Exemple #1
1
// sets IP4 addr on link removing any existing ones first
func setAddr4(link *netlink.Vxlan, ipn *net.IPNet) error {
	addrs, err := netlink.AddrList(link, syscall.AF_INET)
	if err != nil {
		return err
	}

	addr := netlink.Addr{ipn, ""}
	existing := false
	for _, old := range addrs {
		if old.IPNet.String() == addr.IPNet.String() {
			existing = true
			continue
		}
		if err = netlink.AddrDel(link, &old); err != nil {
			return fmt.Errorf("failed to delete IPv4 addr %s from %s", old.String(), link.Attrs().Name)
		}
	}

	if !existing {
		if err = netlink.AddrAdd(link, &addr); err != nil {
			return fmt.Errorf("failed to add IP address %s to %s: %s", ipn.String(), link.Attrs().Name, err)
		}
	}

	return nil
}
func IpAddrDel(cResp chan<- *Response, rawArgs *json.RawMessage, tag string) {
	args := &struct {
		Ifname string `json:"ifname"`
		IpCidr string `json:"ip"`
	}{}

	json.Unmarshal(*rawArgs, &args)

	iface, err := netlink.LinkByName(args.Ifname)
	if err != nil {
		cResp <- &Response{nil, tag, NewRTNetlinkError(err)}
		return
	}

	ip, err := netlink.ParseAddr(args.IpCidr)
	if err != nil {
		cResp <- &Response{nil, tag, NewRTNetlinkError(err)}
		return
	}

	if err := netlink.AddrDel(iface, ip); err != nil {
		cResp <- &Response{nil, tag, NewRTNetlinkError(err)}
		return
	}

	cResp <- &Response{true, tag, nil}
}
func setupVerifyAndReconcile(config *networkConfiguration, i *bridgeInterface) error {
	// Fetch a single IPv4 and a slice of IPv6 addresses from the bridge.
	addrv4, addrsv6, err := i.addresses()
	if err != nil {
		return err
	}

	// Verify that the bridge does have an IPv4 address.
	if addrv4.IPNet == nil {
		return &ErrNoIPAddr{}
	}

	// Verify that the bridge IPv4 address matches the requested configuration.
	if config.AddressIPv4 != nil && !addrv4.IP.Equal(config.AddressIPv4.IP) {
		return &IPv4AddrNoMatchError{IP: addrv4.IP, CfgIP: config.AddressIPv4.IP}
	}

	// Verify that one of the bridge IPv6 addresses matches the requested
	// configuration.
	if config.EnableIPv6 && !findIPv6Address(netlink.Addr{IPNet: bridgeIPv6}, addrsv6) {
		return (*IPv6AddrNoMatchError)(bridgeIPv6)
	}

	// Release any residual IPv6 address that might be there because of older daemon instances
	for _, addrv6 := range addrsv6 {
		if addrv6.IP.IsGlobalUnicast() && !types.CompareIPNet(addrv6.IPNet, i.bridgeIPv6) {
			if err := netlink.AddrDel(i.Link, &addrv6); err != nil {
				log.Warnf("Failed to remove residual IPv6 address %s from bridge: %v", addrv6.IPNet, err)
			}
		}
	}

	return nil
}
Exemple #4
0
func DetachContainer(ns netns.NsHandle, id, ifName string, cidrs []*net.IPNet) error {
	ipt, err := iptables.New()
	if err != nil {
		return err
	}

	return WithNetNSLinkUnsafe(ns, ifName, func(veth netlink.Link) error {
		existingAddrs, err := netlink.AddrList(veth, netlink.FAMILY_V4)
		if err != nil {
			return fmt.Errorf("failed to get IP address for %q: %v", veth.Attrs().Name, err)
		}
		for _, ipnet := range cidrs {
			if !contains(existingAddrs, ipnet) {
				continue
			}
			if err := netlink.AddrDel(veth, &netlink.Addr{IPNet: ipnet}); err != nil {
				return fmt.Errorf("failed to remove IP address from %q: %v", veth.Attrs().Name, err)
			}
		}
		addrs, err := netlink.AddrList(veth, netlink.FAMILY_V4)
		if err != nil {
			return fmt.Errorf("failed to get IP address for %q: %v", veth.Attrs().Name, err)
		}

