ITQC/containernetworking-plugins
24
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 34 Wiki Activity

Merge pull request #772 from BSWANG/master

Browse Source 
`portmap` support masquerade all
This commit is contained in:
Casey Callendrello 2023-01-09 17:41:52 +01:00 committed by GitHub
commit a3b678ee03
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 12 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
plugins/meta/portmap/main.go
View File

@ -54,6 +54,7 @@ type PortMapConf struct {
SNAT *bool `json:"snat,omitempty"`
ConditionsV4 *[]string `json:"conditionsV4"`
ConditionsV6 *[]string `json:"conditionsV6"`
MasqAll bool `json:"masqAll,omitempty"`
MarkMasqBit *int `json:"markMasqBit"`
ExternalSetMarkChain *string `json:"externalSetMarkChain"`
RuntimeConfig struct {

13
plugins/meta/portmap/portmap.go
View File

@ -248,13 +248,22 @@ func fillDnatRules(c *chain, config *PortMapConf, containerNet net.IPNet) {
hpRule := make([]string, len(ruleBase), len(ruleBase)+4)
copy(hpRule, ruleBase)
masqCIDR := containerNet.String()
if config.MasqAll {
if isV6 {
masqCIDR = "::/0"
} else {
masqCIDR = "0.0.0.0/0"
}
}
hpRule = append(hpRule,
"-s", containerNet.String(),
"-s", masqCIDR,
"-j", setMarkChainName,
)
c.rules = append(c.rules, hpRule)
if !isV6 {
if !isV6 && !config.MasqAll {
// localhost
localRule := make([]string, len(ruleBase), len(ruleBase)+4)
copy(localRule, ruleBase)