/
address.go
675 lines (586 loc) · 19.8 KB
/
address.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
// Copyright 2016-2021 Authors of Cilium
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
package node
import (
"bufio"
"errors"
"fmt"
"net"
"os"
"strconv"
"strings"
"github.com/cilium/cilium/api/v1/models"
"github.com/cilium/cilium/pkg/byteorder"
"github.com/cilium/cilium/pkg/cidr"
"github.com/cilium/cilium/pkg/common"
"github.com/cilium/cilium/pkg/defaults"
"github.com/cilium/cilium/pkg/logging/logfields"
"github.com/cilium/cilium/pkg/mac"
"github.com/cilium/cilium/pkg/option"
"github.com/sirupsen/logrus"
)
const preferPublicIP bool = true
var (
ipv4Loopback net.IP
ipv4Address net.IP
ipv4RouterAddress net.IP
ipv4NodePortAddrs map[string]net.IP // iface name => ip addr
ipv4MasqAddrs map[string]net.IP // iface name => ip addr
ipv6Address net.IP
ipv6RouterAddress net.IP
ipv6NodePortAddrs map[string]net.IP // iface name => ip addr
ipv4AllocRange *cidr.CIDR
ipv6AllocRange *cidr.CIDR
routerInfo RouterInfo
// k8s Node External IP
ipv4ExternalAddress net.IP
ipv6ExternalAddress net.IP
// k8s Node IP (either InternalIP or ExternalIP or nil; the former is preferred)
k8sNodeIP net.IP
ipsecKeyIdentity uint8
wireguardPubKey string
)
type RouterInfo interface {
GetIPv4CIDRs() []net.IPNet
GetMac() mac.MAC
GetInterfaceNumber() int
}
func makeIPv6HostIP() net.IP {
ipstr := "fc00::10CA:1"
ip := net.ParseIP(ipstr)
if ip == nil {
log.WithField(logfields.IPAddr, ipstr).Fatal("Unable to parse IP")
}
return ip
}
// InitDefaultPrefix initializes the node address and allocation prefixes with
// default values derived from the system. device can be set to the primary
// network device of the system in which case the first address with global
// scope will be regarded as the system's node address.
func InitDefaultPrefix(device string) {
if option.Config.EnableIPv4 {
ip, err := firstGlobalV4Addr(device, GetInternalIPv4Router(), preferPublicIP)
if err != nil {
return
}
if ipv4Address == nil {
ipv4Address = ip
}
if ipv4AllocRange == nil {
// If the IPv6AllocRange is not nil then the IPv4 allocation should be
// derived from the IPv6AllocRange.
// vvvv vvvv
// FD00:0000:0000:0000:0000:0000:0000:0000
if ipv6AllocRange != nil {
ip = net.IPv4(ipv6AllocRange.IP[8],
ipv6AllocRange.IP[9],
ipv6AllocRange.IP[10],
ipv6AllocRange.IP[11])
}
v4range := fmt.Sprintf(defaults.DefaultIPv4Prefix+"/%d",
ip.To4()[3], defaults.DefaultIPv4PrefixLen)
_, ip4net, err := net.ParseCIDR(v4range)
if err != nil {
log.WithError(err).WithField(logfields.V4Prefix, v4range).Panic("BUG: Invalid default IPv4 prefix")
}
ipv4AllocRange = cidr.NewCIDR(ip4net)
log.WithField(logfields.V4Prefix, ipv4AllocRange).Info("Using autogenerated IPv4 allocation range")
}
}
if option.Config.EnableIPv6 {
if ipv6Address == nil {
// Find a IPv6 node address first
ipv6Address, _ = firstGlobalV6Addr(device, GetIPv6Router(), preferPublicIP)
if ipv6Address == nil {
ipv6Address = makeIPv6HostIP()
}
}
if ipv6AllocRange == nil && ipv4AllocRange != nil {
// The IPv6 allocation should be derived from the IPv4 allocation.
