We use cookies to ensure you get the best experience on our website
首页 发现 帮助
注册 登录
0ct0pu5
/
moby
1
0
派生 0
文件 工单管理 0 合并请求 0 Wiki
目录树: 483b03562a
分支列表 标签列表
moby
/
libnetwork
/
resolver_unix.go

resolver_unix.go 2.2 KB
文件历史 原始文件

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162 
  1. //go:build !windows
    2. 

  2. // +build !windows
    3. 

  3. 

  4. package libnetwork
    5. 

  5. 

  6. import (
    7. 

  7. 	"net"
    8. 

  8. 

  9. 	"github.com/docker/docker/libnetwork/iptables"
    10. 

  10. 	"github.com/sirupsen/logrus"
    11. 

  11. )
    12. 

  12. 

  13. const (
    14. 

  14. 	// outputChain used for docker embed dns
    15. 

  15. 	outputChain = "DOCKER_OUTPUT"
    16. 

  16. 	//postroutingchain used for docker embed dns
    17. 

  17. 	postroutingchain = "DOCKER_POSTROUTING"
    18. 

  18. )
    19. 

  19. 

  20. func (r *resolver) setupIPTable() error {
    21. 

  21. 	if r.err != nil {
    22. 

  22. 		return r.err
    23. 

  23. 	}
    24. 

  24. 	laddr := r.conn.LocalAddr().String()
    25. 

  25. 	ltcpaddr := r.tcpListen.Addr().String()
    26. 

  26. 	resolverIP, ipPort, _ := net.SplitHostPort(laddr)
    27. 

  27. 	_, tcpPort, _ := net.SplitHostPort(ltcpaddr)
    28. 

  28. 	rules := [][]string{
    29. 

  29. 		{"-t", "nat", "-I", outputChain, "-d", resolverIP, "-p", "udp", "--dport", dnsPort, "-j", "DNAT", "--to-destination", laddr},
    30. 

  30. 		{"-t", "nat", "-I", postroutingchain, "-s", resolverIP, "-p", "udp", "--sport", ipPort, "-j", "SNAT", "--to-source", ":" + dnsPort},
    31. 

  31. 		{"-t", "nat", "-I", outputChain, "-d", resolverIP, "-p", "tcp", "--dport", dnsPort, "-j", "DNAT", "--to-destination", ltcpaddr},
    32. 

  32. 		{"-t", "nat", "-I", postroutingchain, "-s", resolverIP, "-p", "tcp", "--sport", tcpPort, "-j", "SNAT", "--to-source", ":" + dnsPort},
    33. 

  33. 	}
    34. 

  34. 

  35. 	return r.backend.ExecFunc(func() {
    36. 

  36. 		// TODO IPv6 support
    37. 

  37. 		iptable := iptables.GetIptable(iptables.IPv4)
    38. 

  38. 

  39. 		// insert outputChain and postroutingchain
    40. 

  40. 		err := iptable.RawCombinedOutputNative("-t", "nat", "-C", "OUTPUT", "-d", resolverIP, "-j", outputChain)
    41. 

  41. 		if err == nil {
    42. 

  42. 			iptable.RawCombinedOutputNative("-t", "nat", "-F", outputChain)
    43. 

  43. 		} else {
    44. 

  44. 			iptable.RawCombinedOutputNative("-t", "nat", "-N", outputChain)
    45. 

  45. 			iptable.RawCombinedOutputNative("-t", "nat", "-I", "OUTPUT", "-d", resolverIP, "-j", outputChain)
    46. 

  46. 		}
    47. 

  47. 

  48. 		err = iptable.RawCombinedOutputNative("-t", "nat", "-C", "POSTROUTING", "-d", resolverIP, "-j", postroutingchain)
    49. 

  49. 		if err == nil {
    50. 

  50. 			iptable.RawCombinedOutputNative("-t", "nat", "-F", postroutingchain)
    51. 

  51. 		} else {
    52. 

  52. 			iptable.RawCombinedOutputNative("-t", "nat", "-N", postroutingchain)
    53. 

  53. 			iptable.RawCombinedOutputNative("-t", "nat", "-I", "POSTROUTING", "-d", resolverIP, "-j", postroutingchain)
    54. 

  54. 		}
    55. 

  55. 

  56. 		for _, rule := range rules {
    57. 

  57. 			if iptable.RawCombinedOutputNative(rule...) != nil {
    58. 

  58. 				logrus.Errorf("set up rule failed, %v", rule)
    59. 

  59. 			}
    60. 

  60. 		}
    61. 

  61. 	})
    62. 

  62. }
    63.

Contact | Legal | Takedown | Status
Self-hosted public services - About
NibbleSpot by 0ct0pu5