multus-cni/pkg/types/conf.go

// Copyright (c) 2017 Intel Corporation
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
//     http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
//

package types

import (
	"encoding/json"
	"fmt"
	"io/ioutil"
	"net"
	"os"
	"strings"

	"github.com/containernetworking/cni/libcni"
	"github.com/containernetworking/cni/pkg/skel"
	cni100 "github.com/containernetworking/cni/pkg/types/100"
	"github.com/containernetworking/cni/pkg/version"
	nadutils "github.com/k8snetworkplumbingwg/network-attachment-definition-client/pkg/utils"
	"gopkg.in/k8snetworkplumbingwg/multus-cni.v3/pkg/logging"
)

const (
	defaultCNIDir                 = "/var/lib/cni/multus"
	defaultConfDir                = "/etc/cni/multus/net.d"
	defaultBinDir                 = "/opt/cni/bin"
	defaultReadinessIndicatorFile = ""
	defaultMultusNamespace        = "kube-system"
	defaultNonIsolatedNamespace   = "default"
)

// const block for multus-daemon configs
const (
	// DefaultMultusDaemonConfigFile is the default path of the config file
	DefaultMultusDaemonConfigFile = "/etc/cni/net.d/multus.d/daemon-config.json"
	defaultMultusRunDir           = "/run/multus/"
)

// LoadDelegateNetConfList reads DelegateNetConf from bytes
func LoadDelegateNetConfList(bytes []byte, delegateConf *DelegateNetConf) error {
	logging.Debugf("LoadDelegateNetConfList: %s, %v", string(bytes), delegateConf)

	if err := json.Unmarshal(bytes, &delegateConf.ConfList); err != nil {
		return logging.Errorf("LoadDelegateNetConfList: error unmarshalling delegate conflist: %v", err)
	}

	if delegateConf.ConfList.Plugins == nil {
		return logging.Errorf("LoadDelegateNetConfList: delegate must have the 'type' or 'plugin' field")
	}

	if delegateConf.ConfList.Plugins[0].Type == "" {
		return logging.Errorf("LoadDelegateNetConfList: a plugin delegate must have the 'type' field")
	}
	delegateConf.ConfListPlugin = true
	delegateConf.Name = delegateConf.ConfList.Name
	return nil
}

// LoadDelegateNetConf converts raw CNI JSON into a DelegateNetConf structure
func LoadDelegateNetConf(bytes []byte, netElement *NetworkSelectionElement, deviceID string, resourceName string) (*DelegateNetConf, error) {
	var err error
	logging.Debugf("LoadDelegateNetConf: %s, %v, %s", string(bytes), netElement, deviceID)

	delegateConf := &DelegateNetConf{}
	if err := json.Unmarshal(bytes, &delegateConf.Conf); err != nil {
		return nil, logging.Errorf("LoadDelegateNetConf: error unmarshalling delegate config: %v", err)
	}
	delegateConf.Name = delegateConf.Conf.Name

	// Do some minimal validation
	if delegateConf.Conf.Type == "" {
		if err := LoadDelegateNetConfList(bytes, delegateConf); err != nil {
			return nil, logging.Errorf("LoadDelegateNetConf: failed with: %v", err)
		}
		if deviceID != "" {
			bytes, err = addDeviceIDInConfList(bytes, deviceID)
			if err != nil {
				return nil, logging.Errorf("LoadDelegateNetConf: failed to add deviceID in NetConfList bytes: %v", err)
			}
			delegateConf.ResourceName = resourceName
			delegateConf.DeviceID = deviceID
		}
		if netElement != nil && netElement.CNIArgs != nil {
			bytes, err = addCNIArgsInConfList(bytes, netElement.CNIArgs)
			if err != nil {
				return nil, logging.Errorf("LoadDelegateNetConf(): failed to add cni-args in NetConfList bytes: %v", err)
			}
		}
	} else {
		if deviceID != "" {
			bytes, err = delegateAddDeviceID(bytes, deviceID)
			if err != nil {
				return nil, logging.Errorf("LoadDelegateNetConf: failed to add deviceID in NetConf bytes: %v", err)
			}
			// Save them for housekeeping
			delegateConf.ResourceName = resourceName
			delegateConf.DeviceID = deviceID
		}
		if netElement != nil && netElement.CNIArgs != nil {
			bytes, err = addCNIArgsInConfig(bytes, netElement.CNIArgs)
			if err != nil {
				return nil, logging.Errorf("LoadDelegateNetConf(): failed to add cni-args in NetConfList bytes: %v", err)
			}
		}
	}

