From 077ccabc4533d8d0ae13cd009e9c91a111d55e62 Mon Sep 17 00:00:00 2001 From: selansen Date: Fri, 26 Oct 2018 22:51:34 -0400 Subject: [PATCH] VXLAN UDP Port configuration support This PR chnages allow user to configure VxLAN UDP port number. By default we use 4789 port number. But this commit will allow user to configure port number during swarm init. VxLAN port can't be modified after swarm init. Signed-off-by: selansen --- libnetwork/Dockerfile | 2 +- libnetwork/drivers/overlay/encryption.go | 5 ++- libnetwork/drivers/overlay/ov_utils.go | 3 +- libnetwork/drivers/overlay/overlay.go | 1 - .../drivers/overlay/overlayutils/utils.go | 44 +++++++++++++++++++ 5 files changed, 50 insertions(+), 5 deletions(-) create mode 100644 libnetwork/drivers/overlay/overlayutils/utils.go diff --git a/libnetwork/Dockerfile b/libnetwork/Dockerfile index f8b999962a..962dc5aabe 100644 --- a/libnetwork/Dockerfile +++ b/libnetwork/Dockerfile @@ -7,7 +7,7 @@ RUN go get -d github.com/gogo/protobuf/protoc-gen-gogo && \ git reset --hard 30cf7ac33676b5786e78c746683f0d4cd64fa75b && \ go install -RUN go get github.com/golang/lint/golint \ +RUN go get golang.org/x/lint/golint \ golang.org/x/tools/cmd/cover \ github.com/mattn/goveralls \ github.com/gordonklaus/ineffassign \ diff --git a/libnetwork/drivers/overlay/encryption.go b/libnetwork/drivers/overlay/encryption.go index a97e73df82..38fd710b9c 100644 --- a/libnetwork/drivers/overlay/encryption.go +++ b/libnetwork/drivers/overlay/encryption.go @@ -12,6 +12,7 @@ import ( "strconv" + "github.com/docker/libnetwork/drivers/overlay/overlayutils" "github.com/docker/libnetwork/iptables" "github.com/docker/libnetwork/ns" "github.com/docker/libnetwork/types" @@ -200,7 +201,7 @@ func removeEncryption(localIP, remoteIP net.IP, em *encrMap) error { func programMangle(vni uint32, add bool) (err error) { var ( - p = strconv.FormatUint(uint64(vxlanPort), 10) + p = strconv.FormatUint(uint64(overlayutils.GetVxlanUDPPort()), 10) c = fmt.Sprintf("0>>22&0x3C@12&0xFFFFFF00=%d", int(vni)<<8) m = strconv.FormatUint(uint64(r), 10) chain = "OUTPUT" @@ -227,7 +228,7 @@ func programMangle(vni uint32, add bool) (err error) { func programInput(vni uint32, add bool) (err error) { var ( - port = strconv.FormatUint(uint64(vxlanPort), 10) + port = strconv.FormatUint(uint64(overlayutils.GetVxlanUDPPort()), 10) vniMatch = fmt.Sprintf("0>>22&0x3C@12&0xFFFFFF00=%d", int(vni)<<8) plainVxlan = []string{"-p", "udp", "--dport", port, "-m", "u32", "--u32", vniMatch, "-j"} ipsecVxlan = append([]string{"-m", "policy", "--dir", "in", "--pol", "ipsec"}, plainVxlan...) diff --git a/libnetwork/drivers/overlay/ov_utils.go b/libnetwork/drivers/overlay/ov_utils.go index 27f57c1fe2..69e691d0ec 100644 --- a/libnetwork/drivers/overlay/ov_utils.go +++ b/libnetwork/drivers/overlay/ov_utils.go @@ -5,6 +5,7 @@ import ( "strings" "syscall" + "github.com/docker/libnetwork/drivers/overlay/overlayutils" "github.com/docker/libnetwork/netutils" "github.com/docker/libnetwork/ns" "github.com/docker/libnetwork/osl" @@ -61,7 +62,7 @@ func createVxlan(name string, vni uint32, mtu int) error { LinkAttrs: netlink.LinkAttrs{Name: name, MTU: mtu}, VxlanId: int(vni), Learning: true, - Port: vxlanPort, + Port: int(overlayutils.GetVxlanUDPPort()), Proxy: true, L3miss: true, L2miss: true, diff --git a/libnetwork/drivers/overlay/overlay.go b/libnetwork/drivers/overlay/overlay.go index 1bbd761c2f..1ec1e0070b 100644 --- a/libnetwork/drivers/overlay/overlay.go +++ b/libnetwork/drivers/overlay/overlay.go @@ -25,7 +25,6 @@ const ( vethLen = 7 vxlanIDStart = 256 vxlanIDEnd = (1 << 24) - 1 - vxlanPort = 4789 vxlanEncap = 50 secureOption = "encrypted" ) diff --git a/libnetwork/drivers/overlay/overlayutils/utils.go b/libnetwork/drivers/overlay/overlayutils/utils.go new file mode 100644 index 0000000000..a2a7387113 --- /dev/null +++ b/libnetwork/drivers/overlay/overlayutils/utils.go @@ -0,0 +1,44 @@ +// Package overlayutils provides utility functions for overlay networks +package overlayutils + +import ( + "fmt" + "sync" +) + +var ( + vxlanUDPPort uint32 + mutex sync.Mutex +) + +func init() { + vxlanUDPPort = 4789 +} + +// ConfigVxlanUDPPort configures vxlan udp port number. +func ConfigVxlanUDPPort(vxlanPort uint32) error { + mutex.Lock() + defer mutex.Unlock() + // if the value comes as 0 by any reason we set it to default value 4789 + if vxlanPort == 0 { + vxlanPort = 4789 + } + // IANA procedures for each range in detail + // The Well Known Ports, aka the System Ports, from 0-1023 + // The Registered Ports, aka the User Ports, from 1024-49151 + // The Dynamic Ports, aka the Private Ports, from 49152-65535 + // So we can allow range between 1024 to 49151 + if vxlanPort < 1024 || vxlanPort > 49151 { + return fmt.Errorf("ConfigVxlanUDPPort Vxlan UDP port number is not in valid range %d", vxlanPort) + } + vxlanUDPPort = vxlanPort + + return nil +} + +// GetVxlanUDPPort returns Vxlan UDP port number +func GetVxlanUDPPort() uint32 { + mutex.Lock() + defer mutex.Unlock() + return vxlanUDPPort +}