beenull/moby
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
moby/libnetwork
History
Rob Murray c761353e7c Make 'internal' bridge networks accessible from host 
Prior to release 25.0.0, the bridge in an internal network was assigned
an IP address - making the internal network accessible from the host,
giving containers on the network access to anything listening on the
bridge's address (or INADDR_ANY on the host).

This change restores that behaviour. It does not restore the default
route that was configured in the container, because packets sent outside
the internal network's subnet have always been dropped. So, a 'connect()'
to an address outside the subnet will still fail fast.

Signed-off-by: Rob Murray <rob.murray@docker.com>
(cherry picked from commit 419f5a6372)
Signed-off-by: Albin Kerouanton <albinker@gmail.com>
2024-03-01 09:29:41 +01:00
..
bitmap libnetwork/bitmap: improve documentation 2023-07-05 16:10:32 -04:00
cluster Switch from x/net/context -> context 2018-04-24 14:57:04 -07:00
cmd libnet: Remove unused cmd/readme_test 2023-12-16 13:06:15 +01:00
config add //go:build directives to prevent downgrading to go1.16 language 2023-12-15 15:24:15 +01:00
datastore libnetwork/internal/kvstore: prune unused method 2023-10-19 12:57:42 -04:00
diagnostic libnetwork/diagnostic: lock mutex in help handler 2023-12-06 11:20:47 -05:00
discoverapi libnetwork: drop DatastoreConfig discovery type 2023-01-27 11:47:43 -05:00
docs libnetwork/docs: fix broken link 2023-05-10 12:05:05 +02:00
driverapi libnet: Replace BadRequest with InvalidParameter 2023-08-17 16:45:04 +02:00
drivers Make 'internal' bridge networks accessible from host 2024-03-01 09:29:41 +01:00
drvregistry libnetwork: notify another driver registerer 2023-08-29 10:32:18 -04:00
etchosts libnetwork/etchosts: format code with gofumpt 2023-06-29 00:31:48 +02:00
internal Merge pull request #46850 from robmry/46829-allow_ipv6_subnet_change 2023-12-19 18:35:13 +01:00
ipam Move 'netip' utils from 'ipam' to 'internal'. 2023-12-06 17:13:40 +00:00
ipamapi libnet: Fix error capitalization 2023-08-17 16:48:09 +02:00
ipams migrate to github.com/containerd/log v0.1.0 2023-10-11 17:52:23 +02:00
ipamutils libnetwork/ipamutils: format code with gofumpt 2023-06-29 00:31:49 +02:00
ipbits libnet/ipam: use netip types internally 2023-02-23 18:10:01 -05:00
iptables migrate to github.com/containerd/log v0.1.0 2023-10-11 17:52:23 +02:00
netlabel New host_ipv6 bridge option to SNAT IPv6 connections 2023-10-25 20:11:49 -04:00
netutils tests: Move libnetwork/testutils to internal/testutils/netnsutils 2023-07-26 21:06:36 +02:00
networkdb libnetwork/diagnostic: use standard http.Handler 2023-12-06 11:19:59 -05:00
ns migrate to github.com/containerd/log v0.1.0 2023-10-11 17:52:23 +02:00
options add //go:build directives to prevent downgrading to go1.16 language 2023-12-15 15:24:15 +01:00
osl migrate to github.com/containerd/log v0.1.0 2023-10-11 17:52:23 +02:00
portallocator libnetwork/portallocator: PortAllocator.ReleasePort: remove unused err-return 2024-01-02 11:00:22 +01:00
portmapper libnetwork/portallocator: PortAllocator.ReleasePort: remove unused err-return 2024-01-02 11:00:22 +01:00
resolvconf migrate to github.com/containerd/log v0.1.0 2023-10-11 17:52:23 +02:00
scope libnetwork: move datastore Scope consts to libnetwork/scope 2023-07-28 21:56:48 +02:00
