[docker-nat]: upgrade docker-nat to buster (#4943)
move iptables to 1.8.2-4 (version in buster) Signed-off-by: Joyas Joseph <joyas_joseph@dell.com>
This commit is contained in:
parent
1ca47da40d
commit
18bfa6df08
@ -1,5 +1,5 @@
|
||||
{% from "dockers/dockerfile-macros.j2" import install_debian_packages, copy_files %}
|
||||
FROM docker-config-engine-stretch
|
||||
FROM docker-config-engine-buster
|
||||
|
||||
ARG docker_container_name
|
||||
RUN [ -f /etc/rsyslog.conf ] && sed -ri "s/%syslogtag%/$docker_container_name#%syslogtag%/;" /etc/rsyslog.conf
|
||||
|
@ -7,22 +7,20 @@ DOCKER_NAT_DBG = $(DOCKER_NAT_STEM)-$(DBG_IMAGE_MARK).gz
|
||||
$(DOCKER_NAT)_PATH = $(DOCKERS_PATH)/$(DOCKER_NAT_STEM)
|
||||
|
||||
$(DOCKER_NAT)_DEPENDS += $(SWSS) $(IPTABLESIP4TC) $(IPTABLESIP6TC) $(IPTABLESIPTC) $(IPXTABLES12) $(IPTABLES)
|
||||
$(DOCKER_NAT)_DBG_DEPENDS = $($(DOCKER_CONFIG_ENGINE_STRETCH)_DBG_DEPENDS)
|
||||
$(DOCKER_NAT)_DBG_DEPENDS = $($(DOCKER_CONFIG_ENGINE_BUSTER)_DBG_DEPENDS)
|
||||
$(DOCKER_NAT)_DBG_DEPENDS += $(SWSS_DBG) $(LIBSWSSCOMMON_DBG)
|
||||
$(DOCKER_NAT)_DBG_IMAGE_PACKAGES = $($(DOCKER_CONFIG_ENGINE_STRETCH)_DBG_IMAGE_PACKAGES)
|
||||
$(DOCKER_NAT)_DBG_IMAGE_PACKAGES = $($(DOCKER_CONFIG_ENGINE_BUSTER)_DBG_IMAGE_PACKAGES)
|
||||
|
||||
$(DOCKER_NAT)_LOAD_DOCKERS += $(DOCKER_CONFIG_ENGINE_STRETCH)
|
||||
$(DOCKER_NAT)_LOAD_DOCKERS += $(DOCKER_CONFIG_ENGINE_BUSTER)
|
||||
|
||||
ifeq ($(ENABLE_NAT), y)
|
||||
SONIC_DOCKER_IMAGES += $(DOCKER_NAT)
|
||||
SONIC_INSTALL_DOCKER_IMAGES += $(DOCKER_NAT)
|
||||
SONIC_STRETCH_DOCKERS += $(DOCKER_NAT)
|
||||
endif
|
||||
|
||||
ifeq ($(ENABLE_NAT), y)
|
||||
SONIC_DOCKER_DBG_IMAGES += $(DOCKER_NAT_DBG)
|
||||
SONIC_INSTALL_DOCKER_DBG_IMAGES += $(DOCKER_NAT_DBG)
|
||||
SONIC_STRETCH_DBG_DOCKERS += $(DOCKER_NAT_DBG)
|
||||
endif
|
||||
|
||||
$(DOCKER_NAT)_CONTAINER_NAME = nat
|
||||
|
@ -1,7 +1,7 @@
|
||||
# iptables package
|
||||
|
||||
IPTABLES_VERSION = 1.6.0+snapshot20161117
|
||||
IPTABLES_VERSION_SUFFIX = 6
|
||||
IPTABLES_VERSION = 1.8.2
|
||||
IPTABLES_VERSION_SUFFIX = 4
|
||||
IPTABLES_VERSION_FULL = $(IPTABLES_VERSION)-$(IPTABLES_VERSION_SUFFIX)
|
||||
|
||||
IPTABLES = iptables_$(IPTABLES_VERSION_FULL)_$(CONFIGURED_ARCH).deb
|
||||
|
@ -10,7 +10,7 @@ Subject: [PATCH] Passing fullcone option for SNAT and DNAT
|
||||
3 files changed, 62 insertions(+), 3 deletions(-)
|
||||
|
||||
diff --git a/extensions/libipt_DNAT.c b/extensions/libipt_DNAT.c
|
||||
index a14d16f..4bfab98 100644
|
||||
index 4907a2e..543421c 100644
|
||||
--- a/extensions/libipt_DNAT.c
|
||||
+++ b/extensions/libipt_DNAT.c
|
||||
@@ -8,14 +8,20 @@
|
||||
@ -42,8 +42,17 @@ index a14d16f..4bfab98 100644
