Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Feature requirement: Skip the conflict detection function of creating a network with other network address segments #2179

Open
InPRTx opened this issue Sep 30, 2024 · 3 comments
Open

Feature requirement: Skip the conflict detection function of creating a network with other network address segments #2179

InPRTx opened this issue Sep 30, 2024 · 3 comments

Comments

@InPRTx
Copy link

InPRTx commented Sep 30, 2024

I have a very useful intranet, which can access the container's IP by using the internal IPv6 address.
However, I have encountered problems in creating a network during use. I hope to add instructions to skip the detection of address segment conflicts.
When I use this command, an error will be reported. I hope to skip the error and bypass the detection.

podman network create --label io.podman.compose.project=app --label com.docker.compose.project=app --ipv6 --subnet fc6a:795e:392:20:2ac1:464c:a2cf::/112 app_in-net2

Error: subnet fc6a:795e:392:20:2ac1:464c:a2cf:0/112 is already used on the host or by another config

But in fact, this route is only included in fc6a:795e::/32 and does not conflict

ip -6 r|grep fc6a
fc6a:795e:392:20:9a11:464c:ea1f:0/112 dev podman1 proto kernel metric 256 pref medium
fc6a:795e:528::/48 via fe80::ff:fe30:334 dev tinc0 proto bird metric 32 pref medium
fc6a:795e:702::/48 via fe80::ff:fe30:334 dev tinc0 proto bird metric 32 pref medium
fc6a:795e::/32 dev tinc0 proto kernel metric 256 pref medium

common/libnetwork/internal/util/validate.go

Lines 31 to 36 in bbb5c4a

// check that the new subnet does not conflict with existing ones
if NetworkIntersectsWithNetworks(n, usedNetworks) {
return fmt.Errorf("subnet %s is already used on the host or by another config", n.String())
}

common/libnetwork/internal/util/ip.go

Lines 45 to 56 in bbb5c4a

func NetworkIntersectsWithNetworks(n *net.IPNet, networklist []*net.IPNet) bool {
for _, nw := range networklist {
if networkIntersect(n, nw) {
return true
}
}
return false
}
func networkIntersect(n1, n2 *net.IPNet) bool {
return n2.Contains(n1.IP) || n1.Contains(n2.IP)
}

@Luap99
Copy link
Member

Luap99 commented Sep 30, 2024

We do not check check routes, we do check the ip addresses and subnets assigned to the interfaces. I guess this just doesn't make sense for ipv6 as this kind of subnetting seems like normal thing there.

I would not like to maintain a option to skip such a check, if it doesn't work on "common" ipv6 networks we should fix it so it does work and not require extra options. I am not sure what the right fix is, should we skip the check entirely for ipv6 or parse the routing rules to figure out if there will be conflicts?

cc @mheon

@InPRTx
Copy link
Author

InPRTx commented Oct 1, 2024

Got it. I solved this problem by reducing the size of the ipv6 subnet.

@InPRTx InPRTx closed this as completed Oct 1, 2024
@Luap99
Copy link
Member

Luap99 commented Oct 1, 2024

Let's keep it open, I think this a valid issue regardless.

@Luap99 Luap99 reopened this Oct 1, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@Luap99 @InPRTx