// sets IP4 addr on link removing any existing ones first
func setAddr4(link *netlink.Vxlan, ipn *net.IPNet) error {
addrs, err := netlink.AddrList(link, syscall.AF_INET)
if err != nil {
return err
}
addr := netlink.Addr{ipn, ""}
existing := false
for _, old := range addrs {
if old.IPNet.String() == addr.IPNet.String() {
existing = true
continue
}
if err = netlink.AddrDel(link, &old); err != nil {
return fmt.Errorf("failed to delete IPv4 addr %s from %s", old.String(), link.Attrs().Name)
}
}
if !existing {
if err = netlink.AddrAdd(link, &addr); err != nil {
return fmt.Errorf("failed to add IP address %s to %s: %s", ipn.String(), link.Attrs().Name, err)
}
}
return nil
}
func IpAddrDel(cResp chan<- *Response, rawArgs *json.RawMessage, tag string) {
args := &struct {
Ifname string `json:"ifname"`
IpCidr string `json:"ip"`
}{}
json.Unmarshal(*rawArgs, &args)
iface, err := netlink.LinkByName(args.Ifname)
if err != nil {
cResp <- &Response{nil, tag, NewRTNetlinkError(err)}
return
}
ip, err := netlink.ParseAddr(args.IpCidr)
if err != nil {
cResp <- &Response{nil, tag, NewRTNetlinkError(err)}
return
}
if err := netlink.AddrDel(iface, ip); err != nil {
cResp <- &Response{nil, tag, NewRTNetlinkError(err)}
return
}
cResp <- &Response{true, tag, nil}
}
func setupVerifyAndReconcile(config *networkConfiguration, i *bridgeInterface) error {
// Fetch a single IPv4 and a slice of IPv6 addresses from the bridge.
addrv4, addrsv6, err := i.addresses()
if err != nil {
return err
}
// Verify that the bridge does have an IPv4 address.
if addrv4.IPNet == nil {
return &ErrNoIPAddr{}
}
// Verify that the bridge IPv4 address matches the requested configuration.
if config.AddressIPv4 != nil && !addrv4.IP.Equal(config.AddressIPv4.IP) {
return &IPv4AddrNoMatchError{IP: addrv4.IP, CfgIP: config.AddressIPv4.IP}
}
// Verify that one of the bridge IPv6 addresses matches the requested
// configuration.
if config.EnableIPv6 && !findIPv6Address(netlink.Addr{IPNet: bridgeIPv6}, addrsv6) {
return (*IPv6AddrNoMatchError)(bridgeIPv6)
}
// Release any residual IPv6 address that might be there because of older daemon instances
for _, addrv6 := range addrsv6 {
if addrv6.IP.IsGlobalUnicast() && !types.CompareIPNet(addrv6.IPNet, i.bridgeIPv6) {
if err := netlink.AddrDel(i.Link, &addrv6); err != nil {
log.Warnf("Failed to remove residual IPv6 address %s from bridge: %v", addrv6.IPNet, err)
}
}
}
return nil
}
func DetachContainer(ns netns.NsHandle, id, ifName string, cidrs []*net.IPNet) error {
ipt, err := iptables.New()
if err != nil {
return err
}
return WithNetNSLinkUnsafe(ns, ifName, func(veth netlink.Link) error {
existingAddrs, err := netlink.AddrList(veth, netlink.FAMILY_V4)
if err != nil {
return fmt.Errorf("failed to get IP address for %q: %v", veth.Attrs().Name, err)
}
for _, ipnet := range cidrs {
if !contains(existingAddrs, ipnet) {
continue
}
if err := netlink.AddrDel(veth, &netlink.Addr{IPNet: ipnet}); err != nil {
return fmt.Errorf("failed to remove IP address from %q: %v", veth.Attrs().Name, err)
}
}
addrs, err := netlink.AddrList(veth, netlink.FAMILY_V4)
if err != nil {
return fmt.Errorf("failed to get IP address for %q: %v", veth.Attrs().Name, err)
}
// Remove multicast ACCEPT rules for subnets we no longer have addresses in
subnets := subnets(addrs)
rules, err := ipt.List("filter", "INPUT")
if err != nil {
return err
}
for _, rule := range rules {
ps := strings.Split(rule, " ")
if len(ps) == 10 &&
ps[0] == "-A" && ps[2] == "-s" && ps[4] == "-d" && ps[5] == "224.0.0.0/4" &&
ps[6] == "-i" && ps[7] == ifName && ps[8] == "-j" && ps[9] == "ACCEPT" {
if _, found := subnets[ps[3]]; !found {
if err := ipt.Delete("filter", "INPUT", ps[2:]...); err != nil {
return err
}
}
}
}
if len(addrs) == 0 { // all addresses gone: remove the interface
if err := ipt.Delete("filter", "INPUT", "-i", ifName, "-d", "224.0.0.0/4", "-j", "DROP"); err != nil {
return err
}
if err := netlink.LinkDel(veth); err != nil {
return err
}
}
return nil
})
}
// Flush all L3 addresses on link.
