summaryrefslogtreecommitdiff
path: root/pkg
diff options
context:
space:
mode:
authorOpenShift Merge Robot <openshift-merge-robot@users.noreply.github.com>2019-09-09 19:44:57 +0200
committerGitHub <noreply@github.com>2019-09-09 19:44:57 +0200
commit7042a3d7a539bae79ed63bdc87f432b8ec73afd8 (patch)
tree6f229373f5e436663c8908d0f2409fdbac2f6a2a /pkg
parent511b0717454e0619d9d7d201cb10a41201cebef2 (diff)
parentee432cf2792c5dbe81953007f1fd5c87beb3ebd5 (diff)
downloadpodman-7042a3d7a539bae79ed63bdc87f432b8ec73afd8.tar.gz
podman-7042a3d7a539bae79ed63bdc87f432b8ec73afd8.tar.bz2
podman-7042a3d7a539bae79ed63bdc87f432b8ec73afd8.zip
Merge pull request #3862 from baude/networkcreate
podman network create
Diffstat (limited to 'pkg')
-rw-r--r--pkg/adapter/network.go135
-rw-r--r--pkg/network/config.go99
-rw-r--r--pkg/network/devices.go41
-rw-r--r--pkg/network/files.go107
-rw-r--r--pkg/network/ip.go14
-rw-r--r--pkg/network/netconflist.go113
-rw-r--r--pkg/network/network.go146
-rw-r--r--pkg/network/network_test.go34
-rw-r--r--pkg/network/subnet.go78
-rw-r--r--pkg/network/subnet_test.go34
10 files changed, 750 insertions, 51 deletions
diff --git a/pkg/adapter/network.go b/pkg/adapter/network.go
index cf3a1dfdd..e4a160767 100644
--- a/pkg/adapter/network.go
+++ b/pkg/adapter/network.go
@@ -5,12 +5,13 @@ package adapter
import (
"encoding/json"
"fmt"
+ "github.com/containers/libpod/pkg/util"
"io/ioutil"
"os"
- "strings"
+ "path/filepath"
"text/tabwriter"
- "github.com/containernetworking/cni/libcni"
+ cniversion "github.com/containernetworking/cni/pkg/version"
"github.com/containers/libpod/cmd/podman/cliconfig"
"github.com/containers/libpod/pkg/network"
"github.com/pkg/errors"
@@ -51,7 +52,7 @@ func (r *LocalRuntime) NetworkList(cli *cliconfig.NetworkListValues) error {
return err
}
for _, cniNetwork := range networks {
- if _, err := fmt.Fprintf(w, "%s\t%s\t%s\n", cniNetwork.Name, cniNetwork.CNIVersion, getCNIPlugins(cniNetwork)); err != nil {
+ if _, err := fmt.Fprintf(w, "%s\t%s\t%s\n", cniNetwork.Name, cniNetwork.CNIVersion, network.GetCNIPlugins(cniNetwork)); err != nil {
return err
}
}
@@ -64,12 +65,8 @@ func (r *LocalRuntime) NetworkInspect(cli *cliconfig.NetworkInspectValues) error
var (
rawCNINetworks []map[string]interface{}
)
- cniConfigPath, err := getCNIConfDir(r)
- if err != nil {
- return err
- }
for _, name := range cli.InputArgs {
- b, err := readRawCNIConfByName(name, cniConfigPath)
+ b, err := network.ReadRawCNIConfByName(name)
if err != nil {
return err
}
@@ -89,12 +86,8 @@ func (r *LocalRuntime) NetworkInspect(cli *cliconfig.NetworkInspectValues) error
// NetworkRemove deletes one or more CNI networks
func (r *LocalRuntime) NetworkRemove(cli *cliconfig.NetworkRmValues) error {
- cniConfigPath, err := getCNIConfDir(r)
- if err != nil {
- return err
- }
for _, name := range cli.InputArgs {
- cniPath, err := getCNIConfigPathByName(name, cniConfigPath)
+ cniPath, err := network.GetCNIConfigPathByName(name)
if err != nil {
return err
}
@@ -106,42 +99,108 @@ func (r *LocalRuntime) NetworkRemove(cli *cliconfig.NetworkRmValues) error {
return nil
}
-// getCNIConfigPathByName finds a CNI network by name and
-// returns its configuration file path
-func getCNIConfigPathByName(name, cniConfigPath string) (string, error) {
- files, err := libcni.ConfFiles(cniConfigPath, []string{".conflist"})
+// NetworkCreate creates a CNI network
+func (r *LocalRuntime) NetworkCreate(cli *cliconfig.NetworkCreateValues) (string, error) {
+ var (
+ err error
+ )
+
+ isGateway := true
+ ipMasq := true
+ subnet := &cli.Network
+ ipRange := cli.IPRange
+
+ // if range is provided, make sure it is "in" network
+ if cli.IsSet("subnet") {
+ // if network is provided, does it conflict with existing CNI or live networks
+ err = network.ValidateUserNetworkIsAvailable(subnet)
+ } else {
+ // if no network is provided, figure out network
+ subnet, err = network.GetFreeNetwork()
