2015-09-07 01:34:50 +00:00
|
|
|
package libnetwork
|
|
|
|
|
|
|
|
import (
|
2023-06-23 00:33:17 +00:00
|
|
|
"context"
|
2015-09-07 01:34:50 +00:00
|
|
|
"fmt"
|
2016-11-04 20:26:50 +00:00
|
|
|
"strings"
|
2015-09-07 01:34:50 +00:00
|
|
|
|
2023-09-13 15:41:45 +00:00
|
|
|
"github.com/containerd/log"
|
2021-04-06 00:24:47 +00:00
|
|
|
"github.com/docker/docker/libnetwork/netlabel"
|
|
|
|
"github.com/docker/docker/libnetwork/types"
|
2015-09-07 01:34:50 +00:00
|
|
|
)
|
|
|
|
|
|
|
|
const (
|
2016-11-04 20:26:50 +00:00
|
|
|
gwEPlen = 12
|
2015-09-07 01:34:50 +00:00
|
|
|
)
|
|
|
|
|
2016-01-26 00:58:46 +00:00
|
|
|
var procGwNetwork = make(chan (bool), 1)
|
|
|
|
|
2015-09-07 01:34:50 +00:00
|
|
|
/*
|
2016-07-29 18:21:10 +00:00
|
|
|
libnetwork creates a bridge network "docker_gw_bridge" for providing
|
2015-09-07 01:34:50 +00:00
|
|
|
default gateway for the containers if none of the container's endpoints
|
|
|
|
have GW set by the driver. ICC is set to false for the GW_bridge network.
|
|
|
|
|
|
|
|
If a driver can't provide external connectivity it can choose to not set
|
|
|
|
the GW IP for the endpoint.
|
|
|
|
|
|
|
|
endpoint on the GW_bridge network is managed dynamically by libnetwork.
|
|
|
|
ie:
|
|
|
|
- its created when an endpoint without GW joins the container
|
|
|
|
- its deleted when an endpoint with GW joins the container
|
|
|
|
*/
|
|
|
|
|
2023-01-12 01:10:09 +00:00
|
|
|
func (sb *Sandbox) setupDefaultGW() error {
|
2016-07-29 18:21:10 +00:00
|
|
|
// check if the container already has a GW endpoint
|
2015-09-07 01:34:50 +00:00
|
|
|
if ep := sb.getEndpointInGWNetwork(); ep != nil {
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
|
2015-12-07 22:45:51 +00:00
|
|
|
c := sb.controller
|
|
|
|
|
2016-01-26 00:58:46 +00:00
|
|
|
// Look for default gw network. In case of error (includes not found),
|
|
|
|
// retry and create it if needed in a serialized execution.
|
2015-09-07 01:34:50 +00:00
|
|
|
n, err := c.NetworkByName(libnGWNetwork)
|
|
|
|
if err != nil {
|
2016-01-26 00:58:46 +00:00
|
|
|
if n, err = c.defaultGwNetwork(); err != nil {
|
2015-09-07 01:34:50 +00:00
|
|
|
return err
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2023-11-29 22:02:56 +00:00
|
|
|
createOptions := []EndpointOption{}
|
2015-10-23 23:52:11 +00:00
|
|
|
|
2018-04-10 17:05:39 +00:00
|
|
|
var gwName string
|
|
|
|
if len(sb.containerID) <= gwEPlen {
|
|
|
|
gwName = "gateway_" + sb.containerID
|
|
|
|
} else {
|
|
|
|
gwName = "gateway_" + sb.id[:gwEPlen]
|
2015-09-07 01:34:50 +00:00
|
|
|
}
|
|
|
|
|
2016-11-04 20:26:50 +00:00
|
|
|
sbLabels := sb.Labels()
|
|
|
|
|
|
|
|
if sbLabels[netlabel.PortMap] != nil {
|
|
|
|
createOptions = append(createOptions, CreateOptionPortMapping(sbLabels[netlabel.PortMap].([]types.PortBinding)))
|
|
|
|
}
|
|
|
|
|
|
|
|
if sbLabels[netlabel.ExposedPorts] != nil {
|
|
|
|
createOptions = append(createOptions, CreateOptionExposedPorts(sbLabels[netlabel.ExposedPorts].([]types.TransportPort)))
|
|
|
|
}
|
|
|
|
|
|
|
|
epOption := getPlatformOption()
|
|
|
|
if epOption != nil {
|
|
|
|
createOptions = append(createOptions, epOption)
|
|
|
|
}
|
|
|
|
|
2018-04-10 17:05:39 +00:00
|
|
|
newEp, err := n.CreateEndpoint(gwName, createOptions...)