ip := ipv4AllocRange.IP
v6range := fmt.Sprintf("%s%02x%02x:%02x%02x:0:0/%d",
option.Config.IPv6ClusterAllocCIDRBase, ip[0], ip[1], ip[2], ip[3], 96)
_, ip6net, err := net.ParseCIDR(v6range)
if err != nil {
log.WithError(err).WithField(logfields.V6Prefix, v6range).Panic("BUG: Invalid default IPv6 prefix")
}
ipv6AllocRange = cidr.NewCIDR(ip6net)
log.WithField(logfields.V6Prefix, ipv6AllocRange).Info("Using autogenerated IPv6 allocation range")
}
}
}
// InitNodePortAddrs initializes NodePort IPv{4,6} addrs for the given devices.
// If inheritIPAddrFromDevice is non-empty, then the IP addr for the devices
// will be derived from it.
func InitNodePortAddrs(devices []string, inheritIPAddrFromDevice string) error {
var inheritedIP net.IP
var err error
if option.Config.EnableIPv4 {
if inheritIPAddrFromDevice != "" {
inheritedIP, err = firstGlobalV4Addr(inheritIPAddrFromDevice, GetK8sNodeIP(), !preferPublicIP)
if err != nil {
return fmt.Errorf("Failed to determine IPv4 of %s for NodePort", inheritIPAddrFromDevice)
}
}
ipv4NodePortAddrs = make(map[string]net.IP, len(devices))
for _, device := range devices {
if inheritIPAddrFromDevice != "" {
ipv4NodePortAddrs[device] = inheritedIP
} else {
ip, err := firstGlobalV4Addr(device, GetK8sNodeIP(), !preferPublicIP)
if err != nil {
return fmt.Errorf("Failed to determine IPv4 of %s for NodePort", device)
}
ipv4NodePortAddrs[device] = ip
}
}
}
if option.Config.EnableIPv6 {
if inheritIPAddrFromDevice != "" {
inheritedIP, err = firstGlobalV6Addr(inheritIPAddrFromDevice, GetK8sNodeIP(), !preferPublicIP)
if err != nil {
return fmt.Errorf("Failed to determine IPv6 of %s for NodePort", inheritIPAddrFromDevice)
}
}
ipv6NodePortAddrs = make(map[string]net.IP, len(devices))
for _, device := range devices {
if inheritIPAddrFromDevice != "" {
ipv6NodePortAddrs[device] = inheritedIP
} else {
ip, err := firstGlobalV6Addr(device, GetK8sNodeIP(), !preferPublicIP)
if err != nil {
return fmt.Errorf("Failed to determine IPv6 of %s for NodePort", device)
}
ipv6NodePortAddrs[device] = ip
}
}
}
return nil
}
// InitBPFMasqueradeAddrs initializes BPF masquerade addrs for the given devices.
func InitBPFMasqueradeAddrs(devices []string) error {
if option.Config.EnableIPv4 {
ipv4MasqAddrs = make(map[string]net.IP, len(devices))
for _, device := range devices {
ip, err := firstGlobalV4Addr(device, nil, preferPublicIP)
if err != nil {
return fmt.Errorf("Failed to determine IPv4 of %s for BPF masq", device)
}
ipv4MasqAddrs[device] = ip
}
}
return nil
}
// GetIPv4Loopback returns the loopback IPv4 address of this node.
func GetIPv4Loopback() net.IP {
return ipv4Loopback
}
// SetIPv4Loopback sets the loopback IPv4 address of this node.
func SetIPv4Loopback(ip net.IP) {
ipv4Loopback = ip
}
// GetIPv4AllocRange returns the IPv4 allocation prefix of this node
func GetIPv4AllocRange() *cidr.CIDR {
return ipv4AllocRange
}
// GetIPv6AllocRange returns the IPv6 allocation prefix of this node
func GetIPv6AllocRange() *cidr.CIDR {
return ipv6AllocRange
}
// SetIPv4 sets the IPv4 node address. It must be reachable on the network.