	if netElement != nil {
		if netElement.Name != "" {
			// Overwrite CNI config name with net-attach-def name
			delegateConf.Name = fmt.Sprintf("%s/%s", netElement.Namespace, netElement.Name)
		}
		if netElement.InterfaceRequest != "" {
			delegateConf.IfnameRequest = netElement.InterfaceRequest
		}
		if netElement.MacRequest != "" {
			delegateConf.MacRequest = netElement.MacRequest
		}
		if netElement.IPRequest != nil {
			delegateConf.IPRequest = netElement.IPRequest
		}
		if netElement.BandwidthRequest != nil {
			delegateConf.BandwidthRequest = netElement.BandwidthRequest
		}
		if netElement.PortMappingsRequest != nil {
			delegateConf.PortMappingsRequest = netElement.PortMappingsRequest
		}
		if netElement.GatewayRequest != nil {
			var list []net.IP
			if delegateConf.GatewayRequest != nil {
				list = append(*delegateConf.GatewayRequest, *netElement.GatewayRequest...)
			} else {
				list = *netElement.GatewayRequest
			}
			delegateConf.GatewayRequest = &list
		}
		if netElement.InfinibandGUIDRequest != "" {
			delegateConf.InfinibandGUIDRequest = netElement.InfinibandGUIDRequest
		}
		if netElement.DeviceID != "" {
			if deviceID != "" {
				logging.Debugf("Warning: Both RuntimeConfig and ResourceMap provide deviceID. Ignoring RuntimeConfig")
			} else {
				delegateConf.DeviceID = netElement.DeviceID
			}
		}
	}

	delegateConf.Bytes = bytes

	return delegateConf, nil
}

// mergeCNIRuntimeConfig creates CNI runtimeconfig from delegate
func mergeCNIRuntimeConfig(runtimeConfig *RuntimeConfig, delegate *DelegateNetConf) *RuntimeConfig {
	logging.Debugf("mergeCNIRuntimeConfig: %v %v", runtimeConfig, delegate)
	var mergedRuntimeConfig RuntimeConfig

	if runtimeConfig == nil {
		mergedRuntimeConfig = RuntimeConfig{}
	} else {
		mergedRuntimeConfig = *runtimeConfig
	}

	// multus inject RuntimeConfig only in case of non MasterPlugin.
	if delegate.MasterPlugin != true {
		logging.Debugf("mergeCNIRuntimeConfig: add runtimeConfig for net-attach-def: %v", mergedRuntimeConfig)
		if delegate.PortMappingsRequest != nil {
			mergedRuntimeConfig.PortMaps = delegate.PortMappingsRequest
		}
		if delegate.BandwidthRequest != nil {
			mergedRuntimeConfig.Bandwidth = delegate.BandwidthRequest
		}
		if delegate.IPRequest != nil {
			mergedRuntimeConfig.IPs = delegate.IPRequest
		}
		if delegate.MacRequest != "" {
			mergedRuntimeConfig.Mac = delegate.MacRequest
		}
		if delegate.InfinibandGUIDRequest != "" {
			mergedRuntimeConfig.InfinibandGUID = delegate.InfinibandGUIDRequest
		}
		if delegate.DeviceID != "" {
			mergedRuntimeConfig.DeviceID = delegate.DeviceID
		}
		logging.Debugf("mergeCNIRuntimeConfig: add runtimeConfig for net-attach-def: %v", mergedRuntimeConfig)
	}
	return &mergedRuntimeConfig
}

// CreateCNIRuntimeConf create CNI RuntimeConf for a delegate. If delegate configuration
// exists, merge data with the runtime config.
func CreateCNIRuntimeConf(args *skel.CmdArgs, k8sArgs *K8sArgs, ifName string, rc *RuntimeConfig, delegate *DelegateNetConf) (*libcni.RuntimeConf, string) {
	podName := string(k8sArgs.K8S_POD_NAME)
	podNamespace := string(k8sArgs.K8S_POD_NAMESPACE)
	podUID := string(k8sArgs.K8S_POD_UID)
	sandboxID := string(k8sArgs.K8S_POD_INFRA_CONTAINER_ID)
	return newCNIRuntimeConf(args.ContainerID, sandboxID, podName, podNamespace, podUID, args.Netns, ifName, rc, delegate)
}

