func main() {
	log.SetFlags(log.Lshortfile)

	iface, err := net.InterfaceByName("eth0")
	if err != nil {
		log.Fatal(err)
	}
	ip, ipNet, _ := net.ParseCIDR("192.168.122.128/24")
	if err := netlink.NetworkLinkAddIp(iface, ip, ipNet); err != nil {
		log.Fatal(err)
	}
	if err := netlink.AddDefaultGw("192.168.122.1", "eth0"); err != nil {
		log.Fatal(err)
	}
	if err := netlink.NetworkLinkUp(iface); err != nil {
		log.Fatal(err)
	}
	start := time.Now()
	arping.SetTimeout(100 * time.Millisecond)
	for {
		addr, t, err := arping.PingOverIface(net.ParseIP("192.168.122.1"), *iface)
		if err != nil {
			log.Println("ARP error:", err)
			continue
		}
		log.Printf("ARP success after %s: %v %v", time.Now().Sub(start), addr, t)
		return
	}
}
Beispiel #2
0
func (t *TapManager) NewTap(uid, gid int) (*Tap, error) {
	tap := &Tap{Name: "flynntap." + random.String(5), bridge: t.bridge}

	if err := createTap(tap.Name, uid, gid); err != nil {
		return nil, err
	}

	var err error
	tap.IP, err = t.bridge.alloc.RequestIP(t.bridge.ipNet, nil)
	if err != nil {
		tap.Close()
		return nil, err
	}

	iface, err := net.InterfaceByName(tap.Name)
	if err != nil {
		tap.Close()
		return nil, err
	}
	if err := netlink.NetworkLinkUp(iface); err != nil {
		tap.Close()
		return nil, err
	}
	if err := netlink.AddToBridge(iface, t.bridge.iface); err != nil {
		tap.Close()
		return nil, err
	}

	return tap, nil
}
Beispiel #3
0
func createBridge(name, network, natIface string) (*Bridge, error) {
	ipAddr, ipNet, err := net.ParseCIDR(network)
	if err != nil {
		return nil, err
	}
	if err := netlink.CreateBridge(name, true); err != nil {
		return nil, err
	}
	iface, err := net.InterfaceByName(name)
	if err != nil {
		return nil, err
	}
	if err := netlink.NetworkLinkAddIp(iface, ipAddr, ipNet); err != nil {
		return nil, err
	}
	if err := netlink.NetworkLinkUp(iface); err != nil {
		return nil, err
	}
	if err := ioutil.WriteFile("/proc/sys/net/ipv4/ip_forward", []byte("1\n"), 0644); err != nil {
		return nil, err
	}
	if err := setupIPTables(name, natIface); err != nil {
		return nil, err
	}
	return &Bridge{name, iface, ipAddr, ipNet}, nil
}
Beispiel #4
0
// attach a container network interface to an external network
func (v *veth) attach(n *configs.Network) (err error) {
	bridge, err := net.InterfaceByName(n.Bridge)
	if err != nil {
		return err
	}
	host, err := net.InterfaceByName(n.HostInterfaceName)
	if err != nil {
		return err
	}
	if err := netlink.AddToBridge(host, bridge); err != nil {
		return err
	}
	if err := netlink.NetworkSetMTU(host, n.Mtu); err != nil {
		return err
	}
	if n.HairpinMode {
		if err := netlink.SetHairpinMode(host, true); err != nil {
			return err
		}
	}
	if err := netlink.NetworkLinkUp(host); err != nil {
		return err
	}

	return nil
}
Beispiel #5
0
func InterfaceUp(name string) error {
	iface, err := net.InterfaceByName(name)
	if err != nil {
		return err
	}
	return netlink.NetworkLinkUp(iface)
}
Beispiel #6
0
func (l *loopback) initialize(config *network) error {
	iface, err := net.InterfaceByName("lo")
	if err != nil {
		return err
	}
	return netlink.NetworkLinkUp(iface)
}
Beispiel #7
0
// SetPeerLinkNetInNs configures peer link's IP network in network namespace specified by PID
func (veth *VethPair) SetPeerLinkNetInNs(nspid int, ip net.IP, network *net.IPNet, gw *net.IP) error {
	origNs, _ := NetNsHandle(os.Getpid())
	defer syscall.Close(int(origNs))
	defer system.Setns(origNs, syscall.CLONE_NEWNET)

