moby--moby/libnetwork/portmapper/proxy.go

package portmapper

import (
	"fmt"
	"io"
	"net"

	"github.com/ishidawataru/sctp"
)

type userlandProxy interface {
	Start() error
	Stop() error
}

// ipVersion refers to IP version - v4 or v6
type ipVersion string

const (
	// IPv4 is version 4
	ipv4 ipVersion = "4"
	// IPv4 is version 6
	ipv6 ipVersion = "6"
)

// dummyProxy just listen on some port, it is needed to prevent accidental
// port allocations on bound port, because without userland proxy we using
// iptables rules and not net.Listen
type dummyProxy struct {
	listener  io.Closer
	addr      net.Addr
	ipVersion ipVersion
}

func newDummyProxy(proto string, hostIP net.IP, hostPort int) (userlandProxy, error) {
	// detect version of hostIP to bind only to correct version
	version := ipv4
	if hostIP.To4() == nil {
		version = ipv6
	}
	switch proto {
	case "tcp":
		addr := &net.TCPAddr{IP: hostIP, Port: hostPort}
		return &dummyProxy{addr: addr, ipVersion: version}, nil
	case "udp":
		addr := &net.UDPAddr{IP: hostIP, Port: hostPort}
		return &dummyProxy{addr: addr, ipVersion: version}, nil
	case "sctp":
		addr := &sctp.SCTPAddr{IPAddrs: []net.IPAddr{{IP: hostIP}}, Port: hostPort}
		return &dummyProxy{addr: addr, ipVersion: version}, nil
	default:
		return nil, fmt.Errorf("Unknown addr type: %s", proto)
	}
}

func (p *dummyProxy) Start() error {
	switch addr := p.addr.(type) {
	case *net.TCPAddr:
		l, err := net.ListenTCP("tcp"+string(p.ipVersion), addr)
		if err != nil {
			return err
		}
		p.listener = l
	case *net.UDPAddr:
		l, err := net.ListenUDP("udp"+string(p.ipVersion), addr)
		if err != nil {
			return err
		}
		p.listener = l
	case *sctp.SCTPAddr:
		l, err := sctp.ListenSCTP("sctp"+string(p.ipVersion), addr)
		if err != nil {
			return err
		}
		p.listener = l
	default:
		return fmt.Errorf("Unknown addr type: %T", p.addr)
	}
	return nil
}

func (p *dummyProxy) Stop() error {
	if p.listener != nil {
		return p.listener.Close()
	}
	return nil
}
Issue #33: Move portmapper and portallocator into libnetwork - As they provide network translation functionalities, they should be part of libnetwork - In driver/bridge/setup_ip_tables.go remove depenency on docker/daemon/networkdriver Signed-off-by: Alessandro Boch <aboch@docker.com> 2015-04-08 02:20:04 -04:00			`package portmapper`

			`import (`
			`"fmt"`
Add dummy proxy on port map It is needed in cases when mapped port is already bound, or another application bind mapped port. All this will be undetected because we use iptables and not net.Listen. Signed-off-by: Alexander Morozov <lk4d4@docker.com> 2015-05-21 15:20:48 -04:00			`"io"`
Issue #33: Move portmapper and portallocator into libnetwork - As they provide network translation functionalities, they should be part of libnetwork - In driver/bridge/setup_ip_tables.go remove depenency on docker/daemon/networkdriver Signed-off-by: Alessandro Boch <aboch@docker.com> 2015-04-08 02:20:04 -04:00			`"net"`
Support SCTP port mapping Signed-off-by: Wataru Ishida <ishida.wataru@lab.ntt.co.jp> Signed-off-by: Akihiro Suda <suda.akihiro@lab.ntt.co.jp> 2017-06-13 01:29:56 -04:00
			`"github.com/ishidawataru/sctp"`
Issue #33: Move portmapper and portallocator into libnetwork - As they provide network translation functionalities, they should be part of libnetwork - In driver/bridge/setup_ip_tables.go remove depenency on docker/daemon/networkdriver Signed-off-by: Alessandro Boch <aboch@docker.com> 2015-04-08 02:20:04 -04:00			`)`

			`type userlandProxy interface {`
			`Start() error`
			`Stop() error`
			`}`

Fix IPv6 Port Forwarding for the Bridge Driver 1. Allocate either a IPv4 and/or IPv6 Port Binding (HostIP, HostPort, ContainerIP, ContainerPort) based on the input and system parameters 2. Update the userland proxy as well as dummy proxy (inside port mapper) to specifically listen on either the IPv4 or IPv6 network Signed-off-by: Arko Dasgupta <arko.dasgupta@docker.com> 2020-12-13 18:56:30 -05:00			`// ipVersion refers to IP version - v4 or v6`
			`type ipVersion string`

			`const (`
			`// IPv4 is version 4`
			`ipv4 ipVersion = "4"`
			`// IPv4 is version 6`
			`ipv6 ipVersion = "6"`
			`)`

