InTheForest/moby
1
0
Fork 0
mirror of https://github.com/moby/moby.git synced 2026-01-11 18:51:37 +00:00
Code Issues Packages Projects Releases Wiki Activity

Fix daemon startup on a no-IPv6 host

Browse Source 
With ip6tables enabled (by default), the daemon should start on a
host with IPv6 disabled - then error if IPv6 network creation is
attempted.

That regressed in commit 255fff4 - so, only try to set up network
isolation rules for a network if it's IPv6-enabled.

Signed-off-by: Rob Murray <rob.murray@docker.com>
This commit is contained in:
Rob Murray
2025-02-23 09:35:52 +00:00
parent 5cf20fe12e
commit 8cc4d1d4a2
1 changed files with 16 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
libnetwork/drivers/bridge/bridge_linux.go
View File

@@ -466,8 +466,8 @@ func (n *bridgeNetwork) getEndpoint(eid string) (*bridgeEndpoint, error) {
return nil, nil
}
// Install/Removes the iptables rules needed to isolate this network
// from each of the other networks
// Install (enable=true) or remove (enable=false) the iptables rules needed to isolate this network
// from each of the other bridge networks
func (n *bridgeNetwork) isolateNetwork(enable bool) error {
n.Lock()
thisConfig := n.config
@@ -477,15 +477,24 @@ func (n *bridgeNetwork) isolateNetwork(enable bool) error {
return nil
}
// Install the rules to isolate this network against each of the other networks
if n.driver.config.EnableIPTables {
if err := setINC(iptables.IPv4, thisConfig.BridgeName, thisConfig.GwModeIPv4, enable); err != nil {
return err
// Only create the rules if the network has IPv4 enabled. But, always delete
// rules, in case they were set up by an older daemon that didn't check whether
// the network has IPv4.
if !enable || thisConfig.EnableIPv4 {
if err := setINC(iptables.IPv4, thisConfig.BridgeName, thisConfig.GwModeIPv4, enable); err != nil {
return err
}
}
}
if n.driver.config.EnableIP6Tables {
if err := setINC(iptables.IPv6, thisConfig.BridgeName, thisConfig.GwModeIPv6, enable); err != nil {
return err
// Only create the rules if the network has IPv6 enabled. But, always delete
// rules, in case they were set up by an older daemon that didn't check whether
// the network has IPv6.
if !enable || thisConfig.EnableIPv6 {
if err := setINC(iptables.IPv6, thisConfig.BridgeName, thisConfig.GwModeIPv6, enable); err != nil {
return err
}
}
}