func flushAddresses(link netlink.Link) (err error) {
addrs, err := netlink.AddrList(link, 0)
if err != nil {
return err
}
for _, addr := range addrs {
if err = netlink.AddrDel(link, &addr); err != nil {
return err
}
}
return
}
func DelIp(ip, iface string) error {
link, err := netlink.LinkByName(iface)
if err != nil {
return err
}
addr, err := netlink.ParseAddr(ip)
if err != nil {
return err
}
return netlink.AddrDel(link, addr)
}
func deleteBridgeAddr(br *netlink.Bridge, ipn *net.IPNet) error {
addr := &netlink.Addr{IPNet: ipn, Label: ""}
if err := netlink.LinkSetDown(br); err != nil {
return fmt.Errorf("could not set down bridge %q: %v", br.Name, err)
}
if err := netlink.AddrDel(br, addr); err != nil {
return fmt.Errorf("could not remove IP address from %q: %v", br.Name, err)
}
if err := netlink.LinkSetUp(br); err != nil {
return fmt.Errorf("could not set up bridge %q: %v", br.Name, err)
}
return nil
}
func (plugin *kubenetNetworkPlugin) clearBridgeAddressesExcept(keep string) {
bridge, err := netlink.LinkByName(BridgeName)
if err != nil {
return
}
addrs, err := netlink.AddrList(bridge, syscall.AF_INET)
if err != nil {
return
}
for _, addr := range addrs {
if addr.IPNet.String() != keep {
glog.V(5).Infof("Removing old address %s from %s", addr.IPNet.String(), BridgeName)
netlink.AddrDel(bridge, &addr)
}
}
}
// sets IP4 addr on link removing any existing ones first
func setAddr4(link *netlink.Vxlan, ipn *net.IPNet) error {
addrs, err := netlink.AddrList(link, syscall.AF_INET)
if err != nil {
return err
}
for _, addr := range addrs {
if err = netlink.AddrDel(link, &addr); err != nil {
return fmt.Errorf("failed to delete IPv4 addr %s from %s", addr.String(), link.Attrs().Name)
}
}
addr := netlink.Addr{IPNet: ipn, Label: ""}
if err = netlink.AddrAdd(link, &addr); err != nil {
return fmt.Errorf("failed to add IP address %s to %s: %s", ipn.String(), link.Attrs().Name, err)
}
return nil
}
func DelVips(iface string) error {
link, err := netlink.LinkByName(iface)
if err != nil {
return err
}
addrs, err := netlink.AddrList(link, netlink.FAMILY_V4)
if err != nil {
return err
}
for _, a := range addrs[1:] {
if err := netlink.AddrDel(link, &a); err != nil {
return err
}
}
return nil
}
/* Configure @iface with address @cidr. Deletes any existing addresses */
func SetAddr(iface string, cidr string) {
if strings.Index(cidr, "/") == -1 {
/* No scope given: assume full netmask */
cidr = cidr + "/32"
}
addr, err := netlink.ParseAddr(cidr)
if err != nil {
log.Fatalf("failed to parse %s interface address %s: %s", iface, cidr, err)
}
link, err := netlink.LinkByName(iface)
if err != nil {
log.Fatalf("failed to look up interface %s: %s", iface, err)
}
addrs, err := netlink.AddrList(link, 0)
if err != nil {
log.Fatalf("failed to get %s interface addresses: %s", iface, err)
}
already_configured := false
for _, old_addr := range addrs {
/* Test if already configured, otherwise EEXISTS */
if old_addr.Equal(*addr) {
already_configured = true
} else {
log.Printf("removing %s from %s", old_addr.IPNet, iface)
if err := netlink.AddrDel(link, &old_addr); err != nil {
