ITQC/containernetworking-plugins
24
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 34 Wiki Activity

support masquerade all config

Browse Source 
Signed-off-by: bingshen.wbs <bingshen.wbs@alibaba-inc.com>
This commit is contained in:
bingshen.wbs 2022-09-16 16:39:44 +08:00
parent f1f128e3c9
commit 0463fd19af
2 changed files with 12 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
plugins/meta/portmap/main.go
View File

@ -54,6 +54,7 @@ type PortMapConf struct {
SNAT *bool `json:"snat,omitempty"` SNAT *bool `json:"snat,omitempty"`
ConditionsV4 *[]string `json:"conditionsV4"` ConditionsV4 *[]string `json:"conditionsV4"`
ConditionsV6 *[]string `json:"conditionsV6"` ConditionsV6 *[]string `json:"conditionsV6"`
MasqAll bool `json:"masqAll,omitempty"`
MarkMasqBit *int `json:"markMasqBit"` MarkMasqBit *int `json:"markMasqBit"`
ExternalSetMarkChain *string `json:"externalSetMarkChain"` ExternalSetMarkChain *string `json:"externalSetMarkChain"`
RuntimeConfig struct { RuntimeConfig struct {

13
plugins/meta/portmap/portmap.go
View File

@ -259,13 +259,22 @@ func fillDnatRules(c *chain, config *PortMapConf, containerNet net.IPNet) {
hpRule := make([]string, len(ruleBase), len(ruleBase)+4) hpRule := make([]string, len(ruleBase), len(ruleBase)+4)
copy(hpRule, ruleBase) copy(hpRule, ruleBase)
masqCIDR := containerNet.String()
if config.MasqAll {
if isV6 {
masqCIDR = "::/0"
} else {
masqCIDR = "0.0.0.0/0"
}
}
hpRule = append(hpRule, hpRule = append(hpRule,
"-s", containerNet.String(), "-s", masqCIDR,
"-j", setMarkChainName, "-j", setMarkChainName,
) )
c.rules = append(c.rules, hpRule) c.rules = append(c.rules, hpRule)
if !isV6 { if !isV6 && !config.MasqAll {
// localhost // localhost
localRule := make([]string, len(ruleBase), len(ruleBase)+4) localRule := make([]string, len(ruleBase), len(ruleBase)+4)
copy(localRule, ruleBase) copy(localRule, ruleBase)