added TODOs for open IPv6 point

Signed-off-by: Benjamin Böhmke <benjamin@boehmke.net>

libnetwork/drivers/bridge/port_mapping.go

@@ -34,6 +34,7 @@ func (n *bridgeNetwork) allocatePorts(ep *bridgeEndpoint, reqDefBindIP net.IP, u
 
 	// IPv6 port binding excluding user land proxy
 	if n.driver.config.EnableIP6Tables && ep.addrv6 != nil {
+		// TODO IPv6 custom default binding IP
 		pbv6, err := n.allocatePortsInternal(ep.extConnConfig.PortBindings, ep.addrv6.IP, defaultBindingIPV6, false)
 		if err != nil {
 			// ensure we clear the previous allocated IPv4 ports

libnetwork/drivers/overlay/encryption.go

@@ -210,6 +210,7 @@ func programMangle(vni uint32, add bool) (err error) {
 		action = "install"
 	)
 
+	// TODO IPv6 support
 	iptable := iptables.GetIptable(iptables.IPv4)
 
 	if add == iptable.Exists(iptables.Mangle, chain, rule...) {
@@ -241,6 +242,7 @@ func programInput(vni uint32, add bool) (err error) {
 		msg        = "add"
 	)
 
+	// TODO IPv6 support
 	iptable := iptables.GetIptable(iptables.IPv4)
 
 	if !add {

libnetwork/drivers/overlay/filter.go

@@ -20,6 +20,7 @@ func filterWait() func() {
 }
 
 func chainExists(cname string) bool {
+	// TODO IPv6 support
 	iptable := iptables.GetIptable(iptables.IPv4)
 	if _, err := iptable.Raw("-L", cname); err != nil {
 		return false
@@ -29,6 +30,7 @@ func chainExists(cname string) bool {
 }
 
 func setupGlobalChain() {
+	// TODO IPv6 support
 	iptable := iptables.GetIptable(iptables.IPv4)
 	// Because of an ungraceful shutdown, chain could already be present
 	if !chainExists(globalChain) {
@@ -46,6 +48,7 @@ func setupGlobalChain() {
 }
 
 func setNetworkChain(cname string, remove bool) error {
+	// TODO IPv6 support
 	iptable := iptables.GetIptable(iptables.IPv4)
 	// Initialize the onetime global overlay chain
 	filterOnce.Do(setupGlobalChain)
@@ -95,6 +98,7 @@ func setFilters(cname, brName string, remove bool) error {
 	if remove {
 		opt = "-D"
 	}
+	// TODO IPv6 support
 	iptable := iptables.GetIptable(iptables.IPv4)
 
 	// Every time we set filters for a new subnet make sure to move the global overlay hook to the top of the both the OUTPUT and forward chains

libnetwork/firewall_linux.go

@@ -26,6 +26,7 @@ func arrangeUserFilterRule() {
 	if ctrl == nil || !ctrl.iptablesEnabled() {
 		return
 	}
+	// TODO IPv6 support
 	iptable := iptables.GetIptable(iptables.IPv4)
 	_, err := iptable.NewChain(userChain, iptables.Filter, false)
 	if err != nil {

libnetwork/resolver_unix.go

@@ -57,6 +57,7 @@ func reexecSetupResolver() {
 		os.Exit(3)
 	}
 
+	// TODO IPv6 support
 	iptable := iptables.GetIptable(iptables.IPv4)
 
 	// insert outputChain and postroutingchain

libnetwork/service_linux.go

@@ -302,7 +302,7 @@ func filterPortConfigs(ingressPorts []*PortConfig, isDelete bool) []*PortConfig
 }
 
 func programIngress(gwIP net.IP, ingressPorts []*PortConfig, isDelete bool) error {
-
+	// TODO IPv6 support
 	iptable := iptables.GetIptable(iptables.IPv4)
 
 	addDelOpt := "-I"
@@ -464,6 +464,7 @@ func programIngress(gwIP net.IP, ingressPorts []*PortConfig, isDelete bool) erro
 // This chain has the rules to allow access to the published ports for swarm tasks
 // from local bridge networks and docker_gwbridge (ie:taks on other swarm networks)
 func arrangeIngressFilterRule() {
+	// TODO IPv6 support
 	iptable := iptables.GetIptable(iptables.IPv4)
 	if iptable.ExistChain(ingressChain, iptables.Filter) {
 		if iptable.Exists(iptables.Filter, "FORWARD", "-j", ingressChain) {
@@ -610,6 +611,7 @@ func invokeFWMarker(path string, vip net.IP, fwMark uint32, ingressPorts []*Port
 
 // Firewall marker reexec function.
 func fwMarker() {
+	// TODO IPv6 support
 	iptable := iptables.GetIptable(iptables.IPv4)
 	runtime.LockOSThread()
 	defer runtime.UnlockOSThread()
@@ -716,6 +718,7 @@ func addRedirectRules(path string, eIP *net.IPNet, ingressPorts []*PortConfig) e
 
 // Redirector reexec function.
 func redirector() {
+	// TODO IPv6 support
 	iptable := iptables.GetIptable(iptables.IPv4)
 	runtime.LockOSThread()
 	defer runtime.UnlockOSThread()