0ct0pu5/moby
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

[1.12.x] Porting libnetwork patch

Browse source 
- Honor ICC setting for internal network

Signed-off-by: Alessandro Boch <aboch@docker.com>
This commit is contained in:
Alessandro Boch 2016-12-05 13:06:30 -08:00
parent 7b9deca3e0
commit f54df35bc0
2 changed files with 8 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
hack/vendor.sh
View file

@ -65,7 +65,7 @@ clone git github.com/RackSec/srslog 365bf33cd9acc21ae1c355209865f17228ca534e
clone git github.com/imdario/mergo 0.2.1
#get libnetwork packages
clone git github.com/docker/libnetwork 73363066ecb4df200da5a056d79ca4026376a5ad
clone git github.com/docker/libnetwork 09bc1d0839e32843828ced297ad634822a48c38b
clone git github.com/docker/go-events afb2b9f2c23f33ada1a22b03651775fdc65a5089
clone git github.com/armon/go-radix e39d623f12e8e41c7b5529e9a9dd67a1e2261f80
clone git github.com/armon/go-metrics eb0af217e5e9747e41dd5303755356b62d28e3ec

10
vendor/src/github.com/docker/libnetwork/drivers/bridge/setup_ip_tables.go vendored
View file

@ -79,11 +79,11 @@ func (n *bridgeNetwork) setupIPTables(config *networkConfiguration, i *bridgeInt
Mask: i.bridgeIPv4.Mask,
}
if config.Internal {
if err = setupInternalNetworkRules(config.BridgeName, maskedAddrv4, true); err != nil {
if err = setupInternalNetworkRules(config.BridgeName, maskedAddrv4, config.EnableICC, true); err != nil {
return fmt.Errorf("Failed to Setup IP tables: %s", err.Error())
}
n.registerIptCleanFunc(func() error {
return setupInternalNetworkRules(config.BridgeName, maskedAddrv4, false)
return setupInternalNetworkRules(config.BridgeName, maskedAddrv4, config.EnableICC, false)
})
} else {
if err = setupIPTablesInternal(config.BridgeName, maskedAddrv4, config.EnableICC, config.EnableIPMasquerade, hairpinMode, true); err != nil {
@ -333,7 +333,7 @@ func removeIPChains() {
}
}
func setupInternalNetworkRules(bridgeIface string, addr net.Addr, insert bool) error {
func setupInternalNetworkRules(bridgeIface string, addr net.Addr, icc, insert bool) error {
var (
inDropRule = iptRule{table: iptables.Filter, chain: IsolationChain, args: []string{"-i", bridgeIface, "!", "-d", addr.String(), "-j", "DROP"}}
outDropRule = iptRule{table: iptables.Filter, chain: IsolationChain, args: []string{"-o", bridgeIface, "!", "-s", addr.String(), "-j", "DROP"}}
@ -344,5 +344,9 @@ func setupInternalNetworkRules(bridgeIface string, addr net.Addr, insert bool) e
if err := programChainRule(outDropRule, "DROP OUTGOING", insert); err != nil {
return err
}
// Set Inter Container Communication.
if err := setIcc(bridgeIface, icc, insert); err != nil {
return err
}
return nil
}