+ }
if err != nil {
return "", err
}
- for _, confFile := range files {
- conf, err := libcni.ConfListFromFile(confFile)
+
+ gateway := cli.Gateway
+ if gateway == nil {
+ // if no gateway is provided, provide it as first ip of network
+ gateway = network.CalcGatewayIP(subnet)
+ }
+ // if network is provided and if gateway is provided, make sure it is "in" network
+ if cli.IsSet("subnet") && cli.IsSet("gateway") {
+ if !subnet.Contains(gateway) {
+ return "", errors.Errorf("gateway %s is not in valid for subnet %s", gateway.String(), subnet.String())
+ }
+ }
+ if cli.Internal {
+ isGateway = false
+ ipMasq = false
+ }
+
+ // if a range is given, we need to ensure it is "in" the network range.
+ if cli.IsSet("ip-range") {
+ if !cli.IsSet("subnet") {
+ return "", errors.New("you must define a subnet range to define an ip-range")
+ }
+ firstIP, err := network.FirstIPInSubnet(&cli.IPRange)
+ if err != nil {
+ return "", err
+ }
+ lastIP, err := network.LastIPInSubnet(&cli.IPRange)
if err != nil {
return "", err
}
- if conf.Name == name {
- return confFile, nil
+ if !subnet.Contains(firstIP) || !subnet.Contains(lastIP) {
+ return "", errors.Errorf("the ip range %s does not fall within the subnet range %s", cli.IPRange.String(), subnet.String())
+ }
+ }
+ bridgeDeviceName, err := network.GetFreeDeviceName()
+ if err != nil {
+ return "", err
+ }
+ // If no name is given, we give the name of the bridge device
+ name := bridgeDeviceName
+ if len(cli.InputArgs) > 0 {
+ name = cli.InputArgs[0]
+ netNames, err := network.GetNetworkNamesFromFileSystem()
+ if err != nil {
+ return "", err
+ }
+ if util.StringInSlice(name, netNames) {
+ return "", errors.Errorf("the network name %s is already used", name)
}
}
- return "", errors.Errorf("unable to find network configuration for %s", name)
-}
-// readRawCNIConfByName reads the raw CNI configuration for a CNI
-// network by name
-func readRawCNIConfByName(name, cniConfigPath string) ([]byte, error) {
- confFile, err := getCNIConfigPathByName(name, cniConfigPath)
+ ncList := network.NewNcList(name, cniversion.Current())
+ var plugins []network.CNIPlugins
+ var routes []network.IPAMRoute
+
+ defaultRoute, err := network.NewIPAMDefaultRoute()
if err != nil {
- return nil, err
+ return "", err
+ }
+ routes = append(routes, defaultRoute)
+ ipamConfig, err := network.NewIPAMHostLocalConf(subnet, routes, ipRange, gateway)
+ if err != nil {
+ return "", err
}
- b, err := ioutil.ReadFile(confFile)
- return b, err
-}
-// getCNIPlugins returns a list of plugins that a given network
-// has in the form of a string
-func getCNIPlugins(list *libcni.NetworkConfigList) string {
- var plugins []string
- for _, plug := range list.Plugins {
- plugins = append(plugins, plug.Network.Type)
+ // TODO need to iron out the role of isDefaultGW and IPMasq
+ bridge := network.NewHostLocalBridge(bridgeDeviceName, isGateway, false, ipMasq, ipamConfig)
+ plugins = append(plugins, bridge)
+ plugins = append(plugins, network.NewPortMapPlugin())
+ plugins = append(plugins, network.NewFirewallPlugin())
+ ncList["plugins"] = plugins
+ b, err := json.MarshalIndent(ncList, "", " ")
+ if err != nil {
+ return "", err
+ }
+ cniConfigPath, err := getCNIConfDir(r)
+ if err != nil {
+ return "", err
}
- return strings.Join(plugins, ",")
+ cniPathName := filepath.Join(cniConfigPath, fmt.Sprintf("%s.conflist", name))
+ err = ioutil.WriteFile(cniPathName, b, 0644)
+ return cniPathName, err
}
diff --git a/pkg/network/config.go b/pkg/network/config.go
index d282f66b6..7eaa83833 100644
--- a/pkg/network/config.go
+++ b/pkg/network/config.go
@@ -1,4 +1,99 @@
package network
-// CNIConfigDir is the path where CNI config files exist
-const CNIConfigDir = "/etc/cni/net.d"
+import (
+ "encoding/json"
+ "net"
+)
+
+// TODO once the libpod.conf file stuff is worked out, this should be modified
+// to honor defines in the libpod.conf as well as overrides?
