-
Notifications
You must be signed in to change notification settings - Fork 2.8k
/
allocator.go
250 lines (219 loc) · 7.03 KB
/
allocator.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
// SPDX-License-Identifier: Apache-2.0
// Copyright Authors of Cilium
// Copyright The Kubernetes Authors.
package ipallocator
import (
"errors"
"fmt"
"math/big"
"net"
"github.com/cilium/cilium/pkg/ipam/service/allocator"
)
// Interface manages the allocation of IP addresses out of a range. Interface
// should be threadsafe.
type Interface interface {
Allocate(net.IP) error
AllocateNext() (net.IP, error)
Release(net.IP) error
ForEach(func(net.IP))
CIDR() net.IPNet
Has(ip net.IP) bool
}
var (
ErrFull = errors.New("range is full")
ErrAllocated = errors.New("provided IP is already allocated")
ErrMismatchedNetwork = errors.New("the provided network does not match the current range")
)
type ErrNotInRange struct {
ValidRange string
}
func (e *ErrNotInRange) Error() string {
return fmt.Sprintf("provided IP is not in the valid range. The range of valid IPs is %s", e.ValidRange)
}
// Range is a contiguous block of IPs that can be allocated atomically.
//
// The internal structure of the range is:
//
// For CIDR 10.0.0.0/24
// 254 addresses usable out of 256 total (minus base and broadcast IPs)
// The number of usable addresses is r.max
//
// CIDR base IP CIDR broadcast IP
// 10.0.0.0 10.0.0.255
// | |
// 0 1 2 3 4 5 ... ... 253 254 255
// | |
// r.base r.base + r.max
// | |
// offset #0 of r.allocated last offset of r.allocated
type Range struct {
net *net.IPNet
// base is a cached version of the start IP in the CIDR range as a *big.Int
base *big.Int
// max is the maximum size of the usable addresses in the range
max int
alloc allocator.Interface
}
// NewCIDRRange creates a Range over a net.IPNet, calling allocator.NewAllocationMap to construct
// the backing store.
func NewCIDRRange(cidr *net.IPNet) *Range {
base := bigForIP(cidr.IP)
max := maximum(0, int(RangeSize(cidr)-2)) // don't use the network broadcast,
return &Range{
net: cidr,
base: base.Add(base, big.NewInt(1)), // don't use the network base
max: max,
alloc: allocator.NewAllocationMap(int(max), cidr.String()),
}
}
func maximum(a, b int) int {
if a > b {
return a
}
return b
}
// Free returns the count of IP addresses left in the range.
func (r *Range) Free() int {
return r.alloc.Free()
}
// Used returns the count of IP addresses used in the range.
func (r *Range) Used() int {
return r.max - r.alloc.Free()
}
// CIDR returns the CIDR covered by the range.
func (r *Range) CIDR() net.IPNet {
return *r.net
}
// Allocate attempts to reserve the provided IP. ErrNotInRange or
// ErrAllocated will be returned if the IP is not valid for this range
// or has already been reserved. ErrFull will be returned if there
// are no addresses left.
func (r *Range) Allocate(ip net.IP) error {
ok, offset := r.contains(ip)
if !ok {
return &ErrNotInRange{r.net.String()}
}
allocated, err := r.alloc.Allocate(offset)
if err != nil {
return err
}
if !allocated {
return ErrAllocated
}
return nil
}
// AllocateNext reserves one of the IPs from the pool. ErrFull may
// be returned if there are no addresses left.
func (r *Range) AllocateNext() (net.IP, error) {
offset, ok, err := r.alloc.AllocateNext()
if err != nil {
return nil, err
}
if !ok {
return nil, ErrFull
}
return addIPOffset(r.base, offset), nil
}
// Release releases the IP back to the pool. Releasing an
// unallocated IP or an IP out of the range is a no-op and
// returns no error.
