beenull/moby
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
moby/libnetwork
History
Rob Murray 17b8631545 Enable DNS proxying for ipvlan-l3 
The internal DNS resolver should only forward requests to external
resolvers if the libnetwork.Sandbox served by the resolver has external
network access (so, no forwarding for '--internal' networks).

The test for external network access was whether the Sandbox had an
Endpoint with a gateway configured.

However, an ipvlan-l3 networks with external network access does not
have a gateway, it has a default route bound to an interface.

Also, we document that an ipvlan network with no parent interface is
equivalent to a '--internal' network. But, in this case, an ipvlan-l2
network was configured with a gateway. So, DNS proxying would be enabled
in the internal resolver (and, if the host's resolver was on a localhost
address, requests to external resolvers from the host's network
namespace would succeed).

So, this change adjusts the test for enabling DNS proxying to include
a check for '--internal' (as a shortcut) and, for non-internal networks,
checks for a default route as well as a gateway. It also disables
configuration of a gateway or a default route for an ipvlan Endpoint if
no parent interface is specified.

(Note if a parent interface with no external network is supplied as
'-o parent=<dummy>', the gateway/default route will still be set up
and external DNS proxying will be enabled. The network must be
configured as '--internal' to prevent that from happening.)

Signed-off-by: Rob Murray <rob.murray@docker.com>
2024-04-10 08:50:57 +01:00
..
bitmap libnetwork/bitmap: improve documentation 2023-07-05 16:10:32 -04:00
cluster Switch from x/net/context -> context 2018-04-24 14:57:04 -07:00
cmd fix duplicate words (dupwords) 2024-03-07 10:57:03 +01:00
cnmallocator libn/cnmallocator: migrate tests to gotest.tools/v3 2024-02-29 16:14:02 -05:00
config add //go:build directives to prevent downgrading to go1.16 language 2023-12-15 15:24:15 +01:00
datastore libnet/ds: remove extra space in error msg 2024-02-22 18:49:28 +01:00
diagnostic libnetwork/diagnostic: lock mutex in help handler 2023-12-06 11:20:47 -05:00
discoverapi libnetwork: share a single datastore with drivers 2024-01-31 21:08:34 -05:00
docs libnetwork: fix tiny grammar mistake on design.md 2024-01-23 18:26:45 -05:00
driverapi libnet: Replace BadRequest with InvalidParameter 2023-08-17 16:45:04 +02:00
drivers Enable DNS proxying for ipvlan-l3 2024-04-10 08:50:57 +01:00
drvregistry libnetwork: notify another driver registerer 2023-08-29 10:32:18 -04:00
etchosts Remove unused params from etchosts.Build() 2024-01-29 15:37:08 +00:00
internal resolvconf: add //go:build directives to prevent downgrading to go1.16 language 2024-03-18 12:28:21 +01:00
ipam Move 'netip' utils from 'ipam' to 'internal'. 2023-12-06 17:13:40 +00:00
ipamapi libnet: Fix error capitalization 2023-08-17 16:48:09 +02:00
ipams fix duplicate words (dupwords) 2024-03-07 10:57:03 +01:00
ipamutils libnetwork/ipamutils: format code with gofumpt 2023-06-29 00:31:49 +02:00
ipbits libnet/ipam: use netip types internally 2023-02-23 18:10:01 -05:00
iptables libnetwork: fix typo in iptables.go 2024-01-23 18:25:08 -05:00
netlabel New host_ipv6 bridge option to SNAT IPv6 connections 2023-10-25 20:11:49 -04:00
netutils Detect IPv6 support in containers. 2024-01-19 20:24:07 +00:00
networkdb libnetwork/diagnostic: use standard http.Handler 2023-12-06 11:19:59 -05:00
ns migrate to github.com/containerd/log v0.1.0 2023-10-11 17:52:23 +02:00