+
+const (
+ // CNIConfigDir is the path where CNI config files exist
+ CNIConfigDir = "/etc/cni/net.d"
+ // CNIDeviceName is the default network device name and in
+ // reality should have an int appended to it (cni-podman4)
+ CNIDeviceName = "cni-podman"
+)
+
+// GetDefaultPodmanNetwork outputs the default network for podman
+func GetDefaultPodmanNetwork() (*net.IPNet, error) {
+ _, n, err := net.ParseCIDR("10.88.1.0/24")
+ return n, err
+}
+
+// CNIPlugins is a way of marshalling a CNI network configuration to disk
+type CNIPlugins interface {
+ Bytes() ([]byte, error)
+}
+
+// HostLocalBridge describes a configuration for a bridge plugin
+// https://github.com/containernetworking/plugins/tree/master/plugins/main/bridge#network-configuration-reference
+type HostLocalBridge struct {
+ PluginType string `json:"type"`
+ BrName string `json:"bridge,omitempty"`
+ IsGW bool `json:"isGateway"`
+ IsDefaultGW bool `json:"isDefaultGateway,omitempty"`
+ ForceAddress bool `json:"forceAddress,omitempty"`
+ IPMasq bool `json:"ipMasq,omitempty"`
+ MTU int `json:"mtu,omitempty"`
+ HairpinMode bool `json:"hairpinMode,omitempty"`
+ PromiscMode bool `json:"promiscMode,omitempty"`
+ Vlan int `json:"vlan,omitempty"`
+ IPAM IPAMHostLocalConf `json:"ipam"`
+}
+
+// Bytes outputs []byte
+func (h *HostLocalBridge) Bytes() ([]byte, error) {
+ return json.MarshalIndent(h, "", "\t")
+}
+
+// IPAMHostLocalConf describes an IPAM configuration
+// https://github.com/containernetworking/plugins/tree/master/plugins/ipam/host-local#network-configuration-reference
+type IPAMHostLocalConf struct {
+ PluginType string `json:"type"`
+ Routes []IPAMRoute `json:"routes,omitempty"`
+ ResolveConf string `json:"resolveConf,omitempty"`
+ DataDir string `json:"dataDir,omitempty"`
+ Ranges [][]IPAMLocalHostRangeConf `json:"ranges,omitempty"`
+}
+
+// IPAMLocalHostRangeConf describes the new style IPAM ranges
+type IPAMLocalHostRangeConf struct {
+ Subnet string `json:"subnet"`
+ RangeStart string `json:"rangeStart,omitempty"`
+ RangeEnd string `json:"rangeEnd,omitempty"`
+ Gateway string `json:"gateway,omitempty"`
+}
+
+// Bytes outputs the configuration as []byte
+func (i IPAMHostLocalConf) Bytes() ([]byte, error) {
+ return json.MarshalIndent(i, "", "\t")
+}
+
+// IPAMRoute describes a route in an ipam config
+type IPAMRoute struct {
+ Dest string `json:"dst"`
+}
+
+// PortMapConfig describes the default portmapping config
+type PortMapConfig struct {
+ PluginType string `json:"type"`
+ Capabilities map[string]bool `json:"capabilities"`
+}
+
+// Bytes outputs the configuration as []byte
+func (p PortMapConfig) Bytes() ([]byte, error) {
+ return json.MarshalIndent(p, "", "\t")
+}
+
+// FirewallConfig describes the firewall plugin
+type FirewallConfig struct {
+ PluginType string `json:"type"`
+ Backend string `json:"backend"`
+}
+
+// Bytes outputs the configuration as []byte
+func (f FirewallConfig) Bytes() ([]byte, error) {
+ return json.MarshalIndent(f, "", "\t")
+}
diff --git a/pkg/network/devices.go b/pkg/network/devices.go
new file mode 100644
index 000000000..26101b6f7
--- /dev/null
+++ b/pkg/network/devices.go
@@ -0,0 +1,41 @@
+package network
+
+import (
+ "fmt"
+ "github.com/containers/libpod/pkg/util"
+
