Skip to content

Added OutboundNAT policy support for Windows #2070

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
fcrisciani merged 1 commit into from
Feb 7, 2018
Merged

Added OutboundNAT policy support for Windows #2070

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 6 additions & 0 deletions drivers/windows/labels.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -42,4 +42,10 @@ const (

// DisableGatewayDNS label
DisableGatewayDNS = "com.docker.network.windowsshim.disable_gatewaydns"

// EnableOutboundNat label
EnableOutboundNat = "com.docker.network.windowsshim.enable_outboundnat"

// OutboundNatExceptions label
OutboundNatExceptions = "com.docker.network.windowsshim.outboundnat_exceptions"
)
58 changes: 43 additions & 15 deletions drivers/windows/windows.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -20,6 +20,7 @@ import (
"sync"

"github.com/Microsoft/hcsshim"
"github.com/docker/docker/pkg/system"
"github.com/docker/libnetwork/datastore"
"github.com/docker/libnetwork/discoverapi"
"github.com/docker/libnetwork/driverapi"
Expand All @@ -30,21 +31,23 @@ import (

// networkConfiguration for network specific configuration
type networkConfiguration struct {
ID string
Type string
Name string
HnsID string
RDID string
VLAN uint
VSID uint
DNSServers string
MacPools []hcsshim.MacPool
DNSSuffix string
SourceMac string
NetworkAdapterName string
dbIndex uint64
dbExists bool
DisableGatewayDNS bool
ID string
Type string
Name string
HnsID string
RDID string
VLAN uint
VSID uint
DNSServers string
MacPools []hcsshim.MacPool
DNSSuffix string
SourceMac string
NetworkAdapterName string
dbIndex uint64
dbExists bool
DisableGatewayDNS bool
EnableOutboundNat bool
OutboundNatExceptions []string
}

// endpointConfiguration represents the user specified configuration for the sandbox endpoint
Expand Down Expand Up @@ -208,6 +211,18 @@ func (d *driver) parseNetworkOptions(id string, genericOptions map[string]string
return nil, err
}
config.VSID = uint(vsid)
case EnableOutboundNat:
if system.GetOSVersion().Build <= 16236 {
Copy link
Copy Markdown
Contributor

@ddebroy ddebroy Feb 7, 2018

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can the build number 16236 be defined as a global constant? It seems to be used at a couple of places.

return nil, fmt.Errorf("Invalid network option. OutboundNat is not supported on this OS version")
}
b, err := strconv.ParseBool(value)
if err != nil {
return nil, err
}
config.EnableOutboundNat = b
case OutboundNatExceptions:
s := strings.Split(value, ",")
config.OutboundNatExceptions = s
}
}

Expand Down Expand Up @@ -609,6 +624,19 @@ func (d *driver) CreateEndpoint(nid, eid string, ifInfo driverapi.InterfaceInfo,

endpointStruct.DisableICC = epOption.DisableICC

// Inherit OutboundNat policy from the network
if n.config.EnableOutboundNat {
outboundNatPolicy, err := json.Marshal(hcsshim.OutboundNatPolicy{
Policy: hcsshim.Policy{Type: hcsshim.OutboundNat},
Exceptions: n.config.OutboundNatExceptions,
})

if err != nil {
return err
}
endpointStruct.Policies = append(endpointStruct.Policies, outboundNatPolicy)
}

configurationb, err := json.Marshal(endpointStruct)
if err != nil {
return err
Expand Down