Skip to content

Commit

Permalink
Bug 1505266 - Validate node IP is local during sdn node initialization
Browse files Browse the repository at this point in the history
  • Loading branch information
Ravi Sankar Penta committed Oct 26, 2017
1 parent e1499a9 commit 75adfb4
Show file tree
Hide file tree
Showing 3 changed files with 51 additions and 35 deletions.
33 changes: 33 additions & 0 deletions pkg/network/common/common.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,8 @@ import (
kapi "k8s.io/kubernetes/pkg/api"
"k8s.io/kubernetes/pkg/apis/extensions"
kinternalinformers "k8s.io/kubernetes/pkg/client/informers/informers_generated/internalversion"

"github.com/vishvananda/netlink"
)

func HostSubnetToString(subnet *networkapi.HostSubnet) string {
Expand Down Expand Up @@ -276,3 +278,34 @@ func RegisterSharedInformerEventHandlers(kubeInformers kinternalinformers.Shared
},
})
}

var (
ErrorNetworkInterfaceNotFound = fmt.Errorf("could not find network interface")
)

func GetLinkDetails(ip string) (netlink.Link, *net.IPNet, error) {
links, err := netlink.LinkList()
if err != nil {
return nil, nil, err
}

for _, link := range links {
addrs, err := netlink.AddrList(link, netlink.FAMILY_V4)
if err != nil {
glog.Warningf("Could not get addresses of interface %q: %v", link.Attrs().Name, err)
continue
}

for _, addr := range addrs {
if addr.IP.String() == ip {
_, ipNet, err := net.ParseCIDR(addr.IPNet.String())
if err != nil {
return nil, nil, fmt.Errorf("could not parse CIDR network from address %q: %v", ip, err)
}
return link, ipNet, nil
}
}
}

return nil, nil, ErrorNetworkInterfaceNotFound
}
45 changes: 10 additions & 35 deletions pkg/network/node/egressip.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -51,9 +51,8 @@ type egressIPWatcher struct {
namespacesByVNID map[uint32]*namespaceEgress
namespacesByEgressIP map[string]*namespaceEgress

localEgressLink netlink.Link
localEgressNet *net.IPNet
localEgressIPMaskLen int
localEgressLink netlink.Link
localEgressNet *net.IPNet

testModeChan chan string
}
Expand All @@ -72,8 +71,10 @@ func newEgressIPWatcher(localIP string, oc *ovsController) *egressIPWatcher {
}

func (eip *egressIPWatcher) Start(networkClient networkclient.Interface, iptables *NodeIPTables) error {
if err := eip.findEgressLink(); err != nil {
return fmt.Errorf("could not find egress network interface: %v", err)
var err error
if eip.localEgressLink, eip.localEgressNet, err = common.GetLinkDetails(eip.localIP); err != nil {
// Not expected, should already be caught by node.New()
return err
}

eip.iptables = iptables
Expand All @@ -84,34 +85,6 @@ func (eip *egressIPWatcher) Start(networkClient networkclient.Interface, iptable
return nil
}

func (eip *egressIPWatcher) findEgressLink() error {
links, err := netlink.LinkList()
if err != nil {
return err
}
for _, link := range links {
addrs, err := netlink.AddrList(link, syscall.AF_INET)
if err != nil {
glog.Warningf("Could not get addresses of interface %q while trying to find egress interface: %v", link.Attrs().Name, err)
continue
}

for _, addr := range addrs {
if addr.IP.String() == eip.localIP {
_, eip.localEgressNet, err = net.ParseCIDR(addr.IPNet.String())
if err != nil {
return fmt.Errorf("could not parse CIDR network from address %q: %v", addr.IP.String(), err)
}
eip.localEgressLink = link
eip.localEgressIPMaskLen, _ = addr.Mask.Size()
return nil
}
}
}

return fmt.Errorf("could not find network interface with the address %q", eip.localIP)
}

func ipToHex(ip string) string {
bytes := net.ParseIP(ip)
if bytes == nil {
Expand Down Expand Up @@ -287,7 +260,8 @@ func (eip *egressIPWatcher) claimEgressIP(egressIP, egressHex string) error {
return nil
}

egressIPNet := fmt.Sprintf("%s/%d", egressIP, eip.localEgressIPMaskLen)
localEgressIPMaskLen, _ := eip.localEgressNet.Mask.Size()
egressIPNet := fmt.Sprintf("%s/%d", egressIP, localEgressIPMaskLen)
addr, err := netlink.ParseAddr(egressIPNet)
if err != nil {
return fmt.Errorf("could not parse egress IP %q: %v", egressIPNet, err)
Expand Down Expand Up @@ -317,7 +291,8 @@ func (eip *egressIPWatcher) releaseEgressIP(egressIP, egressHex string) error {
return nil
}

egressIPNet := fmt.Sprintf("%s/%d", egressIP, eip.localEgressIPMaskLen)
localEgressIPMaskLen, _ := eip.localEgressNet.Mask.Size()
egressIPNet := fmt.Sprintf("%s/%d", egressIP, localEgressIPMaskLen)
addr, err := netlink.ParseAddr(egressIPNet)
if err != nil {
return fmt.Errorf("could not parse egress IP %q: %v", egressIPNet, err)
Expand Down
8 changes: 8 additions & 0 deletions pkg/network/node/node.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -222,6 +222,14 @@ func (c *OsdnNodeConfig) setNodeIP() error {
}
}

if _, _, err := common.GetLinkDetails(c.SelfIP); err != nil {
if err == common.ErrorNetworkInterfaceNotFound {
return fmt.Errorf("node IP %q is not a local/private address (hostname %q)", c.SelfIP, c.Hostname)
} else {
return err
}
}

return nil
}

Expand Down

0 comments on commit 75adfb4

Please sign in to comment.