diff --git a/pkg/ip/ipforward.go b/pkg/ip/ipforward.go new file mode 100644 index 00000000..0a1ca252 --- /dev/null +++ b/pkg/ip/ipforward.go @@ -0,0 +1,31 @@ +// Copyright 2015 CoreOS, Inc. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package ip + +import ( + "io/ioutil" +) + +func EnableIP4Forward() error { + return echo1("/proc/sys/net/ipv4/ip_forward") +} + +func EnableIP6Forward() error { + return echo1("/proc/sys/net/ipv6/conf/all/forwarding") +} + +func echo1(f string) error { + return ioutil.WriteFile(f, []byte("1"), 0644) +} diff --git a/plugins/main/bridge/bridge.go b/plugins/main/bridge/bridge.go index dbc48b1a..e65e08e4 100644 --- a/plugins/main/bridge/bridge.go +++ b/plugins/main/bridge/bridge.go @@ -212,6 +212,10 @@ func cmdAdd(args *skel.CmdArgs) error { if err = ensureBridgeAddr(br, gwn); err != nil { return err } + + if err := ip.EnableIP4Forward(); err != nil { + return fmt.Errorf("failed to enable forwarding: %v", err) + } } if n.IPMasq { diff --git a/plugins/main/veth/veth.go b/plugins/main/veth/veth.go index 5d343932..58a0396e 100644 --- a/plugins/main/veth/veth.go +++ b/plugins/main/veth/veth.go @@ -95,6 +95,10 @@ func cmdAdd(args *skel.CmdArgs) error { return fmt.Errorf("failed to load netconf: %v", err) } + if err := ip.EnableIP4Forward(); err != nil { + return fmt.Errorf("failed to enable forwarding: %v", err) + } + // run the IPAM plugin and get back the config to apply result, err := plugin.ExecAdd(conf.IPAM.Type, args.StdinData) if err != nil {