware address (MAC)
+func GenerateRandomMAC() net.HardwareAddr {
+ return genMAC(nil)
+}
+
+// GenerateMACFromIP returns a locally administered MAC address where the 4 least
+// significant bytes are derived from the IPv4 address.
+func GenerateMACFromIP(ip net.IP) net.HardwareAddr {
+ return genMAC(ip)
+}
+
+// GenerateRandomName returns a new name joined with a prefix. This size
+// specified is used to truncate the randomly generated value
+func GenerateRandomName(prefix string, size int) (string, error) {
+ id := make([]byte, 32)
+ if _, err := io.ReadFull(rand.Reader, id); err != nil {
+ return "", err
+ }
+ return prefix + hex.EncodeToString(id)[:size], nil
+}
+
+// ReverseIP accepts a V4 or V6 IP string in the canonical form and returns a reversed IP in
+// the dotted decimal form . This is used to setup the IP to service name mapping in the optimal
+// way for the DNS PTR queries.
+func ReverseIP(IP string) string {
+ var reverseIP []string
+
+ if net.ParseIP(IP).To4() != nil {
+ reverseIP = strings.Split(IP, ".")
+ l := len(reverseIP)
+ for i, j := 0, l-1; i < l/2; i, j = i+1, j-1 {
+ reverseIP[i], reverseIP[j] = reverseIP[j], reverseIP[i]
+ }
+ } else {
+ reverseIP = strings.Split(IP, ":")
+
+ // Reversed IPv6 is represented in dotted decimal instead of the typical
+ // colon hex notation
+ for key := range reverseIP {
+ if len(reverseIP[key]) == 0 { // expand the compressed 0s
+ reverseIP[key] = strings.Repeat("0000", 8-strings.Count(IP, ":"))
+ } else if len(reverseIP[key]) < 4 { // 0-padding needed
+ reverseIP[key] = strings.Repeat("0", 4-len(reverseIP[key])) + reverseIP[key]
+ }
+ }
+
+ reverseIP = strings.Split(strings.Join(reverseIP, ""), "")
+
+ l := len(reverseIP)
+ for i, j := 0, l-1; i < l/2; i, j = i+1, j-1 {
+ reverseIP[i], reverseIP[j] = reverseIP[j], reverseIP[i]
+ }
+ }
+
+ return strings.Join(reverseIP, ".")
+}
+
+// ParseAlias parses and validates the specified string as a alias format (name:alias)
+func ParseAlias(val string) (string, string, error) {
+ if val == "" {
+ return "", "", fmt.Errorf("empty string specified for alias")
+ }
+ arr := strings.Split(val, ":")
+ if len(arr) > 2 {
+ return "", "", fmt.Errorf("bad format for alias: %s", val)
+ }
+ if len(arr) == 1 {
+ return val, val, nil
+ }
+ return arr[0], arr[1], nil
+}
+
+// ValidateAlias validates that the specified string has a valid alias format (containerName:alias).
+func ValidateAlias(val string) (string, error) {
+ if _, _, err := ParseAlias(val); err != nil {
+ return val, err
+ }
+ return val, nil
+}
diff --git a/vendor/github.com/docker/libnetwork/netutils/utils_linux.go b/vendor/github.com/docker/libnetwork/netutils/utils_linux.go
new file mode 100644
index 000000000..782e542a5
--- /dev/null
+++ b/vendor/github.com/docker/libnetwork/netutils/utils_linux.go
@@ -0,0 +1,50 @@
+// +build linux
+// Network utility functions.
+
+package netutils
+
+import (
+ "net"
+ "strings"
+
+ "github.com/docker/libnetwork/types"
+ "github.com/vishvananda/netlink"
+)
+
+var (
+ networkGetRoutesFct = netlink.RouteList
+)
+
+// CheckRouteOverlaps checks whether the passed network overlaps with any existing routes
+func CheckRouteOverlaps(toCheck *net.IPNet) error {
+ networks, err := networkGetRoutesFct(nil, netlink.FAMILY_V4)
+ if err != nil {
+ return err
+ }
+
+ for _, network := range networks {
+ if network.Dst != nil && NetworkOverlaps(toCheck, network.Dst) {
+ return ErrNetworkOverlaps
+ }
+ }
+ return nil
+}
+
+// GenerateIfaceName returns an interface name using the passed in
+// prefix and the length of random bytes. The api ensures that the
+// there are is no interface which exists with that name.