support Fixup libnetwork lint errors 2021-06-01 23:48:32 +00:00
types libnet: Replace NoServiceError with UnavailableError 2023-08-17 16:46:53 +02:00
.dockerignore Added back dockerignore 2018-06-22 16:10:22 -07:00
.gitignore Added back dockerignore 2018-06-22 16:10:22 -07:00
agent.go daemon: rename: don't reload endpoint from datastore 2024-01-23 22:53:43 +01:00
agent.pb.go update generated files 2023-05-29 03:28:35 +02:00
agent.proto fix protos and "go generate" commands 2023-05-29 03:28:35 +02:00
controller.go libnetwork/diagnostic: drop Init method 2023-12-04 15:13:17 -05:00
controller_linux.go migrate to github.com/containerd/log v0.1.0 2023-10-11 17:52:23 +02:00
controller_others.go libnetwork: implement Controller.setupOSLSandbox 2023-08-23 20:13:15 +02:00
default_gateway.go libnet: remove Endpoint.anonymous 2023-12-20 19:04:37 +01:00
default_gateway_freebsd.go libnetwork: remove Network interface 2023-07-22 11:56:41 +02:00
default_gateway_linux.go libnetwork: remove Network interface 2023-07-22 11:56:41 +02:00
default_gateway_windows.go libnetwork: remove Network interface 2023-07-22 11:56:41 +02:00
drivers_freebsd.go libnetwork: fix some missing imports on macOS and FreeBSD 2023-08-29 16:55:44 +02:00
drivers_ipam.go libnet: un-plumb datastores from IPAM inits 2023-01-27 11:47:42 -05:00
drivers_linux.go libnet/drivers: stop passing config to drivers... 2023-07-06 12:57:00 -04:00
drivers_unsupported.go libnetwork: fix some missing imports on macOS and FreeBSD 2023-08-29 16:55:44 +02:00
drivers_windows.go libnet/drivers: stop passing config to drivers... 2023-07-06 12:57:00 -04:00
endpoint.go add more //go:build directives to prevent downgrading to go1.16 language 2024-01-25 14:57:05 +01:00
endpoint_cnt.go libnetwork/datastore: drop (KVObject).DataScope() 2023-10-19 12:38:39 -04:00
endpoint_info.go daemon: rename: don't reload endpoint from datastore 2024-01-23 22:53:43 +01:00
endpoint_info_unix.go remove pre-go1.17 build-tags 2023-05-19 20:38:51 +02:00
endpoint_info_windows.go remove pre-go1.17 build-tags 2023-05-19 20:38:51 +02:00
endpoint_unix_test.go libnetwork: rename unix-only testfiles 2023-08-12 01:27:38 +02:00
error.go libnet: Replace BadRequest with InvalidParameter 2023-08-17 16:45:04 +02:00
errors_test.go libnet: Replace BadRequest with InvalidParameter 2023-08-17 16:45:04 +02:00
firewall_linux.go migrate to github.com/containerd/log v0.1.0 2023-10-11 17:52:23 +02:00
firewall_linux_test.go tests: Move libnetwork/testutils to internal/testutils/netnsutils 2023-07-26 21:06:36 +02:00
firewall_others.go libnetwork: arrangeUserFilterRule: don't return early 2023-07-21 20:08:58 +02:00
libnetwork_internal_test.go libnet: remove Endpoint.anonymous 2023-12-20 19:04:37 +01:00
libnetwork_linux_test.go Plumb context through info endpoint 2023-11-10 20:09:25 +00:00
libnetwork_unix_test.go remove pre-go1.17 build-tags 2023-05-19 20:38:51 +02:00
libnetwork_windows_test.go libnetwork: format code with gofumpt 2023-06-29 00:31:49 +02:00
network.go daemon: rename: don't reload endpoint from datastore 2024-01-23 22:53:43 +01:00
network_unix.go libnetwork: remove Network interface 2023-07-22 11:56:41 +02:00
network_windows.go migrate to github.com/containerd/log v0.1.0 2023-10-11 17:52:23 +02:00