options add //go:build directives to prevent downgrading to go1.16 language 2023-12-15 15:24:15 +01:00
osl Restore the SetKey prestart hook. 2024-03-25 19:35:55 +00:00
portallocator libnetwork/portallocator: PortAllocator.ReleasePort: remove unused err-return 2024-01-02 11:00:22 +01:00
portmapper libnetwork/portallocator: PortAllocator.ReleasePort: remove unused err-return 2024-01-02 11:00:22 +01:00
resolvconf Accumulate resolv.conf options 2024-03-01 16:59:28 +00:00
scope libnetwork: move datastore Scope consts to libnetwork/scope 2023-07-28 21:56:48 +02:00
support Fixup libnetwork lint errors 2021-06-01 23:48:32 +00:00
types libnet: Replace NoServiceError with UnavailableError 2023-08-17 16:46:53 +02:00
.dockerignore Added back dockerignore 2018-06-22 16:10:22 -07:00
.gitignore Added back dockerignore 2018-06-22 16:10:22 -07:00
agent.go daemon: rename: don't reload endpoint from datastore 2024-01-23 22:53:21 +01:00
agent.pb.go update generated files 2023-05-29 03:28:35 +02:00
agent.proto fix protos and "go generate" commands 2023-05-29 03:28:35 +02:00
controller.go libnetwork: share a single datastore with drivers 2024-01-31 21:08:34 -05:00
controller_linux.go migrate to github.com/containerd/log v0.1.0 2023-10-11 17:52:23 +02:00
controller_others.go libnetwork: implement Controller.setupOSLSandbox 2023-08-23 20:13:15 +02:00
default_gateway.go libnet: remove Endpoint.anonymous 2023-12-20 19:04:37 +01:00
default_gateway_freebsd.go libnetwork: remove Network interface 2023-07-22 11:56:41 +02:00
default_gateway_linux.go libnetwork: remove Network interface 2023-07-22 11:56:41 +02:00
default_gateway_windows.go libnetwork: remove Network interface 2023-07-22 11:56:41 +02:00
drivers_freebsd.go libnetwork: fix some missing imports on macOS and FreeBSD 2023-08-29 16:55:44 +02:00
drivers_ipam.go libnet: un-plumb datastores from IPAM inits 2023-01-27 11:47:42 -05:00
drivers_linux.go libnet/drivers: stop passing config to drivers... 2023-07-06 12:57:00 -04:00
drivers_unsupported.go libnetwork: fix some missing imports on macOS and FreeBSD 2023-08-29 16:55:44 +02:00
drivers_windows.go libnet/drivers: stop passing config to drivers... 2023-07-06 12:57:00 -04:00
endpoint.go Enable DNS proxying for ipvlan-l3 2024-04-10 08:50:57 +01:00
endpoint_cnt.go libnet/ds: remove unused param key from GetObject 2024-01-24 22:42:18 +01:00
endpoint_info.go Enable DNS proxying for ipvlan-l3 2024-04-10 08:50:57 +01:00
endpoint_info_unix.go remove pre-go1.17 build-tags 2023-05-19 20:38:51 +02:00
endpoint_info_windows.go remove pre-go1.17 build-tags 2023-05-19 20:38:51 +02:00
endpoint_test.go libnetwork: Sandbox.ResolveName: refactor ordering of endpoints 2024-01-20 12:41:33 +01:00
endpoint_unix_test.go libnetwork: rename unix-only testfiles 2023-08-12 01:27:38 +02:00
error.go libnet: Replace BadRequest with InvalidParameter 2023-08-17 16:45:04 +02:00
errors_test.go libnet: Replace BadRequest with InvalidParameter 2023-08-17 16:45:04 +02:00
firewall_linux.go migrate to github.com/containerd/log v0.1.0 2023-10-11 17:52:23 +02:00
firewall_linux_test.go libnetwork: share a single datastore with drivers 2024-01-31 21:08:34 -05:00
firewall_others.go libnetwork: arrangeUserFilterRule: don't return early 2023-07-21 20:08:58 +02:00
libnetwork_internal_test.go libnetwork: share a single datastore with drivers 2024-01-31 21:08:34 -05:00
libnetwork_linux_test.go Add IPv6 nameserver to the internal DNS's upstreams. 2024-03-06 10:47:18 +00:00
libnetwork_unix_test.go remove pre-go1.17 build-tags 2023-05-19 20:38:51 +02:00
libnetwork_windows_test.go libnetwork: format code with gofumpt 2023-06-29 00:31:49 +02:00
