diff --git a/libnetwork/Dockerfile b/libnetwork/Dockerfile index f8b999962a..962dc5aabe 100644 --- a/libnetwork/Dockerfile +++ b/libnetwork/Dockerfile @@ -7,7 +7,7 @@ RUN go get -d github.com/gogo/protobuf/protoc-gen-gogo && \ git reset --hard 30cf7ac33676b5786e78c746683f0d4cd64fa75b && \ go install -RUN go get github.com/golang/lint/golint \ +RUN go get golang.org/x/lint/golint \ golang.org/x/tools/cmd/cover \ github.com/mattn/goveralls \ github.com/gordonklaus/ineffassign \ diff --git a/libnetwork/drivers/overlay/encryption.go b/libnetwork/drivers/overlay/encryption.go index a97e73df82..38fd710b9c 100644 --- a/libnetwork/drivers/overlay/encryption.go +++ b/libnetwork/drivers/overlay/encryption.go @@ -12,6 +12,7 @@ import ( "strconv" + "github.com/docker/libnetwork/drivers/overlay/overlayutils" "github.com/docker/libnetwork/iptables" "github.com/docker/libnetwork/ns" "github.com/docker/libnetwork/types" @@ -200,7 +201,7 @@ func removeEncryption(localIP, remoteIP net.IP, em *encrMap) error { func programMangle(vni uint32, add bool) (err error) { var ( - p = strconv.FormatUint(uint64(vxlanPort), 10) + p = strconv.FormatUint(uint64(overlayutils.GetVxlanUDPPort()), 10) c = fmt.Sprintf("0>>22&0x3C@12&0xFFFFFF00=%d", int(vni)<<8) m = strconv.FormatUint(uint64(r), 10) chain = "OUTPUT" @@ -227,7 +228,7 @@ func programMangle(vni uint32, add bool) (err error) { func programInput(vni uint32, add bool) (err error) { var ( - port = strconv.FormatUint(uint64(vxlanPort), 10) + port = strconv.FormatUint(uint64(overlayutils.GetVxlanUDPPort()), 10) vniMatch = fmt.Sprintf("0>>22&0x3C@12&0xFFFFFF00=%d", int(vni)<<8) plainVxlan = []string{"-p", "udp", "--dport", port, "-m", "u32", "--u32", vniMatch, "-j"} ipsecVxlan = append([]string{"-m", "policy", "--dir", "in", "--pol", "ipsec"}, plainVxlan...) diff --git a/libnetwork/drivers/overlay/ov_utils.go b/libnetwork/drivers/overlay/ov_utils.go index 27f57c1fe2..69e691d0ec 100644 --- a/libnetwork/drivers/overlay/ov_utils.go +++ b/libnetwork/drivers/overlay/ov_utils.go @@ -5,6 +5,7 @@ import ( "strings" "syscall" + "github.com/docker/libnetwork/drivers/overlay/overlayutils" "github.com/docker/libnetwork/netutils" "github.com/docker/libnetwork/ns" "github.com/docker/libnetwork/osl" @@ -61,7 +62,7 @@ func createVxlan(name string, vni uint32, mtu int) error { LinkAttrs: netlink.LinkAttrs{Name: name, MTU: mtu}, VxlanId: int(vni), Learning: true, - Port: vxlanPort, + Port: int(overlayutils.GetVxlanUDPPort()), Proxy: true, L3miss: true, L2miss: true, diff --git a/libnetwork/drivers/overlay/overlay.go b/libnetwork/drivers/overlay/overlay.go index 1bbd761c2f..1ec1e0070b 100644 --- a/libnetwork/drivers/overlay/overlay.go +++ b/libnetwork/drivers/overlay/overlay.go @@ -25,7 +25,6 @@ const ( vethLen = 7 vxlanIDStart = 256 vxlanIDEnd = (1 << 24) - 1 - vxlanPort = 4789 vxlanEncap = 50 secureOption = "encrypted" ) diff --git a/libnetwork/drivers/overlay/overlayutils/utils.go b/libnetwork/drivers/overlay/overlayutils/utils.go new file mode 100644 index 0000000000..a2a7387113 --- /dev/null +++ b/libnetwork/drivers/overlay/overlayutils/utils.go @@ -0,0 +1,44 @@ +// Package overlayutils provides utility functions for overlay networks +package overlayutils + +import ( + "fmt" + "sync" +) + +var ( + vxlanUDPPort uint32 + mutex sync.Mutex +) + +func init() { + vxlanUDPPort = 4789 +} + +// ConfigVxlanUDPPort configures vxlan udp port number. +func ConfigVxlanUDPPort(vxlanPort uint32) error { + mutex.Lock() + defer mutex.Unlock() + // if the value comes as 0 by any reason we set it to default value 4789 + if vxlanPort == 0 { + vxlanPort = 4789 + } + // IANA procedures for each range in detail + // The Well Known Ports, aka the System Ports, from 0-1023 + // The Registered Ports, aka the User Ports, from 1024-49151 + // The Dynamic Ports, aka the Private Ports, from 49152-65535 + // So we can allow range between 1024 to 49151 + if vxlanPort < 1024 || vxlanPort > 49151 { + return fmt.Errorf("ConfigVxlanUDPPort Vxlan UDP port number is not in valid range %d", vxlanPort) + } + vxlanUDPPort = vxlanPort + + return nil +} + +// GetVxlanUDPPort returns Vxlan UDP port number +func GetVxlanUDPPort() uint32 { + mutex.Lock() + defer mutex.Unlock() + return vxlanUDPPort +}