moby--moby/libnetwork/drivers/bridge/link.go

package bridge

import (
	"fmt"
	"net"

	log "github.com/Sirupsen/logrus"
	"github.com/docker/libnetwork/iptables"
	"github.com/docker/libnetwork/types"
)

type link struct {
	parentIP string
	childIP  string
	ports    []types.TransportPort
	bridge   string
}

func (l *link) String() string {
	return fmt.Sprintf("%s <-> %s [%v] on %s", l.parentIP, l.childIP, l.ports, l.bridge)
}

func newLink(parentIP, childIP string, ports []types.TransportPort, bridge string) *link {
	return &link{
		childIP:  childIP,
		parentIP: parentIP,
		ports:    ports,
		bridge:   bridge,
	}

}

func (l *link) Enable() error {
	// -A == iptables append flag
	linkFunction := func() error {
		return linkContainers("-A", l.parentIP, l.childIP, l.ports, l.bridge, false)
	}

	iptables.OnReloaded(func() { linkFunction() })
	return linkFunction()
}

func (l *link) Disable() {
	// -D == iptables delete flag
	err := linkContainers("-D", l.parentIP, l.childIP, l.ports, l.bridge, true)
	if err != nil {
		log.Errorf("Error removing IPTables rules for a link %s due to %s", l.String(), err.Error())
	}
	// Return proper error once we move to use a proper iptables package
	// that returns typed errors
}

func linkContainers(action, parentIP, childIP string, ports []types.TransportPort, bridge string,
	ignoreErrors bool) error {
	var nfAction iptables.Action

	switch action {
	case "-A":
		nfAction = iptables.Append
	case "-I":
		nfAction = iptables.Insert
	case "-D":
		nfAction = iptables.Delete
	default:
		return InvalidIPTablesCfgError(action)
	}

	ip1 := net.ParseIP(parentIP)
	if ip1 == nil {
		return InvalidLinkIPAddrError(parentIP)
	}
	ip2 := net.ParseIP(childIP)
	if ip2 == nil {
		return InvalidLinkIPAddrError(childIP)
	}

	chain := iptables.ChainInfo{Name: DockerChain}
	for _, port := range ports {
		err := chain.Link(nfAction, ip1, ip2, int(port.Port), port.Proto.String(), bridge)
		if !ignoreErrors && err != nil {
			return err
		}
	}
	return nil
}
Link implementation in bridge driver Signed-off-by: Madhu Venugopal <madhu@docker.com> 2015-05-01 20:14:04 -04:00			`package bridge`

			`import (`
			`"fmt"`
			`"net"`

			`log "github.com/Sirupsen/logrus"`
Remove pkg directory - As recommended by Docker committers. - Will introduce internal directory when go supports it Signed-off-by: Alessandro Boch <aboch@docker.com> 2015-05-16 19:02:51 -04:00			`"github.com/docker/libnetwork/iptables"`
Move network types to types package This is need to decouple types from netutils which has linux dependencies. This way the client code which needs network types can just pull in types package which makes client code platform agnostic. Signed-off-by: Jana Radhakrishnan <mrjana@docker.com> 2015-05-20 16:28:46 -04:00			`"github.com/docker/libnetwork/types"`
Link implementation in bridge driver Signed-off-by: Madhu Venugopal <madhu@docker.com> 2015-05-01 20:14:04 -04:00			`)`

			`type link struct {`
			`parentIP string`
			`childIP string`
Move network types to types package This is need to decouple types from netutils which has linux dependencies. This way the client code which needs network types can just pull in types package which makes client code platform agnostic. Signed-off-by: Jana Radhakrishnan <mrjana@docker.com> 2015-05-20 16:28:46 -04:00			`ports []types.TransportPort`
Link implementation in bridge driver Signed-off-by: Madhu Venugopal <madhu@docker.com> 2015-05-01 20:14:04 -04:00			`bridge string`
			`}`

			`func (l *link) String() string {`
			`return fmt.Sprintf("%s <-> %s [%v] on %s", l.parentIP, l.childIP, l.ports, l.bridge)`
			`}`

