Merge pull request #407 from kadel/405-check-before-set-ipv4forward

write to /proc/sys/net/ipv4/ip_forward only if is not already enabled

libnetwork/drivers/bridge/setup_ip_forwarding.go

@@ -11,9 +11,18 @@ const (
 )
 
 func setupIPForwarding() error {
-	// Enable IPv4 forwarding
-	if err := ioutil.WriteFile(ipv4ForwardConf, []byte{'1', '\n'}, ipv4ForwardConfPerm); err != nil {
-		return fmt.Errorf("Setup IP forwarding failed: %v", err)
+	// Get current IPv4 forward setup
+	ipv4ForwardData, err := ioutil.ReadFile(ipv4ForwardConf)
+	if err != nil {
+		return fmt.Errorf("Cannot read IP forwarding setup: %v", err)
+	}
+
+	// Enable IPv4 forwarding only if it is not already enabled
+	if ipv4ForwardData[0] != '1' {
+		// Enable IPv4 forwarding
+		if err := ioutil.WriteFile(ipv4ForwardConf, []byte{'1', '\n'}, ipv4ForwardConfPerm); err != nil {
+			return fmt.Errorf("Setup IP forwarding failed: %v", err)
+		}
 	}
 
 	return nil

libnetwork/drivers/bridge/setup_ipv4.go

@@ -131,10 +131,16 @@ func setupGatewayIPv4(config *networkConfiguration, i *bridgeInterface) error {
 }
 
 func setupLoopbackAdressesRouting(config *networkConfiguration, i *bridgeInterface) error {
-	// Enable loopback adresses routing
 	sysPath := filepath.Join("/proc/sys/net/ipv4/conf", config.BridgeName, "route_localnet")
-	if err := ioutil.WriteFile(sysPath, []byte{'1', '\n'}, 0644); err != nil {
-		return fmt.Errorf("Unable to enable local routing for hairpin mode: %v", err)
+	ipv4LoRoutingData, err := ioutil.ReadFile(sysPath)
+	if err != nil {
+		return fmt.Errorf("Cannot read IPv4 local routing setup: %v", err)
+	}
+	// Enable loopback adresses routing only if it isn't already enabled
+	if ipv4LoRoutingData[0] != '1' {
+		if err := ioutil.WriteFile(sysPath, []byte{'1', '\n'}, 0644); err != nil {
+			return fmt.Errorf("Unable to enable local routing for hairpin mode: %v", err)
+		}
 	}
 	return nil
 }

libnetwork/drivers/bridge/setup_ipv6.go

@@ -12,8 +12,10 @@ import (
 var bridgeIPv6 *net.IPNet
 
 const (
-	bridgeIPv6Str       = "fe80::1/64"
-	ipv6ForwardConfPerm = 0644
+	bridgeIPv6Str          = "fe80::1/64"
+	ipv6ForwardConfPerm    = 0644
+	ipv6ForwardConfDefault = "/proc/sys/net/ipv6/conf/default/forwarding"
+	ipv6ForwardConfAll     = "/proc/sys/net/ipv6/conf/all/forwarding"
 )
 
 func init() {
@@ -27,10 +29,16 @@ func init() {
 }
 
 func setupBridgeIPv6(config *networkConfiguration, i *bridgeInterface) error {
-	// Enable IPv6 on the bridge
 	procFile := "/proc/sys/net/ipv6/conf/" + config.BridgeName + "/disable_ipv6"
-	if err := ioutil.WriteFile(procFile, []byte{'0', '\n'}, ipv6ForwardConfPerm); err != nil {
-		return fmt.Errorf("Unable to enable IPv6 addresses on bridge: %v", err)
+	ipv6BridgeData, err := ioutil.ReadFile(procFile)
+	if err != nil {
+		return fmt.Errorf("Cannot read IPv6 setup for bridge %v: %v", config.BridgeName, err)
+	}
+	// Enable IPv6 on the bridge only if it isn't already enabled
+	if ipv6BridgeData[0] != '0' {
+		if err := ioutil.WriteFile(procFile, []byte{'0', '\n'}, ipv6ForwardConfPerm); err != nil {
+			return fmt.Errorf("Unable to enable IPv6 addresses on bridge: %v", err)
+		}
 	}
 
 	_, addrsv6, err := i.addresses()
@@ -70,12 +78,29 @@ func setupGatewayIPv6(config *networkConfiguration, i *bridgeInterface) error {
 }
 
 func setupIPv6Forwarding(config *networkConfiguration, i *bridgeInterface) error {
-	// Enable IPv6 forwarding
-	if err := ioutil.WriteFile("/proc/sys/net/ipv6/conf/default/forwarding", []byte{'1', '\n'}, ipv6ForwardConfPerm); err != nil {
-		logrus.Warnf("Unable to enable IPv6 default forwarding: %v", err)
+	// Get current IPv6 default forwarding setup
+	ipv6ForwardDataDefault, err := ioutil.ReadFile(ipv6ForwardConfDefault)
+	if err != nil {
+		return fmt.Errorf("Cannot read IPv6 default forwarding setup: %v", err)
 	}
-	if err := ioutil.WriteFile("/proc/sys/net/ipv6/conf/all/forwarding", []byte{'1', '\n'}, ipv6ForwardConfPerm); err != nil {
-		logrus.Warnf("Unable to enable IPv6 all forwarding: %v", err)
+	// Enable IPv6 default forwarding only if it is not already enabled
+	if ipv6ForwardDataDefault[0] != '1' {
+		if err := ioutil.WriteFile(ipv6ForwardConfDefault, []byte{'1', '\n'}, ipv6ForwardConfPerm); err != nil {
+			logrus.Warnf("Unable to enable IPv6 default forwarding: %v", err)
+		}
 	}
+
+	// Get current IPv6 all forwarding setup
+	ipv6ForwardDataAll, err := ioutil.ReadFile(ipv6ForwardConfAll)
+	if err != nil {
+		return fmt.Errorf("Cannot read IPv6 all forwarding setup: %v", err)
+	}
+	// Enable IPv6 all forwarding only if it is not already enabled
+	if ipv6ForwardDataAll[0] != '1' {
+		if err := ioutil.WriteFile(ipv6ForwardConfAll, []byte{'1', '\n'}, ipv6ForwardConfPerm); err != nil {
+			logrus.Warnf("Unable to enable IPv6 all forwarding: %v", err)
+		}
+	}
+
 	return nil
 }