// newCNIRuntimeConf creates the CNI `RuntimeConf` for the given ADD / DEL request.
func newCNIRuntimeConf(containerID, sandboxID, podName, podNamespace, podUID, netNs, ifName string, rc *RuntimeConfig, delegate *DelegateNetConf) (*libcni.RuntimeConf, string) {
	logging.Debugf("LoadCNIRuntimeConf: %s, %v %v", ifName, rc, delegate)

	delegateRc := delegateRuntimeConfig(containerID, delegate, rc, ifName)
	// In part, adapted from K8s pkg/kubelet/dockershim/network/cni/cni.go#buildCNIRuntimeConf
	rt := createRuntimeConf(netNs, podNamespace, podName, containerID, sandboxID, podUID, ifName)

	var cniDeviceInfoFile string

	// Populate rt.Args with CNI_ARGS if the rt.Args value is not set
	cniArgs := os.Getenv("CNI_ARGS")
	if cniArgs != "" {
		logging.Debugf("ARGS: %s", cniArgs)
		for _, arg := range strings.Split(cniArgs, ";") {
			// SplitN to handle = within values, like BLAH=foo=bar
			keyval := strings.SplitN(arg, "=", 2)
			if len(keyval) != 2 {
				logging.Errorf("CreateCNIRuntimeConf: CNI_ARGS %s %s %d is not recognized as CNI arg, skipped", arg, keyval, len(keyval))
				continue
			}

			envKey := string(keyval[0])
			envVal := string(keyval[1])
			found := false
			for i := range rt.Args {
				// Update existing key if its value is empty
				if rt.Args[i][0] == envKey && rt.Args[i][1] == "" && envVal != "" {
					logging.Debugf("CreateCNIRuntimeConf: add new val: %s", arg)
					rt.Args[i][1] = envVal
					found = true
					break
				}
			}
			if !found {
				// Add the new key if it didn't exist yet
				rt.Args = append(rt.Args, [2]string{envKey, envVal})
			}
		}
	}

	if delegateRc != nil {
		cniDeviceInfoFile = delegateRc.CNIDeviceInfoFile
		capabilityArgs := map[string]interface{}{}
		if len(delegateRc.PortMaps) != 0 {
			capabilityArgs["portMappings"] = delegateRc.PortMaps
		}
		if delegateRc.Bandwidth != nil {
			capabilityArgs["bandwidth"] = delegateRc.Bandwidth
		}
		if len(delegateRc.IPs) != 0 {
			capabilityArgs["ips"] = delegateRc.IPs
		}
		if len(delegateRc.Mac) != 0 {
			capabilityArgs["mac"] = delegateRc.Mac
		}
		if len(delegateRc.InfinibandGUID) != 0 {
			capabilityArgs["infinibandGUID"] = delegateRc.InfinibandGUID
		}
		if delegateRc.DeviceID != "" {
			capabilityArgs["deviceID"] = delegateRc.DeviceID
		}
		if delegateRc.CNIDeviceInfoFile != "" {
			capabilityArgs["CNIDeviceInfoFile"] = delegateRc.CNIDeviceInfoFile
		}
		rt.CapabilityArgs = capabilityArgs
	}
	return rt, cniDeviceInfoFile
}

// createRuntimeConf creates the CNI `RuntimeConf` for the given ADD / DEL request.
func createRuntimeConf(netNs, podNamespace, podName, containerID, sandboxID, podUID, ifName string) *libcni.RuntimeConf {
	return &libcni.RuntimeConf{
		ContainerID: containerID,
		NetNS:       netNs,
		IfName:      ifName,
		// NOTE: Verbose logging depends on this order, so please keep Args order.
		Args: [][2]string{
			{"IgnoreUnknown", "true"},
			{"K8S_POD_NAMESPACE", podNamespace},
			{"K8S_POD_NAME", podName},
			{"K8S_POD_INFRA_CONTAINER_ID", sandboxID},
			{"K8S_POD_UID", podUID},
		},
	}
}