+func GenerateIfaceName(prefix string, len int) (string, error) {
+ for i := 0; i < 3; i++ {
+ name, err := GenerateRandomName(prefix, len)
+ if err != nil {
+ continue
+ }
+ if _, err := netlink.LinkByName(name); err != nil {
+ if strings.Contains(err.Error(), "not found") {
+ return name, nil
+ }
+ return "", err
+ }
+ }
+ return "", types.InternalErrorf("could not generate interface name")
+}
diff --git a/vendor/github.com/docker/libnetwork/resolvconf/README.md b/vendor/github.com/docker/libnetwork/resolvconf/README.md
new file mode 100644
index 000000000..cdda554ba
--- /dev/null
+++ b/vendor/github.com/docker/libnetwork/resolvconf/README.md
@@ -0,0 +1 @@
+Package resolvconf provides utility code to query and update DNS configuration in /etc/resolv.conf
diff --git a/vendor/github.com/docker/libnetwork/resolvconf/dns/resolvconf.go b/vendor/github.com/docker/libnetwork/resolvconf/dns/resolvconf.go
new file mode 100644
index 000000000..6c6dac589
--- /dev/null
+++ b/vendor/github.com/docker/libnetwork/resolvconf/dns/resolvconf.go
@@ -0,0 +1,17 @@
+package dns
+
+import (
+ "regexp"
+)
+
+// IPLocalhost is a regex patter for localhost IP address range.
+const IPLocalhost = `((127\.([0-9]{1,3}\.){2}[0-9]{1,3})|(::1)$)`
+
+var localhostIPRegexp = regexp.MustCompile(IPLocalhost)
+
+// IsLocalhost returns true if ip matches the localhost IP regular expression.
+// Used for determining if nameserver settings are being passed which are
+// localhost addresses
+func IsLocalhost(ip string) bool {
+ return localhostIPRegexp.MatchString(ip)
+}
diff --git a/vendor/github.com/docker/libnetwork/resolvconf/resolvconf.go b/vendor/github.com/docker/libnetwork/resolvconf/resolvconf.go
new file mode 100644
index 000000000..507d9ef50
--- /dev/null
+++ b/vendor/github.com/docker/libnetwork/resolvconf/resolvconf.go
@@ -0,0 +1,247 @@
+// Package resolvconf provides utility code to query and update DNS configuration in /etc/resolv.conf
+package resolvconf
+
+import (
+ "bytes"
+ "io/ioutil"
+ "regexp"
+ "strings"
+ "sync"
+
+ "github.com/Sirupsen/logrus"
+ "github.com/docker/docker/pkg/ioutils"
+ "github.com/docker/libnetwork/netutils"
+ "github.com/docker/libnetwork/resolvconf/dns"
+)
+
+var (
+ // Note: the default IPv4 & IPv6 resolvers are set to Google's Public DNS
+ defaultIPv4Dns = []string{"nameserver 8.8.8.8", "nameserver 8.8.4.4"}
+ defaultIPv6Dns = []string{"nameserver 2001:4860:4860::8888", "nameserver 2001:4860:4860::8844"}
+ ipv4NumBlock = `(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)`
+ ipv4Address = `(` + ipv4NumBlock + `\.){3}` + ipv4NumBlock
+ // This is not an IPv6 address verifier as it will accept a super-set of IPv6, and also
+ // will *not match* IPv4-Embedded IPv6 Addresses (RFC6052), but that and other variants
+ // -- e.g. other link-local types -- either won't work in containers or are unnecessary.