// It is set based on the following priority:
// - NodeInternalIP
// - NodeExternalIP
// - other IP address type
func SetIPv4(ip net.IP) {
ipv4Address = ip
}
// GetIPv4 returns one of the IPv4 node address available with the following
// priority:
// - NodeInternalIP
// - NodeExternalIP
// - other IP address type.
// It must be reachable on the network.
func GetIPv4() net.IP {
return ipv4Address
}
// SetInternalIPv4Router sets the cilium internal IPv4 node address, it is allocated from the node prefix.
// This must not be conflated with k8s internal IP as this IP address is only relevant within the
// Cilium-managed network (this means within the node for direct routing mode and on the overlay
// for tunnel mode).
func SetInternalIPv4Router(ip net.IP) {
ipv4RouterAddress = ip
}
// GetInternalIPv4Router returns the cilium internal IPv4 node address. This must not be conflated with
// k8s internal IP as this IP address is only relevant within the Cilium-managed network (this means
// within the node for direct routing mode and on the overlay for tunnel mode).
func GetInternalIPv4Router() net.IP {
return ipv4RouterAddress
}
// SetK8sExternalIPv4 sets the external IPv4 node address. It must be a public IP that is routable
// on the network as well as the internet.
func SetK8sExternalIPv4(ip net.IP) {
ipv4ExternalAddress = ip
}
// GetK8sExternalIPv4 returns the external IPv4 node address. It must be a public IP that is routable
// on the network as well as the internet. It can return nil if no External IPv4 address is assigned.
func GetK8sExternalIPv4() net.IP {
return ipv4ExternalAddress
}
// GetRouterEniInfo returns additional information for the router. It is applicable
// only in the ENI IPAM mode.
func GetRouterInfo() RouterInfo {
return routerInfo
}
// SetRouterEniInfo sets additional information for the router. It is applicable
// only in the ENI IPAM mode.
func SetRouterInfo(info RouterInfo) {
routerInfo = info
}
// GetHostMasqueradeIPv4 returns the IPv4 address to be used for masquerading
// any traffic that is being forwarded from the host into the Cilium cluster.
func GetHostMasqueradeIPv4() net.IP {
return ipv4RouterAddress
}
// SetIPv4AllocRange sets the IPv4 address pool to use when allocating
// addresses for local endpoints
func SetIPv4AllocRange(net *cidr.CIDR) {
ipv4AllocRange = net
}
// Uninitialize resets this package to the default state, for use in
// testsuite code.
func Uninitialize() {
ipv4AllocRange = nil
ipv6AllocRange = nil
ipv4RouterAddress, ipv6RouterAddress = nil, nil
}
// GetNodePortIPv4Addrs returns the node-port IPv4 address for NAT
func GetNodePortIPv4Addrs() []net.IP {
addrs := make([]net.IP, 0, len(ipv4NodePortAddrs))
for _, addr := range ipv4NodePortAddrs {
addrs = append(addrs, addr)
}
return addrs
}
// GetNodePortIPv4AddrsWithDevices returns the map iface => NodePort IPv4.
func GetNodePortIPv4AddrsWithDevices() map[string]net.IP {
return copyStringToNetIPMap(ipv4NodePortAddrs)
}
// GetNodePortIPv6Addrs returns the node-port IPv6 address for NAT
func GetNodePortIPv6Addrs() []net.IP {
addrs := make([]net.IP, 0, len(ipv6NodePortAddrs))
for _, addr := range ipv6NodePortAddrs {
addrs = append(addrs, addr)
}
return addrs
}
// GetNodePortIPv6AddrsWithDevices returns the map iface => NodePort IPv6.
func GetNodePortIPv6AddrsWithDevices() map[string]net.IP {
return copyStringToNetIPMap(ipv6NodePortAddrs)
}
// GetMasqIPv4AddrsWithDevices returns the map iface => BPF masquerade IPv4.
func GetMasqIPv4AddrsWithDevices() map[string]net.IP {
return copyStringToNetIPMap(ipv4MasqAddrs)
}
// SetIPv6NodeRange sets the IPv6 address pool to be used on this node
func SetIPv6NodeRange(net *cidr.CIDR) {
ipv6AllocRange = net
}
// AutoComplete completes the parts of addressing that can be auto derived
func AutoComplete() error {
if option.Config.EnableHostIPRestore {
// Fetch the router (`cilium_host`) IPs in case they were set a priori
// from the Kubernetes or CiliumNode resource in the K8s subsystem.
router4FromK8s, router6FromK8s := GetInternalIPv4Router(), GetIPv6Router()
// At the same time, read the previous cilium_host IPs from
// node_config.h for backward compatibility.
router4FromFS, router6FromFS := getCiliumHostIPs()
if option.Config.EnableIPv4 {
restoreHostIPs(false, router4FromK8s, router4FromFS)
}
if option.Config.EnableIPv6 {
restoreHostIPs(true, router6FromK8s, router6FromFS)
}
}
InitDefaultPrefix(option.Config.DirectRoutingDevice)
if option.Config.EnableIPv6 && ipv6AllocRange == nil {
return fmt.Errorf("IPv6 allocation CIDR is not configured. Please specificy --ipv6-range")
}
if option.Config.EnableIPv4 && ipv4AllocRange == nil {
return fmt.Errorf("IPv4 allocation CIDR is not configured. Please specificy --ipv4-range")
}
return nil
}
// restoreHostIPs restores the router IPs (`cilium_host`) from a previous
// Cilium run. Router IPs from the filesystem are preferred over the IPs found
// in the Kubernetes resource (Node or CiliumNode), because we consider the
// filesystem to be the most up-to-date source of truth. The chosen router IP
// is then checked whether it is contained inside node CIDR (pod CIDR) range.
// If not, then the router IP is discarded and not restored.
func restoreHostIPs(ipv6 bool, fromK8s, fromFS net.IP) {
var (
getter func() *cidr.CIDR
setter func(net.IP)
)
if ipv6 {
getter = GetIPv6AllocRange
setter = SetIPv6Router
} else {
getter = GetIPv4AllocRange
setter = SetInternalIPv4Router
}
ip, err := chooseHostIPsToRestore(ipv6, fromK8s, fromFS)
switch {
case err != nil && errors.Is(err, errDoesNotBelong):
log.WithFields(logrus.Fields{
logfields.CIDR: getter(),
}).Infof(
"The router IP (%s) considered for restoration does not belong in the Pod CIDR of the node. Discarding old router IP.",
ip,
)
setter(nil)
case err != nil && errors.Is(err, errMismatch):
log.Warnf(
mismatchRouterIPsMsg,
fromK8s, fromFS, option.LocalRouterIPv4, option.LocalRouterIPv6,
)
fallthrough // Above is just a warning; we still want to set the router IP regardless.
case err == nil:
setter(ip)
}
}
func chooseHostIPsToRestore(ipv6 bool, fromK8s, fromFS net.IP) (ip net.IP, err error) {
switch {
case fromK8s != nil && fromFS != nil:
if fromK8s.Equal(fromFS) {
ip = fromK8s
} else {
ip = fromFS
err = errMismatch
}
case fromK8s == nil && fromFS != nil:
ip = fromFS
case fromK8s != nil && fromFS == nil:
ip = fromK8s
case fromK8s == nil && fromFS == nil:
// We do nothing in this case because there are no router IPs to
// restore.