// delegateRuntimeConfig creates the CNI `RuntimeConf` for the given ADD / DEL request.
func delegateRuntimeConfig(containerID string, delegate *DelegateNetConf, rc *RuntimeConfig, ifName string) *RuntimeConfig {
	var delegateRc *RuntimeConfig

	if delegate != nil {
		delegateRc = mergeCNIRuntimeConfig(rc, delegate)
		if delegateRc.DeviceID != "" {
			if delegateRc.CNIDeviceInfoFile != "" {
				logging.Debugf("Warning: Existing value of CNIDeviceInfoFile will be overwritten %s", delegateRc.CNIDeviceInfoFile)
			}
			autoDeviceInfo := fmt.Sprintf("%s-%s_%s", delegate.Name, containerID, ifName)
			delegateRc.CNIDeviceInfoFile = nadutils.GetCNIDeviceInfoPath(autoDeviceInfo)
			logging.Debugf("Adding auto-generated CNIDeviceInfoFile: %s", delegateRc.CNIDeviceInfoFile)
		}
	} else {
		delegateRc = rc
	}
	return delegateRc
}

// GetGatewayFromResult retrieves gateway IP addresses from CNI result
func GetGatewayFromResult(result *cni100.Result) []net.IP {
	var gateways []net.IP

	for _, route := range result.Routes {
		if mask, _ := route.Dst.Mask.Size(); mask == 0 {
			gateways = append(gateways, route.GW)
		}
	}
	return gateways
}

// GetDefaultNetConf returns NetConf with default variables
func GetDefaultNetConf() *NetConf {
	// LogToStderr's default value set to true
	return &NetConf{
		BinDir:                 defaultBinDir,
		ConfDir:                defaultConfDir,
		CNIDir:                 defaultCNIDir,
		LogToStderr:            true,
		MultusNamespace:        defaultMultusNamespace,
		NonIsolatedNamespaces:  []string{defaultNonIsolatedNamespace},
		ReadinessIndicatorFile: defaultReadinessIndicatorFile,
		SystemNamespaces:       []string{"kube-system"},
	}

}

// LoadNetConf converts inputs (i.e. stdin) to NetConf
func LoadNetConf(bytes []byte) (*NetConf, error) {
	netconf := GetDefaultNetConf()

	logging.Debugf("LoadNetConf: %s", string(bytes))
	if err := json.Unmarshal(bytes, netconf); err != nil {
		return nil, logging.Errorf("LoadNetConf: failed to load netconf: %v", err)
	}

	// Logging
	logging.SetLogStderr(netconf.LogToStderr)
	logging.SetLogOptions(netconf.LogOptions)
	if netconf.LogFile != "" {
		logging.SetLogFile(netconf.LogFile)
	}
	if netconf.LogLevel != "" {
		logging.SetLogLevel(netconf.LogLevel)
	}

	// Parse previous result
	if netconf.RawPrevResult != nil {
		resultBytes, err := json.Marshal(netconf.RawPrevResult)
		if err != nil {
			return nil, logging.Errorf("LoadNetConf: could not serialize prevResult: %v", err)
		}
		res, err := version.NewResult(netconf.CNIVersion, resultBytes)
		if err != nil {
			return nil, logging.Errorf("LoadNetConf: could not parse prevResult: %v", err)
		}
		netconf.RawPrevResult = nil
		netconf.PrevResult, err = cni100.NewResultFromResult(res)
		if err != nil {
			return nil, logging.Errorf("LoadNetConf: could not convert result to current version: %v", err)
		}
	}

	// Delegates must always be set. If no kubeconfig is present, the
	// delegates are executed in-order.  If a kubeconfig is present,
	// at least one delegate must be present and the first delegate is
	// the master plugin. Kubernetes CRD delegates are then appended to
	// the existing delegate list and all delegates executed in-order.

	if len(netconf.RawDelegates) == 0 && netconf.ClusterNetwork == "" {
		return nil, logging.Errorf("LoadNetConf: at least one delegate/clusterNetwork must be specified")
	}

	// setup namespace isolation
	if netconf.RawNonIsolatedNamespaces != "" {
		// Parse the comma separated list
		nonisolated := strings.Split(netconf.RawNonIsolatedNamespaces, ",")
		// Cleanup the whitespace
		for i, nonv := range nonisolated {
			nonisolated[i] = strings.TrimSpace(nonv)
		}
		netconf.NonIsolatedNamespaces = nonisolated
	}