+ // For readability and sufficiency for Docker purposes this seemed more reasonable than a
+ // 1000+ character regexp with exact and complete IPv6 validation
+ ipv6Address = `([0-9A-Fa-f]{0,4}:){2,7}([0-9A-Fa-f]{0,4})`
+
+ localhostNSRegexp = regexp.MustCompile(`(?m)^nameserver\s+` + dns.IPLocalhost + `\s*\n*`)
+ nsIPv6Regexp = regexp.MustCompile(`(?m)^nameserver\s+` + ipv6Address + `\s*\n*`)
+ nsRegexp = regexp.MustCompile(`^\s*nameserver\s*((` + ipv4Address + `)|(` + ipv6Address + `))\s*$`)
+ nsIPv6Regexpmatch = regexp.MustCompile(`^\s*nameserver\s*((` + ipv6Address + `))\s*$`)
+ nsIPv4Regexpmatch = regexp.MustCompile(`^\s*nameserver\s*((` + ipv4Address + `))\s*$`)
+ searchRegexp = regexp.MustCompile(`^\s*search\s*(([^\s]+\s*)*)$`)
+ optionsRegexp = regexp.MustCompile(`^\s*options\s*(([^\s]+\s*)*)$`)
+)
+
+var lastModified struct {
+ sync.Mutex
+ sha256 string
+ contents []byte
+}
+
+// File contains the resolv.conf content and its hash
+type File struct {
+ Content []byte
+ Hash string
+}
+
+// Get returns the contents of /etc/resolv.conf and its hash
+func Get() (*File, error) {
+ resolv, err := ioutil.ReadFile("/etc/resolv.conf")
+ if err != nil {
+ return nil, err
+ }
+ hash, err := ioutils.HashData(bytes.NewReader(resolv))
+ if err != nil {
+ return nil, err
+ }
+ return &File{Content: resolv, Hash: hash}, nil
+}
+
+// GetSpecific returns the contents of the user specified resolv.conf file and its hash
+func GetSpecific(path string) (*File, error) {
+ resolv, err := ioutil.ReadFile(path)
+ if err != nil {
+ return nil, err
+ }
+ hash, err := ioutils.HashData(bytes.NewReader(resolv))
+ if err != nil {
+ return nil, err
+ }
+ return &File{Content: resolv, Hash: hash}, nil
+}
+
+// GetIfChanged retrieves the host /etc/resolv.conf file, checks against the last hash
+// and, if modified since last check, returns the bytes and new hash.
+// This feature is used by the resolv.conf updater for containers
+func GetIfChanged() (*File, error) {
+ lastModified.Lock()
+ defer lastModified.Unlock()
+
+ resolv, err := ioutil.ReadFile("/etc/resolv.conf")
+ if err != nil {
+ return nil, err
+ }
+ newHash, err := ioutils.HashData(bytes.NewReader(resolv))
+ if err != nil {
+ return nil, err
+ }
+ if lastModified.sha256 != newHash {
+ lastModified.sha256 = newHash
+ lastModified.contents = resolv
+ return &File{Content: resolv, Hash: newHash}, nil
+ }
+ // nothing changed, so return no data
+ return nil, nil
+}
+
+// GetLastModified retrieves the last used contents and hash of the host resolv.conf.
+// Used by containers updating on restart
+func GetLastModified() *File {
+ lastModified.Lock()
+ defer lastModified.Unlock()
+
+ return &File{Content: lastModified.contents, Hash: lastModified.sha256}
+}
+
+// FilterResolvDNS cleans up the config in resolvConf. It has two main jobs:
+// 1. It looks for localhost (127.*|::1) entries in the provided
+// resolv.conf, removing local nameserver entries, and, if the resulting
+// cleaned config has no defined nameservers left, adds default DNS entries
+// 2. Given the caller provides the enable/disable state of IPv6, the filter
+// code will remove all IPv6 nameservers if it is not enabled for containers
+//
+func FilterResolvDNS(resolvConf []byte, ipv6Enabled bool) (*File, error) {
+ cleanedResolvConf := localhostNSRegexp.ReplaceAll(resolvConf, []byte{})
+ // if IPv6 is not enabled, also clean out any IPv6 address nameserver
+ if !ipv6Enabled {
+ cleanedResolvConf = nsIPv6Regexp.ReplaceAll(cleanedResolvConf, []byte{})
+ }
+ // if the resulting resolvConf has no more nameservers defined, add appropriate
+ // default DNS servers for IPv4 and (optionally) IPv6
+ if len(GetNameservers(cleanedResolvConf, netutils.IP)) == 0 {
+ logrus.Infof("No non-localhost DNS nameservers are left in resolv.conf. Using default external servers : %v", defaultIPv4Dns)
+ dns := defaultIPv4Dns
+ if ipv6Enabled {
+ logrus.Infof("IPv6 enabled; Adding default IPv6 external servers : %v", defaultIPv6Dns)
+ dns = append(dns, defaultIPv6Dns...)
+ }
+ cleanedResolvConf = append(cleanedResolvConf, []byte("\n"+strings.Join(dns, "\n"))...)
+ }
+ hash, err := ioutils.HashData(bytes.NewReader(cleanedResolvConf))
+ if err != nil {
+ return nil, err
+ }
+ return &File{Content: cleanedResolvConf, Hash: hash}, nil
+}
+
+// getLines parses input into lines and strips away comments.