+ "github.com/sirupsen/logrus"
+)
+
+// GetFreeDeviceName returns a device name that is unused; used when no network
+// name is provided by user
+func GetFreeDeviceName() (string, error) {
+ var (
+ deviceNum uint
+ deviceName string
+ )
+ networkNames, err := GetNetworkNamesFromFileSystem()
+ if err != nil {
+ return "", err
+ }
+ liveNetworksNames, err := GetLiveNetworkNames()
+ if err != nil {
+ return "", err
+ }
+ for {
+ deviceName = fmt.Sprintf("%s%d", CNIDeviceName, deviceNum)
+ logrus.Debugf("checking if device name %s exists in other cni networks", deviceName)
+ if util.StringInSlice(deviceName, networkNames) {
+ deviceNum++
+ continue
+ }
+ logrus.Debugf("checking if device name %s exists in live networks", deviceName)
+ if !util.StringInSlice(deviceName, liveNetworksNames) {
+ break
+ }
+ // TODO Still need to check the bridge names for a conflict but I dont know
+ // how to get them yet!
+ deviceNum++
+ }
+ return deviceName, nil
+}
diff --git a/pkg/network/files.go b/pkg/network/files.go
new file mode 100644
index 000000000..80fde5e17
--- /dev/null
+++ b/pkg/network/files.go
@@ -0,0 +1,107 @@
+package network
+
+import (
+ "encoding/json"
+ "io/ioutil"
+ "sort"
+ "strings"
+
+ "github.com/containernetworking/cni/libcni"
+ "github.com/containernetworking/plugins/plugins/ipam/host-local/backend/allocator"
+ "github.com/pkg/errors"
+)
+
+// LoadCNIConfsFromDir loads all the CNI configurations from a dir
+func LoadCNIConfsFromDir(dir string) ([]*libcni.NetworkConfigList, error) {
+ var configs []*libcni.NetworkConfigList
+ files, err := libcni.ConfFiles(dir, []string{".conflist"})
+ if err != nil {
+ return nil, err
+ }
+ sort.Strings(files)
+
+ for _, confFile := range files {
+ conf, err := libcni.ConfListFromFile(confFile)
+ if err != nil {
+ return nil, err
+ }
+ configs = append(configs, conf)
+ }
+ return configs, nil
+}
+
+// GetCNIConfigPathByName finds a CNI network by name and
+// returns its configuration file path
+func GetCNIConfigPathByName(name string) (string, error) {
+ files, err := libcni.ConfFiles(CNIConfigDir, []string{".conflist"})
+ if err != nil {
+ return "", err
+ }
+ for _, confFile := range files {
+ conf, err := libcni.ConfListFromFile(confFile)
+ if err != nil {
+ return "", err
+ }
+ if conf.Name == name {
+ return confFile, nil
+ }
+ }
+ return "", errors.Errorf("unable to find network configuration for %s", name)
+}
+
+// ReadRawCNIConfByName reads the raw CNI configuration for a CNI
+// network by name
+func ReadRawCNIConfByName(name string) ([]byte, error) {
+ confFile, err := GetCNIConfigPathByName(name)
+ if err != nil {
+ return nil, err
+ }
+ b, err := ioutil.ReadFile(confFile)
+ return b, err
+}
+
+// GetCNIPlugins returns a list of plugins that a given network
+// has in the form of a string
+func GetCNIPlugins(list *libcni.NetworkConfigList) string {
+ var plugins []string
+ for _, plug := range list.Plugins {
+ plugins = append(plugins, plug.Network.Type)
+ }
+ return strings.Join(plugins, ",")
+}
+
+// GetNetworksFromFilesystem gets all the networks from the cni configuration
+// files
+func GetNetworksFromFilesystem() ([]*allocator.Net, error) {
+ var cniNetworks []*allocator.Net
+ networks, err := LoadCNIConfsFromDir(CNIConfigDir)
