From 7efec9ea46d02c7fd7e8a15f42d42a190b29f08d Mon Sep 17 00:00:00 2001 From: Bruce Ma Date: Tue, 19 Mar 2019 19:51:56 +0800 Subject: [PATCH] change source of ipmasq rule from ipn to ip --- pkg/ip/ipmasq_linux.go | 11 +++++++++-- plugins/main/ptp/README.md | 2 +- 2 files changed, 10 insertions(+), 3 deletions(-) diff --git a/pkg/ip/ipmasq_linux.go b/pkg/ip/ipmasq_linux.go index 892667bd..cc640a60 100644 --- a/pkg/ip/ipmasq_linux.go +++ b/pkg/ip/ipmasq_linux.go @@ -22,7 +22,7 @@ import ( ) // SetupIPMasq installs iptables rules to masquerade traffic -// coming from ipn and going outside of it +// coming from ip of ipn and going outside of ipn func SetupIPMasq(ipn *net.IPNet, chain string, comment string) error { isV6 := ipn.IP.To4() == nil @@ -70,7 +70,8 @@ func SetupIPMasq(ipn *net.IPNet, chain string, comment string) error { return err } - return ipt.AppendUnique("nat", "POSTROUTING", "-s", ipn.String(), "-j", chain, "-m", "comment", "--comment", comment) + // Packets from the specific IP of this network will hit the chain + return ipt.AppendUnique("nat", "POSTROUTING", "-s", ipn.IP.String(), "-j", chain, "-m", "comment", "--comment", comment) } // TeardownIPMasq undoes the effects of SetupIPMasq @@ -89,6 +90,12 @@ func TeardownIPMasq(ipn *net.IPNet, chain string, comment string) error { return fmt.Errorf("failed to locate iptables: %v", err) } + err = ipt.Delete("nat", "POSTROUTING", "-s", ipn.IP.String(), "-j", chain, "-m", "comment", "--comment", comment) + if err != nil && !isNotExist(err) { + return err + } + + // for downward compatibility err = ipt.Delete("nat", "POSTROUTING", "-s", ipn.String(), "-j", chain, "-m", "comment", "--comment", comment) if err != nil && !isNotExist(err) { return err diff --git a/plugins/main/ptp/README.md b/plugins/main/ptp/README.md index 1467fb84..190476e3 100644 --- a/plugins/main/ptp/README.md +++ b/plugins/main/ptp/README.md @@ -26,7 +26,7 @@ The traffic of the container interface will be routed through the interface of t * `name` (string, required): the name of the network * `type` (string, required): "ptp" -* `ipMasq` (boolean, optional): set up IP Masquerade on the host for traffic originating from this network and destined outside of it. Defaults to false. +* `ipMasq` (boolean, optional): set up IP Masquerade on the host for traffic originating from ip of this network and destined outside of this network. Defaults to false. * `mtu` (integer, optional): explicitly set MTU to the specified value. Defaults to value chosen by the kernel. * `ipam` (dictionary, required): IPAM configuration to be used for this network. * `dns` (dictionary, optional): DNS information to return as described in the [Result](https://github.com/containernetworking/cni/blob/master/SPEC.md#result).