We use cookies to ensure you get the best experience on our website
Accueil Explorer Aide
S'inscrire Connexion
0ct0pu5
/
moby
1
0
Fork 0
Fichiers Tickets 0 Pull Requests 0 Wiki
Aborescence: debcb76939
Branches Tags
moby
/
libnetwork
/
resolver_unix.go

resolver_unix.go 2.5 KB
Historique Raw

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283 
  1. //go:build !windows
    2. 

  2. 

  3. package libnetwork
    4. 

  4. 

  5. import (
    6. 

  6. 	"fmt"
    7. 

  7. 	"net"
    8. 

  8. 

  9. 	"github.com/docker/docker/libnetwork/iptables"
    10. 

  10. )
    11. 

  11. 

  12. const (
    13. 

  13. 	// output chain used for docker embedded DNS resolver
    14. 

  14. 	outputChain = "DOCKER_OUTPUT"
    15. 

  15. 	// postrouting chain used for docker embedded DNS resolver
    16. 

  16. 	postroutingChain = "DOCKER_POSTROUTING"
    17. 

  17. )
    18. 

  18. 

  19. func (r *Resolver) setupIPTable() error {
    20. 

  20. 	if r.err != nil {
    21. 

  21. 		return r.err
    22. 

  22. 	}
    23. 

  23. 	laddr := r.conn.LocalAddr().String()
    24. 

  24. 	ltcpaddr := r.tcpListen.Addr().String()
    25. 

  25. 	resolverIP, ipPort, _ := net.SplitHostPort(laddr)
    26. 

  26. 	_, tcpPort, _ := net.SplitHostPort(ltcpaddr)
    27. 

  27. 	rules := [][]string{
    28. 

  28. 		{"-t", "nat", "-I", outputChain, "-d", resolverIP, "-p", "udp", "--dport", dnsPort, "-j", "DNAT", "--to-destination", laddr},
    29. 

  29. 		{"-t", "nat", "-I", postroutingChain, "-s", resolverIP, "-p", "udp", "--sport", ipPort, "-j", "SNAT", "--to-source", ":" + dnsPort},
    30. 

  30. 		{"-t", "nat", "-I", outputChain, "-d", resolverIP, "-p", "tcp", "--dport", dnsPort, "-j", "DNAT", "--to-destination", ltcpaddr},
    31. 

  31. 		{"-t", "nat", "-I", postroutingChain, "-s", resolverIP, "-p", "tcp", "--sport", tcpPort, "-j", "SNAT", "--to-source", ":" + dnsPort},
    32. 

  32. 	}
    33. 

  33. 

  34. 	var setupErr error
    35. 

  35. 	err := r.backend.ExecFunc(func() {
    36. 

  36. 		// TODO IPv6 support
    37. 

  37. 		iptable := iptables.GetIptable(iptables.IPv4)
    38. 

  38. 

  39. 		// insert outputChain and postroutingchain
    40. 

  40. 		if iptable.ExistsNative("nat", "OUTPUT", "-d", resolverIP, "-j", outputChain) {
    41. 

  41. 			if err := iptable.RawCombinedOutputNative("-t", "nat", "-F", outputChain); err != nil {
    42. 

  42. 				setupErr = err
    43. 

  43. 				return
    44. 

  44. 			}
    45. 

  45. 		} else {
    46. 

  46. 			if err := iptable.RawCombinedOutputNative("-t", "nat", "-N", outputChain); err != nil {
    47. 

  47. 				setupErr = err
    48. 

  48. 				return
    49. 

  49. 			}
    50. 

  50. 			if err := iptable.RawCombinedOutputNative("-t", "nat", "-I", "OUTPUT", "-d", resolverIP, "-j", outputChain); err != nil {
    51. 

  51. 				setupErr = err
    52. 

  52. 				return
    53. 

  53. 			}
    54. 

  54. 		}
    55. 

  55. 

  56. 		if iptable.ExistsNative("nat", "POSTROUTING", "-d", resolverIP, "-j", postroutingChain) {
    57. 

  57. 			if err := iptable.RawCombinedOutputNative("-t", "nat", "-F", postroutingChain); err != nil {
    58. 

  58. 				setupErr = err
    59. 

  59. 				return
    60. 

  60. 			}
    61. 

  61. 		} else {
    62. 

  62. 			if err := iptable.RawCombinedOutputNative("-t", "nat", "-N", postroutingChain); err != nil {
    63. 

  63. 				setupErr = err
    64. 

  64. 				return
    65. 

  65. 			}
    66. 

  66. 			if err := iptable.RawCombinedOutputNative("-t", "nat", "-I", "POSTROUTING", "-d", resolverIP, "-j", postroutingChain); err != nil {
    67. 

  67. 				setupErr = err
    68. 

  68. 				return
    69. 

  69. 			}
    70. 

  70. 		}
    71. 

  71. 

  72. 		for _, rule := range rules {
    73. 

  73. 			if iptable.RawCombinedOutputNative(rule...) != nil {
    74. 

  74. 				setupErr = fmt.Errorf("set up rule failed, %v", rule)
    75. 

  75. 				return
    76. 

  76. 			}
    77. 

  77. 		}
    78. 

  78. 	})
    79. 

  79. 	if err != nil {
    80. 

  80. 		return err
    81. 

  81. 	}
    82. 

  82. 	return setupErr
    83. 

  83. }
    84.

Contact | Legal | Takedown | Status
Self-hosted public services - About
NibbleSpot by 0ct0pu5