+ if err != nil {
+ return nil, err
+ }
+ for _, n := range networks {
+ for _, cniplugin := range n.Plugins {
+ if cniplugin.Network.Type == "bridge" {
+ ipamConf := allocator.Net{}
+ if err := json.Unmarshal(cniplugin.Bytes, &ipamConf); err != nil {
+ return nil, err
+ }
+ cniNetworks = append(cniNetworks, &ipamConf)
+ }
+ }
+ }
+ return cniNetworks, nil
+}
+
+// GetNetworkNamesFromFileSystem gets all the names from the cni network
+// configuration files
+func GetNetworkNamesFromFileSystem() ([]string, error) {
+ var networkNames []string
+ networks, err := LoadCNIConfsFromDir(CNIConfigDir)
+ if err != nil {
+ return nil, err
+ }
+ for _, n := range networks {
+ networkNames = append(networkNames, n.Name)
+ }
+ return networkNames, nil
+}
diff --git a/pkg/network/ip.go b/pkg/network/ip.go
new file mode 100644
index 000000000..1798cd939
--- /dev/null
+++ b/pkg/network/ip.go
@@ -0,0 +1,14 @@
+package network
+
+import (
+ "net"
+
+ "github.com/containernetworking/plugins/pkg/ip"
+)
+
+// CalcGatewayIP takes a network and returns the first IP in it.
+func CalcGatewayIP(ipn *net.IPNet) net.IP {
+ // taken from cni bridge plugin as it is not exported
+ nid := ipn.IP.Mask(ipn.Mask)
+ return ip.NextIP(nid)
+}
diff --git a/pkg/network/netconflist.go b/pkg/network/netconflist.go
new file mode 100644
index 000000000..c3b11b409
--- /dev/null
+++ b/pkg/network/netconflist.go
@@ -0,0 +1,113 @@
+package network
+
+import (
+ "net"
+)
+
+// NcList describes a generic map
+type NcList map[string]interface{}
+
+// NewNcList creates a generic map of values with string
+// keys and adds in version and network name
+func NewNcList(name, version string) NcList {
+ n := NcList{}
+ n["cniVersion"] = version
+ n["name"] = name
+ return n
+}
+
+// NewHostLocalBridge creates a new LocalBridge for host-local
+func NewHostLocalBridge(name string, isGateWay, isDefaultGW, ipMasq bool, ipamConf IPAMHostLocalConf) *HostLocalBridge {
+ hostLocalBridge := HostLocalBridge{
+ PluginType: "bridge",
+ BrName: name,
+ IPMasq: ipMasq,
+ IPAM: ipamConf,
+ }
+ if isGateWay {
+ hostLocalBridge.IsGW = true
+ }
+ if isDefaultGW {
+ hostLocalBridge.IsDefaultGW = true
+ }
+ return &hostLocalBridge
+}
+
+// NewIPAMHostLocalConf creates a new IPAMHostLocal configfuration
+func NewIPAMHostLocalConf(subnet *net.IPNet, routes []IPAMRoute, ipRange net.IPNet, gw net.IP) (IPAMHostLocalConf, error) {
+ var ipamRanges [][]IPAMLocalHostRangeConf
+ ipamConf := IPAMHostLocalConf{
+ PluginType: "host-local",
+ Routes: routes,
+ // Possible future support ? Leaving for clues
+ //ResolveConf: "",
+ //DataDir: ""
+ }
+ IPAMRange, err := newIPAMLocalHostRange(subnet, &ipRange, &gw)
+ if err != nil {
+ return ipamConf, err
+ }
+ ipamRanges = append(ipamRanges, IPAMRange)
+ ipamConf.Ranges = ipamRanges
+ return ipamConf, nil
+}
+
+func newIPAMLocalHostRange(subnet *net.IPNet, ipRange *net.IPNet, gw *net.IP) ([]IPAMLocalHostRangeConf, error) { //nolint:interfacer
+ var ranges []IPAMLocalHostRangeConf
+ hostRange := IPAMLocalHostRangeConf{
+ Subnet: subnet.String(),
+ }
+ // an user provided a range, we add it here
+ if ipRange.IP != nil {
+ first, err := FirstIPInSubnet(ipRange)
+ if err != nil {
+ return nil, err
+ }
+ last, err := LastIPInSubnet(ipRange)
