2023-07-16 12:16:26 +00:00
|
|
|
package libnetwork
|
|
|
|
|
|
|
|
|
|
import (
|
2023-08-20 10:48:09 +00:00
|
|
|
"context"
|
|
|
|
|
"fmt"
|
|
|
|
|
"sync"
|
|
|
|
|
|
2023-09-13 15:41:45 +00:00
|
|
|
"github.com/containerd/log"
|
2023-07-16 12:16:26 +00:00
|
|
|
"github.com/docker/docker/libnetwork/iptables"
|
|
|
|
|
"github.com/docker/docker/libnetwork/netlabel"
|
|
|
|
|
"github.com/docker/docker/libnetwork/options"
|
2023-08-20 10:48:09 +00:00
|
|
|
"github.com/docker/docker/libnetwork/osl"
|
2023-07-16 12:16:26 +00:00
|
|
|
)
|
|
|
|
|
|
|
|
|
|
// enabledIptablesVersions returns the iptables versions that are enabled
|
|
|
|
|
// for the controller.
|
|
|
|
|
func (c *Controller) enabledIptablesVersions() []iptables.IPVersion {
|
|
|
|
|
c.mu.Lock()
|
|
|
|
|
defer c.mu.Unlock()
|
|
|
|
|
if c.cfg == nil {
|
|
|
|
|
return nil
|
|
|
|
|
}
|
|
|
|
|
// parse map cfg["bridge"]["generic"]["EnableIPTable"]
|
|
|
|
|
cfgBridge := c.cfg.DriverConfig("bridge")
|
|
|
|
|
cfgGeneric, ok := cfgBridge[netlabel.GenericData].(options.Generic)
|
|
|
|
|
if !ok {
|
|
|
|
|
return nil
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
var versions []iptables.IPVersion
|
|
|
|
|
if enabled, ok := cfgGeneric["EnableIPTables"].(bool); enabled || !ok {
|
|
|
|
|
// iptables is enabled unless user explicitly disabled it
|
|
|
|
|
versions = append(versions, iptables.IPv4)
|
|
|
|
|
}
|
|
|
|
|
if enabled, _ := cfgGeneric["EnableIP6Tables"].(bool); enabled {
|
|
|
|
|
versions = append(versions, iptables.IPv6)
|
|
|
|
|
}
|
|
|
|
|
return versions
|
|
|
|
|
}
|
2023-08-20 10:48:09 +00:00
|
|
|
|
|
|
|
|
// getDefaultOSLSandbox returns the controller's default [osl.Sandbox]. It
|
|
|
|
|
// creates the sandbox if it does not yet exist.
|
2023-08-20 08:00:29 +00:00
|
|
|
func (c *Controller) getDefaultOSLSandbox(key string) (*osl.Namespace, error) {
|
2023-08-20 10:48:09 +00:00
|
|
|
var err error
|
|
|
|
|
c.defOsSboxOnce.Do(func() {
|
|
|
|
|
c.defOsSbox, err = osl.NewSandbox(key, false, false)
|
|
|
|
|
})
|
|
|
|
|
|
|
|
|
|
if err != nil {
|
|
|
|
|
c.defOsSboxOnce = sync.Once{}
|
|
|
|
|
return nil, fmt.Errorf("failed to create default sandbox: %v", err)
|
|
|
|
|
}
|
|
|
|
|
return c.defOsSbox, nil
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// setupOSLSandbox sets the sandbox [osl.Sandbox], and applies operating-
|
|
|
|
|
// specific configuration.
|
|
|
|
|
//
|
|
|
|
|
// Depending on the Sandbox settings, it may either use the Controller's
|
|
|
|
|
// default sandbox, or configure a new one.
|
|
|
|
|
func (c *Controller) setupOSLSandbox(sb *Sandbox) error {
|
|
|
|
|
if sb.config.useDefaultSandBox {
|
|
|
|
|
defSB, err := c.getDefaultOSLSandbox(sb.Key())
|
|
|
|
|
if err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
sb.osSbox = defSB
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if sb.osSbox == nil && !sb.config.useExternalKey {
|
|
|
|
|
newSB, err := osl.NewSandbox(sb.Key(), !sb.config.useDefaultSandBox, false)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return fmt.Errorf("failed to create new osl sandbox: %v", err)
|
|
|
|
|
}
|
|
|
|
|
sb.osSbox = newSB
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if sb.osSbox != nil {
|
|
|
|
|
// Apply operating specific knobs on the load balancer sandbox
|
|
|
|
|
err := sb.osSbox.InvokeFunc(func() {
|
|
|
|
|
sb.osSbox.ApplyOSTweaks(sb.oslTypes)
|
|
|
|
|
})
|
|
|
|
|
if err != nil {
|
|
|
|
|
log.G(context.TODO()).Errorf("Failed to apply performance tuning sysctls to the sandbox: %v", err)
|
|
|
|
|
}
|
|
|
|
|
// Keep this just so performance is not changed
|
|
|
|
|
sb.osSbox.ApplyOSTweaks(sb.oslTypes)
|
|
|
|
|
}
|
|
|
|
|
return nil
|
|
|
|
|
}
|