network.go daemon: rename: don't reload endpoint from datastore 2024-01-23 22:53:21 +01:00
network_unix.go libnetwork: remove Network interface 2023-07-22 11:56:41 +02:00
network_windows.go migrate to github.com/containerd/log v0.1.0 2023-10-11 17:52:23 +02:00
README.md libnet: Remove unused cmd/readme_test 2023-12-16 13:06:15 +01:00
resolver.go libnet: Don't forward to upstream resolvers on internal nw 2024-03-14 17:46:48 +00:00
resolver_test.go libnetwork: write ServFail if DNS reply msg is bad 2023-12-19 11:24:33 -05:00
resolver_unix.go libn: fix resolver restore w/ chatty 'iptables -C' 2023-05-30 14:32:27 -04:00
resolver_unix_test.go libnetwork: share a single datastore with drivers 2024-01-31 21:08:34 -05:00
resolver_windows.go remove pre-go1.17 build-tags 2023-05-19 20:38:51 +02:00
sandbox.go Enable DNS proxying for ipvlan-l3 2024-04-10 08:50:57 +01:00
sandbox_dns_unix.go Enable DNS proxying for ipvlan-l3 2024-04-10 08:50:57 +01:00
sandbox_dns_unix_test.go Ignore bad ndots in host resolv.conf 2024-03-07 09:27:34 +00:00
sandbox_dns_windows.go Refactor 'resolv.conf' generation. 2024-02-06 22:26:12 +00:00
sandbox_externalkey_unix.go libnet: Improve the debug log written when the extKeyListener is stopped 2023-12-21 12:38:08 +01:00
sandbox_externalkey_unsupported.go remove pre-go1.17 build-tags 2023-05-19 20:38:51 +02:00
sandbox_linux.go Restore the SetKey prestart hook. 2024-03-25 19:35:55 +00:00
sandbox_options.go libnetwork: move all SandboxOptions to a separate file 2023-08-18 13:12:25 +02:00
sandbox_store.go Merge pull request #47041 from robmry/46968_refactor_resolvconf 2024-02-29 09:33:55 +01:00
sandbox_unix_test.go libnetwork: implement Controller.GetSandbox(containerID) 2023-08-21 15:06:26 +02:00
sandbox_unsupported.go libnetwork/osl: remove Sandbox and Info interfaces 2023-08-23 23:29:09 +02:00
service.go add //go:build directives to prevent downgrading to go1.16 language 2023-12-15 15:24:15 +01:00
service_common.go fix typo in error message 2024-02-29 23:27:00 +00:00
service_common_unix_test.go libnetwork: share a single datastore with drivers 2024-01-31 21:08:34 -05:00
service_linux.go daemon: rename: don't reload endpoint from datastore 2024-01-23 22:53:21 +01:00
service_unsupported.go remove pre-go1.17 build-tags 2023-05-19 20:38:51 +02:00
service_windows.go migrate to github.com/containerd/log v0.1.0 2023-10-11 17:52:23 +02:00
store.go libnet/ds: remove unused param key from List 2024-01-24 22:42:18 +01:00
store_linux_test.go libnetwork: share a single datastore with drivers 2024-01-31 21:08:34 -05:00
store_test.go libnet: drop TestMultipleControllersWithSameStore 2024-02-02 09:19:07 +01:00

README.md

libnetwork - networking for containers

Libnetwork provides a native Go implementation for connecting containers

The goal of libnetwork is to deliver a robust Container Network Model that provides a consistent programming interface and the required network abstractions for applications.

Design

Please refer to the design for more information.

Using libnetwork

There are many networking solutions available to suit a broad range of use-cases. libnetwork uses a driver / plugin model to support all of these solutions while abstracting the complexity of the driver implementations by exposing a simple and consistent Network Model to users.

Contributing

Want to hack on libnetwork? Docker's contributions guidelines apply.

Copyright and license

Code and documentation copyright 2015 Docker, inc. Code released under the Apache 2.0 license. Docs released under Creative commons.