github.com/rawahars/moby@v24.0.4+incompatible/libnetwork/drivers/bridge/setup_ipv6.go (about) 1 //go:build linux 2 // +build linux 3 4 package bridge 5 6 import ( 7 "fmt" 8 "net" 9 "os" 10 11 "github.com/sirupsen/logrus" 12 "github.com/vishvananda/netlink" 13 ) 14 15 // bridgeIPv6 is the default, link-local IPv6 address for the bridge (fe80::1/64) 16 var bridgeIPv6 = &net.IPNet{IP: net.ParseIP("fe80::1"), Mask: net.CIDRMask(64, 128)} 17 18 const ( 19 ipv6ForwardConfPerm = 0644 20 ipv6ForwardConfDefault = "/proc/sys/net/ipv6/conf/default/forwarding" 21 ipv6ForwardConfAll = "/proc/sys/net/ipv6/conf/all/forwarding" 22 ) 23 24 func setupBridgeIPv6(config *networkConfiguration, i *bridgeInterface) error { 25 procFile := "/proc/sys/net/ipv6/conf/" + config.BridgeName + "/disable_ipv6" 26 ipv6BridgeData, err := os.ReadFile(procFile) 27 if err != nil { 28 return fmt.Errorf("Cannot read IPv6 setup for bridge %v: %v", config.BridgeName, err) 29 } 30 // Enable IPv6 on the bridge only if it isn't already enabled 31 if ipv6BridgeData[0] != '0' { 32 if err := os.WriteFile(procFile, []byte{'0', '\n'}, ipv6ForwardConfPerm); err != nil { 33 return fmt.Errorf("Unable to enable IPv6 addresses on bridge: %v", err) 34 } 35 } 36 37 // Store bridge network and default gateway 38 i.bridgeIPv6 = bridgeIPv6 39 i.gatewayIPv6 = i.bridgeIPv6.IP 40 41 if err := i.programIPv6Address(); err != nil { 42 return err 43 } 44 45 if config.AddressIPv6 == nil { 46 return nil 47 } 48 49 // Store the user specified bridge network and network gateway and program it 50 i.bridgeIPv6 = config.AddressIPv6 51 i.gatewayIPv6 = config.AddressIPv6.IP 52 53 if err := i.programIPv6Address(); err != nil { 54 return err 55 } 56 57 // Setting route to global IPv6 subnet 58 logrus.Debugf("Adding route to IPv6 network %s via device %s", config.AddressIPv6.String(), config.BridgeName) 59 err = i.nlh.RouteAdd(&netlink.Route{ 60 Scope: netlink.SCOPE_UNIVERSE, 61 LinkIndex: i.Link.Attrs().Index, 62 Dst: config.AddressIPv6, 63 }) 64 if err != nil && !os.IsExist(err) { 65 logrus.Errorf("Could not add route to IPv6 network %s via device %s: %s", config.AddressIPv6.String(), config.BridgeName, err) 66 } 67 68 return nil 69 } 70 71 func setupGatewayIPv6(config *networkConfiguration, i *bridgeInterface) error { 72 if config.AddressIPv6 == nil { 73 return &ErrInvalidContainerSubnet{} 74 } 75 if !config.AddressIPv6.Contains(config.DefaultGatewayIPv6) { 76 return &ErrInvalidGateway{} 77 } 78 79 // Store requested default gateway 80 i.gatewayIPv6 = config.DefaultGatewayIPv6 81 82 return nil 83 } 84 85 func setupIPv6Forwarding(config *networkConfiguration, i *bridgeInterface) error { 86 // Get current IPv6 default forwarding setup 87 ipv6ForwardDataDefault, err := os.ReadFile(ipv6ForwardConfDefault) 88 if err != nil { 89 return fmt.Errorf("Cannot read IPv6 default forwarding setup: %v", err) 90 } 91 // Enable IPv6 default forwarding only if it is not already enabled 92 if ipv6ForwardDataDefault[0] != '1' { 93 if err := os.WriteFile(ipv6ForwardConfDefault, []byte{'1', '\n'}, ipv6ForwardConfPerm); err != nil { 94 logrus.Warnf("Unable to enable IPv6 default forwarding: %v", err) 95 } 96 } 97 98 // Get current IPv6 all forwarding setup 99 ipv6ForwardDataAll, err := os.ReadFile(ipv6ForwardConfAll) 100 if err != nil { 101 return fmt.Errorf("Cannot read IPv6 all forwarding setup: %v", err) 102 } 103 // Enable IPv6 all forwarding only if it is not already enabled 104 if ipv6ForwardDataAll[0] != '1' { 105 if err := os.WriteFile(ipv6ForwardConfAll, []byte{'1', '\n'}, ipv6ForwardConfPerm); err != nil { 106 logrus.Warnf("Unable to enable IPv6 all forwarding: %v", err) 107 } 108 } 109 110 return nil 111 }