	if err := SetNetNsToPid(nspid); err != nil {
		return fmt.Errorf("Setting network namespace failed: %s", err)
	}

	if err := netlink.NetworkLinkAddIp(veth.peerIfc, ip, network); err != nil {
		return fmt.Errorf("Unable to set IP: %s in pid: %d network namespace", ip.String(), nspid)
	}

	if err := netlink.NetworkLinkUp(veth.peerIfc); err != nil {
		return fmt.Errorf("Unable to bring %s interface UP: %s", veth.peerIfc.Name, nspid)
	}

	if gw != nil {
		if err := netlink.AddDefaultGw(gw.String(), veth.peerIfc.Name); err != nil {
			return fmt.Errorf("Unable to set Default gateway: %s in pid: %d network namespace", gw.String(), nspid)
		}
	}

	return nil
}
Beispiel #8
0
func (v *veth) initialize(config *network) error {
	peer := config.TempVethPeerName
	if peer == "" {
		return fmt.Errorf("peer is not specified")
	}
	child, err := net.InterfaceByName(peer)
	if err != nil {
		return err
	}
	if err := netlink.NetworkLinkDown(child); err != nil {
		return err
	}
	if err := netlink.NetworkChangeName(child, config.Name); err != nil {
		return err
	}
	// get the interface again after we changed the name as the index also changes.
	if child, err = net.InterfaceByName(config.Name); err != nil {
		return err
	}
	if config.MacAddress != "" {
		if err := netlink.NetworkSetMacAddress(child, config.MacAddress); err != nil {
			return err
		}
	}
	ip, ipNet, err := net.ParseCIDR(config.Address)
	if err != nil {
		return err
	}
	if err := netlink.NetworkLinkAddIp(child, ip, ipNet); err != nil {
		return err
	}
	if config.IPv6Address != "" {
		if ip, ipNet, err = net.ParseCIDR(config.IPv6Address); err != nil {
			return err
		}
		if err := netlink.NetworkLinkAddIp(child, ip, ipNet); err != nil {
			return err
		}
	}
	if err := netlink.NetworkSetMTU(child, config.Mtu); err != nil {
		return err
	}
	if err := netlink.NetworkLinkUp(child); err != nil {
		return err
	}
	if config.Gateway != "" {
		if err := netlink.AddDefaultGw(config.Gateway, config.Name); err != nil {
			return err
		}
	}
	if config.IPv6Gateway != "" {
		if err := netlink.AddDefaultGw(config.IPv6Gateway, config.Name); err != nil {
			return err
		}
	}
	return nil
}
Beispiel #9
0
// Setup networking
func setupNetworking(args *InitArgs) error {
	if args.Ip != "" {
		// eth0
		iface, err := net.InterfaceByName("eth0")
		if err != nil {
			return fmt.Errorf("Unable to set up networking: %v", err)
		}
		ip, ipNet, err := net.ParseCIDR(args.Ip)
		if err != nil {
			return fmt.Errorf("Unable to set up networking: %v", err)
		}
		if err := netlink.NetworkLinkAddIp(iface, ip, ipNet); err != nil {
			return fmt.Errorf("Unable to set up networking: %v", err)
		}
		if err := netlink.NetworkSetMTU(iface, args.Mtu); err != nil {
			return fmt.Errorf("Unable to set MTU: %v", err)
		}
		if err := netlink.NetworkLinkUp(iface); err != nil {
			return fmt.Errorf("Unable to set up networking: %v", err)
		}

