Merge pull request moby#50382 from akerouanton/split-nat-routed-portmappers

libnet/d/bridge: mv portmapper to libnet/pms/{nat,routed}

Author: akerouanton

daemon/daemon.go

@@ -1458,9 +1458,10 @@ func (daemon *Daemon) networkOptions(conf *config.Config, pg plugingetter.Plugin
 		nwconfig.OptionLabels(conf.Labels),
 		nwconfig.OptionNetworkControlPlaneMTU(conf.NetworkControlPlaneMTU),
 		nwconfig.OptionFirewallBackend(conf.FirewallBackend),
-		driverOptions(conf),
 	}
 
+	options = append(options, networkPlatformOptions(conf)...)
+
 	defaultAddressPools := ipamutils.GetLocalScopeDefaultNetworks()
 	if len(conf.NetworkConfig.DefaultAddressPools.Value()) > 0 {
 		defaultAddressPools = conf.NetworkConfig.DefaultAddressPools.Value()

daemon/daemon_unix.go

@@ -924,19 +924,23 @@ func setHostGatewayIP(controller *libnetwork.Controller, config *config.Config)
 	}
 }
 
-func driverOptions(config *config.Config) nwconfig.Option {
-	return nwconfig.OptionDriverConfig("bridge", options.Generic{
-		netlabel.GenericData: options.Generic{
-			"EnableIPForwarding":       config.BridgeConfig.EnableIPForward,
-			"DisableFilterForwardDrop": config.BridgeConfig.DisableFilterForwardDrop,
-			"EnableIPTables":           config.BridgeConfig.EnableIPTables,
-			"EnableIP6Tables":          config.BridgeConfig.EnableIP6Tables,
-			"EnableUserlandProxy":      config.BridgeConfig.EnableUserlandProxy,
-			"UserlandProxyPath":        config.BridgeConfig.UserlandProxyPath,
-			"AllowDirectRouting":       config.BridgeConfig.AllowDirectRouting,
-			"Rootless":                 config.Rootless,
-		},
-	})
+// networkPlatformOptions returns a slice of platform-specific libnetwork
+// options.
+func networkPlatformOptions(conf *config.Config) []nwconfig.Option {
+	return []nwconfig.Option{
+		nwconfig.OptionRootless(conf.Rootless),
+		nwconfig.OptionUserlandProxy(conf.EnableUserlandProxy, conf.UserlandProxyPath),
+		nwconfig.OptionDriverConfig("bridge", options.Generic{
+			netlabel.GenericData: options.Generic{
+				"EnableIPForwarding":       conf.BridgeConfig.EnableIPForward,
+				"DisableFilterForwardDrop": conf.BridgeConfig.DisableFilterForwardDrop,
+				"EnableIPTables":           conf.BridgeConfig.EnableIPTables,
+				"EnableIP6Tables":          conf.BridgeConfig.EnableIP6Tables,
+				"Hairpin":                  !conf.EnableUserlandProxy || conf.UserlandProxyPath == "",
+				"AllowDirectRouting":       conf.BridgeConfig.AllowDirectRouting,
+			},
+		}),
+	}
 }
 
 type defBrOptsV4 struct {

daemon/daemon_windows.go

@@ -524,7 +524,7 @@ func (daemon *Daemon) conditionalUnmountOnCleanup(container *container.Container
 	return daemon.Unmount(container)
 }
 
-func driverOptions(_ *config.Config) nwconfig.Option {
+func networkPlatformOptions(_ *config.Config) []nwconfig.Option {
 	return nil
 }
 

daemon/libnetwork/config/config.go

@@ -43,6 +43,9 @@ type Config struct {
 	ActiveSandboxes        map[string]any
 	PluginGetter           plugingetter.PluginGetter
 	FirewallBackend        string
+	Rootless               bool
+	EnableUserlandProxy    bool
+	UserlandProxyPath      string
 }
 
 // New creates a new Config and initializes it with the given Options.
@@ -162,3 +165,20 @@ func OptionFirewallBackend(val string) Option {
 		c.FirewallBackend = val
 	}
 }
+
+// OptionRootless returns an option setter that indicates whether the daemon is
+// running in rootless mode.
+func OptionRootless(rootless bool) Option {
+	return func(c *Config) {
+		c.Rootless = rootless
+	}
+}
+
+// OptionUserlandProxy returns an option setter that indicates whether the
+// userland proxy is enabled, and sets the path to the proxy binary.
+func OptionUserlandProxy(enabled bool, proxyPath string) Option {
+	return func(c *Config) {
+		c.EnableUserlandProxy = enabled
+		c.UserlandProxyPath = proxyPath
+	}
+}

daemon/libnetwork/controller.go

@@ -86,6 +86,7 @@ type Controller struct {
 	id               string
 	drvRegistry      drvregistry.Networks
 	ipamRegistry     drvregistry.IPAMs
+	pmRegistry       drvregistry.PortMappers
 	sandboxes        map[string]*Sandbox
 	cfg              *config.Config
 	store            *datastore.Store
@@ -173,13 +174,20 @@ func New(ctx context.Context, cfgOptions ...config.Option) (_ *Controller, retEr
 	}
 	c.drvRegistry.Notify = c
 
+	// Register portmappers before network drivers to make sure they can
+	// restore existing sandboxes (with port mappings) during their
+	// initialization, if the daemon is started in live restore mode.
+	if err := registerPortMappers(ctx, &c.pmRegistry, c.cfg); err != nil {
+		return nil, err
+	}
+
 	// External plugins don't need config passed through daemon. They can
 	// bootstrap themselves.
 	if err := remotedriver.Register(&c.drvRegistry, c.cfg.PluginGetter); err != nil {
 		return nil, err
 	}
 
-	if err := registerNetworkDrivers(&c.drvRegistry, c.store, c.makeDriverConfig); err != nil {
+	if err := registerNetworkDrivers(&c.drvRegistry, c.store, &c.pmRegistry, c.makeDriverConfig); err != nil {
 		return nil, err
 	}