|
||||
+"[--random] [--persistent] [--fullcone]\n");
|
||||
}
|
||||
|
||||
static void DNAT_help_v2(void)
|
||||
@@ -41,7 +47,7 @@ static void DNAT_help_v2(void)
|
||||
"DNAT target options:\n"
|
||||
" --to-destination [<ipaddr>[-<ipaddr>]][:port[-port[/port]]]\n"
|
||||
" Address to map destination to.\n"
|
||||
-"[--random] [--persistent]\n");
|
||||
+"[--random] [--persistent] [--fullcone]\n");
|
||||
}
|
||||
|
||||
static const struct xt_option_entry DNAT_opts[] = {
|
||||
@@ -40,6 +46,7 @@ static const struct xt_option_entry DNAT_opts[] = {
|
||||
@@ -49,6 +55,7 @@ static const struct xt_option_entry DNAT_opts[] = {
|
||||
.flags = XTOPT_MAND | XTOPT_MULTI},
|
||||
{.name = "random", .id = O_RANDOM, .type = XTTYPE_NONE},
|
||||
{.name = "persistent", .id = O_PERSISTENT, .type = XTTYPE_NONE},
|
||||
@ -51,7 +60,7 @@ index a14d16f..4bfab98 100644
|
||||
XTOPT_TABLEEND,
|
||||
};
|
||||
|
||||
@@ -185,10 +192,14 @@ static void DNAT_parse(struct xt_option_call *cb)
|
||||
@@ -194,10 +201,14 @@ static void DNAT_parse(struct xt_option_call *cb)
|
||||
static void DNAT_fcheck(struct xt_fcheck_call *cb)
|
||||
{
|
||||
static const unsigned int f = F_TO_DEST | F_RANDOM;
|
||||
@ -66,7 +75,7 @@ index a14d16f..4bfab98 100644
|
||||
}
|
||||
|
||||
static void print_range(const struct nf_nat_ipv4_range *r)
|
||||
@@ -224,6 +235,8 @@ static void DNAT_print(const void *ip, const struct xt_entry_target *target,
|
||||
@@ -233,6 +244,8 @@ static void DNAT_print(const void *ip, const struct xt_entry_target *target,
|
||||
printf(" random");
|
||||
if (info->mr.range[i].flags & NF_NAT_RANGE_PERSISTENT)
|
||||
printf(" persistent");
|
||||
@ -75,7 +84,7 @@ index a14d16f..4bfab98 100644
|
||||
}
|
||||
}
|
||||
|
||||
@@ -239,6 +252,8 @@ static void DNAT_save(const void *ip, const struct xt_entry_target *target)
|
||||
@@ -248,6 +261,8 @@ static void DNAT_save(const void *ip, const struct xt_entry_target *target)
|
||||
printf(" --random");
|
||||
if (info->mr.range[i].flags & NF_NAT_RANGE_PERSISTENT)
|
||||
printf(" --persistent");
|
||||
@ -84,7 +93,7 @@ index a14d16f..4bfab98 100644
|
||||
}
|
||||
}
|
||||
|
||||
@@ -282,6 +297,11 @@ static int DNAT_xlate(struct xt_xlate *xl,
|
||||
@@ -291,6 +306,11 @@ static int DNAT_xlate(struct xt_xlate *xl,
|
||||
sep = ",";
|
||||
xt_xlate_add(xl, "%spersistent", sep);
|
||||
}
|
||||
@ -96,11 +105,56 @@ index a14d16f..4bfab98 100644
|
||||
}
|
||||
|
||||
return 1;
|
||||
@@ -426,10 +446,14 @@ static void DNAT_parse_v2(struct xt_option_call *cb)
|
||||
static void DNAT_fcheck_v2(struct xt_fcheck_call *cb)
|
||||
{
|
||||
static const unsigned int f = F_TO_DEST | F_RANDOM;
|