		// loopback
		iface, err = net.InterfaceByName("lo")
		if err != nil {
			return fmt.Errorf("Unable to set up networking: %v", err)
		}
		if err := netlink.NetworkLinkUp(iface); err != nil {
			return fmt.Errorf("Unable to set up networking: %v", err)
		}
	}
	if args.Gateway != "" {
		gw := net.ParseIP(args.Gateway)
		if gw == nil {
			return fmt.Errorf("Unable to set up networking, %s is not a valid gateway IP", args.Gateway)
		}

		if err := netlink.AddDefaultGw(gw.String(), "eth0"); err != nil {
			return fmt.Errorf("Unable to set up networking: %v", err)
		}
	}

	return nil
}
Beispiel #10
0
func (v *veth) create(n *network, nspid int) (err error) {
	tmpName, err := v.generateTempPeerName()
	if err != nil {
		return err
	}
	n.TempVethPeerName = tmpName
	defer func() {
		if err != nil {
			netlink.NetworkLinkDel(n.HostInterfaceName)
			netlink.NetworkLinkDel(n.TempVethPeerName)
		}
	}()
	if n.Bridge == "" {
		return fmt.Errorf("bridge is not specified")
	}
	bridge, err := net.InterfaceByName(n.Bridge)
	if err != nil {
		return err
	}
	if err := netlink.NetworkCreateVethPair(n.HostInterfaceName, n.TempVethPeerName, n.TxQueueLen); err != nil {
		return err
	}
	host, err := net.InterfaceByName(n.HostInterfaceName)
	if err != nil {
		return err
	}
	if err := netlink.AddToBridge(host, bridge); err != nil {
		return err
	}
	if err := netlink.NetworkSetMTU(host, n.Mtu); err != nil {
		return err
	}
	if n.HairpinMode {
		if err := netlink.SetHairpinMode(host, true); err != nil {
			return err
		}
	}
	if err := netlink.NetworkLinkUp(host); err != nil {
		return err
	}
	child, err := net.InterfaceByName(n.TempVethPeerName)
	if err != nil {
		return err
	}
	return netlink.NetworkSetNsPid(child, nspid)
}
Beispiel #11
0
func createBridge(name, network, natIface string) (*Bridge, error) {
	ipAddr, ipNet, err := net.ParseCIDR(network)
	if err != nil {
		return nil, err
	}
	if err := netlink.CreateBridge(name, true); err != nil {
		return nil, err
	}
	iface, err := net.InterfaceByName(name)
	if err != nil {
		return nil, err
	}

	// We need to explicitly assign the MAC address to avoid it changing to a lower value
	// See: https://github.com/flynn/flynn/issues/223
	b := random.Bytes(5)
	mac := fmt.Sprintf("fe:%02x:%02x:%02x:%02x:%02x", b[0], b[1], b[2], b[3], b[4])
	if err := netlink.NetworkSetMacAddress(iface, mac); err != nil {
		return nil, err
	}

	if err := netlink.NetworkLinkAddIp(iface, ipAddr, ipNet); err != nil {
		return nil, err
	}
	if err := netlink.NetworkLinkUp(iface); err != nil {
		return nil, err
	}
	if err := ioutil.WriteFile("/proc/sys/net/ipv4/ip_forward", []byte("1\n"), 0644); err != nil {
		return nil, err
	}
	if err := setupIPTables(name, natIface); err != nil {
		return nil, err
	}

	bridge := &Bridge{
		name:   name,
		iface:  iface,
		ipAddr: ipAddr,
		ipNet:  ipNet,
		alloc:  ipallocator.New(),
	}
	bridge.alloc.RequestIP(ipNet, ipAddr)
	return bridge, nil
}
Beispiel #12
0
// SetLinkUp brings the link up.
// It is equivalent of running: ip link set dev ${interface name} up
func (l *Link) SetLinkUp() error {
	return netlink.NetworkLinkUp(l.NetInterface())
}
Beispiel #13
0
// configureBridge attempts to create and configure a network bridge interface named `bridgeIface` on the host
// If bridgeIP is empty, it will try to find a non-conflicting IP from the Docker-specified private ranges
// If the bridge `bridgeIface` already exists, it will only perform the IP address association with the existing
// bridge (fixes issue #8444)
// If an address which doesn't conflict with existing interfaces can't be found, an error is returned.
func configureBridge(bridgeIP string) error {
	nameservers := []string{}
	resolvConf, _ := resolvconf.Get()
	// we don't check for an error here, because we don't really care
	// if we can't read /etc/resolv.conf. So instead we skip the append
	// if resolvConf is nil. It either doesn't exist, or we can't read it
	// for some reason.
	if resolvConf != nil {
		nameservers = append(nameservers, resolvconf.GetNameserversAsCIDR(resolvConf)...)
	}