Add dummy proxy on port map It is needed in cases when mapped port is already bound, or another application bind mapped port. All this will be undetected because we use iptables and not net.Listen. Signed-off-by: Alexander Morozov <lk4d4@docker.com> 2015-05-21 15:20:48 -04:00			`// dummyProxy just listen on some port, it is needed to prevent accidental`
			`// port allocations on bound port, because without userland proxy we using`
			`// iptables rules and not net.Listen`
			`type dummyProxy struct {`
Fix IPv6 Port Forwarding for the Bridge Driver 1. Allocate either a IPv4 and/or IPv6 Port Binding (HostIP, HostPort, ContainerIP, ContainerPort) based on the input and system parameters 2. Update the userland proxy as well as dummy proxy (inside port mapper) to specifically listen on either the IPv4 or IPv6 network Signed-off-by: Arko Dasgupta <arko.dasgupta@docker.com> 2020-12-13 18:56:30 -05:00			`listener io.Closer`
			`addr net.Addr`
			`ipVersion ipVersion`
Add dummy proxy on port map It is needed in cases when mapped port is already bound, or another application bind mapped port. All this will be undetected because we use iptables and not net.Listen. Signed-off-by: Alexander Morozov <lk4d4@docker.com> 2015-05-21 15:20:48 -04:00			`}`

Support SCTP port mapping Signed-off-by: Wataru Ishida <ishida.wataru@lab.ntt.co.jp> Signed-off-by: Akihiro Suda <suda.akihiro@lab.ntt.co.jp> 2017-06-13 01:29:56 -04:00			`func newDummyProxy(proto string, hostIP net.IP, hostPort int) (userlandProxy, error) {`
Fix IPv6 Port Forwarding for the Bridge Driver 1. Allocate either a IPv4 and/or IPv6 Port Binding (HostIP, HostPort, ContainerIP, ContainerPort) based on the input and system parameters 2. Update the userland proxy as well as dummy proxy (inside port mapper) to specifically listen on either the IPv4 or IPv6 network Signed-off-by: Arko Dasgupta <arko.dasgupta@docker.com> 2020-12-13 18:56:30 -05:00			`// detect version of hostIP to bind only to correct version`
			`version := ipv4`
			`if hostIP.To4() == nil {`
			`version = ipv6`
			`}`
Add dummy proxy on port map It is needed in cases when mapped port is already bound, or another application bind mapped port. All this will be undetected because we use iptables and not net.Listen. Signed-off-by: Alexander Morozov <lk4d4@docker.com> 2015-05-21 15:20:48 -04:00			`switch proto {`
			`case "tcp":`
			`addr := &net.TCPAddr{IP: hostIP, Port: hostPort}`
Fix IPv6 Port Forwarding for the Bridge Driver 1. Allocate either a IPv4 and/or IPv6 Port Binding (HostIP, HostPort, ContainerIP, ContainerPort) based on the input and system parameters 2. Update the userland proxy as well as dummy proxy (inside port mapper) to specifically listen on either the IPv4 or IPv6 network Signed-off-by: Arko Dasgupta <arko.dasgupta@docker.com> 2020-12-13 18:56:30 -05:00			`return &dummyProxy{addr: addr, ipVersion: version}, nil`
Add dummy proxy on port map It is needed in cases when mapped port is already bound, or another application bind mapped port. All this will be undetected because we use iptables and not net.Listen. Signed-off-by: Alexander Morozov <lk4d4@docker.com> 2015-05-21 15:20:48 -04:00			`case "udp":`
			`addr := &net.UDPAddr{IP: hostIP, Port: hostPort}`
Fix IPv6 Port Forwarding for the Bridge Driver 1. Allocate either a IPv4 and/or IPv6 Port Binding (HostIP, HostPort, ContainerIP, ContainerPort) based on the input and system parameters 2. Update the userland proxy as well as dummy proxy (inside port mapper) to specifically listen on either the IPv4 or IPv6 network Signed-off-by: Arko Dasgupta <arko.dasgupta@docker.com> 2020-12-13 18:56:30 -05:00			`return &dummyProxy{addr: addr, ipVersion: version}, nil`
Support SCTP port mapping Signed-off-by: Wataru Ishida <ishida.wataru@lab.ntt.co.jp> Signed-off-by: Akihiro Suda <suda.akihiro@lab.ntt.co.jp> 2017-06-13 01:29:56 -04:00			`case "sctp":`
Update sctp package This commit updates the vendored ishidawataru/sctp and adapts its used types. Signed-off-by: Sascha Grunert <sgrunert@suse.com> Signed-off-by: Sebastiaan van Stijn <github@gone.nl> 2019-05-02 07:23:31 -04:00			`addr := &sctp.SCTPAddr{IPAddrs: []net.IPAddr{{IP: hostIP}}, Port: hostPort}`
Fix IPv6 Port Forwarding for the Bridge Driver 1. Allocate either a IPv4 and/or IPv6 Port Binding (HostIP, HostPort, ContainerIP, ContainerPort) based on the input and system parameters 2. Update the userland proxy as well as dummy proxy (inside port mapper) to specifically listen on either the IPv4 or IPv6 network Signed-off-by: Arko Dasgupta <arko.dasgupta@docker.com> 2020-12-13 18:56:30 -05:00			`return &dummyProxy{addr: addr, ipVersion: version}, nil`
Support SCTP port mapping Signed-off-by: Wataru Ishida <ishida.wataru@lab.ntt.co.jp> Signed-off-by: Akihiro Suda <suda.akihiro@lab.ntt.co.jp> 2017-06-13 01:29:56 -04:00			`default:`
			`return nil, fmt.Errorf("Unknown addr type: %s", proto)`
Add dummy proxy on port map It is needed in cases when mapped port is already bound, or another application bind mapped port. All this will be undetected because we use iptables and not net.Listen. Signed-off-by: Alexander Morozov <lk4d4@docker.com> 2015-05-21 15:20:48 -04:00			`}`
			`}`