|
2015-09-07 01:34:50 +00:00
|
|
|
if err != nil {
|
|
|
|
return fmt.Errorf("container %s: endpoint create on GW Network failed: %v", sb.containerID, err)
|
|
|
|
}
|
2017-04-11 19:55:27 +00:00
|
|
|
|
|
|
|
defer func() {
|
|
|
|
if err != nil {
|
|
|
|
if err2 := newEp.Delete(true); err2 != nil {
|
2023-06-23 00:33:17 +00:00
|
|
|
log.G(context.TODO()).Warnf("Failed to remove gw endpoint for container %s after failing to join the gateway network: %v",
|
2017-04-11 19:55:27 +00:00
|
|
|
sb.containerID, err2)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}()
|
|
|
|
|
2023-01-12 01:42:24 +00:00
|
|
|
if err = newEp.sbJoin(sb); err != nil {
|
2015-09-07 01:34:50 +00:00
|
|
|
return fmt.Errorf("container %s: endpoint join on GW Network failed: %v", sb.containerID, err)
|
|
|
|
}
|
2015-12-07 22:45:51 +00:00
|
|
|
|
2015-09-07 01:34:50 +00:00
|
|
|
return nil
|
|
|
|
}
|
|
|
|
|
2016-04-06 16:11:45 +00:00
|
|
|
// If present, detach and remove the endpoint connecting the sandbox to the default gw network.
|
2023-01-12 01:10:09 +00:00
|
|
|
func (sb *Sandbox) clearDefaultGW() error {
|
2023-01-12 01:42:24 +00:00
|
|
|
var ep *Endpoint
|
2015-09-07 01:34:50 +00:00
|
|
|
|
|
|
|
if ep = sb.getEndpointInGWNetwork(); ep == nil {
|
|
|
|
return nil
|
|
|
|
}
|
2016-01-16 22:24:44 +00:00
|
|
|
if err := ep.sbLeave(sb, false); err != nil {
|
2015-09-07 01:34:50 +00:00
|
|
|
return fmt.Errorf("container %s: endpoint leaving GW Network failed: %v", sb.containerID, err)
|
|
|
|
}
|
2016-01-08 19:24:14 +00:00
|
|
|
if err := ep.Delete(false); err != nil {
|
2015-09-07 01:34:50 +00:00
|
|
|
return fmt.Errorf("container %s: deleting endpoint on GW Network failed: %v", sb.containerID, err)
|
|
|
|
}
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
|
2016-04-06 16:11:45 +00:00
|
|
|
// Evaluate whether the sandbox requires a default gateway based
|
|
|
|
// on the endpoints to which it is connected. It does not account
|
|
|
|
// for the default gateway network endpoint.
|
|
|
|
|
2023-01-12 01:10:09 +00:00
|
|
|
func (sb *Sandbox) needDefaultGW() bool {
|
2015-09-07 01:34:50 +00:00
|
|
|
var needGW bool
|
|
|
|
|
2023-01-12 01:42:24 +00:00
|
|
|
for _, ep := range sb.Endpoints() {
|
2015-09-07 01:34:50 +00:00
|
|
|
if ep.endpointInGWNetwork() {
|
2016-04-06 16:11:45 +00:00
|
|
|
continue
|
2015-09-07 01:34:50 +00:00
|
|
|
}
|
|
|
|
if ep.getNetwork().Type() == "null" || ep.getNetwork().Type() == "host" {
|
|
|
|
continue
|
|
|
|
}
|
2015-12-22 01:29:39 +00:00
|
|
|
if ep.getNetwork().Internal() {
|
2016-04-06 16:11:45 +00:00
|
|
|
continue
|
2015-12-22 01:29:39 +00:00
|
|
|
}
|
2016-04-06 16:11:45 +00:00
|
|
|
// During stale sandbox cleanup, joinInfo may be nil
|
|
|
|
if ep.joinInfo != nil && ep.joinInfo.disableGatewayService {
|
|
|
|
continue
|
2015-12-03 02:07:44 +00:00
|
|
|
}
|
2015-09-07 01:34:50 +00:00
|
|
|
// TODO v6 needs to be handled.