||||
+ static const unsigned int c = F_FULLCONE;
|
||||
struct nf_nat_range2 *range = cb->data;
|
||||
|
||||
if ((cb->xflags & f) == f)
|
||||
range->flags |= NF_NAT_RANGE_PROTO_RANDOM;
|
||||
+
|
||||
+ if ((cb->xflags & c) == c)
|
||||
+ range->flags |= NF_NAT_RANGE_FULLCONE;
|
||||
}
|
||||
|
||||
static void print_range_v2(const struct nf_nat_range2 *range)
|
||||
@@ -461,6 +485,8 @@ static void DNAT_print_v2(const void *ip, const struct xt_entry_target *target,
|
||||
printf(" random");
|
||||
if (range->flags & NF_NAT_RANGE_PERSISTENT)
|
||||
printf(" persistent");
|
||||
+ if (range->flags & NF_NAT_RANGE_FULLCONE)
|
||||
+ printf(" fullcone");
|
||||
}
|
||||
|
||||
static void DNAT_save_v2(const void *ip, const struct xt_entry_target *target)
|
||||
@@ -473,6 +499,8 @@ static void DNAT_save_v2(const void *ip, const struct xt_entry_target *target)
|
||||
printf(" --random");
|
||||
if (range->flags & NF_NAT_RANGE_PERSISTENT)
|
||||
printf(" --persistent");
|
||||
+ if (range->flags & NF_NAT_RANGE_FULLCONE)
|
||||
+ printf(" --fullcone");
|
||||
}
|
||||
|
||||
static void print_range_xlate_v2(const struct nf_nat_range2 *range,
|
||||
@@ -512,6 +540,11 @@ static int DNAT_xlate_v2(struct xt_xlate *xl,
|
||||
sep = ",";
|
||||
xt_xlate_add(xl, "%spersistent", sep);
|
||||
}
|
||||
+ if (range->flags & NF_NAT_RANGE_FULLCONE) {
|
||||
+ if (sep_need)
|
||||
+ sep = ",";
|
||||
+ xt_xlate_add(xl, "%sfullcone", sep);
|
||||
+ }
|
||||
|
||||
return 1;
|
||||
}
|
||||
diff --git a/extensions/libipt_MASQUERADE.c b/extensions/libipt_MASQUERADE.c
|
||||
index b7b5fc7..88ff650 100644
|
||||
index 90bf606..169457d 100644
|
||||
--- a/extensions/libipt_MASQUERADE.c
|
||||
+++ b/extensions/libipt_MASQUERADE.c
|
||||
@@ -8,9 +8,15 @@
|
||||
@@ -8,10 +8,15 @@
|
||||
#include <linux/netfilter_ipv4/ip_tables.h>
|
||||
#include <linux/netfilter/nf_nat.h>
|
||||
|
||||
@ -111,17 +165,17 @@ index b7b5fc7..88ff650 100644
|
||||
enum {
|
||||
O_TO_PORTS = 0,
|
||||
O_RANDOM,
|
||||
+ O_RANDOM_FULLY,
|
||||
O_RANDOM_FULLY,
|
||||
+ O_FULLCONE
|
||||
};
|
||||
|
||||
static void MASQUERADE_help(void)
|
||||
@@ -20,12 +26,15 @@ static void MASQUERADE_help(void)
|
||||
" --to-ports <port>[-<port>]\n"
|
||||
" Port (range) to map to.\n"
|
||||
@@ -23,13 +28,16 @@ static void MASQUERADE_help(void)
|
||||
" --random\n"
|
||||
-" Randomize source port.\n");
|
||||
+" Randomize source port.\n"
|
||||
" Randomize source port.\n"
|
||||
" --random-fully\n"
|
||||
-" Fully randomize source port.\n");
|
||||
+" Fully randomize source port.\n"
|
||||
+" --fullcone\n"
|
||||
+" Do fullcone NAT mapping.\n");
|
||||
}
|
||||
@ -129,13 +183,14 @@ index b7b5fc7..88ff650 100644
