github.com/khulnasoft-lab/khulnasoft@v26.0.1-0.20240328202558-330a6f959fe0+incompatible/libnetwork/resolver_unix.go

github.com/khulnasoft-lab/khulnasoft@v26.0.1-0.20240328202558-330a6f959fe0+incompatible/libnetwork/resolver_unix.go (about)

     1  //go:build !windows
     2  
     3  package libnetwork
     4  
     5  import (
     6  	"fmt"
     7  	"net"
     8  
     9  	"github.com/docker/docker/libnetwork/iptables"
    10  )
    11  
    12  const (
    13  	// output chain used for docker embedded DNS resolver
    14  	outputChain = "DOCKER_OUTPUT"
    15  	// postrouting chain used for docker embedded DNS resolver
    16  	postroutingChain = "DOCKER_POSTROUTING"
    17  )
    18  
    19  func (r *Resolver) setupIPTable() error {
    20  	if r.err != nil {
    21  		return r.err
    22  	}
    23  	laddr := r.conn.LocalAddr().String()
    24  	ltcpaddr := r.tcpListen.Addr().String()
    25  	resolverIP, ipPort, _ := net.SplitHostPort(laddr)
    26  	_, tcpPort, _ := net.SplitHostPort(ltcpaddr)
    27  	rules := [][]string{
    28  		{"-t", "nat", "-I", outputChain, "-d", resolverIP, "-p", "udp", "--dport", dnsPort, "-j", "DNAT", "--to-destination", laddr},
    29  		{"-t", "nat", "-I", postroutingChain, "-s", resolverIP, "-p", "udp", "--sport", ipPort, "-j", "SNAT", "--to-source", ":" + dnsPort},
    30  		{"-t", "nat", "-I", outputChain, "-d", resolverIP, "-p", "tcp", "--dport", dnsPort, "-j", "DNAT", "--to-destination", ltcpaddr},
    31  		{"-t", "nat", "-I", postroutingChain, "-s", resolverIP, "-p", "tcp", "--sport", tcpPort, "-j", "SNAT", "--to-source", ":" + dnsPort},
    32  	}
    33  
    34  	var setupErr error
    35  	err := r.backend.ExecFunc(func() {
    36  		// TODO IPv6 support
    37  		iptable := iptables.GetIptable(iptables.IPv4)
    38  
    39  		// insert outputChain and postroutingchain
    40  		if iptable.ExistsNative("nat", "OUTPUT", "-d", resolverIP, "-j", outputChain) {
    41  			if err := iptable.RawCombinedOutputNative("-t", "nat", "-F", outputChain); err != nil {
    42  				setupErr = err
    43  				return
    44  			}
    45  		} else {
    46  			if err := iptable.RawCombinedOutputNative("-t", "nat", "-N", outputChain); err != nil {
    47  				setupErr = err
    48  				return
    49  			}
    50  			if err := iptable.RawCombinedOutputNative("-t", "nat", "-I", "OUTPUT", "-d", resolverIP, "-j", outputChain); err != nil {
    51  				setupErr = err
    52  				return
    53  			}
    54  		}
    55  
    56  		if iptable.ExistsNative("nat", "POSTROUTING", "-d", resolverIP, "-j", postroutingChain) {
    57  			if err := iptable.RawCombinedOutputNative("-t", "nat", "-F", postroutingChain); err != nil {
    58  				setupErr = err
    59  				return
    60  			}
    61  		} else {
    62  			if err := iptable.RawCombinedOutputNative("-t", "nat", "-N", postroutingChain); err != nil {
    63  				setupErr = err
    64  				return
    65  			}
    66  			if err := iptable.RawCombinedOutputNative("-t", "nat", "-I", "POSTROUTING", "-d", resolverIP, "-j", postroutingChain); err != nil {
    67  				setupErr = err
    68  				return
    69  			}
    70  		}
    71  
    72  		for _, rule := range rules {
    73  			if iptable.RawCombinedOutputNative(rule...) != nil {
    74  				setupErr = fmt.Errorf("set up rule failed, %v", rule)
    75  				return
    76  			}
    77  		}
    78  	})
    79  	if err != nil {
    80  		return err
    81  	}
    82  	return setupErr
    83  }