	// get RawDelegates and put delegates field
	if netconf.ClusterNetwork == "" {
		// for Delegates
		if len(netconf.RawDelegates) == 0 {
			return nil, logging.Errorf("LoadNetConf: at least one delegate must be specified")
		}
		for idx, rawConf := range netconf.RawDelegates {
			bytes, err := json.Marshal(rawConf)
			if err != nil {
				return nil, logging.Errorf("LoadNetConf: error marshalling delegate %d config: %v", idx, err)
			}
			delegateConf, err := LoadDelegateNetConf(bytes, nil, "", "")
			if err != nil {
				return nil, logging.Errorf("LoadNetConf: failed to load delegate %d config: %v", idx, err)
			}
			netconf.Delegates = append(netconf.Delegates, delegateConf)
		}
		netconf.RawDelegates = nil

		// First delegate is always the master plugin
		netconf.Delegates[0].MasterPlugin = true
	}

	return netconf, nil
}

// LoadDaemonNetConf loads the configuration for the multus daemon
func LoadDaemonNetConf(configPath string) (*ControllerNetConf, []byte, error) {
	config, err := ioutil.ReadFile(configPath)
	if err != nil {
		return nil, nil, fmt.Errorf("failed to read the config file's contents: %w", err)
	}

	daemonNetConf := &ControllerNetConf{}
	if err := json.Unmarshal(config, daemonNetConf); err != nil {
		return nil, nil, fmt.Errorf("failed to unmarshall the daemon configuration: %w", err)
	}

	logging.SetLogStderr(daemonNetConf.LogToStderr)
	if daemonNetConf.LogFile != DefaultMultusDaemonConfigFile {
		logging.SetLogFile(daemonNetConf.LogFile)
	}
	if daemonNetConf.LogLevel != "" {
		logging.SetLogLevel(daemonNetConf.LogLevel)
	}

	if daemonNetConf.CNIDir == "" {
		daemonNetConf.CNIDir = defaultCNIDir
	}

	if daemonNetConf.ConfDir == "" {
		daemonNetConf.ConfDir = defaultConfDir
	}

	if daemonNetConf.BinDir == "" {
		daemonNetConf.BinDir = defaultBinDir
	}

	if daemonNetConf.MultusSocketDir == "" {
		daemonNetConf.MultusSocketDir = defaultMultusRunDir
	}

	return daemonNetConf, config, nil
}

// AddDelegates appends the new delegates to the delegates list
func (n *NetConf) AddDelegates(newDelegates []*DelegateNetConf) error {
	logging.Debugf("AddDelegates: %v", newDelegates)
	n.Delegates = append(n.Delegates, newDelegates...)
	return nil
}

// delegateAddDeviceID injects deviceID information in delegate bytes
func delegateAddDeviceID(inBytes []byte, deviceID string) ([]byte, error) {
	var rawConfig map[string]interface{}
	var err error

	err = json.Unmarshal(inBytes, &rawConfig)
	if err != nil {
		return nil, logging.Errorf("delegateAddDeviceID: failed to unmarshal inBytes: %v", err)
	}
	// Inject deviceID
	rawConfig["deviceID"] = deviceID
	rawConfig["pciBusID"] = deviceID
	configBytes, err := json.Marshal(rawConfig)
	if err != nil {
		return nil, logging.Errorf("delegateAddDeviceID: failed to re-marshal Spec.Config: %v", err)
	}
	logging.Debugf("delegateAddDeviceID updated configBytes %s", string(configBytes))
	return configBytes, nil
}

// addDeviceIDInConfList injects deviceID information in delegate bytes
func addDeviceIDInConfList(inBytes []byte, deviceID string) ([]byte, error) {
	var rawConfig map[string]interface{}
	var err error

	err = json.Unmarshal(inBytes, &rawConfig)
	if err != nil {
		return nil, logging.Errorf("addDeviceIDInConfList: failed to unmarshal inBytes: %v", err)
	}

	pList, ok := rawConfig["plugins"]
	if !ok {
		return nil, logging.Errorf("addDeviceIDInConfList: unable to get plugin list")
	}

	pMap, ok := pList.([]interface{})
	if !ok {
		return nil, logging.Errorf("addDeviceIDInConfList: unable to typecast plugin list")
	}

	for idx, plugin := range pMap {
		currentPlugin, ok := plugin.(map[string]interface{})
		if !ok {
			return nil, logging.Errorf("addDeviceIDInConfList: unable to typecast plugin #%d", idx)
		}
		// Inject deviceID
		currentPlugin["deviceID"] = deviceID
		currentPlugin["pciBusID"] = deviceID
	}

	configBytes, err := json.Marshal(rawConfig)
	if err != nil {
		return nil, logging.Errorf("addDeviceIDInConfList: failed to re-marshal: %v", err)
	}
	logging.Debugf("addDeviceIDInConfList: updated configBytes %s", string(configBytes))
	return configBytes, nil
}