|
|
|
|
if len(ep.Gateway()) > 0 {
|
|
|
|
return false
|
|
|
|
}
|
2015-12-02 23:21:50 +00:00
|
|
|
for _, r := range ep.StaticRoutes() {
|
2016-11-20 03:23:37 +00:00
|
|
|
if r.Destination != nil && r.Destination.String() == "0.0.0.0/0" {
|
2015-12-02 23:21:50 +00:00
|
|
|
return false
|
|
|
|
}
|
|
|
|
}
|
2015-09-07 01:34:50 +00:00
|
|
|
needGW = true
|
|
|
|
}
|
2016-04-06 16:11:45 +00:00
|
|
|
|
2015-09-07 01:34:50 +00:00
|
|
|
return needGW
|
|
|
|
}
|
|
|
|
|
2023-01-12 01:42:24 +00:00
|
|
|
func (sb *Sandbox) getEndpointInGWNetwork() *Endpoint {
|
|
|
|
for _, ep := range sb.Endpoints() {
|
2016-11-04 20:26:50 +00:00
|
|
|
if ep.getNetwork().name == libnGWNetwork && strings.HasPrefix(ep.Name(), "gateway_") {
|
2015-09-07 01:34:50 +00:00
|
|
|
return ep
|
|
|
|
}
|
|
|
|
}
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
|
2023-01-12 01:42:24 +00:00
|
|
|
func (ep *Endpoint) endpointInGWNetwork() bool {
|
2016-11-04 20:26:50 +00:00
|
|
|
if ep.getNetwork().name == libnGWNetwork && strings.HasPrefix(ep.Name(), "gateway_") {
|
2015-09-07 01:34:50 +00:00
|
|
|
return true
|
|
|
|
}
|
|
|
|
return false
|
|
|
|
}
|
|
|
|
|
2016-01-26 00:58:46 +00:00
|
|
|
// Looks for the default gw network and creates it if not there.
|
|
|
|
// Parallel executions are serialized.
|
2023-07-21 22:38:57 +00:00
|
|
|
func (c *Controller) defaultGwNetwork() (*Network, error) {
|
2016-01-26 00:58:46 +00:00
|
|
|
procGwNetwork <- true
|
|
|
|
defer func() { <-procGwNetwork }()
|
|
|
|
|
|
|
|
n, err := c.NetworkByName(libnGWNetwork)
|
2019-01-03 22:02:03 +00:00
|
|
|
if _, ok := err.(types.NotFoundError); ok {
|
|
|
|
n, err = c.createGWNetwork()
|
2016-01-26 00:58:46 +00:00
|
|
|
}
|
|
|
|
return n, err
|
|
|
|
}
|
2015-12-07 22:45:51 +00:00
|
|
|
|
|
|
|
// Returns the endpoint which is providing external connectivity to the sandbox
|
2023-01-12 01:42:24 +00:00
|
|
|
func (sb *Sandbox) getGatewayEndpoint() *Endpoint {
|
|
|
|
for _, ep := range sb.Endpoints() {
|
2015-12-07 22:45:51 +00:00
|
|
|
if ep.getNetwork().Type() == "null" || ep.getNetwork().Type() == "host" {
|
|
|
|
continue
|
|
|
|
}
|
|
|
|
if len(ep.Gateway()) != 0 {
|
|
|
|
return ep
|
|
|
|
}
|
|
|
|
}
|
|
|
|
return nil
|
|
|
|
}
|