Merge pull request #286 from mavenugo/master
Cherry-picked : enable hairpin mode on the bridge port & fix iptables rule
This commit is contained in:
commit
a03b4138a2
|
@ -876,6 +876,13 @@ func (d *driver) CreateEndpoint(nid, eid types.UUID, epInfo driverapi.EndpointIn
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if !config.EnableUserlandProxy {
|
||||||
|
err = netlink.LinkSetHairpin(host, true)
|
||||||
|
if err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
// v4 address for the sandbox side pipe interface
|
// v4 address for the sandbox side pipe interface
|
||||||
ip4, err := ipAllocator.RequestIP(n.bridge.bridgeIPv4, nil)
|
ip4, err := ipAllocator.RequestIP(n.bridge.bridgeIPv4, nil)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
|
|
@ -47,6 +47,7 @@ type Chain struct {
|
||||||
Name string
|
Name string
|
||||||
Bridge string
|
Bridge string
|
||||||
Table Table
|
Table Table
|
||||||
|
HairpinMode bool
|
||||||
}
|
}
|
||||||
|
|
||||||
// ChainError is returned to represent errors during ip table operation.
|
// ChainError is returned to represent errors during ip table operation.
|
||||||
|
@ -78,6 +79,7 @@ func NewChain(name, bridge string, table Table, hairpinMode bool) (*Chain, error
|
||||||
Name: name,
|
Name: name,
|
||||||
Bridge: bridge,
|
Bridge: bridge,
|
||||||
Table: table,
|
Table: table,
|
||||||
|
HairpinMode: hairpinMode,
|
||||||
}
|
}
|
||||||
|
|
||||||
if string(c.Table) == "" {
|
if string(c.Table) == "" {
|
||||||
|
@ -151,12 +153,16 @@ func (c *Chain) Forward(action Action, ip net.IP, port int, proto, destAddr stri
|
||||||
// value" by both iptables and ip6tables.
|
// value" by both iptables and ip6tables.
|
||||||
daddr = "0/0"
|
daddr = "0/0"
|
||||||
}
|
}
|
||||||
if output, err := Raw("-t", string(Nat), string(action), c.Name,
|
args := []string{"-t", string(Nat), string(action), c.Name,
|
||||||
"-p", proto,
|
"-p", proto,
|
||||||
"-d", daddr,
|
"-d", daddr,
|
||||||
"--dport", strconv.Itoa(port),
|
"--dport", strconv.Itoa(port),
|
||||||
"-j", "DNAT",
|
"-j", "DNAT",
|
||||||
"--to-destination", net.JoinHostPort(destAddr, strconv.Itoa(destPort))); err != nil {
|
"--to-destination", net.JoinHostPort(destAddr, strconv.Itoa(destPort))}
|
||||||
|
if !c.HairpinMode {
|
||||||
|
args = append(args, "!", "-i", c.Bridge)
|
||||||
|
}
|
||||||
|
if output, err := Raw(args...); err != nil {
|
||||||
return err
|
return err
|
||||||
} else if len(output) != 0 {
|
} else if len(output) != 0 {
|
||||||
return ChainError{Chain: "FORWARD", Output: output}
|
return ChainError{Chain: "FORWARD", Output: output}
|
||||||
|
|
|
@ -48,6 +48,7 @@ func TestForward(t *testing.T) {
|
||||||
"--dport", strconv.Itoa(port),
|
"--dport", strconv.Itoa(port),
|
||||||
"-j", "DNAT",
|
"-j", "DNAT",
|
||||||
"--to-destination", dstAddr + ":" + strconv.Itoa(dstPort),
|
"--to-destination", dstAddr + ":" + strconv.Itoa(dstPort),
|
||||||
|
"!", "-i", natChain.Bridge,
|
||||||
}
|
}
|
||||||
|
|
||||||
if !Exists(natChain.Table, natChain.Name, dnatRule...) {
|
if !Exists(natChain.Table, natChain.Name, dnatRule...) {
|
||||||
|
|
Loading…
Reference in New Issue