Skip to content

Commit dc1ecbf

Browse files
tamilmani1989tamilmani1989
authored
added ipv6 changes (#534)
1 parent 47f6d8f commit dc1ecbf

File tree

2 files changed

+29
-5
lines changed

2 files changed

+29
-5
lines changed

cnms/Dockerfile

Lines changed: 3 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -3,5 +3,6 @@ RUN apt -y update
33
RUN apt-get -y upgrade
44
RUN apt install -y ebtables
55
RUN apt install -y net-tools
6-
COPY networkmonitor /usr/bin/networkmonitor
7-
CMD ["/usr/bin/networkmonitor"]
6+
COPY azure-cnms /usr/bin/azure-cnms
7+
RUN chmod +x /usr/bin/azure-cnms
8+
CMD ["/usr/bin/azure-cnms"]

network/monitor_linux.go

Lines changed: 26 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -8,6 +8,10 @@ import (
88
"github.com/Azure/azure-container-networking/log"
99
)
1010

11+
const (
12+
ipv6Mask = "/ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff"
13+
)
14+
1115
// monitorNetworkState compares current ebtable nat rules with state rules and matches state.
1216
func (nm *networkManager) monitorNetworkState(networkMonitor *cnms.NetworkMonitor) error {
1317
currentEbtableRulesMap, err := cnms.GetEbTableRulesInMap()
@@ -34,13 +38,32 @@ func (nm *networkManager) AddStateRulesToMap() map[string]string {
3438
snatKey := fmt.Sprintf("-s Unicast -o %s -j snat --to-src %s --snat-arp --snat-target ACCEPT", extIf.Name, extIf.MacAddress.String())
3539
rulesMap[snatKey] = ebtables.PostRouting
3640

41+
for _, extIP := range extIf.IPAddresses {
42+
if extIP.IP.To4() != nil {
43+
arpReplyKey := fmt.Sprintf("-p ARP --arp-op Request --arp-ip-dst %s -j arpreply --arpreply-mac %s", extIP.IP.String(), extIf.MacAddress.String())
44+
rulesMap[arpReplyKey] = ebtables.PreRouting
45+
}
46+
}
47+
3748
for _, nw := range extIf.Networks {
3849
for _, ep := range nw.Endpoints {
3950
for _, ipAddr := range ep.IPAddresses {
40-
arpReplyKey := fmt.Sprintf("-p ARP --arp-op Request --arp-ip-dst %s -j arpreply --arpreply-mac %s", ipAddr.IP.String(), ep.MacAddress.String())
41-
rulesMap[arpReplyKey] = ebtables.PreRouting
51+
if ipAddr.IP.To4() != nil {
52+
arpReplyKey := fmt.Sprintf("-p ARP --arp-op Request --arp-ip-dst %s -j arpreply --arpreply-mac %s", ipAddr.IP.String(), ep.MacAddress.String())
53+
rulesMap[arpReplyKey] = ebtables.PreRouting
54+
}
55+
56+
dst := "--ip-dst"
57+
proto := "IPv4"
58+
ipAddress := ipAddr.IP.String()
59+
if ipAddr.IP.To4() == nil {
60+
dst = "--ip6-dst"
61+
proto = "IPv6"
62+
ipAddress = ipAddr.IP.String() + ipv6Mask
63+
}
4264

43-
dnatMacKey := fmt.Sprintf("-p IPv4 -i %s --ip-dst %s -j dnat --to-dst %s --dnat-target ACCEPT", extIf.Name, ipAddr.IP.String(), ep.MacAddress.String())
65+
dnatMacKey := fmt.Sprintf("-p %s -i %s %s %s -j dnat --to-dst %s --dnat-target ACCEPT",
66+
proto, extIf.Name, dst, ipAddress, ep.MacAddress.String())
4467
rulesMap[dnatMacKey] = ebtables.PreRouting
4568
}
4669
}

0 commit comments

Comments
 (0)