func (r *Range) Release(ip net.IP) {
ok, offset := r.contains(ip)
if ok {
r.alloc.Release(offset)
}
}
// ForEach calls the provided function for each allocated IP.
func (r *Range) ForEach(fn func(net.IP)) {
r.alloc.ForEach(func(offset int) {
ip, _ := GetIndexedIP(r.net, offset+1) // +1 because Range doesn't store IP 0
fn(ip)
})
}
// Has returns true if the provided IP is already allocated and a call
// to Allocate(ip) would fail with ErrAllocated.
func (r *Range) Has(ip net.IP) bool {
ok, offset := r.contains(ip)
if !ok {
return false
}
return r.alloc.Has(offset)
}
// Snapshot saves the current state of the pool.
func (r *Range) Snapshot() (string, []byte, error) {
snapshottable, ok := r.alloc.(allocator.Snapshottable)
if !ok {
return "", nil, fmt.Errorf("not a snapshottable allocator")
}
str, data := snapshottable.Snapshot()
return str, data, nil
}
// Restore restores the pool to the previously captured state. ErrMismatchedNetwork
// is returned if the provided IPNet range doesn't exactly match the previous range.
func (r *Range) Restore(net *net.IPNet, data []byte) error {
if !net.IP.Equal(r.net.IP) || net.Mask.String() != r.net.Mask.String() {
return ErrMismatchedNetwork
}
snapshottable, ok := r.alloc.(allocator.Snapshottable)
if !ok {
return fmt.Errorf("not a snapshottable allocator")
}
if err := snapshottable.Restore(net.String(), data); err != nil {
return fmt.Errorf("restoring snapshot encountered: %w", err)
}
return nil
}
// contains returns true and the offset if the ip is in the range, and false
// and nil otherwise. The first and last addresses of the CIDR are omitted.
func (r *Range) contains(ip net.IP) (bool, int) {
if !r.net.Contains(ip) {
return false, 0
}
offset := calculateIPOffset(r.base, ip)
if offset < 0 || offset >= r.max {
return false, 0
}
return true, offset
}
// bigForIP creates a big.Int based on the provided net.IP
func bigForIP(ip net.IP) *big.Int {
// NOTE: Convert to 16-byte representation so we can
// handle v4 and v6 values the same way.
return big.NewInt(0).SetBytes(ip.To16())
}
// addIPOffset adds the provided integer offset to a base big.Int representing a net.IP
// NOTE: If you started with a v4 address and overflow it, you get a v6 result.
func addIPOffset(base *big.Int, offset int) net.IP {
r := big.NewInt(0).Add(base, big.NewInt(int64(offset))).Bytes()
r = append(make([]byte, 16), r...)
return net.IP(r[len(r)-16:])
}
// calculateIPOffset calculates the integer offset of ip from base such that
// base + offset = ip. It requires ip >= base.
func calculateIPOffset(base *big.Int, ip net.IP) int {
return int(big.NewInt(0).Sub(bigForIP(ip), base).Int64())
}
// RangeSize returns the size of a range in valid addresses.
func RangeSize(subnet *net.IPNet) int64 {
ones, bits := subnet.Mask.Size()
if bits == 32 && (bits-ones) >= 31 || bits == 128 && (bits-ones) >= 127 {
return 0
}
// For IPv6, the max size will be limited to 65536
// This is due to the allocator keeping track of all the
// allocated IP's in a bitmap. This will keep the size of
// the bitmap to 64k.
if bits == 128 && (bits-ones) >= 16 {
return int64(1) << uint(16)
} else {
return int64(1) << uint(bits-ones)
}
}
// GetIndexedIP returns a net.IP that is subnet.IP + index in the contiguous IP space.
func GetIndexedIP(subnet *net.IPNet, index int) (net.IP, error) {
ip := addIPOffset(bigForIP(subnet.IP), index)
if !subnet.Contains(ip) {
return nil, fmt.Errorf("can't generate IP with index %d from subnet. subnet too small. subnet: %q", index, subnet)
}
return ip, nil
}