return
}
var getter func() *cidr.CIDR
if ipv6 {
getter = GetIPv6AllocRange
} else {
getter = GetIPv4AllocRange
}
// We can assume that the node / pod CIDR has been set already since the
// call path to this function (chooseHostIPsToRestore()) comes through
// AutoComplete(). In other words, the daemon sets the CIDR before calling
// AutoComplete().
if cidr := getter(); cidr != nil && cidr.Contains(ip) {
return
}
err = errDoesNotBelong
return
}
var (
errMismatch = errors.New("mismatched IPs")
errDoesNotBelong = errors.New("IP does not belong to CIDR")
)
const mismatchRouterIPsMsg = "Mismatch of router IPs found during restoration. The Kubernetes resource contained %s, while the filesystem contained %s. Using the router IP from the filesystem. To change the router IP, specify --%s and/or --%s."
// ValidatePostInit validates the entire addressing setup and completes it as
// required
func ValidatePostInit() error {
if option.Config.EnableIPv4 || option.Config.Tunnel != option.TunnelDisabled {
if ipv4Address == nil {
return fmt.Errorf("external IPv4 node address could not be derived, please configure via --ipv4-node")
}
}
if option.Config.EnableIPv4 && ipv4RouterAddress == nil {
return fmt.Errorf("BUG: Internal IPv4 node address was not configured")
}
return nil
}
// SetIPv6 sets the IPv6 address of the node
func SetIPv6(ip net.IP) {
ipv6Address = ip
}
// GetIPv6 returns the IPv6 address of the node
func GetIPv6() net.IP {
return ipv6Address
}
// GetHostMasqueradeIPv6 returns the IPv6 address to be used for masquerading
// any traffic that is being forwarded from the host into the Cilium cluster.
func GetHostMasqueradeIPv6() net.IP {
return ipv6Address
}
// GetIPv6Router returns the IPv6 address of the node
func GetIPv6Router() net.IP {
return ipv6RouterAddress
}
// SetIPv6Router returns the IPv6 address of the node
func SetIPv6Router(ip net.IP) {
ipv6RouterAddress = ip
}
// SetK8sExternalIPv6 sets the external IPv6 node address. It must be a public IP.
func SetK8sExternalIPv6(ip net.IP) {
ipv6ExternalAddress = ip
}
// GetK8sExternalIPv6 returns the external IPv6 node address.
func GetK8sExternalIPv6() net.IP {
return ipv6ExternalAddress
}
// IsHostIPv4 returns true if the IP specified is a host IP
func IsHostIPv4(ip net.IP) bool {
return ip.Equal(GetInternalIPv4Router()) || ip.Equal(GetIPv4())
}
// IsHostIPv6 returns true if the IP specified is a host IP
func IsHostIPv6(ip net.IP) bool {
return ip.Equal(GetIPv6()) || ip.Equal(GetIPv6Router())
}
// GetNodeAddressing returns the NodeAddressing model for the local IPs.
