We use cookies to ensure you get the best experience on our website
Strona główna Odkrywaj Pomoc
Zarejestruj się Zaloguj się
0ct0pu5
/
moby
1
0
Forkuj 0
Pliki Problemy 0 Oczekujące zmiany 0 Wiki
Przeglądaj źródła

Delete erroneous sanity check in `setupIPChains`

This function is called for both IPv4 and IPv6, so this check broke
`dockerd --iptables=false --experimental --ip6tables=true`.

Signed-off-by: Richard Hansen <rhansen@rhansen.org>
Richard Hansen 1 rok temu
rodzic
f13d8c2026
commit
a43a0afabe
2 zmienionych plików z 21 dodań i 8 usunięć
Zunifikowany widok Pokaż statystyki zmian
  1. 0 5
      libnetwork/drivers/bridge/setup_ip_tables_linux.go
  2. 21 3
      libnetwork/drivers/bridge/setup_ip_tables_linux_test.go

+ 0 - 5
libnetwork/drivers/bridge/setup_ip_tables_linux.go
Wyświetl plik 

@@ -32,11 +32,6 @@ const (
 
 )
 
 )
 
 
 
 func setupIPChains(config configuration, version iptables.IPVersion) (natChain *iptables.ChainInfo, filterChain *iptables.ChainInfo, isolationChain1 *iptables.ChainInfo, isolationChain2 *iptables.ChainInfo, retErr error) {
 
 func setupIPChains(config configuration, version iptables.IPVersion) (natChain *iptables.ChainInfo, filterChain *iptables.ChainInfo, isolationChain1 *iptables.ChainInfo, isolationChain2 *iptables.ChainInfo, retErr error) {
 
-	// Sanity check.
 
-	if !config.EnableIPTables {
 
-		return nil, nil, nil, nil, errors.New("cannot create new chains, EnableIPTable is disabled")
 
-	}
 
-
 
 	hairpinMode := !config.EnableUserlandProxy
 
 	hairpinMode := !config.EnableUserlandProxy
 
 
 
 	iptable := iptables.GetIptable(version)
 
 	iptable := iptables.GetIptable(version)

+ 21 - 3
libnetwork/drivers/bridge/setup_ip_tables_linux_test.go
Wyświetl plik 

@@ -144,9 +144,11 @@ func assertIPTableChainProgramming(rule iptRule, descr string, t *testing.T) {
 
 func assertChainConfig(d *driver, t *testing.T) {
 
 func assertChainConfig(d *driver, t *testing.T) {
 
 	var err error
 
 	var err error
 
 
 
-	d.natChain, d.filterChain, d.isolationChain1, d.isolationChain2, err = setupIPChains(d.config, iptables.IPv4)
 
-	if err != nil {
 
-		t.Fatal(err)
 
+	if d.config.EnableIPTables {
 
+		d.natChain, d.filterChain, d.isolationChain1, d.isolationChain2, err = setupIPChains(d.config, iptables.IPv4)
 
+		if err != nil {
 
+			t.Fatal(err)
 
+		}
 
 	}
 
 	}
 
 	if d.config.EnableIP6Tables {
 
 	if d.config.EnableIP6Tables {
 
 		d.natChainV6, d.filterChainV6, d.isolationChain1V6, d.isolationChain2V6, err = setupIPChains(d.config, iptables.IPv6)
 
 		d.natChainV6, d.filterChainV6, d.isolationChain1V6, d.isolationChain2V6, err = setupIPChains(d.config, iptables.IPv6)
 
@@ -273,6 +275,22 @@ func TestOutgoingNATRules(t *testing.T) {
 
 			hostIPv4:           hostIPv4,
 
 			hostIPv4:           hostIPv4,
 
 			wantIPv4Snat:       true,
 
 			wantIPv4Snat:       true,
 
 		},
 
 		},
 
+		{
 
+			// Regression test for https://github.com/moby/moby/issues/46467
 
+			desc:               "iptables disabled, IPv6 masquerade",
 
+			enableIP6Tables:    true,
 
+			enableIPv6:         true,
 
+			enableIPMasquerade: true,
 
+			wantIPv6Masq:       true,
 
+		},
 
+		{
 
+			desc:               "iptables disabled, IPv6 SNAT",
 
+			enableIP6Tables:    true,
 
+			enableIPv6:         true,
 
+			enableIPMasquerade: true,
 
+			hostIPv6:           hostIPv6,
 
+			wantIPv6Snat:       true,
 
+		},
 
 		{
 
 		{
 
 			desc:               "IPv4 masquerade, IPv6 masquerade",
 
 			desc:               "IPv4 masquerade, IPv6 masquerade",
 
 			enableIPTables:     true,
 
 			enableIPTables:     true,

Contact | Legal | Takedown | Status
Self-hosted public services - About
NibbleSpot by 0ct0pu5