		// Remove multicast ACCEPT rules for subnets we no longer have addresses in
		subnets := subnets(addrs)
		rules, err := ipt.List("filter", "INPUT")
		if err != nil {
			return err
		}
		for _, rule := range rules {
			ps := strings.Split(rule, " ")
			if len(ps) == 10 &&
				ps[0] == "-A" && ps[2] == "-s" && ps[4] == "-d" && ps[5] == "224.0.0.0/4" &&
				ps[6] == "-i" && ps[7] == ifName && ps[8] == "-j" && ps[9] == "ACCEPT" {

				if _, found := subnets[ps[3]]; !found {
					if err := ipt.Delete("filter", "INPUT", ps[2:]...); err != nil {
						return err
					}
				}
			}
		}

		if len(addrs) == 0 { // all addresses gone: remove the interface
			if err := ipt.Delete("filter", "INPUT", "-i", ifName, "-d", "224.0.0.0/4", "-j", "DROP"); err != nil {
				return err
			}
			if err := netlink.LinkDel(veth); err != nil {
				return err
			}
		}
		return nil
	})
}
// Flush all L3 addresses on link.
func flushAddresses(link netlink.Link) (err error) {
	addrs, err := netlink.AddrList(link, 0)
	if err != nil {
		return err
	}
	for _, addr := range addrs {
		if err = netlink.AddrDel(link, &addr); err != nil {
			return err
		}
	}
	return
}
Exemple #6
0
func DelIp(ip, iface string) error {
	link, err := netlink.LinkByName(iface)
	if err != nil {
		return err
	}

	addr, err := netlink.ParseAddr(ip)
	if err != nil {
		return err
	}

	return netlink.AddrDel(link, addr)
}
Exemple #7
0
func deleteBridgeAddr(br *netlink.Bridge, ipn *net.IPNet) error {
	addr := &netlink.Addr{IPNet: ipn, Label: ""}

	if err := netlink.LinkSetDown(br); err != nil {
		return fmt.Errorf("could not set down bridge %q: %v", br.Name, err)
	}

	if err := netlink.AddrDel(br, addr); err != nil {
		return fmt.Errorf("could not remove IP address from %q: %v", br.Name, err)
	}

	if err := netlink.LinkSetUp(br); err != nil {
		return fmt.Errorf("could not set up bridge %q: %v", br.Name, err)
	}

	return nil
}
func (plugin *kubenetNetworkPlugin) clearBridgeAddressesExcept(keep string) {
	bridge, err := netlink.LinkByName(BridgeName)
	if err != nil {
		return
	}

	addrs, err := netlink.AddrList(bridge, syscall.AF_INET)
	if err != nil {
		return
	}

	for _, addr := range addrs {
		if addr.IPNet.String() != keep {
			glog.V(5).Infof("Removing old address %s from %s", addr.IPNet.String(), BridgeName)
			netlink.AddrDel(bridge, &addr)
		}
	}
}
Exemple #9
0
// sets IP4 addr on link removing any existing ones first
func setAddr4(link *netlink.Vxlan, ipn *net.IPNet) error {
	addrs, err := netlink.AddrList(link, syscall.AF_INET)
	if err != nil {
		return err
	}

	for _, addr := range addrs {
		if err = netlink.AddrDel(link, &addr); err != nil {
			return fmt.Errorf("failed to delete IPv4 addr %s from %s", addr.String(), link.Attrs().Name)
		}
	}

	addr := netlink.Addr{IPNet: ipn, Label: ""}
	if err = netlink.AddrAdd(link, &addr); err != nil {
		return fmt.Errorf("failed to add IP address %s to %s: %s", ipn.String(), link.Attrs().Name, err)
	}

	return nil
}
Exemple #10
0
func DelVips(iface string) error {
	link, err := netlink.LinkByName(iface)
	if err != nil {
		return err
	}

	addrs, err := netlink.AddrList(link, netlink.FAMILY_V4)
	if err != nil {
		return err
	}

	for _, a := range addrs[1:] {
		if err := netlink.AddrDel(link, &a); err != nil {
			return err
		}
	}

	return nil
}
Exemple #11
0
/* Configure @iface with address @cidr. Deletes any existing addresses */
func SetAddr(iface string, cidr string) {
	if strings.Index(cidr, "/") == -1 {
		/* No scope given: assume full netmask */
		cidr = cidr + "/32"
	}
	addr, err := netlink.ParseAddr(cidr)
	if err != nil {
		log.Fatalf("failed to parse %s interface address %s: %s", iface, cidr, err)
	}
	link, err := netlink.LinkByName(iface)
	if err != nil {
		log.Fatalf("failed to look up interface %s: %s", iface, err)
	}

	addrs, err := netlink.AddrList(link, 0)
	if err != nil {
		log.Fatalf("failed to get %s interface addresses: %s", iface, err)
	}

