Fixes https://github.com/docker/docker/issues/13426

Signed-off-by: Madhu Venugopal <madhu@docker.com>
2022-11-09 12:21:53 -05:00 · 2015-05-28 16:30:36 -07:00 · 2015-05-28 16:30:36 -07:00 · 0ae84dad55
commit 0ae84dad55
parent bc70ed60cb
3 changed files with 38 additions and 2 deletions
--- a/libnetwork/drivers/bridge/bridge.go
+++ b/libnetwork/drivers/bridge/bridge.go
@ -518,6 +518,11 @@ func (d *driver) CreateNetwork(id types.UUID, option map[string]interface{}) err
 	// Even if a bridge exists try to setup IPv4.
 	bridgeSetup.queueStep(setupBridgeIPv4)

+	enableIPv6Forwarding := false
+	if d.config != nil && d.config.EnableIPForwarding && config.FixedCIDRv6 != nil {
+		enableIPv6Forwarding = true
+	}
+
 	// Conditionally queue setup steps depending on configuration values.
 	for _, step := range []struct {
 		Condition bool
@ -541,6 +546,9 @@ func (d *driver) CreateNetwork(id types.UUID, option map[string]interface{}) err
 		// specified subnet.
 		{config.FixedCIDRv6 != nil, setupFixedCIDRv6},

+		// Enable IPv6 Forwarding
+		{enableIPv6Forwarding, setupIPv6Forwarding},
+
 		// Setup Loopback Adresses Routing
 		{!config.EnableUserlandProxy, setupLoopbackAdressesRouting},

--- a/libnetwork/drivers/bridge/setup_fixedcidrv6.go
+++ b/libnetwork/drivers/bridge/setup_fixedcidrv6.go
@ -1,7 +1,10 @@
 package bridge

 import (
+	"os"
+
 	log "github.com/Sirupsen/logrus"
+	"github.com/vishvananda/netlink"
 )

 func setupFixedCIDRv6(config *networkConfiguration, i *bridgeInterface) error {
@ -10,5 +13,15 @@ func setupFixedCIDRv6(config *networkConfiguration, i *bridgeInterface) error {
 		return &FixedCIDRv6Error{Net: config.FixedCIDRv6, Err: err}
 	}

+	// Setting route to global IPv6 subnet
+	log.Debugf("Adding route to IPv6 network %s via device %s", config.FixedCIDRv6.String(), config.BridgeName)
+	err := netlink.RouteAdd(&netlink.Route{
+		Scope:     netlink.SCOPE_UNIVERSE,
+		LinkIndex: i.Link.Attrs().Index,
+		Dst:       config.FixedCIDRv6,
+	})
+	if err != nil && !os.IsExist(err) {
+		log.Errorf("Could not add route to IPv6 network %s via device %s", config.FixedCIDRv6.String(), config.BridgeName)
+	}
 	return nil
 }
--- a/libnetwork/drivers/bridge/setup_ipv6.go
+++ b/libnetwork/drivers/bridge/setup_ipv6.go
@ -5,12 +5,16 @@ import (
 	"io/ioutil"
 	"net"

+	"github.com/Sirupsen/logrus"
 	"github.com/vishvananda/netlink"
 )

 var bridgeIPv6 *net.IPNet

-const bridgeIPv6Str = "fe80::1/64"
+const (
+	bridgeIPv6Str       = "fe80::1/64"
+	ipv6ForwardConfPerm = 0644
+)

 func init() {
 	// We allow ourselves to panic in this special case because we indicate a
@ -25,7 +29,7 @@ func init() {
 func setupBridgeIPv6(config *networkConfiguration, i *bridgeInterface) error {
 	// Enable IPv6 on the bridge
 	procFile := "/proc/sys/net/ipv6/conf/" + config.BridgeName + "/disable_ipv6"
-	if err := ioutil.WriteFile(procFile, []byte{'0', '\n'}, 0644); err != nil {
+	if err := ioutil.WriteFile(procFile, []byte{'0', '\n'}, ipv6ForwardConfPerm); err != nil {
 		return fmt.Errorf("Unable to enable IPv6 addresses on bridge: %v", err)
 	}

@ -64,3 +68,14 @@ func setupGatewayIPv6(config *networkConfiguration, i *bridgeInterface) error {

 	return nil
 }
+
+func setupIPv6Forwarding(config *networkConfiguration, i *bridgeInterface) error {
+	// Enable IPv6 forwarding
+	if err := ioutil.WriteFile("/proc/sys/net/ipv6/conf/default/forwarding", []byte{'1', '\n'}, ipv6ForwardConfPerm); err != nil {
+		logrus.Warnf("Unable to enable IPv6 default forwarding: %v", err)
+	}
+	if err := ioutil.WriteFile("/proc/sys/net/ipv6/conf/all/forwarding", []byte{'1', '\n'}, ipv6ForwardConfPerm); err != nil {
+		logrus.Warnf("Unable to enable IPv6 all forwarding: %v", err)
+	}
+	return nil
+}