+ if err != nil {
+ return nil, err
+ }
+ hostRange.RangeStart = first.String()
+ hostRange.RangeEnd = last.String()
+ }
+ if gw != nil {
+ hostRange.Gateway = gw.String()
+ }
+ ranges = append(ranges, hostRange)
+ return ranges, nil
+}
+
+// NewIPAMRoute creates a new IPAM route configuration
+func NewIPAMRoute(r *net.IPNet) IPAMRoute { //nolint:interfacer
+ return IPAMRoute{Dest: r.String()}
+}
+
+// NewIPAMDefaultRoute creates a new IPAMDefault route of
+// 0.0.0.0/0
+func NewIPAMDefaultRoute() (IPAMRoute, error) {
+ _, n, err := net.ParseCIDR("0.0.0.0/0")
+ if err != nil {
+ return IPAMRoute{}, err
+ }
+ return NewIPAMRoute(n), nil
+}
+
+// NewPortMapPlugin creates a predefined, default portmapping
+// configuration
+func NewPortMapPlugin() PortMapConfig {
+ caps := make(map[string]bool)
+ caps["portMappings"] = true
+ p := PortMapConfig{
+ PluginType: "portmap",
+ Capabilities: caps,
+ }
+ return p
+}
+
+// NewFirewallPlugin creates a generic firewall plugin
+func NewFirewallPlugin() FirewallConfig {
+ return FirewallConfig{
+ PluginType: "firewall",
+ Backend: "iptables",
+ }
+}
diff --git a/pkg/network/network.go b/pkg/network/network.go
index 9d04340a3..b241a66c0 100644
--- a/pkg/network/network.go
+++ b/pkg/network/network.go
@@ -1,26 +1,150 @@
package network
import (
- "sort"
+ "github.com/containers/libpod/pkg/util"
+ "net"
- "github.com/containernetworking/cni/libcni"
+ "github.com/containernetworking/cni/pkg/types"
+ "github.com/containernetworking/plugins/plugins/ipam/host-local/backend/allocator"
+ "github.com/pkg/errors"
+ "github.com/sirupsen/logrus"
)
-// LoadCNIConfsFromDir loads all the CNI configurations from a dir
-func LoadCNIConfsFromDir(dir string) ([]*libcni.NetworkConfigList, error) {
- var configs []*libcni.NetworkConfigList
- files, err := libcni.ConfFiles(dir, []string{".conflist"})
+// SupportedNetworkDrivers describes the list of supported drivers
+var SupportedNetworkDrivers = []string{"bridge"}
+
+// IsSupportedDriver checks if the user provided driver is supported
+func IsSupportedDriver(driver string) error {
+ if util.StringInSlice(driver, SupportedNetworkDrivers) {
+ return nil
+ }
+ return errors.Errorf("driver '%s' is not supported", driver)
+}
+
+// GetLiveNetworks returns a slice of networks representing what the system
+// has defined as network interfaces
+func GetLiveNetworks() ([]*net.IPNet, error) {
+ var nets []*net.IPNet
+ addrs, err := net.InterfaceAddrs()
+ if err != nil {
+ return nil, err
+ }
+ for _, address := range addrs {
+ _, n, err := net.ParseCIDR(address.String())
+ if err != nil {
+ return nil, err
+ }
+ nets = append(nets, n)
+ }
+ return nets, nil
+}
+
+// GetLiveNetworkNames returns a list of network interfaces on the system
+func GetLiveNetworkNames() ([]string, error) {
+ var interfaceNames []string
+ liveInterfaces, err := net.Interfaces()
if err != nil {
return nil, err
}
- sort.Strings(files)
+ for _, i := range liveInterfaces {
+ interfaceNames = append(interfaceNames, i.Name)
+ }
+ return interfaceNames, nil
+}
- for _, confFile := range files {
- conf, err := libcni.ConfListFromFile(confFile)
+// GetFreeNetwork looks for a free network according to existing cni configuration
+// files and network interfaces.