	var ifaceAddr string
	if len(bridgeIP) != 0 {
		_, _, err := net.ParseCIDR(bridgeIP)
		if err != nil {
			return err
		}
		ifaceAddr = bridgeIP
	} else {
		for _, addr := range addrs {
			_, dockerNetwork, err := net.ParseCIDR(addr)
			if err != nil {
				return err
			}
			if err := networkdriver.CheckNameserverOverlaps(nameservers, dockerNetwork); err == nil {
				if err := networkdriver.CheckRouteOverlaps(dockerNetwork); err == nil {
					ifaceAddr = addr
					break
				} else {
					log.Debugf("%s %s", addr, err)
				}
			}
		}
	}

	if ifaceAddr == "" {
		return fmt.Errorf("Could not find a free IP address range for interface '%s'. Please configure its address manually and run 'docker -b %s'", bridgeIface, bridgeIface)
	}
	log.Debugf("Creating bridge %s with network %s", bridgeIface, ifaceAddr)

	if err := createBridgeIface(bridgeIface); err != nil {
		// the bridge may already exist, therefore we can ignore an "exists" error
		if !os.IsExist(err) {
			return err
		}
	}

	iface, err := net.InterfaceByName(bridgeIface)
	if err != nil {
		return err
	}

	ipAddr, ipNet, err := net.ParseCIDR(ifaceAddr)
	if err != nil {
		return err
	}

	if netlink.NetworkLinkAddIp(iface, ipAddr, ipNet); err != nil {
		return fmt.Errorf("Unable to add private network: %s", err)
	}
	if err := netlink.NetworkLinkUp(iface); err != nil {
		return fmt.Errorf("Unable to start network bridge: %s", err)
	}
	return nil
}
// ConfigureNetworking is called once during host startup and sets up the local
// bridge and forwarding rules for containers.
func (l *LibcontainerBackend) ConfigureNetworking(config *host.NetworkConfig) error {
	log := l.logger.New("fn", "ConfigureNetworking")
	var err error
	l.bridgeAddr, l.bridgeNet, err = net.ParseCIDR(config.Subnet)
	if err != nil {
		return err
	}
	l.ipalloc.RequestIP(l.bridgeNet, l.bridgeAddr)

	err = netlink.CreateBridge(l.bridgeName, false)
	bridgeExists := os.IsExist(err)
	if err != nil && !bridgeExists {
		return err
	}

	bridge, err := net.InterfaceByName(l.bridgeName)
	if err != nil {
		return err
	}
	if !bridgeExists {
		// We need to explicitly assign the MAC address to avoid it changing to a lower value
		// See: https://github.com/flynn/flynn/issues/223
		b := random.Bytes(5)
		bridgeMAC := fmt.Sprintf("fe:%02x:%02x:%02x:%02x:%02x", b[0], b[1], b[2], b[3], b[4])
		if err := netlink.NetworkSetMacAddress(bridge, bridgeMAC); err != nil {
			return err
		}
	}
	currAddrs, err := bridge.Addrs()
	if err != nil {
		return err
	}
	setIP := true
	for _, addr := range currAddrs {
		ip, net, _ := net.ParseCIDR(addr.String())
		if ip.Equal(l.bridgeAddr) && net.String() == l.bridgeNet.String() {
			setIP = false
		} else {
			if err := netlink.NetworkLinkDelIp(bridge, ip, net); err != nil {
				return err
			}
		}
	}
	if setIP {
		if err := netlink.NetworkLinkAddIp(bridge, l.bridgeAddr, l.bridgeNet); err != nil {
			return err
		}
	}
	if err := netlink.NetworkLinkUp(bridge); err != nil {
		return err
	}

	// enable IP forwarding
	if err := ioutil.WriteFile("/proc/sys/net/ipv4/ip_forward", []byte("1\n"), 0644); err != nil {
		return err
	}

