libnetwork icon indicating copy to clipboard operation
libnetwork copied to clipboard
verified publisher icon moby

Limited bridge netfilter application.

Open tomkcook opened this issue 6 years ago • 9 comments

Fixes moby/moby#47127.

tomkcook avatar Jan 07 '20 15:01 tomkcook

Please sign your commits following these rules: https://github.com/moby/moby/blob/master/CONTRIBUTING.md#sign-your-work The easiest way to do this is to amend the last commit:

$ git clone -b "limited-bridge-netfilter" [email protected]:tomkcook/libnetwork.git somewhere
$ cd somewhere
$ git commit --amend -s --no-edit
$ git push -f

Amending updates the existing PR. You DO NOT need to open a new one.

GordonTheTurtle avatar Jan 07 '20 15:01 GordonTheTurtle

Thanks for raising a PR @tomkcook Can you please

  1. Sign your PR using the steps mentioned above
  2. Elaborate what you did, and why you did it in the commit message (by sharing the links you had shared in the Issue)

arkodg avatar Jan 07 '20 17:01 arkodg

Thanks for raising a PR @tomkcook Can you please

1. Sign your PR using the steps mentioned above

2. Elaborate what you did, and why you did it in the commit message (by sharing the links you had shared in the Issue)

Done.

tomkcook avatar Jan 08 '20 17:01 tomkcook

these changes look good @tomkcook we might need to remove the check you brought up earlier https://github.com/docker/libnetwork/issues/2488#issuecomment-571746499 thoughts ? @euanh @selansen @thaJeztah

arkodg avatar Jan 08 '20 18:01 arkodg

we might need to remove the check you brought up earlier moby/moby#47127 (comment)

Would that remove the --icc=false option entirely?

thaJeztah avatar Jan 14 '20 13:01 thaJeztah

@thaJeztah no, only suggesting we rewrite it to

{d.config.EnableIPTables, setupBridgeNetFiltering},)

arkodg avatar Jan 14 '20 18:01 arkodg

Unrelated to this PR directly, but I noticed that the i argument to checkBridgeNetFiltering() doesn't seem to be used;

func checkBridgeNetFiltering(config *networkConfiguration, i *bridgeInterface) error {

It was added in https://github.com/docker/libnetwork/pull/336/files, and looks to be because it needs to satisfy the setupStep interface; https://github.com/docker/libnetwork/blob/9f2286349b58b00cf98bd36aa3f78763d52e8c63/drivers/bridge/setup.go#L3 and passed a value during the setup; https://github.com/docker/libnetwork/blob/9f2286349b58b00cf98bd36aa3f78763d52e8c63/drivers/bridge/setup.go#L15-L22

(could probably be changed to _ *bridgeInterface to make it more explicit that it's unused)

thaJeztah avatar Jan 22 '20 11:01 thaJeztah

@tomkcook can incorporate https://github.com/docker/libnetwork/issues/2488#issuecomment-571746499 (remove the icc check) in this PR

arkodg avatar Feb 21 '20 23:02 arkodg

Note we have migrated this codebase over to github.com/moby/moby/libnetwork. We are not accepting PR's on this repo anymore except for backports to be included in moby 20.10

cpuguy83 avatar Jun 18 '21 22:06 cpuguy83