github.com/rumpl/bof@v23.0.0-rc.2+incompatible/libnetwork/drivers/bridge/link.go

github.com/rumpl/bof@v23.0.0-rc.2+incompatible/libnetwork/drivers/bridge/link.go (about)

     1  //go:build linux
     2  // +build linux
     3  
     4  package bridge
     5  
     6  import (
     7  	"fmt"
     8  	"net"
     9  
    10  	"github.com/docker/docker/libnetwork/iptables"
    11  	"github.com/docker/docker/libnetwork/types"
    12  	"github.com/sirupsen/logrus"
    13  )
    14  
    15  type link struct {
    16  	parentIP string
    17  	childIP  string
    18  	ports    []types.TransportPort
    19  	bridge   string
    20  }
    21  
    22  func (l *link) String() string {
    23  	return fmt.Sprintf("%s <-> %s [%v] on %s", l.parentIP, l.childIP, l.ports, l.bridge)
    24  }
    25  
    26  func newLink(parentIP, childIP string, ports []types.TransportPort, bridge string) *link {
    27  	return &link{
    28  		childIP:  childIP,
    29  		parentIP: parentIP,
    30  		ports:    ports,
    31  		bridge:   bridge,
    32  	}
    33  
    34  }
    35  
    36  func (l *link) Enable() error {
    37  	// -A == iptables append flag
    38  	linkFunction := func() error {
    39  		return linkContainers("-A", l.parentIP, l.childIP, l.ports, l.bridge, false)
    40  	}
    41  
    42  	iptables.OnReloaded(func() { linkFunction() })
    43  	return linkFunction()
    44  }
    45  
    46  func (l *link) Disable() {
    47  	// -D == iptables delete flag
    48  	err := linkContainers("-D", l.parentIP, l.childIP, l.ports, l.bridge, true)
    49  	if err != nil {
    50  		logrus.Errorf("Error removing IPTables rules for a link %s due to %s", l.String(), err.Error())
    51  	}
    52  	// Return proper error once we move to use a proper iptables package
    53  	// that returns typed errors
    54  }
    55  
    56  func linkContainers(action, parentIP, childIP string, ports []types.TransportPort, bridge string,
    57  	ignoreErrors bool) error {
    58  	var nfAction iptables.Action
    59  
    60  	switch action {
    61  	case "-A":
    62  		nfAction = iptables.Append
    63  	case "-I":
    64  		nfAction = iptables.Insert
    65  	case "-D":
    66  		nfAction = iptables.Delete
    67  	default:
    68  		return InvalidIPTablesCfgError(action)
    69  	}
    70  
    71  	ip1 := net.ParseIP(parentIP)
    72  	if ip1 == nil {
    73  		return InvalidLinkIPAddrError(parentIP)
    74  	}
    75  	ip2 := net.ParseIP(childIP)
    76  	if ip2 == nil {
    77  		return InvalidLinkIPAddrError(childIP)
    78  	}
    79  
    80  	chain := iptables.ChainInfo{Name: DockerChain}
    81  	for _, port := range ports {
    82  		err := chain.Link(nfAction, ip1, ip2, int(port.Port), port.Proto.String(), bridge)
    83  		if !ignoreErrors && err != nil {
    84  			return err
    85  		}
    86  	}
    87  	return nil
    88  }