README.md libnet: Remove unused cmd/readme_test 2023-12-16 13:06:15 +01:00
resolver.go libnetwork: write ServFail if DNS reply msg is bad 2023-12-19 11:24:33 -05:00
resolver_test.go libnetwork: write ServFail if DNS reply msg is bad 2023-12-19 11:24:33 -05:00
resolver_unix.go libn: fix resolver restore w/ chatty 'iptables -C' 2023-05-30 14:32:27 -04:00
resolver_unix_test.go libnetwork: assert DNS replies are well-formed 2023-12-19 11:13:35 -05:00
resolver_windows.go remove pre-go1.17 build-tags 2023-05-19 20:38:51 +02:00
sandbox.go daemon: rename: don't reload endpoint from datastore 2024-01-23 22:53:43 +01:00
sandbox_dns_unix.go migrate to github.com/containerd/log v0.1.0 2023-10-11 17:52:23 +02:00
sandbox_dns_unix_test.go libnetwork: move TestDNSOptions to a non-windows file 2023-08-11 14:59:30 +02:00
sandbox_dns_windows.go libnetwork: move more osl.Sandbox related code to Linux-only files 2023-08-23 20:13:15 +02:00
sandbox_externalkey_unix.go libnet: Improve the debug log written when the extKeyListener is stopped 2023-12-21 12:38:08 +01:00
sandbox_externalkey_unsupported.go remove pre-go1.17 build-tags 2023-05-19 20:38:51 +02:00
sandbox_linux.go migrate to github.com/containerd/log v0.1.0 2023-10-11 17:52:23 +02:00
sandbox_options.go libnetwork: move all SandboxOptions to a separate file 2023-08-18 13:12:25 +02:00
sandbox_store.go Fix missing import for "scope" package 2023-11-09 22:48:01 +00:00
sandbox_unix_test.go libnetwork: implement Controller.GetSandbox(containerID) 2023-08-21 15:06:26 +02:00
sandbox_unsupported.go libnetwork/osl: remove Sandbox and Info interfaces 2023-08-23 23:29:09 +02:00
service.go add //go:build directives to prevent downgrading to go1.16 language 2023-12-15 15:24:15 +01:00
service_common.go migrate to github.com/containerd/log v0.1.0 2023-10-11 17:52:23 +02:00
service_common_unix_test.go libnetwork: rename unix-only testfiles 2023-08-12 01:27:38 +02:00
service_linux.go daemon: rename: don't reload endpoint from datastore 2024-01-23 22:53:43 +01:00
service_unsupported.go remove pre-go1.17 build-tags 2023-05-19 20:38:51 +02:00
service_windows.go migrate to github.com/containerd/log v0.1.0 2023-10-11 17:52:23 +02:00
store.go Plumb context through info endpoint 2023-11-10 20:09:25 +00:00
store_linux_test.go libnetwork/datastore: remove Store.KVStore() 2023-07-25 22:42:17 +02:00
store_test.go libnetwork: don't access KVStore directly in tests 2023-07-25 22:21:03 +02:00

README.md

libnetwork - networking for containers

Libnetwork provides a native Go implementation for connecting containers

The goal of libnetwork is to deliver a robust Container Network Model that provides a consistent programming interface and the required network abstractions for applications.

Design

Please refer to the design for more information.

Using libnetwork

There are many networking solutions available to suit a broad range of use-cases. libnetwork uses a driver / plugin model to support all of these solutions while abstracting the complexity of the driver implementations by exposing a simple and consistent Network Model to users.

Contributing

Want to hack on libnetwork? Docker's contributions guidelines apply.

Copyright and license

Code and documentation copyright 2015 Docker, inc. Code released under the Apache 2.0 license. Docs released under Creative commons.