+func getLines(input []byte, commentMarker []byte) [][]byte {
+ lines := bytes.Split(input, []byte("\n"))
+ var output [][]byte
+ for _, currentLine := range lines {
+ var commentIndex = bytes.Index(currentLine, commentMarker)
+ if commentIndex == -1 {
+ output = append(output, currentLine)
+ } else {
+ output = append(output, currentLine[:commentIndex])
+ }
+ }
+ return output
+}
+
+// GetNameservers returns nameservers (if any) listed in /etc/resolv.conf
+func GetNameservers(resolvConf []byte, kind int) []string {
+ nameservers := []string{}
+ for _, line := range getLines(resolvConf, []byte("#")) {
+ var ns [][]byte
+ if kind == netutils.IP {
+ ns = nsRegexp.FindSubmatch(line)
+ } else if kind == netutils.IPv4 {
+ ns = nsIPv4Regexpmatch.FindSubmatch(line)
+ } else if kind == netutils.IPv6 {
+ ns = nsIPv6Regexpmatch.FindSubmatch(line)
+ }
+ if len(ns) > 0 {
+ nameservers = append(nameservers, string(ns[1]))
+ }
+ }
+ return nameservers
+}
+
+// GetNameserversAsCIDR returns nameservers (if any) listed in
+// /etc/resolv.conf as CIDR blocks (e.g., "1.2.3.4/32")
+// This function's output is intended for net.ParseCIDR
+func GetNameserversAsCIDR(resolvConf []byte) []string {
+ nameservers := []string{}
+ for _, nameserver := range GetNameservers(resolvConf, netutils.IP) {
+ nameservers = append(nameservers, nameserver+"/32")
+ }
+ return nameservers
+}
+
+// GetSearchDomains returns search domains (if any) listed in /etc/resolv.conf
+// If more than one search line is encountered, only the contents of the last
+// one is returned.
+func GetSearchDomains(resolvConf []byte) []string {
+ domains := []string{}
+ for _, line := range getLines(resolvConf, []byte("#")) {
+ match := searchRegexp.FindSubmatch(line)
+ if match == nil {
+ continue
+ }
+ domains = strings.Fields(string(match[1]))
+ }
+ return domains
+}
+
+// GetOptions returns options (if any) listed in /etc/resolv.conf
+// If more than one options line is encountered, only the contents of the last
+// one is returned.
+func GetOptions(resolvConf []byte) []string {
+ options := []string{}
+ for _, line := range getLines(resolvConf, []byte("#")) {
+ match := optionsRegexp.FindSubmatch(line)
+ if match == nil {
+ continue
+ }
+ options = strings.Fields(string(match[1]))
+ }
+ return options
+}
+
+// Build writes a configuration file to path containing a "nameserver" entry
+// for every element in dns, a "search" entry for every element in
+// dnsSearch, and an "options" entry for every element in dnsOptions.
+func Build(path string, dns, dnsSearch, dnsOptions []string) (*File, error) {
+ content := bytes.NewBuffer(nil)
+ if len(dnsSearch) > 0 {
+ if searchString := strings.Join(dnsSearch, " "); strings.Trim(searchString, " ") != "." {
+ if _, err := content.WriteString("search " + searchString + "\n"); err != nil {
+ return nil, err
+ }
+ }
+ }
+ for _, dns := range dns {
+ if _, err := content.WriteString("nameserver " + dns + "\n"); err != nil {
+ return nil, err
+ }
+ }
+ if len(dnsOptions) > 0 {
+ if optsString := strings.Join(dnsOptions, " "); strings.Trim(optsString, " ") != "" {
+ if _, err := content.WriteString("options " + optsString + "\n"); err != nil {
+ return nil, err
+ }
+ }
+ }
+
+ hash, err := ioutils.HashData(bytes.NewReader(content.Bytes()))
+ if err != nil {
+ return nil, err
+ }
+
+ return &File{Content: content.Bytes(), Hash: hash}, ioutil.WriteFile(path, content.Bytes(), 0644)
+}
diff --git a/vendor/github.com/docker/libnetwork/types/types.go b/vendor/github.com/docker/libnetwork/types/types.go
new file mode 100644
index 000000000..44ee563e6
--- /dev/null
+++ b/vendor/github.com/docker/libnetwork/types/types.go
@@ -0,0 +1,609 @@
+// Package types contains types that are common across libnetwork project
+package types
+
+import (
+ "bytes"
+ "fmt"
+ "net"
+ "strconv"
+ "strings"
+)
+
+// UUID represents a globally unique ID of various resources like network and endpoint
+type UUID string
+
+// TransportPort represent a local Layer 4 endpoint
+type TransportPort struct {
+ Proto Protocol
+ Port uint16
+}
+
+// Equal checks if this instance of Transportport is equal to the passed one
+func (t *TransportPort) Equal(o *TransportPort) bool {
+ if t == o {
+ return true
+ }
+
