diff options
| author | Paul Holzinger <pholzing@redhat.com> | 2021-08-26 12:10:08 +0200 |
|---|---|---|
| committer | Paul Holzinger <pholzing@redhat.com> | 2021-09-15 18:05:26 +0200 |
| commit | aa7bc4e37168e4cdb4469ba8b728d7f5157e46b5 (patch) | |
| tree | 44ec15dfff52a1b04134b24f597e418b9b87d96c /libpod/network/cni/network.go | |
| parent | c0cde378298bd8d5183155c8f62aae574be069eb (diff) | |
| download | podman-aa7bc4e37168e4cdb4469ba8b728d7f5157e46b5.tar.gz podman-aa7bc4e37168e4cdb4469ba8b728d7f5157e46b5.tar.bz2 podman-aa7bc4e37168e4cdb4469ba8b728d7f5157e46b5.zip | |
network create: validate the input subnet
Check that the given subnet does not conflict with existing ones (other
configs or host interfaces).
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Diffstat (limited to 'libpod/network/cni/network.go')
| -rw-r--r-- | libpod/network/cni/network.go | 24 |
1 files changed, 7 insertions, 17 deletions
diff --git a/libpod/network/cni/network.go b/libpod/network/cni/network.go index fde08a0c6..479f9e0eb 100644 --- a/libpod/network/cni/network.go +++ b/libpod/network/cni/network.go @@ -221,12 +221,7 @@ func getNetworkIDFromName(name string) string { } // getFreeIPv6NetworkSubnet returns a unused ipv4 subnet -func (n *cniNetwork) getFreeIPv4NetworkSubnet() (*types.Subnet, error) { - networks, err := n.getUsedSubnets() - if err != nil { - return nil, err - } - +func (n *cniNetwork) getFreeIPv4NetworkSubnet(usedNetworks []*net.IPNet) (*types.Subnet, error) { // the default podman network is 10.88.0.0/16 // start locking for free /24 networks network := &net.IPNet{ @@ -236,12 +231,13 @@ func (n *cniNetwork) getFreeIPv4NetworkSubnet() (*types.Subnet, error) { // TODO: make sure to not use public subnets for { - if intersectsConfig := util.NetworkIntersectsWithNetworks(network, networks); !intersectsConfig { + if intersectsConfig := util.NetworkIntersectsWithNetworks(network, usedNetworks); !intersectsConfig { logrus.Debugf("found free ipv4 network subnet %s", network.String()) return &types.Subnet{ Subnet: types.IPNet{IPNet: *network}, }, nil } + var err error network, err = util.NextSubnet(network) if err != nil { return nil, err @@ -250,12 +246,7 @@ func (n *cniNetwork) getFreeIPv4NetworkSubnet() (*types.Subnet, error) { } // getFreeIPv6NetworkSubnet returns a unused ipv6 subnet -func (n *cniNetwork) getFreeIPv6NetworkSubnet() (*types.Subnet, error) { - networks, err := n.getUsedSubnets() - if err != nil { - return nil, err - } - +func (n *cniNetwork) getFreeIPv6NetworkSubnet(usedNetworks []*net.IPNet) (*types.Subnet, error) { // FIXME: Is 10000 fine as limit? We should prevent an endless loop. for i := 0; i < 10000; i++ { // RFC4193: Choose the ipv6 subnet random and NOT sequentially. @@ -263,7 +254,7 @@ func (n *cniNetwork) getFreeIPv6NetworkSubnet() (*types.Subnet, error) { if err != nil { return nil, err } - if intersectsConfig := util.NetworkIntersectsWithNetworks(&network, networks); !intersectsConfig { + if intersectsConfig := util.NetworkIntersectsWithNetworks(&network, usedNetworks); !intersectsConfig { logrus.Debugf("found free ipv6 network subnet %s", network.String()) return &types.Subnet{ Subnet: types.IPNet{IPNet: network}, @@ -279,9 +270,8 @@ func (n *cniNetwork) getUsedSubnets() ([]*net.IPNet, error) { // first, load all used subnets from network configs subnets := make([]*net.IPNet, 0, len(n.networks)) for _, val := range n.networks { - for _, subnet := range val.libpodNet.Subnets { - // nolint:exportloopref - subnets = append(subnets, &subnet.Subnet.IPNet) + for i := range val.libpodNet.Subnets { + subnets = append(subnets, &val.libpodNet.Subnets[i].Subnet.IPNet) } } // second, load networks from the current system |