// MaskToInt converts net.IPMask to integer.
// TODO Not strictly firewall method, maybe put in different place.
func MaskToInt(mask net.IPMask) (uint64, error) {
var imask uint64
m, err := strconv.ParseInt(mask.String(), 16, 64)
imask = uint64(m)
if err != nil {
return 0, err
}
return imask, nil
}
// ifaceAddIPv4Addr adds the given IPv4 address to the network interface.
func ifaceAddIPv4Addr(iface *net.Interface, ip net.IP, mask net.IPMask) error {
if ip.To4() == nil {
return fmt.Errorf("IP %v is not a valid IPv4 address", ip)
}
brd := make(net.IP, net.IPv4len)
copy(brd, ip.To4())
for i := 0; i < net.IPv4len; i++ {
brd[i] |= ^mask[i]
}
prefixLen, _ := mask.Size()
return ipRunIface(iface, "addr add %s/%d brd %s dev %s", ip, prefixLen, brd, iface.Name)
}
func getHostOnlyNetwork(nets map[string]*hostOnlyNetwork, hostIP net.IP, netmask net.IPMask) *hostOnlyNetwork {
for _, n := range nets {
// Second part of this conditional handles a race where
// VirtualBox returns us the incorrect netmask value for the
// newly created interface.
if hostIP.Equal(n.IPv4.IP) &&
(netmask.String() == n.IPv4.Mask.String() || n.IPv4.Mask.String() == buggyNetmask) {
return n
}
}
return nil
}
func getHostOnlyNetwork(hostIP net.IP, netmask net.IPMask) (*hostOnlyNetwork, error) {
nets, err := listHostOnlyNetworks()
if err != nil {
return nil, err
}
for _, n := range nets {
if hostIP.Equal(n.IPv4.IP) &&
netmask.String() == n.IPv4.Mask.String() {
return n, nil
}
}
return nil, nil
}
func (r *MySQL) addNetwork(tx *sql.Tx, addr net.IP, mask net.IPMask) (netID uint64, err error) {
qry := "INSERT INTO network (address, mask) VALUES (INET_ATON(?), ?)"
ones, _ := mask.Size()
result, err := tx.Exec(qry, addr.String(), ones)
if err != nil {
return 0, err
}
id, err := result.LastInsertId()
if err != nil {
return 0, err
}
return uint64(id), nil
}
func getHostOnlyAdapter(nets map[string]*hostOnlyNetwork, hostIP net.IP, netmask net.IPMask) *hostOnlyNetwork {
for _, n := range nets {
// Second part of this conditional handles a race where
// VirtualBox returns us the incorrect netmask value for the
// newly created adapter.
if hostIP.Equal(n.IPv4.IP) &&
(netmask.String() == n.IPv4.Mask.String() || n.IPv4.Mask.String() == buggyNetmask) {
log.Debugf("Found: %s", n.Name)
return n
}
}
log.Debug("Not found")
return nil
}
func (r *MySQL) addIPAddrs(tx *sql.Tx, netID uint64, addr net.IP, mask net.IPMask) error {
stmt, err := tx.Prepare("INSERT INTO ip (network_id, address) VALUES (?, INET_ATON(?) + ?)")