+func GetFreeNetwork() (*net.IPNet, error) {
+ networks, err := GetNetworksFromFilesystem()
+ if err != nil {
+ return nil, err
+ }
+ liveNetworks, err := GetLiveNetworks()
+ if err != nil {
+ return nil, err
+ }
+ nextNetwork, err := GetDefaultPodmanNetwork()
+ if err != nil {
+ return nil, err
+ }
+ logrus.Debugf("default network is %s", nextNetwork.String())
+ for {
+ newNetwork, err := NextSubnet(nextNetwork)
if err != nil {
return nil, err
}
- configs = append(configs, conf)
+ logrus.Debugf("checking if network %s intersects with other cni networks", nextNetwork.String())
+ if intersectsConfig, _ := networkIntersectsWithNetworks(newNetwork, allocatorToIPNets(networks)); intersectsConfig {
+ logrus.Debugf("network %s is already being used by a cni configuration", nextNetwork.String())
+ nextNetwork = newNetwork
+ continue
+ }
+ logrus.Debugf("checking if network %s intersects with any network interfaces", nextNetwork.String())
+ if intersectsLive, _ := networkIntersectsWithNetworks(newNetwork, liveNetworks); !intersectsLive {
+ break
+ }
+ logrus.Debugf("network %s is being used by a network interface", nextNetwork.String())
+ nextNetwork = newNetwork
+ }
+ return nextNetwork, nil
+}
+
+func allocatorToIPNets(networks []*allocator.Net) []*net.IPNet {
+ var nets []*net.IPNet
+ for _, network := range networks {
+ if len(network.IPAM.Ranges) > 0 {
+ // this is the new IPAM range style
+ // append each subnet from ipam the rangeset
+ for _, r := range network.IPAM.Ranges[0] {
+ nets = append(nets, newIPNetFromSubnet(r.Subnet))
+ }
+ } else {
+ // looks like the old, deprecated style
+ nets = append(nets, newIPNetFromSubnet(network.IPAM.Subnet))
+ }
+ }
+ return nets
+}
+
+func newIPNetFromSubnet(subnet types.IPNet) *net.IPNet {
+ n := net.IPNet{
+ IP: subnet.IP,
+ Mask: subnet.Mask,
+ }
+ return &n
+}
+
+func networkIntersectsWithNetworks(n *net.IPNet, networklist []*net.IPNet) (bool, *net.IPNet) {
+ for _, nw := range networklist {
+ if networkIntersect(n, nw) {
+ return true, nw
+ }
+ }
+ return false, nil
+}
+
+func networkIntersect(n1, n2 *net.IPNet) bool {
+ return n2.Contains(n1.IP) || n1.Contains(n2.IP)
+}
+
+// ValidateUserNetworkIsAvailable returns via an error if a network is available
+// to be used
+func ValidateUserNetworkIsAvailable(userNet *net.IPNet) error {
+ networks, err := GetNetworksFromFilesystem()
+ if err != nil {
+ return err
+ }
+ liveNetworks, err := GetLiveNetworks()
+ if err != nil {
+ return err
+ }
+ logrus.Debugf("checking if network %s exists in cni networks", userNet.String())
+ if intersectsConfig, _ := networkIntersectsWithNetworks(userNet, allocatorToIPNets(networks)); intersectsConfig {
+ return errors.Errorf("network %s is already being used by a cni configuration", userNet.String())
+ }
+ logrus.Debugf("checking if network %s exists in any network interfaces", userNet.String())
+ if intersectsLive, _ := networkIntersectsWithNetworks(userNet, liveNetworks); intersectsLive {
+ return errors.Errorf("network %s is being used by a network interface", userNet.String())
}
- return configs, nil
+ return nil
}
diff --git a/pkg/network/network_test.go b/pkg/network/network_test.go
new file mode 100644
index 000000000..dbffc33ad
--- /dev/null
+++ b/pkg/network/network_test.go
@@ -0,0 +1,34 @@
+package network
+
+import (
+ "net"
+ "testing"
+)
+
+func parseCIDR(n string) *net.IPNet {
+ _, parsedNet, _ := net.ParseCIDR(n)
+ return parsedNet
+}
+
+func Test_networkIntersect(t *testing.T) {
+ type args struct {
+ n1 *net.IPNet
+ n2 *net.IPNet
+ }
+ tests := []struct {
+ name string
+ args args
+ want bool
+ }{
+ {"16 and 24 intersects", args{n1: parseCIDR("192.168.0.0/16"), n2: parseCIDR("192.168.1.0/24")}, true},
+ {"24 and 25 intersects", args{n1: parseCIDR("192.168.1.0/24"), n2: parseCIDR("192.168.1.0/25")}, true},
+ {"Two 24s", args{n1: parseCIDR("192.168.1.0/24"), n2: parseCIDR("192.168.2.0/24")}, false},
+ }
+ for _, tt := range tests {
+ t.Run(tt.name, func(t *testing.T) {
+ if got := networkIntersect(tt.args.n1, tt.args.n2); got != tt.want {
+ t.Errorf("networkIntersect() = %v, want %v", got, tt.want)
+ }
+ })
+ }
+}
diff --git a/pkg/network/subnet.go b/pkg/network/subnet.go
new file mode 100644
index 000000000..82ab9a8c8
--- /dev/null
+++ b/pkg/network/subnet.go
@@ -0,0 +1,78 @@
+package network
+
+/*
+ The code in this was kindly contributed by Dan Williams(dcbw@redhat.com). Many thanks
+ for his contributions.