Move network types to types package This is need to decouple types from netutils which has linux dependencies. This way the client code which needs network types can just pull in types package which makes client code platform agnostic. Signed-off-by: Jana Radhakrishnan <mrjana@docker.com> 2015-05-20 16:28:46 -04:00			`func newLink(parentIP, childIP string, ports []types.TransportPort, bridge string) *link {`
Link implementation in bridge driver Signed-off-by: Madhu Venugopal <madhu@docker.com> 2015-05-01 20:14:04 -04:00			`return &link{`
			`childIP: childIP,`
			`parentIP: parentIP,`
			`ports: ports,`
			`bridge: bridge,`
			`}`

			`}`

			`func (l *link) Enable() error {`
			`// -A == iptables append flag`
Fix ICC on Firewalld enabled fedora systems, add in missing firewalld functionality to re-apply configuration when reloaded Signed-off-by: Alec Benson <albenson@redhat.com> 2015-07-24 13:20:48 -04:00			`linkFunction := func() error {`
			`return linkContainers("-A", l.parentIP, l.childIP, l.ports, l.bridge, false)`
			`}`

			`iptables.OnReloaded(func() { linkFunction() })`
			`return linkFunction()`
Link implementation in bridge driver Signed-off-by: Madhu Venugopal <madhu@docker.com> 2015-05-01 20:14:04 -04:00			`}`

			`func (l *link) Disable() {`
			`// -D == iptables delete flag`
			`err := linkContainers("-D", l.parentIP, l.childIP, l.ports, l.bridge, true)`
			`if err != nil {`
			`log.Errorf("Error removing IPTables rules for a link %s due to %s", l.String(), err.Error())`
			`}`
			`// Return proper error once we move to use a proper iptables package`
			`// that returns typed errors`
			`}`

Move network types to types package This is need to decouple types from netutils which has linux dependencies. This way the client code which needs network types can just pull in types package which makes client code platform agnostic. Signed-off-by: Jana Radhakrishnan <mrjana@docker.com> 2015-05-20 16:28:46 -04:00			`func linkContainers(action, parentIP, childIP string, ports []types.TransportPort, bridge string,`
Link implementation in bridge driver Signed-off-by: Madhu Venugopal <madhu@docker.com> 2015-05-01 20:14:04 -04:00			`ignoreErrors bool) error {`
			`var nfAction iptables.Action`

			`switch action {`
			`case "-A":`
			`nfAction = iptables.Append`
			`case "-I":`
			`nfAction = iptables.Insert`
			`case "-D":`
			`nfAction = iptables.Delete`
			`default:`
Provide interface to categorize errors - Package types to define the interfaces libnetwork errors may implement, so that caller can categorize them. Signed-off-by: Alessandro Boch <aboch@docker.com> 2015-05-14 17:56:15 -04:00			`return InvalidIPTablesCfgError(action)`
Link implementation in bridge driver Signed-off-by: Madhu Venugopal <madhu@docker.com> 2015-05-01 20:14:04 -04:00			`}`

			`ip1 := net.ParseIP(parentIP)`
			`if ip1 == nil {`
			`return InvalidLinkIPAddrError(parentIP)`
			`}`
			`ip2 := net.ParseIP(childIP)`
			`if ip2 == nil {`
			`return InvalidLinkIPAddrError(childIP)`
			`}`

Seperates the driver-specific and network-specific iptable operations for the bridge driver. Moves two config options, namely EnableIPTables and EnableUserlandProxy from networks to the driver. Closes #242 Signed-off-by: Mohammad Banikazemi <MBanikazemi@gmail.com> 2015-06-11 21:12:00 -04:00			`chain := iptables.ChainInfo{Name: DockerChain}`
Link implementation in bridge driver Signed-off-by: Madhu Venugopal <madhu@docker.com> 2015-05-01 20:14:04 -04:00			`for _, port := range ports {`
Seperates the driver-specific and network-specific iptable operations for the bridge driver. Moves two config options, namely EnableIPTables and EnableUserlandProxy from networks to the driver. Closes #242 Signed-off-by: Mohammad Banikazemi <MBanikazemi@gmail.com> 2015-06-11 21:12:00 -04:00			`err := chain.Link(nfAction, ip1, ip2, int(port.Port), port.Proto.String(), bridge)`
Link implementation in bridge driver Signed-off-by: Madhu Venugopal <madhu@docker.com> 2015-05-01 20:14:04 -04:00			`if !ignoreErrors && err != nil {`
			`return err`
			`}`
			`}`
			`return nil`
			`}`