Bug 1505266 - Validate node IP is local during sdn node initialization

Ravi Sankar Penta · Ravi Sankar Penta · commit 75adfb4eb815 · 2017-10-26T12:43:55.000-07:00
diff --git a/pkg/network/common/common.go b/pkg/network/common/common.go
@@ -22,6 +22,8 @@ import (
 	kapi "k8s.io/kubernetes/pkg/api"
 	"k8s.io/kubernetes/pkg/apis/extensions"
 	kinternalinformers "k8s.io/kubernetes/pkg/client/informers/informers_generated/internalversion"
+
+	"github.com/vishvananda/netlink"
 )
 
 func HostSubnetToString(subnet *networkapi.HostSubnet) string {
@@ -276,3 +278,34 @@ func RegisterSharedInformerEventHandlers(kubeInformers kinternalinformers.Shared
 		},
 	})
 }
+
+var (
+	ErrorNetworkInterfaceNotFound = fmt.Errorf("could not find network interface")
+)
+
+func GetLinkDetails(ip string) (netlink.Link, *net.IPNet, error) {
+	links, err := netlink.LinkList()
+	if err != nil {
+		return nil, nil, err
+	}
+
+	for _, link := range links {
+		addrs, err := netlink.AddrList(link, netlink.FAMILY_V4)
+		if err != nil {
+			glog.Warningf("Could not get addresses of interface %q: %v", link.Attrs().Name, err)
+			continue
+		}
+
+		for _, addr := range addrs {
+			if addr.IP.String() == ip {
+				_, ipNet, err := net.ParseCIDR(addr.IPNet.String())
+				if err != nil {
+					return nil, nil, fmt.Errorf("could not parse CIDR network from address %q: %v", ip, err)
+				}
+				return link, ipNet, nil
+			}
+		}
+	}
+
+	return nil, nil, ErrorNetworkInterfaceNotFound
+}
diff --git a/pkg/network/node/egressip.go b/pkg/network/node/egressip.go
@@ -51,9 +51,8 @@ type egressIPWatcher struct {
 	namespacesByVNID     map[uint32]*namespaceEgress
 	namespacesByEgressIP map[string]*namespaceEgress
 
-	localEgressLink      netlink.Link
-	localEgressNet       *net.IPNet
-	localEgressIPMaskLen int
+	localEgressLink netlink.Link
+	localEgressNet  *net.IPNet
 
 	testModeChan chan string
 }
@@ -72,8 +71,10 @@ func newEgressIPWatcher(localIP string, oc *ovsController) *egressIPWatcher {
 }
 
 func (eip *egressIPWatcher) Start(networkClient networkclient.Interface, iptables *NodeIPTables) error {
-	if err := eip.findEgressLink(); err != nil {
-		return fmt.Errorf("could not find egress network interface: %v", err)
+	var err error
+	if eip.localEgressLink, eip.localEgressNet, err = common.GetLinkDetails(eip.localIP); err != nil {
+		// Not expected, should already be caught by node.New()
+		return err
 	}
 
 	eip.iptables = iptables
@@ -84,34 +85,6 @@ func (eip *egressIPWatcher) Start(networkClient networkclient.Interface, iptable
 	return nil
 }
 
-func (eip *egressIPWatcher) findEgressLink() error {
-	links, err := netlink.LinkList()
-	if err != nil {
-		return err
-	}
-	for _, link := range links {
-		addrs, err := netlink.AddrList(link, syscall.AF_INET)
-		if err != nil {
-			glog.Warningf("Could not get addresses of interface %q while trying to find egress interface: %v", link.Attrs().Name, err)
-			continue
-		}
-
-		for _, addr := range addrs {
-			if addr.IP.String() == eip.localIP {
-				_, eip.localEgressNet, err = net.ParseCIDR(addr.IPNet.String())
-				if err != nil {
-					return fmt.Errorf("could not parse CIDR network from address %q: %v", addr.IP.String(), err)
-				}
-				eip.localEgressLink = link
-				eip.localEgressIPMaskLen, _ = addr.Mask.Size()
-				return nil
-			}
-		}
-	}
-
-	return fmt.Errorf("could not find network interface with the address %q", eip.localIP)
-}
-
 func ipToHex(ip string) string {
 	bytes := net.ParseIP(ip)
 	if bytes == nil {
@@ -287,7 +260,8 @@ func (eip *egressIPWatcher) claimEgressIP(egressIP, egressHex string) error {
 		return nil
 	}
 
-	egressIPNet := fmt.Sprintf("%s/%d", egressIP, eip.localEgressIPMaskLen)
+	localEgressIPMaskLen, _ := eip.localEgressNet.Mask.Size()
+	egressIPNet := fmt.Sprintf("%s/%d", egressIP, localEgressIPMaskLen)
 	addr, err := netlink.ParseAddr(egressIPNet)
 	if err != nil {
 		return fmt.Errorf("could not parse egress IP %q: %v", egressIPNet, err)
@@ -317,7 +291,8 @@ func (eip *egressIPWatcher) releaseEgressIP(egressIP, egressHex string) error {
 		return nil
 	}
 
-	egressIPNet := fmt.Sprintf("%s/%d", egressIP, eip.localEgressIPMaskLen)
+	localEgressIPMaskLen, _ := eip.localEgressNet.Mask.Size()
+	egressIPNet := fmt.Sprintf("%s/%d", egressIP, localEgressIPMaskLen)
 	addr, err := netlink.ParseAddr(egressIPNet)
 	if err != nil {
 		return fmt.Errorf("could not parse egress IP %q: %v", egressIPNet, err)
diff --git a/pkg/network/node/node.go b/pkg/network/node/node.go
@@ -222,6 +222,14 @@ func (c *OsdnNodeConfig) setNodeIP() error {
 		}
 	}
 
+	if _, _, err := common.GetLinkDetails(c.SelfIP); err != nil {
+		if err == common.ErrorNetworkInterfaceNotFound {
+			return fmt.Errorf("node IP %q is not a local/private address (hostname %q)", c.SelfIP, c.Hostname)
+		} else {
+			return err
+		}
+	}
+
 	return nil
 }
 

Original file line number	Diff line number	Diff line change
`@@ -222,6 +222,14 @@ func (c *OsdnNodeConfig) setNodeIP() error {`
`222`	`222`	`}`
`223`	`223`	`}`
`224`	`224`
	`225`	`+ if _, _, err := common.GetLinkDetails(c.SelfIP); err != nil {`
	`226`	`+ if err == common.ErrorNetworkInterfaceNotFound {`
	`227`	`+ return fmt.Errorf("node IP %q is not a local/private address (hostname %q)", c.SelfIP, c.Hostname)`
	`228`	`+ } else {`
	`229`	`+ return err`
	`230`	`+ }`
	`231`	`+ }`
	`232`	`+`
`225`	`233`	`return nil`
`226`	`234`	`}`
`227`	`235`