func GetNodeAddressing() *models.NodeAddressing {
a := &models.NodeAddressing{}
if option.Config.EnableIPv6 {
a.IPV6 = &models.NodeAddressingElement{
Enabled: option.Config.EnableIPv6,
IP: GetIPv6Router().String(),
AllocRange: GetIPv6AllocRange().String(),
}
}
if option.Config.EnableIPv4 {
a.IPV4 = &models.NodeAddressingElement{
Enabled: option.Config.EnableIPv4,
IP: GetInternalIPv4Router().String(),
AllocRange: GetIPv4AllocRange().String(),
}
}
return a
}
func getCiliumHostIPsFromFile(nodeConfig string) (ipv4GW, ipv6Router net.IP) {
var hasIPv4, hasIPv6 bool
f, err := os.Open(nodeConfig)
switch {
case err != nil:
default:
defer f.Close()
scanner := bufio.NewScanner(f)
for scanner.Scan() {
txt := scanner.Text()
switch {
case !hasIPv6 && strings.Contains(txt, defaults.RestoreV6Addr):
defineLine := strings.Split(txt, defaults.RestoreV6Addr)
if len(defineLine) != 2 {
continue
}
ipv6 := common.C2GoArray(defineLine[1])
if len(ipv6) != net.IPv6len {
continue
}
ipv6Router = net.IP(ipv6)
hasIPv6 = true
case !hasIPv4 && strings.Contains(txt, defaults.RestoreV4Addr):
defineLine := strings.Split(txt, defaults.RestoreV4Addr)
if len(defineLine) != 2 {
continue
}
ipv4 := common.C2GoArray(defineLine[1])
if len(ipv4) != net.IPv6len {
continue
}
ipv4GW = net.IP(ipv4)
hasIPv4 = true
// Legacy cases based on the header defines:
case !hasIPv4 && strings.Contains(txt, "IPV4_GATEWAY"):
// #define IPV4_GATEWAY 0xee1c000a
defineLine := strings.Split(txt, " ")
if len(defineLine) != 3 {
continue
}
ipv4GWHex := strings.TrimPrefix(defineLine[2], "0x")
ipv4GWUint64, err := strconv.ParseUint(ipv4GWHex, 16, 32)
if err != nil {
continue
}
if ipv4GWUint64 != 0 {
bs := make([]byte, net.IPv4len)
byteorder.NetworkToHostPut(bs, uint32(ipv4GWUint64))
ipv4GW = net.IPv4(bs[0], bs[1], bs[2], bs[3])
hasIPv4 = true
}
case !hasIPv6 && strings.Contains(txt, " ROUTER_IP "):
// #define ROUTER_IP 0xf0, 0xd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8a, 0xd6
defineLine := strings.Split(txt, " ROUTER_IP ")
if len(defineLine) != 2 {
continue
}
ipv6 := common.C2GoArray(defineLine[1])
if len(ipv6) != net.IPv6len {
continue
}
ipv6Router = net.IP(ipv6)
hasIPv6 = true
}
}
}
return ipv4GW, ipv6Router
}
// getCiliumHostIPs returns the Cilium IPv4 gateway and router IPv6 address from
// the node_config.h file if is present; or by deriving it from
// defaults.HostDevice interface, on which only the IPv4 is possible to derive.
func getCiliumHostIPs() (ipv4GW, ipv6Router net.IP) {
nodeConfig := option.Config.GetNodeConfigPath()
ipv4GW, ipv6Router = getCiliumHostIPsFromFile(nodeConfig)
if ipv4GW != nil || ipv6Router != nil {
log.WithFields(logrus.Fields{
"ipv4": ipv4GW,
"ipv6": ipv6Router,
"file": nodeConfig,
}).Info("Restored router address from node_config")
return ipv4GW, ipv6Router
}
return getCiliumHostIPsFromNetDev(option.Config.HostDevice)
}
// SetIPsecKeyIdentity sets the IPsec key identity an opaque value used to
// identity encryption keys used on the node.
func SetIPsecKeyIdentity(id uint8) {
ipsecKeyIdentity = id
}
// GetIPsecKeyIdentity returns the IPsec key identity of the node
func GetIPsecKeyIdentity() uint8 {
return ipsecKeyIdentity
}
// GetK8sNodeIPs returns k8s Node IP addr.
func GetK8sNodeIP() net.IP {
return k8sNodeIP
}
// SetK8sNodeIP sets k8s Node IP addr.
func SetK8sNodeIP(ip net.IP) {
k8sNodeIP = ip
}
func SetWireguardPubKey(key string) {
wireguardPubKey = key
}
func GetWireguardPubKey() string {
return wireguardPubKey
}
func copyStringToNetIPMap(in map[string]net.IP) map[string]net.IP {
out := make(map[string]net.IP, len(in))
for iface, ip := range in {
dup := make(net.IP, len(ip))
copy(dup, ip)
out[iface] = dup
}
return out
}