github.com/moby/docker@v26.1.3+incompatible/libnetwork/controller_linux.go

github.com/moby/docker@v26.1.3+incompatible/libnetwork/controller_linux.go (about)

     1  package libnetwork
     2  
     3  import (
     4  	"context"
     5  	"fmt"
     6  	"sync"
     7  
     8  	"github.com/containerd/log"
     9  	"github.com/docker/docker/libnetwork/iptables"
    10  	"github.com/docker/docker/libnetwork/netlabel"
    11  	"github.com/docker/docker/libnetwork/options"
    12  	"github.com/docker/docker/libnetwork/osl"
    13  )
    14  
    15  // enabledIptablesVersions returns the iptables versions that are enabled
    16  // for the controller.
    17  func (c *Controller) enabledIptablesVersions() []iptables.IPVersion {
    18  	c.mu.Lock()
    19  	defer c.mu.Unlock()
    20  	if c.cfg == nil {
    21  		return nil
    22  	}
    23  	// parse map cfg["bridge"]["generic"]["EnableIPTable"]
    24  	cfgBridge := c.cfg.DriverConfig("bridge")
    25  	cfgGeneric, ok := cfgBridge[netlabel.GenericData].(options.Generic)
    26  	if !ok {
    27  		return nil
    28  	}
    29  
    30  	var versions []iptables.IPVersion
    31  	if enabled, ok := cfgGeneric["EnableIPTables"].(bool); enabled || !ok {
    32  		// iptables is enabled unless user explicitly disabled it
    33  		versions = append(versions, iptables.IPv4)
    34  	}
    35  	if enabled, _ := cfgGeneric["EnableIP6Tables"].(bool); enabled {
    36  		versions = append(versions, iptables.IPv6)
    37  	}
    38  	return versions
    39  }
    40  
    41  // getDefaultOSLSandbox returns the controller's default [osl.Sandbox]. It
    42  // creates the sandbox if it does not yet exist.
    43  func (c *Controller) getDefaultOSLSandbox(key string) (*osl.Namespace, error) {
    44  	var err error
    45  	c.defOsSboxOnce.Do(func() {
    46  		c.defOsSbox, err = osl.NewSandbox(key, false, false)
    47  	})
    48  
    49  	if err != nil {
    50  		c.defOsSboxOnce = sync.Once{}
    51  		return nil, fmt.Errorf("failed to create default sandbox: %v", err)
    52  	}
    53  	return c.defOsSbox, nil
    54  }
    55  
    56  // setupOSLSandbox sets the sandbox [osl.Sandbox], and applies operating-
    57  // specific configuration.
    58  //
    59  // Depending on the Sandbox settings, it may either use the Controller's
    60  // default sandbox, or configure a new one.
    61  func (c *Controller) setupOSLSandbox(sb *Sandbox) error {
    62  	if sb.config.useDefaultSandBox {
    63  		defSB, err := c.getDefaultOSLSandbox(sb.Key())
    64  		if err != nil {
    65  			return err
    66  		}
    67  		sb.osSbox = defSB
    68  	}
    69  
    70  	if sb.osSbox == nil && !sb.config.useExternalKey {
    71  		newSB, err := osl.NewSandbox(sb.Key(), !sb.config.useDefaultSandBox, false)
    72  		if err != nil {
    73  			return fmt.Errorf("failed to create new osl sandbox: %v", err)
    74  		}
    75  		sb.osSbox = newSB
    76  	}
    77  
    78  	if sb.osSbox != nil {
    79  		// Apply operating specific knobs on the load balancer sandbox
    80  		err := sb.osSbox.InvokeFunc(func() {
    81  			sb.osSbox.ApplyOSTweaks(sb.oslTypes)
    82  		})
    83  		if err != nil {
    84  			log.G(context.TODO()).Errorf("Failed to apply performance tuning sysctls to the sandbox: %v", err)
    85  		}
    86  		// Keep this just so performance is not changed
    87  		sb.osSbox.ApplyOSTweaks(sb.oslTypes)
    88  	}
    89  	return nil
    90  }