kotovalexarian-likes-github/moby--moby
1
0
Fork 0
mirror of https://github.com/moby/moby.git synced 2022-11-09 12:21:53 -05:00
Code Releases Activity

Fix ICC on Firewalld enabled fedora systems, add in missing firewalld functionality to re-apply configuration when reloaded

Browse source 
Signed-off-by: Alec Benson <albenson@redhat.com>
This commit is contained in:
Alec Benson 2015-07-24 13:20:48 -04:00
parent e66b082070
commit 21b0927720
5 changed files with 38 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
libnetwork/drivers/bridge/bridge.go
View file

@ -660,6 +660,10 @@ func (d *driver) CreateNetwork(id types.UUID, option map[string]interface{}) err
// Setup IPTables. // Setup IPTables.
{config.EnableIPTables, network.setupIPTables}, {config.EnableIPTables, network.setupIPTables},
//We want to track firewalld configuration so that
//if it is started/reloaded, the rules can be applied correctly
{config.EnableIPTables, network.setupFirewalld},
// Setup DefaultGatewayIPv4 // Setup DefaultGatewayIPv4
{config.DefaultGatewayIPv4 != nil, setupGatewayIPv4}, {config.DefaultGatewayIPv4 != nil, setupGatewayIPv4},

7
libnetwork/drivers/bridge/link.go
View file

@ -32,7 +32,12 @@ func newLink(parentIP, childIP string, ports []types.TransportPort, bridge strin
func (l *link) Enable() error { func (l *link) Enable() error {
// -A == iptables append flag // -A == iptables append flag
return linkContainers("-A", l.parentIP, l.childIP, l.ports, l.bridge, false) linkFunction := func() error {
return linkContainers("-A", l.parentIP, l.childIP, l.ports, l.bridge, false)
}
iptables.OnReloaded(func() { linkFunction() })
return linkFunction()
} }
func (l *link) Disable() { func (l *link) Disable() {

15
libnetwork/drivers/bridge/setup_firewalld.go Normal file
View file

@ -0,0 +1,15 @@
package bridge
import "github.com/docker/libnetwork/iptables"
func (n *bridgeNetwork) setupFirewalld(config *networkConfiguration, i *bridgeInterface) error {
// Sanity check.
if config.EnableIPTables == false {
return IPTableCfgError(config.BridgeName)
}
iptables.OnReloaded(func() { n.setupIPTables(config, i) })
iptables.OnReloaded(n.portMapper.ReMapAll)
return nil
}

2
libnetwork/drivers/bridge/setup_ip_tables.go
View file

@ -149,7 +149,7 @@ func setIcc(bridgeIface string, iccEnable, insert bool) error {
iptables.Raw(append([]string{"-D", chain}, dropArgs...)...) iptables.Raw(append([]string{"-D", chain}, dropArgs...)...)
if !iptables.Exists(table, chain, acceptArgs...) { if !iptables.Exists(table, chain, acceptArgs...) {
if output, err := iptables.Raw(append([]string{"-A", chain}, acceptArgs...)...); err != nil { if output, err := iptables.Raw(append([]string{"-I", chain}, acceptArgs...)...); err != nil {
return fmt.Errorf("Unable to allow intercontainer communication: %s", err.Error()) return fmt.Errorf("Unable to allow intercontainer communication: %s", err.Error())
} else if len(output) != 0 { } else if len(output) != 0 {
return fmt.Errorf("Error enabling intercontainer communication: %s", output) return fmt.Errorf("Error enabling intercontainer communication: %s", output)

12
libnetwork/portmapper/mapper.go
View file

@ -179,6 +179,18 @@ func (pm *PortMapper) Unmap(host net.Addr) error {
return nil return nil
} }
//ReMapAll will re-apply all port mappings
func (pm *PortMapper) ReMapAll() {
logrus.Debugln("Re-applying all port mappings.")
for _, data := range pm.currentMappings {
containerIP, containerPort := getIPAndPort(data.container)
hostIP, hostPort := getIPAndPort(data.host)
if err := pm.forward(iptables.Append, data.proto, hostIP, hostPort, containerIP.String(), containerPort); err != nil {
logrus.Errorf("Error on iptables add: %s", err)
}
}
}
func getKey(a net.Addr) string { func getKey(a net.Addr) string {
switch t := a.(type) { switch t := a.(type) {
case *net.TCPAddr: case *net.TCPAddr: