docker
/
docs
mirror of https://github.com/docker/docs.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
5,894 Commits 21 Branches 28 Tags 816 MiB
Commit Graph

99 Commits

Author SHA1 Message Date
Guillaume J. Charmes 4ab59179e7 Merge pull request #3801 from tianon/ip-forward 
Add --ip-forward flag to daemon (enabled by default)
 2014-01-28 11:17:45 -08:00
Guillaume J. Charmes d4ea6308fd Merge pull request #3759 from jpoimboe/links-iptables-cleanup 
network: remove unnecessary links iptables rule for return traffic
 2014-01-28 11:10:36 -08:00
Tianon Gravi cabe624c82 Add --ip-forward flag to daemon (enabled by default) which automatically sets "net.ipv4.ip_forward" to 1 
See also https://groups.google.com/d/topic/docker-dev/DCjF5Prx7HA/discussion

Docker-DCO-1.1-Signed-off-by: Andrew Page <admwiggin@gmail.com> (github: tianon)
 2014-01-27 21:35:05 -07:00
Michael Crosby da61b99b39 Simplify logic for registering ports 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-01-26 14:01:38 -08:00
Michael Crosby ac2a4e6410 Refactor to support multiple ip addresses 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-01-26 14:01:38 -08:00
Josh Poimboeuf 5c04f1bcc7 network: remove unnecessary links iptables rule for return traffic 
Currently there are two iptables rules per port for each link: one to
allow the parent to connect to the child's port, and another one to
allow return traffic from the child back to the parent.  The second rule
shouldn't be needed because the "ctstate RELATED,ESTABLISHED" rule can
already allow all established traffic.

So this patch does the following:

1. Move the RELATED,ESTABLISHED rule to be _before_ the potential
   inter-container communication DROP rule so it will work for
   inter-container traffic as well.  Since we're inserting, everything
   is reversed chronologically so it should be inserted _after_ we
   insert the DROP.  This also has a small performance benefit because
   it will be processed earlier and it's generally one of the most
   commonly used rules.

2. Get rid of the unnecessary return traffic rule per link.

3. Also move the other "Accept all non-intercontainer outgoing packets"
   rule to earlier.  This gives a small performance benefit since it's
   also a commonly used rule, and it makes sense to logically group it
   next to the ctstate rule.

Docker-DCO-1.1-Signed-off-by: Josh Poimboeuf <jpoimboe@redhat.com> (github: jpoimboe)
 2014-01-24 21:20:34 -06:00
Michael Crosby ec73c23231 Refactor and fix register interface when bridge does not exist 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-01-23 14:39:10 -08:00
Michael Crosby ea5b3e193b Finalize core changes with new package 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-01-23 05:22:32 -08:00
Michael Crosby fccca3542b Move tests from core into ipallocator 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-01-23 01:31:38 -08:00
Michael Crosby 9e2e8a923c WIP for ip allocator 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-01-22 15:52:39 -08:00
Johan Euphrosine 77d9fd2628 netlink: make darwin happy 
Docker-DCO-1.1-Signed-off-by: Johan Euphrosine <proppy@google.com> (github: proppy)
 2014-01-17 16:55:42 -08:00
Johan Euphrosine a886fbfa4a network: exclude default routes from checkRouteOverlaps 
Docker-DCO-1.1-Signed-off-by: Johan Euphrosine <proppy@google.com> (github: proppy)
 2014-01-17 11:09:53 -08:00
Johan Euphrosine 26726dc9ff netlink: add default Route to NetworkGetRoutes 
Docker-DCO-1.1-Signed-off-by: Johan Euphrosine <proppy@google.com> (github: proppy)
 2014-01-17 11:09:50 -08:00
Michael Crosby b8b18a2b42 Merge pull request #3435 from roylee17/3149-fix_port_mapping_of_tcp_plus_udp 
Fix #3149: port mapping of TCP + UDP
 2014-01-07 10:08:13 -08:00
Solomon Hykes 7799ae27ca Move utility package 'iptables' to pkg/iptables 2014-01-06 15:41:24 -08:00
Tzu-Jung Lee f560b87a86 Fix #3149: port mapping of TCP + UDP 
Signed-off-by: Tzu-Jung Lee <roylee17@gmail.com>
 2014-01-02 16:01:04 -08:00
Solomon Hykes f6b91262a7 Move utility package 'netlink' to pkg/netlink 2013-12-23 23:39:39 +00:00
Tzu-Jung Lee 7d2e851d8e network: fix a typo in udp cleanup path 
Fix #3224 - Port already in use error when running a container

Signed-off-by: Tzu-Jung Lee <roylee17@gmail.com>
 2013-12-20 17:54:54 -08:00
Michael Crosby 566ff54d0d Allow mtu to be configured at daemon start 2013-12-20 12:12:03 -05:00
Guillaume J. Charmes 9a9ecda7c8 Merge pull request #3208 from WarheadsSE/bridgeip 
Add -bip flag: allow specification of dynamic bridge IP via CIDR
 2013-12-13 13:56:35 -08:00
Rodrigo Vaz a530b8d981 fix #3141 Bridge creation when ipv6 is not enabled 2013-12-13 16:39:49 -02:00
WarheadsSE a68d7f3d70 Add -bip flag: allow specification of dynamic bridge IP via CIDR 
e.g.:

```
docker -d -bip "10.10.0.1/16"
```

If set and valid, use provided in place of trial and error from pre-defined array in network.go.
Mutually exclusive of -b option.
 2013-12-13 10:47:19 -05:00
Josh Poimboeuf 7a94cdf8ed create the bridge device with ioctl 
On RHEL 6, creation of a bridge device with netlink fails.  Use the more
backward-compatible ioctl instead.  This fixes networking on RHEL 6.
 2013-12-05 15:32:15 -06:00
Victor Vieux 79031c4f8c Merge pull request #2907 from goldmann/iptables-fix 
Make sure the firewall rules are created even if the bridge interface is already created
 2013-12-04 18:04:57 -08:00
Victor Vieux 5f55c1aee1 Merge pull request #2966 from andrewsmedina/govet2 
fixed some `go vet` issues.
 2013-12-04 17:57:10 -08:00
Emil Hernvall 1cb1e08644 Support for same port on multiple interfaces 
This commit improves upon the PortMapper and PortAllocator classes by changing
their internal data structures for port allocations to use a string rather than
a single integer. This string holds the network interface address as well as the
port number. This solves a previous problem where a port would be incorrectly
reported as being in use because it had been allocated for a different interface.

I've also added a basic test case for the PortMapper class, and extended the
existing test case for PortAllocator. In the case of PortMapper, this is done
by handing it a stub function for creating proxies rather than an actual
implementation.
 2013-12-03 15:14:54 +01:00
Andrews Medina a6c9a332d0 fixed some `go vet` issues. 2013-11-29 22:53:20 -02:00
Marek Goldmann 0ff9bc1be3 Make sure the firewall rules are created even if the bridge interface is already created 2013-11-27 12:14:18 +01:00
Vincent Batts ef14aaf627 fix the nil pointer panic on closing a disabled network manager 
Issue #2768
 2013-11-22 14:28:49 -05:00
Josh Poimboeuf ec4657b28a network: add iptables rules to explicitly allow forwarding 
Explicitly enable container networking for Fedora and other distros that
have a REJECT all rule at the end of their FORWARD table.
 2013-11-07 16:23:39 -06:00
Michael Crosby b5c984f9b4 Merge pull request #2561 from dotcloud/add_iptabled_errors 
Make iptable return an error in case of output
 2013-11-07 09:15:09 -08:00
Mark Allen 3560c922b1 Prevent DNS server conflicts in CreateBridgeIface 
Retrieve /etc/resolv.conf data (if available)

Add checkNameserverOverlaps and call it to
make sure there are no conflicts

Add utils.GetNameserversAsCIDR and tests

Read /etc/resolv.conf and pull out nameservers,
formatting them as a CIDR block ("1.2.3.4/32")
 2013-11-05 21:24:37 -06:00
Guillaume J. Charmes ff8a4ba0aa
Check the output of iptables command. 2013-11-05 08:33:13 -08:00
Michael Crosby 94e5081bac Move iptable rules outside of create bridge 
This allows the user to toggle enabling and
disabling intercontainer communication when
they run the daemon.
 2013-10-25 15:13:26 -07:00
Victor Vieux 89fb51f606 fix merge issue and gofmt 2013-10-25 15:13:25 -07:00
Alexander Larsson 494cd07f72 network: Stop shelling out to /sbin/ip 
We have our own netlink version of all the required calls now, so
we can just skip the /sbin/ip dependency.
 2013-10-25 15:13:24 -07:00
Michael Crosby ce965b8c43 Add flag for inter-container communication 2013-10-25 15:13:24 -07:00
Michael Crosby 1cbdaebaa1 Add links for container relationships and introspection 2013-10-25 15:13:24 -07:00
Guillaume J. Charmes 9107565d06
Make sure to close the network allocators 2013-10-08 15:42:02 -07:00
Brian Olsen 6756e786ac Just fixing gofmt issues in other people's code. 2013-08-30 22:02:05 +02:00
pysqz 2f6ce27fde Make sure 'Ghost' container is available with allocated IP 2013-08-21 22:37:58 +08:00
Pascal Borreli 9b2a5964fc Fixed typos 2013-08-12 18:53:06 +01:00
Guillaume J. Charmes a2f526dadc Merge pull request #1435 from jpetazzo/userland-proxy-should-listen-on-inaddr-any 
* Runtime: Let userland proxy handle container-bound traffic
 2013-08-07 15:48:17 -07:00
Jérôme Petazzoni fea2d5f2fe Let userland proxy handle container-bound traffic 2013-08-06 17:44:39 -07:00
Jérôme Petazzoni 9f1c9686e0 change network range to avoid conflict with EC2 DNS 2013-08-06 17:24:10 -07:00
Guillaume J. Charmes f5a8e90d10
Make sure the routes IP are taken into consideration + add unit test for network overlap detection 2013-08-01 18:12:39 -07:00
Steeve Morin 2e72882216 Handle ip route showing mask-less IP addresses 
Sometimes `ip route` will show mask-less IPs, so net.ParseCIDR will fail. If it does we check if we can net.ParseIP, and fail only if we can't.
Fixes #1214
Fixes #362
 2013-08-01 02:42:22 +02:00
Victor Vieux 8165e51ecc Merge branch '858-disable-network-configuration' of https://github.com/stfp/docker into stfp-858-disable-network-configuration 2013-07-23 08:44:12 +00:00
Solomon Hykes 4714f102d7 Allocate a /16 IP range by default, with fallback to /24. Try a total of 12 ranges instead of 3. 2013-07-22 12:06:24 -07:00
Stefan Praszalowicz 49673fc45c Support completely disabling network configuration with docker -d -b none 2013-07-21 17:49:09 -07:00