+*/
+
+import (
+ "fmt"
+ "net"
+)
+
+func incByte(subnet *net.IPNet, idx int, shift uint) error {
+ if idx < 0 {
+ return fmt.Errorf("no more subnets left")
+ }
+ if subnet.IP[idx] == 255 {
+ subnet.IP[idx] = 0
+ return incByte(subnet, idx-1, 0)
+ }
+ subnet.IP[idx] += (1 << shift)
+ return nil
+}
+
+// NextSubnet returns subnet incremented by 1
+func NextSubnet(subnet *net.IPNet) (*net.IPNet, error) {
+ newSubnet := &net.IPNet{
+ IP: subnet.IP,
+ Mask: subnet.Mask,
+ }
+ ones, bits := newSubnet.Mask.Size()
+ if ones == 0 {
+ return nil, fmt.Errorf("%s has only one subnet", subnet.String())
+ }
+ zeroes := uint(bits - ones)
+ shift := zeroes % 8
+ idx := ones/8 - 1
+ if idx < 0 {
+ idx = 0
+ }
+ if err := incByte(newSubnet, idx, shift); err != nil {
+ return nil, err
+ }
+ return newSubnet, nil
+}
+
+// LastIPInSubnet gets the last IP in a subnet
+func LastIPInSubnet(addr *net.IPNet) (net.IP, error) { //nolint:interfacer
+ // re-parse to ensure clean network address
+ _, cidr, err := net.ParseCIDR(addr.String())
+ if err != nil {
+ return nil, err
+ }
+
+ ones, bits := cidr.Mask.Size()
+ if ones == bits {
+ return FirstIPInSubnet(cidr)
+ }
+ hostStart := ones / 8
+ // Handle the first host byte
+ cidr.IP[hostStart] |= (0xff & cidr.Mask[hostStart])
+ // Fill the rest with ones
+ for i := hostStart; i < len(cidr.IP); i++ {
+ cidr.IP[i] = 0xff
+ }
+ return cidr.IP, nil
+}
+
+// FirstIPInSubnet gets the first IP in a subnet
+func FirstIPInSubnet(addr *net.IPNet) (net.IP, error) { //nolint:interfacer
+ // re-parse to ensure clean network address
+ _, cidr, err := net.ParseCIDR(addr.String())
+ if err != nil {
+ return nil, err
+ }
+ cidr.IP[len(cidr.IP)-1]++
+ return cidr.IP, nil
+}
diff --git a/pkg/network/subnet_test.go b/pkg/network/subnet_test.go
new file mode 100644
index 000000000..6ecfd2d17
--- /dev/null
+++ b/pkg/network/subnet_test.go
@@ -0,0 +1,34 @@
+package network
+
+import (
+ "net"
+ "reflect"
+ "testing"
+)
+
+func TestNextSubnet(t *testing.T) {
+ type args struct {
+ subnet *net.IPNet
+ }
+ tests := []struct {
+ name string
+ args args
+ want *net.IPNet
+ wantErr bool
+ }{
+ {"class b", args{subnet: parseCIDR("192.168.0.0/16")}, parseCIDR("192.169.0.0/16"), false},
+ {"class c", args{subnet: parseCIDR("192.168.1.0/24")}, parseCIDR("192.168.2.0/24"), false},
+ }
+ for _, tt := range tests {
+ t.Run(tt.name, func(t *testing.T) {
+ got, err := NextSubnet(tt.args.subnet)
+ if (err != nil) != tt.wantErr {
+ t.Errorf("NextSubnet() error = %v, wantErr %v", err, tt.wantErr)
+ return
+ }
+ if !reflect.DeepEqual(got, tt.want) {
+ t.Errorf("NextSubnet() got = %v, want %v", got, tt.want)
+ }
+ })
+ }
+}