Inloggen
golang
/
flannel
1
0
Vork 0
Bestanden Issues 0 Pull-aanvragen 0 Wiki
Boom: 95140bde4f
Aftakkingen Labels
flannel
/
ipmasq.go

ipmasq.go 1.1 KB
Geschiedenis Ruwe

123456789101112131415161718192021222324252627282930313233343536373839404142 
  1. package main
    2. 

  2. 

  3. import (
    4. 

  4. 	"fmt"
    5. 

  5. 	"strings"
    6. 

  6. 

  7. 	log "github.com/coreos/flannel/Godeps/_workspace/src/github.com/golang/glog"
    8. 

  8. 

  9. 	"github.com/coreos/flannel/pkg/ip"
    10. 

  10. )
    11. 

  11. 

  12. func setupIPMasq(ipn ip.IP4Net) error {
    13. 

  13. 	ipt, err := ip.NewIPTables()
    14. 

  14. 	if err != nil {
    15. 

  15. 		return fmt.Errorf("failed to setup IP Masquerade. iptables was not found")
    16. 

  16. 	}
    17. 

  17. 

  18. 	err = ipt.ClearChain("nat", "FLANNEL")
    19. 

  19. 	if err != nil {
    20. 

  20. 		return fmt.Errorf("Failed to create/clear FLANNEL chain in NAT table: %v", err)
    21. 

  21. 	}
    22. 

  22. 

  23. 	rules := [][]string{
    24. 

  24. 		// This rule makes sure we don't NAT traffic within overlay network (e.g. coming out of docker0)
    25. 

  25. 		{"FLANNEL", "-d", ipn.String(), "-j", "ACCEPT"},
    26. 

  26. 		// NAT if it's not multicast traffic
    27. 

  27. 		{"FLANNEL", "!", "-d", "224.0.0.0/4", "-j", "MASQUERADE"},
    28. 

  28. 		// This rule will take everything coming from overlay and sent it to FLANNEL chain
    29. 

  29. 		{"POSTROUTING", "-s", ipn.String(), "-j", "FLANNEL"},
    30. 

  30. 	}
    31. 

  31. 

  32. 	for _, args := range rules {
    33. 

  33. 		log.Info("Adding iptables rule: ", strings.Join(args, " "))
    34. 

  34. 

  35. 		err = ipt.AppendUnique("nat", args...)
    36. 

  36. 		if err != nil {
    37. 

  37. 			return fmt.Errorf("Failed to insert IP masquerade rule: %v", err)
    38. 

  38. 		}
    39. 

  39. 	}
    40. 

  40. 

  41. 	return nil
    42. 

  42. }
    43.