|
||||
static const struct xt_option_entry MASQUERADE_opts[] = {
|
||||
{.name = "to-ports", .id = O_TO_PORTS, .type = XTTYPE_STRING},
|
||||
{.name = "random", .id = O_RANDOM, .type = XTTYPE_NONE},
|
||||
{.name = "random-fully", .id = O_RANDOM_FULLY, .type = XTTYPE_NONE},
|
||||
+ {.name = "fullcone", .id = O_FULLCONE, .type = XTTYPE_NONE},
|
||||
XTOPT_TABLEEND,
|
||||
};
|
||||
|
||||
@@ -97,6 +106,9 @@ static void MASQUERADE_parse(struct xt_option_call *cb)
|
||||
case O_RANDOM:
|
||||
mr->range[0].flags |= NF_NAT_RANGE_PROTO_RANDOM;
|
||||
@@ -104,6 +112,9 @@ static void MASQUERADE_parse(struct xt_option_call *cb)
|
||||
case O_RANDOM_FULLY:
|
||||
mr->range[0].flags |= NF_NAT_RANGE_PROTO_RANDOM_FULLY;
|
||||
break;
|
||||
+ case O_FULLCONE:
|
||||
+ mr->range[0].flags |= NF_NAT_RANGE_FULLCONE;
|
||||
@ -143,25 +198,27 @@ index b7b5fc7..88ff650 100644
|
||||
}
|
||||
}
|
||||
|
||||
@@ -116,6 +128,8 @@ MASQUERADE_print(const void *ip, const struct xt_entry_target *target,
|
||||
@@ -126,6 +137,9 @@ MASQUERADE_print(const void *ip, const struct xt_entry_target *target,
|
||||
|
||||
if (r->flags & NF_NAT_RANGE_PROTO_RANDOM)
|
||||
printf(" random");
|
||||
if (r->flags & NF_NAT_RANGE_PROTO_RANDOM_FULLY)
|
||||
printf(" random-fully");
|
||||
+
|
||||
+ if (r->flags & NF_NAT_RANGE_FULLCONE)
|
||||
+ printf(" fullcone");
|
||||
}
|
||||
|
||||
static void
|
||||
@@ -132,6 +146,8 @@ MASQUERADE_save(const void *ip, const struct xt_entry_target *target)
|
||||
@@ -145,6 +159,9 @@ MASQUERADE_save(const void *ip, const struct xt_entry_target *target)
|
||||
|
||||
if (r->flags & NF_NAT_RANGE_PROTO_RANDOM)
|
||||
printf(" --random");
|
||||
if (r->flags & NF_NAT_RANGE_PROTO_RANDOM_FULLY)
|
||||
printf(" --random-fully");
|
||||
+
|
||||
+ if (r->flags & NF_NAT_RANGE_FULLCONE)
|
||||
+ printf(" --fullcone");
|
||||
}
|
||||
|
||||
static int MASQUERADE_xlate(struct xt_xlate *xl,
|
||||
@@ -153,6 +169,9 @@ static int MASQUERADE_xlate(struct xt_xlate *xl,
|
||||
@@ -166,6 +183,9 @@ static int MASQUERADE_xlate(struct xt_xlate *xl,
|
||||
if (r->flags & NF_NAT_RANGE_PROTO_RANDOM)
|
||||
xt_xlate_add(xl, "random ");
|
||||
|
||||
@ -172,7 +229,7 @@ index b7b5fc7..88ff650 100644
|
||||
}
|
||||
|
||||
diff --git a/extensions/libipt_SNAT.c b/extensions/libipt_SNAT.c
|
||||
index e92d811..9634ba9 100644
|
||||
index e92d811..ad42b8c 100644
|
||||
--- a/extensions/libipt_SNAT.c
|
||||
+++ b/extensions/libipt_SNAT.c
|
||||
@@ -8,16 +8,22 @@
|
||||
@ -262,6 +319,3 @@ index e92d811..9634ba9 100644
|
||||
}
|
||||
|
||||
return 1;
|
||||
--
|
||||
2.18.0
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user