	// Set up iptables for outbound traffic masquerading from containers to the
	// rest of the network.
	if err := iptables.EnableOutboundNAT(l.bridgeName, l.bridgeNet.String()); err != nil {
		return err
	}

	// Read DNS config, discoverd uses the nameservers
	dnsConf, err := dns.ClientConfigFromFile("/etc/resolv.conf")
	if err != nil {
		return err
	}
	config.Resolvers = dnsConf.Servers

	// Write a resolv.conf to be bind-mounted into containers pointing at the
	// future discoverd DNS listener
	if err := os.MkdirAll("/etc/flynn", 0755); err != nil {
		return err
	}
	var resolvSearch string
	if len(dnsConf.Search) > 0 {
		resolvSearch = fmt.Sprintf("search %s\n", strings.Join(dnsConf.Search, " "))
	}
	if err := ioutil.WriteFile("/etc/flynn/resolv.conf", []byte(fmt.Sprintf("%snameserver %s\n", resolvSearch, l.bridgeAddr.String())), 0644); err != nil {
		return err
	}
	l.resolvConf = "/etc/flynn/resolv.conf"

	// Allocate IPs for running jobs
	l.containersMtx.Lock()
	defer l.containersMtx.Unlock()
	for _, container := range l.containers {
		if !container.job.Config.HostNetwork {
			if _, err := l.ipalloc.RequestIP(l.bridgeNet, container.IP); err != nil {
				log.Error("error requesting ip", "job.id", container.job.ID, "err", err)
			}
		}
	}

	close(l.networkConfigured)

	return nil
}
Beispiel #15
0
func (Link) SetUp(intf *net.Interface) error {
	netlinkMu.Lock()
	defer netlinkMu.Unlock()

	return errF(netlink.NetworkLinkUp(intf))
}
Beispiel #16
0
// setLinkOptions validates and sets link's various options passed in as LinkOptions.
func setLinkOptions(ifc *net.Interface, opts LinkOptions) error {
	macaddr, mtu, flags, ns := opts.MacAddr, opts.MTU, opts.Flags, opts.Ns

	// if MTU is passed in LinkOptions
	if mtu != 0 {
		if err := validMtu(mtu); err != nil {
			return err
		}

		if err := netlink.NetworkSetMTU(ifc, mtu); err != nil {
			return fmt.Errorf("Unable to set MTU: %s", err)
		}
	}

	// if MacAddress is passed in LinkOptions
	if macaddr != "" {
		if err := validMacAddress(macaddr); err != nil {
			return err
		}

		if err := netlink.NetworkSetMacAddress(ifc, macaddr); err != nil {
			return fmt.Errorf("Unable to set MAC Address: %s", err)
		}
	}

	// if ns is passed in LinkOptions
	if ns != 0 {
		if err := validNs(ns); err != nil {
			return err
		}

		if err := netlink.NetworkSetNsPid(ifc, ns); err != nil {
			return fmt.Errorf("Unable to set Network namespace: %s", err)
		}
	}

	// if flags is passed in LinkOptions
	if flags != 0 {
		if err := validFlags(flags); err != nil {
			return err
		}

		if ns != 0 && (ns != 1 || ns != os.Getpid()) {
			if (flags & syscall.IFF_UP) == syscall.IFF_UP {
				origNs, _ := NetNsHandle(os.Getpid())
				defer syscall.Close(int(origNs))
				defer system.Setns(origNs, syscall.CLONE_NEWNET)

				if err := SetNetNsToPid(ns); err != nil {
					return fmt.Errorf("Switching to %d network namespace failed: %s", ns, err)
				}

				if err := netlink.NetworkLinkUp(ifc); err != nil {
					return fmt.Errorf("Unable to bring %s interface UP: %s", ifc.Name, ns)
				}
			}
		} else {
			if err := netlink.NetworkLinkUp(ifc); err != nil {
				return fmt.Errorf("Could not bring up network link %s: %s", ifc.Name, err)
			}
		}
	}

	return nil
}
Beispiel #17
0
// SetPeerLinkUp sets peer link up
func (veth *VethPair) SetPeerLinkUp() error {
	return netlink.NetworkLinkUp(veth.peerIfc)
}