log.Fatalf("failed to remove address from %s: %s", iface, err)
}
}
}
log.Printf("configuring %s on %s", addr.IPNet, iface)
if !already_configured {
if err := netlink.AddrAdd(link, addr); err != nil {
log.Fatalf("failed to add address to %s: %s", iface, err)
}
}
}
func setupBridgeIPv4(config *networkConfiguration, i *bridgeInterface) error {
addrv4, _, err := i.addresses()
if err != nil {
return fmt.Errorf("failed to retrieve bridge interface addresses: %v", err)
}
if !types.CompareIPNet(addrv4.IPNet, config.AddressIPv4) {
if addrv4.IPNet != nil {
if err := netlink.AddrDel(i.Link, &addrv4); err != nil {
return fmt.Errorf("failed to remove current ip address from bridge: %v", err)
}
}
log.Debugf("Assigning address to bridge interface %s: %s", config.BridgeName, config.AddressIPv4)
if err := netlink.AddrAdd(i.Link, &netlink.Addr{IPNet: config.AddressIPv4}); err != nil {
return &IPv4AddrAddError{IP: config.AddressIPv4, Err: err}
}
}
// Store bridge network and default gateway
i.bridgeIPv4 = config.AddressIPv4
i.gatewayIPv4 = config.AddressIPv4.IP
return nil
}
func destroyTunnel(dst net.IP) (net.IP, error) {
// Determine the src and dst ips for the tunnel
key := dst.String()
tunnel := getTunnel(dst.String())
if tunnel == nil {
s := fmt.Sprintf("Failed to find tunnel to dst %s", dst)
glog.Errorf(s)
return nil, fmt.Errorf(s)
}
src := opts.src
srcNet := netlink.NewIPNet(tunnel.Src)
dstNet := netlink.NewIPNet(tunnel.Dst)
glog.Infof("Destroying Tunnel: %v, %v", tunnel.Src, tunnel.Dst)
for _, state := range getStates(tunnel.Reqid, src, dst, 0, 0, nil, nil) {
// crate xfrm state rules
err := netlink.XfrmStateDel(&state)
if err != nil {
glog.Errorf("Failed to delete state %v: %v", state, err)
}
}
for _, policy := range getPolicies(tunnel.Reqid, src, dst, srcNet, dstNet) {
// create xfrm policy rules
err := netlink.XfrmPolicyDel(&policy)
if err != nil {
glog.Errorf("Failed to delete policy %v: %v", policy, err)
}
}
index, err := getLinkIndex(src)
if err != nil {
glog.Errorf("Failed to get link for address: %v", err)
} else {
// del source route to tunnel ips device
route := &netlink.Route{
Scope: netlink.SCOPE_LINK,
Src: tunnel.Src,
Dst: dstNet,
LinkIndex: index,
}
err = netlink.RouteDel(route)
if err != nil {
glog.Errorf("Failed to delete route %v: %v", route, err)
}
}
// del IP address to loopback device
lo, err := netlink.LinkByName("lo")
if err != nil {
glog.Errorf("Failed to get loopback device: %v", err)
} else {
err = netlink.AddrDel(lo, &netlink.Addr{IPNet: srcNet})
if err != nil {
glog.Errorf("Failed to delete %v from loopback: %v", tunnel.Src, err)
}
}
if tunnel.SrcPort != 0 {
deleteEncapListener(getListener(key))
releasePort(tunnel.SrcPort)
}
unreserveIP(tunnel.Src)
unreserveIP(tunnel.Dst)
removeTunnel(key)
glog.Infof("Finished destroying tunnel: %v, %v", tunnel.Src, tunnel.Dst)
return opts.external, nil
}
func (t *BaseOperations) AddrDel(link netlink.Link, addr *netlink.Addr) error {
return netlink.AddrDel(link, addr)
}
func (l *link) AddrDel(addr net.IPNet) error {
return netlink.AddrDel(l.Link, &netlink.Addr{IPNet: &addr})
}