We use cookies to ensure you get the best experience on our website
Home Explore Help
Register Sign In
0ct0pu5
/
moby
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Tree: f8cfd3a61f
Branches Tags
moby
/
libnetwork
/
resolver_unix.go

resolver_unix.go 2.6 KB
History Raw

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586 
  1. //go:build !windows
    2. 

  2. // +build !windows
    3. 

  3. 

  4. package libnetwork
    5. 

  5. 

  6. import (
    7. 

  7. 	"fmt"
    8. 

  8. 	"net"
    9. 

  9. 

  10. 	"github.com/docker/docker/libnetwork/iptables"
    11. 

  11. )
    12. 

  12. 

  13. const (
    14. 

  14. 	// output chain used for docker embedded DNS resolver
    15. 

  15. 	outputChain = "DOCKER_OUTPUT"
    16. 

  16. 	// postrouting chain used for docker embedded DNS resolver
    17. 

  17. 	postroutingChain = "DOCKER_POSTROUTING"
    18. 

  18. )
    19. 

  19. 

  20. func (r *Resolver) setupIPTable() error {
    21. 

  21. 	if r.err != nil {
    22. 

  22. 		return r.err
    23. 

  23. 	}
    24. 

  24. 	laddr := r.conn.LocalAddr().String()
    25. 

  25. 	ltcpaddr := r.tcpListen.Addr().String()
    26. 

  26. 	resolverIP, ipPort, _ := net.SplitHostPort(laddr)
    27. 

  27. 	_, tcpPort, _ := net.SplitHostPort(ltcpaddr)
    28. 

  28. 	rules := [][]string{
    29. 

  29. 		{"-t", "nat", "-I", outputChain, "-d", resolverIP, "-p", "udp", "--dport", dnsPort, "-j", "DNAT", "--to-destination", laddr},
    30. 

  30. 		{"-t", "nat", "-I", postroutingChain, "-s", resolverIP, "-p", "udp", "--sport", ipPort, "-j", "SNAT", "--to-source", ":" + dnsPort},
    31. 

  31. 		{"-t", "nat", "-I", outputChain, "-d", resolverIP, "-p", "tcp", "--dport", dnsPort, "-j", "DNAT", "--to-destination", ltcpaddr},
    32. 

  32. 		{"-t", "nat", "-I", postroutingChain, "-s", resolverIP, "-p", "tcp", "--sport", tcpPort, "-j", "SNAT", "--to-source", ":" + dnsPort},
    33. 

  33. 	}
    34. 

  34. 

  35. 	var setupErr error
    36. 

  36. 	err := r.backend.ExecFunc(func() {
    37. 

  37. 		// TODO IPv6 support
    38. 

  38. 		iptable := iptables.GetIptable(iptables.IPv4)
    39. 

  39. 

  40. 		// insert outputChain and postroutingchain
    41. 

  41. 		err := iptable.RawCombinedOutputNative("-t", "nat", "-C", "OUTPUT", "-d", resolverIP, "-j", outputChain)
    42. 

  42. 		if err == nil {
    43. 

  43. 			if err := iptable.RawCombinedOutputNative("-t", "nat", "-F", outputChain); err != nil {
    44. 

  44. 				setupErr = err
    45. 

  45. 				return
    46. 

  46. 			}
    47. 

  47. 		} else {
    48. 

  48. 			if err := iptable.RawCombinedOutputNative("-t", "nat", "-N", outputChain); err != nil {
    49. 

  49. 				setupErr = err
    50. 

  50. 				return
    51. 

  51. 			}
    52. 

  52. 			if err := iptable.RawCombinedOutputNative("-t", "nat", "-I", "OUTPUT", "-d", resolverIP, "-j", outputChain); err != nil {
    53. 

  53. 				setupErr = err
    54. 

  54. 				return
    55. 

  55. 			}
    56. 

  56. 		}
    57. 

  57. 

  58. 		err = iptable.RawCombinedOutputNative("-t", "nat", "-C", "POSTROUTING", "-d", resolverIP, "-j", postroutingChain)
    59. 

  59. 		if err == nil {
    60. 

  60. 			if err := iptable.RawCombinedOutputNative("-t", "nat", "-F", postroutingChain); err != nil {
    61. 

  61. 				setupErr = err
    62. 

  62. 				return
    63. 

  63. 			}
    64. 

  64. 		} else {
    65. 

  65. 			if err := iptable.RawCombinedOutputNative("-t", "nat", "-N", postroutingChain); err != nil {
    66. 

  66. 				setupErr = err
    67. 

  67. 				return
    68. 

  68. 			}
    69. 

  69. 			if err := iptable.RawCombinedOutputNative("-t", "nat", "-I", "POSTROUTING", "-d", resolverIP, "-j", postroutingChain); err != nil {
    70. 

  70. 				setupErr = err
    71. 

  71. 				return
    72. 

  72. 			}
    73. 

  73. 		}
    74. 

  74. 

  75. 		for _, rule := range rules {
    76. 

  76. 			if iptable.RawCombinedOutputNative(rule...) != nil {
    77. 

  77. 				setupErr = fmt.Errorf("set up rule failed, %v", rule)
    78. 

  78. 				return
    79. 

  79. 			}
    80. 

  80. 		}
    81. 

  81. 	})
    82. 

  82. 	if err != nil {
    83. 

  83. 		return err
    84. 

  84. 	}
    85. 

  85. 	return setupErr
    86. 

  86. }
    87.

Contact | Legal | Takedown | Status
Self-hosted public services - About
NibbleSpot by 0ct0pu5