+ if o == nil {
+ return false
+ }
+
+ if t.Proto != o.Proto || t.Port != o.Port {
+ return false
+ }
+
+ return true
+}
+
+// GetCopy returns a copy of this TransportPort structure instance
+func (t *TransportPort) GetCopy() TransportPort {
+ return TransportPort{Proto: t.Proto, Port: t.Port}
+}
+
+// String returns the TransportPort structure in string form
+func (t *TransportPort) String() string {
+ return fmt.Sprintf("%s/%d", t.Proto.String(), t.Port)
+}
+
+// FromString reads the TransportPort structure from string
+func (t *TransportPort) FromString(s string) error {
+ ps := strings.Split(s, "/")
+ if len(ps) == 2 {
+ t.Proto = ParseProtocol(ps[0])
+ if p, err := strconv.ParseUint(ps[1], 10, 16); err == nil {
+ t.Port = uint16(p)
+ return nil
+ }
+ }
+ return BadRequestErrorf("invalid format for transport port: %s", s)
+}
+
+// PortBinding represent a port binding between the container and the host
+type PortBinding struct {
+ Proto Protocol
+ IP net.IP
+ Port uint16
+ HostIP net.IP
+ HostPort uint16
+ HostPortEnd uint16
+}
+
+// HostAddr returns the host side transport address
+func (p PortBinding) HostAddr() (net.Addr, error) {
+ switch p.Proto {
+ case UDP:
+ return &net.UDPAddr{IP: p.HostIP, Port: int(p.HostPort)}, nil
+ case TCP:
+ return &net.TCPAddr{IP: p.HostIP, Port: int(p.HostPort)}, nil
+ default:
+ return nil, ErrInvalidProtocolBinding(p.Proto.String())
+ }
+}
+
+// ContainerAddr returns the container side transport address
+func (p PortBinding) ContainerAddr() (net.Addr, error) {
+ switch p.Proto {
+ case UDP:
+ return &net.UDPAddr{IP: p.IP, Port: int(p.Port)}, nil
+ case TCP:
+ return &net.TCPAddr{IP: p.IP, Port: int(p.Port)}, nil
+ default:
+ return nil, ErrInvalidProtocolBinding(p.Proto.String())
+ }
+}
+
+// GetCopy returns a copy of this PortBinding structure instance
+func (p *PortBinding) GetCopy() PortBinding {
+ return PortBinding{
+ Proto: p.Proto,
+ IP: GetIPCopy(p.IP),
+ Port: p.Port,
+ HostIP: GetIPCopy(p.HostIP),
+ HostPort: p.HostPort,
+ HostPortEnd: p.HostPortEnd,
+ }
+}
+
+// String return the PortBinding structure in string form
+func (p *PortBinding) String() string {
+ ret := fmt.Sprintf("%s/", p.Proto)
+ if p.IP != nil {
+ ret = fmt.Sprintf("%s%s", ret, p.IP.String())
+ }
+ ret = fmt.Sprintf("%s:%d/", ret, p.Port)
+ if p.HostIP != nil {
+ ret = fmt.Sprintf("%s%s", ret, p.HostIP.String())
+ }
+ ret = fmt.Sprintf("%s:%d", ret, p.HostPort)
+ return ret
+}
+
+// FromString reads the TransportPort structure from string
+func (p *PortBinding) FromString(s string) error {
+ ps := strings.Split(s, "/")
+ if len(ps) != 3 {
+ return BadRequestErrorf("invalid format for port binding: %s", s)
+ }
+
+ p.Proto = ParseProtocol(ps[0])
+
+ var err error
+ if p.IP, p.Port, err = parseIPPort(ps[1]); err != nil {
+ return BadRequestErrorf("failed to parse Container IP/Port in port binding: %s", err.Error())
+ }
+
+ if p.HostIP, p.HostPort, err = parseIPPort(ps[2]); err != nil {
+ return BadRequestErrorf("failed to parse Host IP/Port in port binding: %s", err.Error())
+ }
+
+ return nil
+}
+
+func parseIPPort(s string) (net.IP, uint16, error) {
+ pp := strings.Split(s, ":")
+ if len(pp) != 2 {
+ return nil, 0, BadRequestErrorf("invalid format: %s", s)
+ }
+
+ var ip net.IP
+ if pp[0] != "" {
+ if ip = net.ParseIP(pp[0]); ip == nil {
+ return nil, 0, BadRequestErrorf("invalid ip: %s", pp[0])
+ }
+ }
+
+ port, err := strconv.ParseUint(pp[1], 10, 16)
+ if err != nil {
+ return nil, 0, BadRequestErrorf("invalid port: %s", pp[1])
+ }
+
+ return ip, uint16(port), nil
+}
+
+// Equal checks if this instance of PortBinding is equal to the passed one
+func (p *PortBinding) Equal(o *PortBinding) bool {
+ if p == o {
+ return true
+ }
+
+ if o == nil {
+ return false
+ }
+
+ if p.Proto != o.Proto || p.Port != o.Port ||
+ p.HostPort != o.HostPort || p.HostPortEnd != o.HostPortEnd {
+ return false
+ }
+
+ if p.IP != nil {
+ if !p.IP.Equal(o.IP) {
+ return false
+ }
+ } else {
+ if o.IP != nil {
+ return false
+ }
+ }
+
+ if p.HostIP != nil {
+ if !p.HostIP.Equal(o.HostIP) {
+ return false
+ }
+ } else {
+ if o.HostIP != nil {
+ return false
+ }
+ }
+
+ return true
+}
+
+// ErrInvalidProtocolBinding is returned when the port binding protocol is not valid.
