1
0
Fork 0
mirror of https://github.com/moby/moby.git synced 2022-11-09 12:21:53 -05:00
moby--moby/libnetwork/portallocator/portallocator_freebsd.go
Su Wang 2c4a868f64 Added API to set ephemeral port allocator range.
Also reduce the allowed port range as the total number of containers
per host is typically less than 1K.

This change helps in scenarios where there are other services on
the same host that uses ephemeral ports in iptables manipulation.

The workflow requires changes in docker engine (
https://github.com/moby/moby/pull/40055) and this change. It
works as follows:

1. user can now specified to docker engine an option
   --published-port-range="50000-60000" as cmdline argument or
   in daemon.json.
2. docker engine read and pass this info to libnetwork via
   config.go:OptionDynamicPortRange.
3. libnetwork uses this range to allocate dynamic port henceforth.
4. --published-port-range can be set either via SIGHUP or
   restart docker engine
5. if --published-port-range is not set by user, a OS specific
   default range is used for dynamic port allocation.
   Linux: 49153-60999, Windows: 60000-65000
6 if --published-port-range is invalid, that is, the range
  given is outside of allowed default range, no change takes place.
  libnetwork will continue to use old/existing port range for
  dynamic port allocation.

Signed-off-by: Su Wang <su.wang@docker.com>
2019-10-11 18:48:07 +00:00

42 lines
1.7 KiB
Go

package portallocator
import (
"bytes"
"fmt"
"os/exec"
)
func getDynamicPortRange() (start int, end int, err error) {
portRangeKernelSysctl := []string{"net.inet.ip.portrange.hifirst", "net.ip.portrange.hilast"}
portRangeFallback := fmt.Sprintf("using fallback port range %d-%d", defaultPortRangeStart, defaultPortRangeEnd)
portRangeLowCmd := exec.Command("/sbin/sysctl", portRangeKernelSysctl[0])
var portRangeLowOut bytes.Buffer
portRangeLowCmd.Stdout = &portRangeLowOut
cmdErr := portRangeLowCmd.Run()
if cmdErr != nil {
return 0, 0, fmt.Errorf("port allocator - sysctl net.inet.ip.portrange.hifirst failed - %s: %v", portRangeFallback, err)
}
n, err := fmt.Sscanf(portRangeLowOut.String(), "%d", &start)
if n != 1 || err != nil {
if err == nil {
err = fmt.Errorf("unexpected count of parsed numbers (%d)", n)
}
return 0, 0, fmt.Errorf("port allocator - failed to parse system ephemeral port range start from %s - %s: %v", portRangeLowOut.String(), portRangeFallback, err)
}
portRangeHighCmd := exec.Command("/sbin/sysctl", portRangeKernelSysctl[1])
var portRangeHighOut bytes.Buffer
portRangeHighCmd.Stdout = &portRangeHighOut
cmdErr = portRangeHighCmd.Run()
if cmdErr != nil {
return 0, 0, fmt.Errorf("port allocator - sysctl net.inet.ip.portrange.hilast failed - %s: %v", portRangeFallback, err)
}
n, err = fmt.Sscanf(portRangeHighOut.String(), "%d", &end)
if n != 1 || err != nil {
if err == nil {
err = fmt.Errorf("unexpected count of parsed numbers (%d)", n)
}
return 0, 0, fmt.Errorf("port allocator - failed to parse system ephemeral port range end from %s - %s: %v", portRangeHighOut.String(), portRangeFallback, err)
}
return start, end, nil
}