// injectCNIArgs injects given args to cniConfig
func injectCNIArgs(cniConfig *map[string]interface{}, args *map[string]interface{}) error {
	if argsval, ok := (*cniConfig)["args"]; ok {
		argsvalmap := argsval.(map[string]interface{})
		if cnival, ok := argsvalmap["cni"]; ok {
			cnivalmap := cnival.(map[string]interface{})
			// merge it if conf has args
			for key, val := range *args {
				cnivalmap[key] = val
			}
		} else {
			argsvalmap["cni"] = *args
		}
	} else {
		argsval := map[string]interface{}{}
		argsval["cni"] = *args
		(*cniConfig)["args"] = argsval
	}
	return nil
}

// addCNIArgsInConfig injects given cniArgs to CNI config in inBytes
func addCNIArgsInConfig(inBytes []byte, cniArgs *map[string]interface{}) ([]byte, error) {
	var rawConfig map[string]interface{}
	var err error

	err = json.Unmarshal(inBytes, &rawConfig)
	if err != nil {
		return nil, logging.Errorf("addCNIArgsInConfig(): failed to unmarshal inBytes: %v", err)
	}

	injectCNIArgs(&rawConfig, cniArgs)

	configBytes, err := json.Marshal(rawConfig)
	if err != nil {
		return nil, logging.Errorf("addCNIArgsInConfig(): failed to re-marshal: %v", err)
	}
	return configBytes, nil
}

// addCNIArgsInConfList injects given cniArgs to CNI conflist in inBytes
func addCNIArgsInConfList(inBytes []byte, cniArgs *map[string]interface{}) ([]byte, error) {
	var rawConfig map[string]interface{}
	var err error

	err = json.Unmarshal(inBytes, &rawConfig)
	if err != nil {
		return nil, logging.Errorf("addCNIArgsInConfList(): failed to unmarshal inBytes: %v", err)
	}

	pList, ok := rawConfig["plugins"]
	if !ok {
		return nil, logging.Errorf("addCNIArgsInConfList(): unable to get plugin list")
	}

	pMap, ok := pList.([]interface{})
	if !ok {
		return nil, logging.Errorf("addCNIArgsInConfList(): unable to typecast plugin list")
	}

	for idx := range pMap {
		valMap := pMap[idx].(map[string]interface{})
		injectCNIArgs(&valMap, cniArgs)
	}

	configBytes, err := json.Marshal(rawConfig)
	if err != nil {
		return nil, logging.Errorf("addCNIArgsInConfList(): failed to re-marshal: %v", err)
	}
	return configBytes, nil
}

// CheckGatewayConfig check gatewayRequest and mark IsFilter{V4,V6}Gateway flag if
// gw filtering is required
func CheckGatewayConfig(delegates []*DelegateNetConf) error {

	v4Gateways := 0
	v6Gateways := 0

	// Check the gateway
	for _, delegate := range delegates {
		if delegate.GatewayRequest != nil {
			for _, gw := range *delegate.GatewayRequest {
				if gw.To4() != nil {
					v4Gateways++
				} else {
					v6Gateways++
				}
			}
		}
	}

	if v4Gateways > 1 || v6Gateways > 1 {
		return fmt.Errorf("multus does not support ECMP for default-route")
	}

	// set filter flag for each delegate
	for i, delegate := range delegates {
		delegates[i].IsFilterV4Gateway = true
		delegates[i].IsFilterV6Gateway = true
		if delegate.GatewayRequest != nil {
			for _, gw := range *delegate.GatewayRequest {
				if gw.To4() != nil {
					delegates[i].IsFilterV4Gateway = false
				} else {
					delegates[i].IsFilterV6Gateway = false
				}
			}
		}
	}
	return nil
}

// CheckSystemNamespaces checks whether given namespace is in systemNamespaces or not.
func CheckSystemNamespaces(namespace string, systemNamespaces []string) bool {
	for _, nsname := range systemNamespaces {
		if namespace == nsname {
			return true
		}
	}
	return false
}