We use cookies to ensure you get the best experience on our website
Inicio Explorar Axuda
Rexistro Iniciar sesión
0ct0pu5
/
moby
1
0
Fork 0
Ficheiros Incidencias 0 Pull Requests 0 Wiki
Explorar o código

Add a ICMP reply rule for service VIP

Ping on VIP has been behaving inconsistently depending on if a task
for a service is local or remote.

With this fix, the ICMP echo-request packets to service VIP are replied
to by the NAT rule to self

Signed-off-by: Madhu Venugopal <madhu@docker.com>
Madhu Venugopal %!s(int64=8) %!d(string=hai) anos
pai
b6540296b0
achega
684ea92515
Modificáronse 1 ficheiros con 3 adicións e 0 borrados
Dividir vista Mostrar estatísticas de Diff
  1. 3 0
      libnetwork/service_linux.go

+ 3 - 0
libnetwork/service_linux.go
Ver ficheiro 

@@ -654,6 +654,9 @@ func fwMarker() {
 
 	rule := strings.Fields(fmt.Sprintf("-t mangle %s OUTPUT -d %s/32 -j MARK --set-mark %d", addDelOpt, vip, fwMark))
 
 	rules = append(rules, rule)
 
 
+	rule = strings.Fields(fmt.Sprintf("-t nat %s OUTPUT -p icmp --icmp echo-request -d %s -j DNAT --to 127.0.0.1", addDelOpt, vip))
 
+	rules = append(rules, rule)
 
+
 
 	for _, rule := range rules {
 
 		if err := iptables.RawCombinedOutputNative(rule...); err != nil {
 
 			logrus.Errorf("setting up rule failed, %v: %v", rule, err)

Contact | Legal | Takedown | Status
Self-hosted public services - About
NibbleSpot by 0ct0pu5