if err != nil {
return err
}
defer stmt.Close()
ones, bits := mask.Size()
n_addrs := int(math.Pow(2, float64(bits-ones))) - 2 // Minus two due to network and broadcast addresses
for i := 0; i < n_addrs; i++ {
if _, err := stmt.Exec(netID, addr.String(), i+1); err != nil {
return err
}
}
return nil
}
func NewContext(bridgePool net.IPNet, bridgeMask net.IPMask) (*Context, error) {
pones, pbits := bridgePool.Mask.Size()
mones, mbits := bridgeMask.Size()
if pbits != mbits || mones < pones {
return nil, fmt.Errorf("bridge mask is not compatiable with bridge pool mask")
}
ctx := &Context{
defaultBridgeMask: bridgeMask,
defaultBridgePool: NewAddressSpaceFromNetwork(&bridgePool),
scopes: make(map[string]*Scope),
containers: make(map[uid.UID]*Container),
}
s, err := ctx.NewScope(DefaultScopeName, BridgeScopeType, nil, net.IPv4(0, 0, 0, 0), nil, nil)
if err != nil {
return nil, err
}
s.builtin = true
s.dns = []net.IP{s.gateway}
ctx.defaultScope = s
// add any external networks
for nn, n := range Config.ContainerNetworks {
if nn == "bridge" {
continue
}
pools := make([]string, len(n.Pools))
for i, p := range n.Pools {
pools[i] = p.String()
}
s, err := ctx.NewScope(ExternalScopeType, nn, &net.IPNet{IP: n.Gateway.IP.Mask(n.Gateway.Mask), Mask: n.Gateway.Mask}, n.Gateway.IP, n.Nameservers, pools)
if err != nil {
return nil, err
}
s.builtin = true
}
return ctx, nil
}
// Sets the IP for the interface. Superuser authentication is required.
func (self IFConfig) SetIP(interfaceName string,
ipAddress net.IP, netMask net.IPMask) error {
logger.Debug("IFConfig: Setting the IP and Netmask")
if !authorized() {
return ErrAuthRequired
}
cmd := exec.Command("sudo", "ifconfig", interfaceName, ipAddress.String(),
"netmask", netMask.String())
logger.Debug("Command Start: %v", cmd.Args)
out, err := cmd.CombinedOutput()
if err != nil {
logger.Error("Command Error: %v : %v", err, limitText(out))
return err
}
logger.Debug("Command Return: %v", limitText(out))
return nil
}
// ReserveNextIP4Net reserves a new sub address space within the given address
// space, given a bitmask specifying the "width" of the requested space.
func (s *AddressSpace) ReserveNextIP4Net(mask net.IPMask) (*AddressSpace, error) {
ones, _ := mask.Size()
for i, r := range s.availableRanges {
network := r.FirstIP.Mask(mask).To16()
var firstIP net.IP
// check if the start of the current range
// is lower than the network boundary
if compareIP4(network, r.FirstIP) >= 0 {
// found the start of the range
firstIP = network
} else {
// network address is lower than the first
// ip in the range; try the next network
// in the mask
for i := len(network) - 1; i >= 12; i-- {
partialByteIndex := ones/8 + 12
var inc byte
if i == partialByteIndex {
// this octet may only be occupied
// by the mask partially, e.g.
// for a /25, the last octet has
// only one bit in the mask
//
// in order to get the next network
// we need to increment starting at
// the last bit of the mask, e.g. 25
// in this example, which would be
// bit 8 in the last octet.
inc = (byte)(1 << (uint)(8-ones%8))
} else if i < partialByteIndex {
// we are past the partial octets,
// so this is portion where the mask
// occupies the octets fully, so
// we can just increment the last bit
inc = 1
}
if inc == 0 {
continue
}
network[i] += inc
if network[i] > 0 {
firstIP = network
break
}
}
}
if firstIP != nil {
// we found the first IP for the requested range,
// now check if the available range can accommodate
// the highest address given the first IP and the mask
lastIP := highestIP4(&net.IPNet{IP: firstIP, Mask: mask})
if compareIP4(lastIP, r.LastIP) <= 0 {
s.reserveSubRange(firstIP, lastIP, i)
subSpace := NewAddressSpaceFromRange(firstIP, lastIP)
subSpace.Network = &net.IPNet{IP: firstIP, Mask: mask}
subSpace.Parent = s
return subSpace, nil
}
}
}
return nil, fmt.Errorf("could not find IP range for mask %s", mask)
}
// ifaceDelIPAddr deletes the given IP address from the network interface.
func ifaceDelIPAddr(iface *net.Interface, ip net.IP, mask net.IPMask) error {
prefixLen, _ := mask.Size()
return ipRunIface(iface, "addr del %s/%d dev %s", ip, prefixLen, iface.Name)
}