diff --git a/libnetwork/drivers/bridge/bridge.go b/libnetwork/drivers/bridge/bridge.go index c26da23677..3cacad1f8d 100644 --- a/libnetwork/drivers/bridge/bridge.go +++ b/libnetwork/drivers/bridge/bridge.go @@ -518,6 +518,11 @@ func (d *driver) CreateNetwork(id types.UUID, option map[string]interface{}) err // Even if a bridge exists try to setup IPv4. bridgeSetup.queueStep(setupBridgeIPv4) + enableIPv6Forwarding := false + if d.config != nil && d.config.EnableIPForwarding && config.FixedCIDRv6 != nil { + enableIPv6Forwarding = true + } + // Conditionally queue setup steps depending on configuration values. for _, step := range []struct { Condition bool @@ -541,6 +546,9 @@ func (d *driver) CreateNetwork(id types.UUID, option map[string]interface{}) err // specified subnet. {config.FixedCIDRv6 != nil, setupFixedCIDRv6}, + // Enable IPv6 Forwarding + {enableIPv6Forwarding, setupIPv6Forwarding}, + // Setup Loopback Adresses Routing {!config.EnableUserlandProxy, setupLoopbackAdressesRouting}, diff --git a/libnetwork/drivers/bridge/setup_fixedcidrv6.go b/libnetwork/drivers/bridge/setup_fixedcidrv6.go index 1b4bb57961..b2a949be5b 100644 --- a/libnetwork/drivers/bridge/setup_fixedcidrv6.go +++ b/libnetwork/drivers/bridge/setup_fixedcidrv6.go @@ -1,7 +1,10 @@ package bridge import ( + "os" + log "github.com/Sirupsen/logrus" + "github.com/vishvananda/netlink" ) func setupFixedCIDRv6(config *networkConfiguration, i *bridgeInterface) error { @@ -10,5 +13,15 @@ func setupFixedCIDRv6(config *networkConfiguration, i *bridgeInterface) error { return &FixedCIDRv6Error{Net: config.FixedCIDRv6, Err: err} } + // Setting route to global IPv6 subnet + log.Debugf("Adding route to IPv6 network %s via device %s", config.FixedCIDRv6.String(), config.BridgeName) + err := netlink.RouteAdd(&netlink.Route{ + Scope: netlink.SCOPE_UNIVERSE, + LinkIndex: i.Link.Attrs().Index, + Dst: config.FixedCIDRv6, + }) + if err != nil && !os.IsExist(err) { + log.Errorf("Could not add route to IPv6 network %s via device %s", config.FixedCIDRv6.String(), config.BridgeName) + } return nil } diff --git a/libnetwork/drivers/bridge/setup_ipv6.go b/libnetwork/drivers/bridge/setup_ipv6.go index b797af8478..b534644edf 100644 --- a/libnetwork/drivers/bridge/setup_ipv6.go +++ b/libnetwork/drivers/bridge/setup_ipv6.go @@ -5,12 +5,16 @@ import ( "io/ioutil" "net" + "github.com/Sirupsen/logrus" "github.com/vishvananda/netlink" ) var bridgeIPv6 *net.IPNet -const bridgeIPv6Str = "fe80::1/64" +const ( + bridgeIPv6Str = "fe80::1/64" + ipv6ForwardConfPerm = 0644 +) func init() { // We allow ourselves to panic in this special case because we indicate a @@ -25,7 +29,7 @@ func init() { func setupBridgeIPv6(config *networkConfiguration, i *bridgeInterface) error { // Enable IPv6 on the bridge procFile := "/proc/sys/net/ipv6/conf/" + config.BridgeName + "/disable_ipv6" - if err := ioutil.WriteFile(procFile, []byte{'0', '\n'}, 0644); err != nil { + if err := ioutil.WriteFile(procFile, []byte{'0', '\n'}, ipv6ForwardConfPerm); err != nil { return fmt.Errorf("Unable to enable IPv6 addresses on bridge: %v", err) } @@ -64,3 +68,14 @@ func setupGatewayIPv6(config *networkConfiguration, i *bridgeInterface) error { return nil } + +func setupIPv6Forwarding(config *networkConfiguration, i *bridgeInterface) error { + // Enable IPv6 forwarding + if err := ioutil.WriteFile("/proc/sys/net/ipv6/conf/default/forwarding", []byte{'1', '\n'}, ipv6ForwardConfPerm); err != nil { + logrus.Warnf("Unable to enable IPv6 default forwarding: %v", err) + } + if err := ioutil.WriteFile("/proc/sys/net/ipv6/conf/all/forwarding", []byte{'1', '\n'}, ipv6ForwardConfPerm); err != nil { + logrus.Warnf("Unable to enable IPv6 all forwarding: %v", err) + } + return nil +}