Documentation ¶
Overview ¶
Package netutils provides network utility functions.
Index ¶
- func GenerateIfaceName(nlh *netlink.Handle, prefix string, len int) (string, error)
- func GenerateMACFromIP(ip net.IP) net.HardwareAddr
- func GenerateRandomMAC() net.HardwareAddr
- func GenerateRandomName(prefix string, length int) (string, error)
- func InferReservedNetworks(v6 bool) []netip.Prefix
- func IsV6Listenable() bool
- func MustParseMAC(s string) net.HardwareAddr
- func ReverseIP(IP string) string
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func GenerateIfaceName ¶
GenerateIfaceName returns an interface name using the passed in prefix and the length of random bytes. The api ensures that the there are is no interface which exists with that name.
func GenerateMACFromIP ¶
func GenerateMACFromIP(ip net.IP) net.HardwareAddr
GenerateMACFromIP returns a locally administered MAC address where the 4 least significant bytes are derived from the IPv4 address.
func GenerateRandomMAC ¶
func GenerateRandomMAC() net.HardwareAddr
GenerateRandomMAC returns a new 6-byte(48-bit) hardware address (MAC)
func GenerateRandomName ¶
GenerateRandomName returns a string of the specified length, created by joining the prefix to random hex characters. The length must be strictly larger than len(prefix), or an error will be returned.
func InferReservedNetworks ¶
InferReservedNetworks returns a list of network prefixes that seem to be used by the system and that would likely break it if they were assigned to some Docker networks. It uses two heuristics to build that list:
1. Nameservers configured in /etc/resolv.conf ; 2. On-link routes ;
That 2nd heuristic was originally not limited to on-links -- all non-default routes were checked (see 1). This proved to be not ideal at best and highly problematic at worst:
- VPN software and appliances doing split tunneling might push a small set of routes for large, aggregated prefixes to avoid maintenance and potential issues whenever a new subnet comes into use on internal network. However, not all subnets from these aggregates might be in use.
- For full tunneling, especially when implemented with OpenVPN, the situation is even worse as the host might end up with the two following routes: 0.0.0.0/1 and 128.0.0.0/1. They are functionally indistinguishable from a default route, yet the Engine was treating them differently. With those routes, there was no way to use dynamic subnet allocation at all. (see 'def1' on 2)
- A subnet covered by the default route can be used, or not. Same for non-default and non-on-link routes. The type of route says little about the availability of subnets it covers, except for on-link routes as they specifically define what subnet the current host is part of.
The 2nd heuristic was modified to be limited to on-link routes in PR #42598 (first released in v23.0, see 3).
If these heuristics don't detect an overlap, users should change their daemon config to remove that overlapping prefix from `default-address-pools`. If a prefix is found to overlap but users care enough about it being associated to a Docker network they can still rely on static allocation.
For IPv6, the 2nd heuristic isn't applied as there's no such thing as on-link routes for IPv6.
func IsV6Listenable ¶
func IsV6Listenable() bool
IsV6Listenable returns true when `[::1]:0` is listenable. IsV6Listenable returns false mostly when the kernel was booted with `ipv6.disable=1` option.
func MustParseMAC ¶
func MustParseMAC(s string) net.HardwareAddr
MustParseMAC returns a net.HardwareAddr or panic.
Types ¶
This section is empty.