Ignore addresses in masquerade subnet when retrieving gateway IPs

Signed-off-by: Riccardo Ravaioli <rravaiol@redhat.com>
openshift · Nov 10, 2022 · d2ca5d6 · d2ca5d6
1 parent 17ab3c3
commit d2ca5d6
Show file tree

Hide file tree

Showing 2 changed files with 57 additions and 3 deletions.
diff --git a/go-controller/pkg/util/net_linux.go b/go-controller/pkg/util/net_linux.go
@@ -9,12 +9,13 @@ import (
 	"net"
 	"time"
 
-	kapi "k8s.io/api/core/v1"
-
 	"github.com/j-keck/arping"
+	"github.com/ovn-org/ovn-kubernetes/go-controller/pkg/types"
 	"github.com/vishvananda/netlink"
 	"golang.org/x/sys/unix"
 
+	kapi "k8s.io/api/core/v1"
+	"k8s.io/klog/v2"
 	utilnet "k8s.io/utils/net"
 )
 
@@ -478,7 +479,7 @@ func GetNetworkInterfaceIPs(iface string) ([]*net.IPNet, error) {
 
 	var ips []*net.IPNet
 	for _, addr := range addrs {
-		if addr.IP.IsLinkLocalUnicast() {
+		if addr.IP.IsLinkLocalUnicast() || isAddressReservedForInternalUse(addr.IP) {
 			continue
 		}
 		// Ignore addresses marked as secondary or deprecated since they may
@@ -493,6 +494,22 @@ func GetNetworkInterfaceIPs(iface string) ([]*net.IPNet, error) {
 	return ips, nil
 }
 
+func isAddressReservedForInternalUse(addr net.IP) bool {
+	var subnetStr string
+	if addr.To4() != nil {
+		subnetStr = types.V4MasqueradeSubnet
+	} else {
+		subnetStr = types.V6MasqueradeSubnet
+	}
+	_, subnet, err := net.ParseCIDR(subnetStr)
+	if err != nil {
+		klog.Errorf("Could not determine if %s is in reserved subnet %v: %v",
+			addr, subnetStr, err)
+		return false
+	}
+	return subnet.Contains(addr)
+}
+
 // GetIPv6OnSubnet when given an IPv6 address with a 128 prefix for an interface,
 // looks for possible broadest subnet on-link routes and returns the same address
 // with the found subnet prefix. Otherwise it returns the provided address unchanged.

diff --git a/go-controller/pkg/util/net_linux_unit_test.go b/go-controller/pkg/util/net_linux_unit_test.go
@@ -9,6 +9,7 @@ import (
 
 	ovntest "github.com/ovn-org/ovn-kubernetes/go-controller/pkg/testing"
 	netlink_mocks "github.com/ovn-org/ovn-kubernetes/go-controller/pkg/testing/mocks/github.com/vishvananda/netlink"
+	"github.com/ovn-org/ovn-kubernetes/go-controller/pkg/types"
 	"github.com/ovn-org/ovn-kubernetes/go-controller/pkg/util/mocks"
 	"github.com/stretchr/testify/assert"
 	"github.com/vishvananda/netlink"
@@ -1250,3 +1251,39 @@ func TestGetMTUOfInterfaceWithAddress(t *testing.T) {
 		})
 	}
 }
+
+func TestIsAddressReservedForInternalUse(t *testing.T) {
+	tests := []struct {
+		desc   string
+		input  net.IP
+		outExp bool
+	}{
+		{
+			desc:   "non-reserved IPv4 address",
+			input:  ovntest.MustParseIP("1.1.1.1"),
+			outExp: false,
+		},
+		{
+			desc:   "non-reserved IPv6 address",
+			input:  ovntest.MustParseIP("abcd::1"),
+			outExp: false,
+		},
+		{
+			desc:   "reserved IPv4 address",
+			input:  ovntest.MustParseIP(types.V4HostMasqueradeIP),
+			outExp: true,
+		},
+		{
+			desc:   "reserved IPv6 address",
+			input:  ovntest.MustParseIP(types.V6HostMasqueradeIP),
+			outExp: true,
+		},
+	}
+	for i, tc := range tests {
+		t.Run(fmt.Sprintf("%d:%s", i, tc.desc), func(t *testing.T) {
+			res := isAddressReservedForInternalUse(tc.input)
+			t.Log(res)
+			assert.Equal(t, res, tc.outExp)
+		})
+	}
+}