gather 223.254.254.100/24 as config

pkg/connect.go

@@ -44,8 +44,8 @@ type ConnectOptions struct {
 }
 
 var trafficManager = net.IPNet{
-	IP:   net.IPv4(223, 254, 254, 100),
-	Mask: net.CIDRMask(24, 32),
+	IP:   util.RouterIP,
+	Mask: util.CIDR.Mask,
 }
 
 func (c *ConnectOptions) createRemoteInboundPod() (err error) {

pkg/dhcp.go

@@ -68,7 +68,10 @@ func (d *DHCPManager) RentIPBaseNICAddress() (*net.IPNet, error) {
 	if err != nil {
 		return nil, err
 	}
-	return &net.IPNet{IP: net.IPv4(223, 254, 254, byte(<-ipC)), Mask: net.CIDRMask(24, 32)}, nil
+	p := make(net.IP, net.IPv4len)
+	copy(p, util.RouterIP.To4())
+	p[3] = byte(<-ipC)
+	return &net.IPNet{IP: p, Mask: util.CIDR.Mask}, nil
 }
 
 func (d *DHCPManager) RentIPRandom() (*net.IPNet, error) {
@@ -89,8 +92,10 @@ func (d *DHCPManager) RentIPRandom() (*net.IPNet, error) {
 		log.Errorf("update dhcp error after get ip, need to put ip back, err: %v", err)
 		return nil, err
 	}
-
-	return &net.IPNet{IP: net.IPv4(223, 254, 254, byte(<-ipC)), Mask: net.CIDRMask(24, 32)}, nil
+	p := make(net.IP, net.IPv4len)
+	copy(p, util.RouterIP.To4())
+	p[3] = byte(<-ipC)
+	return &net.IPNet{IP: p, Mask: util.CIDR.Mask}, nil
 }
 
 func getIP(alreadyInUse sets.Int) int {

pkg/mesh/controller.go

@@ -75,10 +75,10 @@ func AddMeshContainer(spec *v1.PodTemplateSpec, configMapName string, c util.Pod
 				"iptables -F;" +
 				"iptables -P INPUT ACCEPT;" +
 				"iptables -P FORWARD ACCEPT;" +
-				"iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80:60000 ! -s 127.0.0.1 ! -d 223.254.254.1/24 -j DNAT --to 127.0.0.1:15006;" +
-				"iptables -t nat -A POSTROUTING -p tcp -m tcp --dport 80:60000 ! -s 127.0.0.1 ! -d 223.254.254.1/24 -j MASQUERADE;" +
-				"iptables -t nat -A PREROUTING -i eth0 -p udp --dport 80:60000 ! -s 127.0.0.1 ! -d 223.254.254.1/24 -j DNAT --to 127.0.0.1:15006;" +
-				"iptables -t nat -A POSTROUTING -p udp -m udp --dport 80:60000 ! -s 127.0.0.1 ! -d 223.254.254.1/24 -j MASQUERADE;" +
+				"iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80:60000 ! -s 127.0.0.1 ! -d " + util.CIDR.String() + " -j DNAT --to 127.0.0.1:15006;" +
+				"iptables -t nat -A POSTROUTING -p tcp -m tcp --dport 80:60000 ! -s 127.0.0.1 ! -d " + util.CIDR.String() + " -j MASQUERADE;" +
+				"iptables -t nat -A PREROUTING -i eth0 -p udp --dport 80:60000 ! -s 127.0.0.1 ! -d " + util.CIDR.String() + " -j DNAT --to 127.0.0.1:15006;" +
+				"iptables -t nat -A POSTROUTING -p udp -m udp --dport 80:60000 ! -s 127.0.0.1 ! -d " + util.CIDR.String() + " -j MASQUERADE;" +
 				"envoy -c /etc/envoy/base-envoy.yaml",
 		},
 		SecurityContext: &v1.SecurityContext{

pkg/remote.go

@@ -43,7 +43,7 @@ func CreateOutboundRouterPod(clientset *kubernetes.Clientset, namespace string,
 		"iptables -F",
 		"iptables -P INPUT ACCEPT",
 		"iptables -P FORWARD ACCEPT",
-		"iptables -t nat -A POSTROUTING -s 223.254.254.0/24 -o eth0 -j MASQUERADE",
+		"iptables -t nat -A POSTROUTING -s " + util.CIDR.String() + " -o eth0 -j MASQUERADE",
 	}
 	for _, ipNet := range nodeCIDR {
 		args = append(args, "iptables -t nat -A POSTROUTING -s "+ipNet.String()+" -o eth0 -j MASQUERADE")

util/config.go

@@ -9,6 +9,17 @@ import (
 
 const TrafficManager = "kubevpn.traffic.manager"
 
+var CIDR *net.IPNet
+var RouterIP net.IP
+
+const (
+	s = "223.254.254.100/24"
+)
+
+func init() {
+	RouterIP, CIDR, _ = net.ParseCIDR(s)
+}
+
 // Debug is a flag that enables the debug log.
 var Debug bool
 

util/networkpolicy.go

@@ -33,7 +33,7 @@ func AddFirewallRule() {
 		"dir=in",
 		"action=allow",
 		"enable=yes",
-		"remoteip=223.254.254.1/24,LocalSubnet",
+		"remoteip=" + CIDR.String() + ",LocalSubnet",
 	}...)
 	if out, err := cmd.CombinedOutput(); err != nil {
 		log.Infof("error while exec command: %s, out: %s, err: %v", cmd.Args, string(out), err)

util/util.go

@@ -426,7 +426,7 @@ func Heartbeats(ctx context.Context) {
 			c2 <- struct{}{}
 		case <-c2:
 			for i := 0; i < 4; i++ {
-				_, _ = Ping("223.254.254.100")
+				_, _ = Ping(RouterIP.String())
 			}
 		case <-ctx.Done():
 			return