libnetwork Windows driver support for outboundnat policy via generic options

Signed-off-by: Nick Wood <nwood@microsoft.com>
2022-11-09 12:21:53 -05:00 · 2018-02-05 16:55:56 -08:00 · 2018-02-05 16:55:56 -08:00 · bbbfa21a94
commit bbbfa21a94
parent 2459e6fbd3
2 changed files with 49 additions and 15 deletions
--- a/libnetwork/drivers/windows/labels.go
+++ b/libnetwork/drivers/windows/labels.go
@ -42,4 +42,10 @@ const (

 	// DisableGatewayDNS label
 	DisableGatewayDNS = "com.docker.network.windowsshim.disable_gatewaydns"
+
+	// EnableOutboundNat label
+	EnableOutboundNat = "com.docker.network.windowsshim.enable_outboundnat"
+
+	// OutboundNatExceptions label
+	OutboundNatExceptions = "com.docker.network.windowsshim.outboundnat_exceptions"
 )
--- a/libnetwork/drivers/windows/windows.go
+++ b/libnetwork/drivers/windows/windows.go
@ -20,6 +20,7 @@ import (
 	"sync"

 	"github.com/Microsoft/hcsshim"
+	"github.com/docker/docker/pkg/system"
 	"github.com/docker/libnetwork/datastore"
 	"github.com/docker/libnetwork/discoverapi"
 	"github.com/docker/libnetwork/driverapi"
@ -30,21 +31,23 @@ import (

 // networkConfiguration for network specific configuration
 type networkConfiguration struct {
-	ID                 string
-	Type               string
-	Name               string
-	HnsID              string
-	RDID               string
-	VLAN               uint
-	VSID               uint
-	DNSServers         string
-	MacPools           []hcsshim.MacPool
-	DNSSuffix          string
-	SourceMac          string
-	NetworkAdapterName string
-	dbIndex            uint64
-	dbExists           bool
-	DisableGatewayDNS  bool
+	ID                    string
+	Type                  string
+	Name                  string
+	HnsID                 string
+	RDID                  string
+	VLAN                  uint
+	VSID                  uint
+	DNSServers            string
+	MacPools              []hcsshim.MacPool
+	DNSSuffix             string
+	SourceMac             string
+	NetworkAdapterName    string
+	dbIndex               uint64
+	dbExists              bool
+	DisableGatewayDNS     bool
+	EnableOutboundNat     bool
+	OutboundNatExceptions []string
 }

 // endpointConfiguration represents the user specified configuration for the sandbox endpoint
@ -208,6 +211,18 @@ func (d *driver) parseNetworkOptions(id string, genericOptions map[string]string
 				return nil, err
 			}
 			config.VSID = uint(vsid)
+		case EnableOutboundNat:
+			if system.GetOSVersion().Build <= 16236 {
+				return nil, fmt.Errorf("Invalid network option. OutboundNat is not supported on this OS version")
+			}
+			b, err := strconv.ParseBool(value)
+			if err != nil {
+				return nil, err
+			}
+			config.EnableOutboundNat = b
+		case OutboundNatExceptions:
+			s := strings.Split(value, ",")
+			config.OutboundNatExceptions = s
 		}
 	}

@ -609,6 +624,19 @@ func (d *driver) CreateEndpoint(nid, eid string, ifInfo driverapi.InterfaceInfo,

 	endpointStruct.DisableICC = epOption.DisableICC

+	// Inherit OutboundNat policy from the network
+	if n.config.EnableOutboundNat {
+		outboundNatPolicy, err := json.Marshal(hcsshim.OutboundNatPolicy{
+			Policy:     hcsshim.Policy{Type: hcsshim.OutboundNat},
+			Exceptions: n.config.OutboundNatExceptions,
+		})
+
+		if err != nil {
+			return err
+		}
+		endpointStruct.Policies = append(endpointStruct.Policies, outboundNatPolicy)
+	}
+
 	configurationb, err := json.Marshal(endpointStruct)
 	if err != nil {
 		return err