			`func (p *dummyProxy) Start() error {`
			`switch addr := p.addr.(type) {`
			`case *net.TCPAddr:`
Fix IPv6 Port Forwarding for the Bridge Driver 1. Allocate either a IPv4 and/or IPv6 Port Binding (HostIP, HostPort, ContainerIP, ContainerPort) based on the input and system parameters 2. Update the userland proxy as well as dummy proxy (inside port mapper) to specifically listen on either the IPv4 or IPv6 network Signed-off-by: Arko Dasgupta <arko.dasgupta@docker.com> 2020-12-13 18:56:30 -05:00			`l, err := net.ListenTCP("tcp"+string(p.ipVersion), addr)`
Add dummy proxy on port map It is needed in cases when mapped port is already bound, or another application bind mapped port. All this will be undetected because we use iptables and not net.Listen. Signed-off-by: Alexander Morozov <lk4d4@docker.com> 2015-05-21 15:20:48 -04:00			`if err != nil {`
			`return err`
			`}`
			`p.listener = l`
			`case *net.UDPAddr:`
Fix IPv6 Port Forwarding for the Bridge Driver 1. Allocate either a IPv4 and/or IPv6 Port Binding (HostIP, HostPort, ContainerIP, ContainerPort) based on the input and system parameters 2. Update the userland proxy as well as dummy proxy (inside port mapper) to specifically listen on either the IPv4 or IPv6 network Signed-off-by: Arko Dasgupta <arko.dasgupta@docker.com> 2020-12-13 18:56:30 -05:00			`l, err := net.ListenUDP("udp"+string(p.ipVersion), addr)`
Add dummy proxy on port map It is needed in cases when mapped port is already bound, or another application bind mapped port. All this will be undetected because we use iptables and not net.Listen. Signed-off-by: Alexander Morozov <lk4d4@docker.com> 2015-05-21 15:20:48 -04:00			`if err != nil {`
			`return err`
			`}`
			`p.listener = l`
Support SCTP port mapping Signed-off-by: Wataru Ishida <ishida.wataru@lab.ntt.co.jp> Signed-off-by: Akihiro Suda <suda.akihiro@lab.ntt.co.jp> 2017-06-13 01:29:56 -04:00			`case *sctp.SCTPAddr:`
Fix IPv6 Port Forwarding for the Bridge Driver 1. Allocate either a IPv4 and/or IPv6 Port Binding (HostIP, HostPort, ContainerIP, ContainerPort) based on the input and system parameters 2. Update the userland proxy as well as dummy proxy (inside port mapper) to specifically listen on either the IPv4 or IPv6 network Signed-off-by: Arko Dasgupta <arko.dasgupta@docker.com> 2020-12-13 18:56:30 -05:00			`l, err := sctp.ListenSCTP("sctp"+string(p.ipVersion), addr)`
Support SCTP port mapping Signed-off-by: Wataru Ishida <ishida.wataru@lab.ntt.co.jp> Signed-off-by: Akihiro Suda <suda.akihiro@lab.ntt.co.jp> 2017-06-13 01:29:56 -04:00			`if err != nil {`
			`return err`
			`}`
			`p.listener = l`
Add dummy proxy on port map It is needed in cases when mapped port is already bound, or another application bind mapped port. All this will be undetected because we use iptables and not net.Listen. Signed-off-by: Alexander Morozov <lk4d4@docker.com> 2015-05-21 15:20:48 -04:00			`default:`
			`return fmt.Errorf("Unknown addr type: %T", p.addr)`
			`}`
			`return nil`
			`}`

			`func (p *dummyProxy) Stop() error {`
			`if p.listener != nil {`
			`return p.listener.Close()`
			`}`
			`return nil`
			`}`