	already_configured := false
	for _, old_addr := range addrs {
		/* Test if already configured, otherwise EEXISTS */
		if old_addr.Equal(*addr) {
			already_configured = true
		} else {
			log.Printf("removing %s from %s", old_addr.IPNet, iface)
			if err := netlink.AddrDel(link, &old_addr); err != nil {
				log.Fatalf("failed to remove address from %s: %s", iface, err)
			}
		}
	}

	log.Printf("configuring %s on %s", addr.IPNet, iface)
	if !already_configured {
		if err := netlink.AddrAdd(link, addr); err != nil {
			log.Fatalf("failed to add address to %s: %s", iface, err)
		}
	}
}
func setupBridgeIPv4(config *networkConfiguration, i *bridgeInterface) error {
	addrv4, _, err := i.addresses()
	if err != nil {
		return fmt.Errorf("failed to retrieve bridge interface addresses: %v", err)
	}

	if !types.CompareIPNet(addrv4.IPNet, config.AddressIPv4) {
		if addrv4.IPNet != nil {
			if err := netlink.AddrDel(i.Link, &addrv4); err != nil {
				return fmt.Errorf("failed to remove current ip address from bridge: %v", err)
			}
		}
		log.Debugf("Assigning address to bridge interface %s: %s", config.BridgeName, config.AddressIPv4)
		if err := netlink.AddrAdd(i.Link, &netlink.Addr{IPNet: config.AddressIPv4}); err != nil {
			return &IPv4AddrAddError{IP: config.AddressIPv4, Err: err}
		}
	}

	// Store bridge network and default gateway
	i.bridgeIPv4 = config.AddressIPv4
	i.gatewayIPv4 = config.AddressIPv4.IP

	return nil
}
Exemple #13
0
func destroyTunnel(dst net.IP) (net.IP, error) {
	// Determine the src and dst ips for the tunnel
	key := dst.String()
	tunnel := getTunnel(dst.String())
	if tunnel == nil {
		s := fmt.Sprintf("Failed to find tunnel to dst %s", dst)
		glog.Errorf(s)
		return nil, fmt.Errorf(s)
	}

	src := opts.src

	srcNet := netlink.NewIPNet(tunnel.Src)
	dstNet := netlink.NewIPNet(tunnel.Dst)

	glog.Infof("Destroying Tunnel: %v, %v", tunnel.Src, tunnel.Dst)

	for _, state := range getStates(tunnel.Reqid, src, dst, 0, 0, nil, nil) {
		// crate xfrm state rules
		err := netlink.XfrmStateDel(&state)
		if err != nil {
			glog.Errorf("Failed to delete state %v: %v", state, err)
		}
	}

	for _, policy := range getPolicies(tunnel.Reqid, src, dst, srcNet, dstNet) {
		// create xfrm policy rules
		err := netlink.XfrmPolicyDel(&policy)
		if err != nil {
			glog.Errorf("Failed to delete policy %v: %v", policy, err)
		}
	}

	index, err := getLinkIndex(src)
	if err != nil {
		glog.Errorf("Failed to get link for address: %v", err)
	} else {

		// del source route to tunnel ips device
		route := &netlink.Route{
			Scope:     netlink.SCOPE_LINK,
			Src:       tunnel.Src,
			Dst:       dstNet,
			LinkIndex: index,
		}
		err = netlink.RouteDel(route)
		if err != nil {
			glog.Errorf("Failed to delete route %v: %v", route, err)
		}
	}

	// del IP address to loopback device
	lo, err := netlink.LinkByName("lo")
	if err != nil {
		glog.Errorf("Failed to get loopback device: %v", err)
	} else {
		err = netlink.AddrDel(lo, &netlink.Addr{IPNet: srcNet})
		if err != nil {
			glog.Errorf("Failed to delete %v from loopback: %v", tunnel.Src, err)
		}
	}
	if tunnel.SrcPort != 0 {
		deleteEncapListener(getListener(key))
		releasePort(tunnel.SrcPort)
	}
	unreserveIP(tunnel.Src)
	unreserveIP(tunnel.Dst)
	removeTunnel(key)
	glog.Infof("Finished destroying tunnel: %v, %v", tunnel.Src, tunnel.Dst)
	return opts.external, nil
}
Exemple #14
0
func (t *BaseOperations) AddrDel(link netlink.Link, addr *netlink.Addr) error {
	return netlink.AddrDel(link, addr)
}
Exemple #15
0
func (l *link) AddrDel(addr net.IPNet) error {
	return netlink.AddrDel(l.Link, &netlink.Addr{IPNet: &addr})
}