+type ErrInvalidProtocolBinding string
+
+func (ipb ErrInvalidProtocolBinding) Error() string {
+ return fmt.Sprintf("invalid transport protocol: %s", string(ipb))
+}
+
+const (
+ // ICMP is for the ICMP ip protocol
+ ICMP = 1
+ // TCP is for the TCP ip protocol
+ TCP = 6
+ // UDP is for the UDP ip protocol
+ UDP = 17
+)
+
+// Protocol represents a IP protocol number
+type Protocol uint8
+
+func (p Protocol) String() string {
+ switch p {
+ case ICMP:
+ return "icmp"
+ case TCP:
+ return "tcp"
+ case UDP:
+ return "udp"
+ default:
+ return fmt.Sprintf("%d", p)
+ }
+}
+
+// ParseProtocol returns the respective Protocol type for the passed string
+func ParseProtocol(s string) Protocol {
+ switch strings.ToLower(s) {
+ case "icmp":
+ return ICMP
+ case "udp":
+ return UDP
+ case "tcp":
+ return TCP
+ default:
+ return 0
+ }
+}
+
+// GetMacCopy returns a copy of the passed MAC address
+func GetMacCopy(from net.HardwareAddr) net.HardwareAddr {
+ if from == nil {
+ return nil
+ }
+ to := make(net.HardwareAddr, len(from))
+ copy(to, from)
+ return to
+}
+
+// GetIPCopy returns a copy of the passed IP address
+func GetIPCopy(from net.IP) net.IP {
+ if from == nil {
+ return nil
+ }
+ to := make(net.IP, len(from))
+ copy(to, from)
+ return to
+}
+
+// GetIPNetCopy returns a copy of the passed IP Network
+func GetIPNetCopy(from *net.IPNet) *net.IPNet {
+ if from == nil {
+ return nil
+ }
+ bm := make(net.IPMask, len(from.Mask))
+ copy(bm, from.Mask)
+ return &net.IPNet{IP: GetIPCopy(from.IP), Mask: bm}
+}
+
+// GetIPNetCanonical returns the canonical form for the passed network
+func GetIPNetCanonical(nw *net.IPNet) *net.IPNet {
+ if nw == nil {
+ return nil
+ }
+ c := GetIPNetCopy(nw)
+ c.IP = c.IP.Mask(nw.Mask)
+ return c
+}
+
+// CompareIPNet returns equal if the two IP Networks are equal
+func CompareIPNet(a, b *net.IPNet) bool {
+ if a == b {
+ return true
+ }
+ if a == nil || b == nil {
+ return false
+ }
+ return a.IP.Equal(b.IP) && bytes.Equal(a.Mask, b.Mask)
+}
+
+// GetMinimalIP returns the address in its shortest form
+func GetMinimalIP(ip net.IP) net.IP {
+ if ip != nil && ip.To4() != nil {
+ return ip.To4()
+ }
+ return ip
+}
+
+// GetMinimalIPNet returns a copy of the passed IP Network with congruent ip and mask notation
+func GetMinimalIPNet(nw *net.IPNet) *net.IPNet {
+ if nw == nil {
+ return nil
+ }
+ if len(nw.IP) == 16 && nw.IP.To4() != nil {
+ m := nw.Mask
+ if len(m) == 16 {
+ m = m[12:16]
+ }
+ return &net.IPNet{IP: nw.IP.To4(), Mask: m}
+ }
+ return nw
+}
+
+var v4inV6MaskPrefix = []byte{0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff}
+
+// compareIPMask checks if the passed ip and mask are semantically compatible.
