func SetupPortMaps(containerip string, maps []pod.UserContainerPort) error {
if len(maps) == 0 {
return nil
}
for _, m := range maps {
var proto string
if strings.EqualFold(m.Protocol, "udp") {
proto = "udp"
} else {
proto = "tcp"
}
natArgs := []string{"-p", proto, "-m", proto, "--dport",
strconv.Itoa(m.HostPort), "-j", "DNAT", "--to-destination",
net.JoinHostPort(containerip, strconv.Itoa(m.ContainerPort))}
if iptables.PortMapExists("HYPER", natArgs) {
return nil
}
if iptables.PortMapUsed("HYPER", natArgs) {
return fmt.Errorf("Host port %d has aleady been used", m.HostPort)
}
err := iptables.OperatePortMap(iptables.Insert, "HYPER", natArgs)
if err != nil {
return err
}
err = portMapper.AllocateMap(m.Protocol, m.HostPort, containerip, m.ContainerPort)
if err != nil {
return err
}
filterArgs := []string{"-d", containerip, "-p", proto, "-m", proto,
"--dport", strconv.Itoa(m.ContainerPort), "-j", "ACCEPT"}
if output, err := iptables.Raw(append([]string{"-I", "HYPER"}, filterArgs...)...); err != nil {
return fmt.Errorf("Unable to setup forward rule in HYPER chain: %s", err)
} else if len(output) != 0 {
return &iptables.ChainError{Chain: "HYPER", Output: output}
}
}
/* forbid to map ports twice */
return nil
}
func SetupPortMaps(containerip string, maps []pod.UserContainerPort) error {
var (
err error = nil
i int = 0
)
if len(maps) == 0 {
return nil
}
err = nil
for _, m := range maps {
var proto string
if strings.EqualFold(m.Protocol, "udp") {
proto = "udp"
} else {
proto = "tcp"
}
err = portMapper.AllocateMap(m.Protocol, m.HostPort, containerip, m.ContainerPort)
if err != nil {
break
}
natArgs := []string{"-p", proto, "-m", proto, "--dport",
strconv.Itoa(m.HostPort), "-j", "DNAT", "--to-destination",
net.JoinHostPort(containerip, strconv.Itoa(m.ContainerPort))}
if !iptables.PortMapExists("HYPER", natArgs) {
if iptables.PortMapUsed("HYPER", natArgs) {
err = fmt.Errorf("Host port %d has aleady been used", m.HostPort)
portMapper.ReleaseMap(m.Protocol, m.HostPort)
break
}
err = iptables.OperatePortMap(iptables.Insert, "HYPER", natArgs)
if err != nil {
portMapper.ReleaseMap(m.Protocol, m.HostPort)
break
}
}
filterArgs := []string{"-d", containerip, "-p", proto, "-m", proto,
"--dport", strconv.Itoa(m.ContainerPort), "-j", "ACCEPT"}
if output, err := iptables.Raw(append([]string{"-I", "HYPER"}, filterArgs...)...); err != nil {
err = fmt.Errorf("Unable to setup forward rule in HYPER chain: %s", err)
} else if len(output) != 0 {
err = &iptables.ChainError{Chain: "HYPER", Output: output}
}
if err != nil {
portMapper.ReleaseMap(m.Protocol, m.HostPort)
iptables.OperatePortMap(iptables.Delete, "HYPER", natArgs)
break
}
i++
}
if err == nil {
return nil
}
for _, m := range maps {
var proto string
i--
if i < 0 {
break
}
if strings.EqualFold(m.Protocol, "udp") {
proto = "udp"
} else {
proto = "tcp"
}
portMapper.ReleaseMap(m.Protocol, m.HostPort)
natArgs := []string{"-p", proto, "-m", proto, "--dport",
strconv.Itoa(m.HostPort), "-j", "DNAT", "--to-destination",
net.JoinHostPort(containerip, strconv.Itoa(m.ContainerPort))}
iptables.OperatePortMap(iptables.Delete, "HYPER", natArgs)
filterArgs := []string{"-d", containerip, "-p", proto, "-m", proto,
"--dport", strconv.Itoa(m.ContainerPort), "-j", "ACCEPT"}
iptables.Raw(append([]string{"-D", "HYPER"}, filterArgs...)...)
}
return err
}