+// It returns the byte indexes for the address and mask so that caller can
+// do bitwise operations without modifying address representation.
+func compareIPMask(ip net.IP, mask net.IPMask) (is int, ms int, err error) {
+ // Find the effective starting of address and mask
+ if len(ip) == net.IPv6len && ip.To4() != nil {
+ is = 12
+ }
+ if len(ip[is:]) == net.IPv4len && len(mask) == net.IPv6len && bytes.Equal(mask[:12], v4inV6MaskPrefix) {
+ ms = 12
+ }
+ // Check if address and mask are semantically compatible
+ if len(ip[is:]) != len(mask[ms:]) {
+ err = fmt.Errorf("ip and mask are not compatible: (%#v, %#v)", ip, mask)
+ }
+ return
+}
+
+// GetHostPartIP returns the host portion of the ip address identified by the mask.
+// IP address representation is not modified. If address and mask are not compatible
+// an error is returned.
+func GetHostPartIP(ip net.IP, mask net.IPMask) (net.IP, error) {
+ // Find the effective starting of address and mask
+ is, ms, err := compareIPMask(ip, mask)
+ if err != nil {
+ return nil, fmt.Errorf("cannot compute host portion ip address because %s", err)
+ }
+
+ // Compute host portion
+ out := GetIPCopy(ip)
+ for i := 0; i < len(mask[ms:]); i++ {
+ out[is+i] &= ^mask[ms+i]
+ }
+
+ return out, nil
+}
+
+// GetBroadcastIP returns the broadcast ip address for the passed network (ip and mask).
+// IP address representation is not modified. If address and mask are not compatible
+// an error is returned.
+func GetBroadcastIP(ip net.IP, mask net.IPMask) (net.IP, error) {
+ // Find the effective starting of address and mask
+ is, ms, err := compareIPMask(ip, mask)
+ if err != nil {
+ return nil, fmt.Errorf("cannot compute broadcast ip address because %s", err)
+ }
+
+ // Compute broadcast address
+ out := GetIPCopy(ip)
+ for i := 0; i < len(mask[ms:]); i++ {
+ out[is+i] |= ^mask[ms+i]
+ }
+
+ return out, nil
+}
+
+// ParseCIDR returns the *net.IPNet represented by the passed CIDR notation
+func ParseCIDR(cidr string) (n *net.IPNet, e error) {
+ var i net.IP
+ if i, n, e = net.ParseCIDR(cidr); e == nil {
+ n.IP = i
+ }
+ return
+}
+
+const (
+ // NEXTHOP indicates a StaticRoute with an IP next hop.
+ NEXTHOP = iota
+
+ // CONNECTED indicates a StaticRoute with an interface for directly connected peers.
+ CONNECTED
+)
+
+// StaticRoute is a statically-provisioned IP route.
+type StaticRoute struct {
+ Destination *net.IPNet
+
+ RouteType int // NEXT_HOP or CONNECTED
+
+ // NextHop will be resolved by the kernel (i.e. as a loose hop).
+ NextHop net.IP
+}
+
+// GetCopy returns a copy of this StaticRoute structure
+func (r *StaticRoute) GetCopy() *StaticRoute {
+ d := GetIPNetCopy(r.Destination)
+ nh := GetIPCopy(r.NextHop)
+ return &StaticRoute{Destination: d,
+ RouteType: r.RouteType,
+ NextHop: nh,
+ }
+}
+
+// InterfaceStatistics represents the interface's statistics
+type InterfaceStatistics struct {
+ RxBytes uint64
+ RxPackets uint64
+ RxErrors uint64
+ RxDropped uint64
+ TxBytes uint64
+ TxPackets uint64
+ TxErrors uint64
+ TxDropped uint64
+}
+
+func (is *InterfaceStatistics) String() string {
+ return fmt.Sprintf("\nRxBytes: %d, RxPackets: %d, RxErrors: %d, RxDropped: %d, TxBytes: %d, TxPackets: %d, TxErrors: %d, TxDropped: %d",
+ is.RxBytes, is.RxPackets, is.RxErrors, is.RxDropped, is.TxBytes, is.TxPackets, is.TxErrors, is.TxDropped)
+}
+
+/******************************
+ * Well-known Error Interfaces
+ ******************************/
+
+// MaskableError is an interface for errors which can be ignored by caller
+type MaskableError interface {
+ // Maskable makes implementer into MaskableError type
+ Maskable()
+}
+
+// RetryError is an interface for errors which might get resolved through retry
+type RetryError interface {
+ // Retry makes implementer into RetryError type
+ Retry()
+}
+
+// BadRequestError is an interface for errors originated by a bad request
+type BadRequestError interface {
+ // BadRequest makes implementer into BadRequestError type
+ BadRequest()
+}
+
+// NotFoundError is an interface for errors raised because a needed resource is not available
+type NotFoundError interface {
+ // NotFound makes implementer into NotFoundError type
+ NotFound()
+}
+
+// ForbiddenError is an interface for errors which denote a valid request that cannot be honored
+type ForbiddenError interface {
+ // Forbidden makes implementer into ForbiddenError type
+ Forbidden()
+}
+
+// NoServiceError is an interface for errors returned when the required service is not available
+type NoServiceError interface {
+ // NoService makes implementer into NoServiceError type
+ NoService()
+}
+
+// TimeoutError is an interface for errors raised because of timeout
+type TimeoutError interface {
+ // Timeout makes implementer into TimeoutError type
+ Timeout()
+}
+
+// NotImplementedError is an interface for errors raised because of requested functionality is not yet implemented
+type NotImplementedError interface {
+ // NotImplemented makes implementer into NotImplementedError type
+ NotImplemented()
+}
+
+// InternalError is an interface for errors raised because of an internal error
+type InternalError interface {
+ // Internal makes implementer into InternalError type
+ Internal()
+}
+
+/******************************
+ * Well-known Error Formatters
+ ******************************/
+
+// BadRequestErrorf creates an instance of BadRequestError
+func BadRequestErrorf(format string, params ...interface{}) error {
+ return badRequest(fmt.Sprintf(format, params...))
+}
+
+// NotFoundErrorf creates an instance of NotFoundError
+func NotFoundErrorf(format string, params ...interface{}) error {
+ return notFound(fmt.Sprintf(format, params...))
+}
+
+// ForbiddenErrorf creates an instance of ForbiddenError
+func ForbiddenErrorf(format string, params ...interface{}) error {
+ return forbidden(fmt.Sprintf(format, params...))
+}
+
+// NoServiceErrorf creates an instance of NoServiceError
+func NoServiceErrorf(format string, params ...interface{}) error {
+ return noService(fmt.Sprintf(format, params...))
+}
+
+// NotImplementedErrorf creates an instance of NotImplementedError
+func NotImplementedErrorf(format string, params ...interface{}) error {
+ return notImpl(fmt.Sprintf(format, params...))
+}
+
+// TimeoutErrorf creates an instance of TimeoutError
+func TimeoutErrorf(format string, params ...interface{}) error {
+ return timeout(fmt.Sprintf(format, params...))
+}
+
+// InternalErrorf creates an instance of InternalError
+func InternalErrorf(format string, params ...interface{}) error {
+ return internal(fmt.Sprintf(format, params...))
+}
+
+// InternalMaskableErrorf creates an instance of InternalError and MaskableError
+func InternalMaskableErrorf(format string, params ...interface{}) error {
+ return maskInternal(fmt.Sprintf(format, params...))
+}
+
+// RetryErrorf creates an instance of RetryError
+func RetryErrorf(format string, params ...interface{}) error {
+ return retry(fmt.Sprintf(format, params...))
+}
+
+/***********************
+ * Internal Error Types
+ ***********************/
+type badRequest string
+
+func (br badRequest) Error() string {
+ return string(br)
+}
+func (br badRequest) BadRequest() {}
+
+type maskBadRequest string
+
+type notFound string
+
+func (nf notFound) Error() string {
+ return string(nf)
+}
+func (nf notFound) NotFound() {}
+
+type forbidden string
+
+func (frb forbidden) Error() string {
+ return string(frb)
+}
+func (frb forbidden) Forbidden() {}
+
+type noService string
+
+func (ns noService) Error() string {
+ return string(ns)
+}
+func (ns noService) NoService() {}
+
+type maskNoService string
+
+type timeout string
+
+func (to timeout) Error() string {
+ return string(to)
+}
+func (to timeout) Timeout() {}
+
+type notImpl string
+
+func (ni notImpl) Error() string {
+ return string(ni)
+}
+func (ni notImpl) NotImplemented() {}
+
+type internal string
+
+func (nt internal) Error() string {
+ return string(nt)
+}
+func (nt internal) Internal() {}
+
+type maskInternal string
+
+func (mnt maskInternal) Error() string {
+ return string(mnt)
+}
+func (mnt maskInternal) Internal() {}
+func (mnt maskInternal) Maskable() {}
+
+type retry string
+
+func (r retry) Error() string {
+ return string(r)
+}
+func (r retry) Retry() {}