Dobby 3.0
Dobby “Docker based Thingy” is a tool for managing and running OCI containers using crun
Loading...
Searching...
No Matches
PortForwarding.h
1/*
2* If not stated otherwise in this file or this component's LICENSE file the
3* following copyright and licenses apply:
4*
5* Copyright 2020 Sky UK
6*
7* Licensed under the Apache License, Version 2.0 (the "License");
8* you may not use this file except in compliance with the License.
9* You may obtain a copy of the License at
10*
11* http://www.apache.org/licenses/LICENSE-2.0
12*
13* Unless required by applicable law or agreed to in writing, software
14* distributed under the License is distributed on an "AS IS" BASIS,
15* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16* See the License for the specific language governing permissions and
17* limitations under the License.
18*/
19#ifndef PORTFORWARDING_H
20#define PORTFORWARDING_H
21
22#include "Netfilter.h"
23#include "NetworkingHelper.h"
24#include "DobbyRdkPluginUtils.h"
25#include <rt_defs_plugins.h>
26
27#include <sys/types.h>
28#include <netinet/in.h>
29
30#include <map>
31#include <list>
32#include <mutex>
33#include <string>
34#include <memory>
35#include <vector>
36
37
38// -----------------------------------------------------------------------------
56namespace PortForwarding
57{
58bool addPortForwards(const std::shared_ptr<Netfilter> &netfilter,
59 const std::shared_ptr<NetworkingHelper> &helper,
60 const std::string &containerId,
61 rt_defs_plugins_networking_data_port_forwarding *portsConfig);
62
63bool removePortForwards(const std::shared_ptr<Netfilter> &netfilter,
64 const std::shared_ptr<NetworkingHelper> &helper,
65 const std::string &containerId,
66 rt_defs_plugins_networking_data_port_forwarding *portsConfig);
67
68bool addLocalhostMasquerading(const std::shared_ptr<NetworkingHelper> &helper,
69 const std::shared_ptr<DobbyRdkPluginUtils> &utils,
70 rt_defs_plugins_networking_data_port_forwarding *portsConfig);
71};
72
73typedef struct PortForward
74{
75 std::string protocol;
76 std::string port;
77} PortForward;
78
79typedef struct PortForwards
80{
81 std::vector<struct PortForward> hostToContainer;
82 std::vector<struct PortForward> containerToHost;
83 bool isValid;
84} PortForwards;
85
86std::string parseProtocol(const std::string &protocol);
87PortForwards parsePortsConfig(rt_defs_plugins_networking_data_port_forwarding *portsConfig);
88
89std::vector<Netfilter::RuleSet> constructPortForwardingRules(const std::shared_ptr<NetworkingHelper> &helper,
90 const std::string &containerId,
91 const PortForwards &portForwards,
92 const int ipVersion);
93
94std::vector<Netfilter::RuleSet> constructMasqueradeRules(const std::shared_ptr<NetworkingHelper> &helper,
95 const std::string &containerId,
96 const PortForwards &portForwards,
97 const int ipVersion);
98
99bool constructHostToContainerRules(std::vector<Netfilter::RuleSet> &ruleSets,
100 const std::string &containerId,
101 const std::string &containerAddress,
102 const std::vector<struct PortForward> &ports,
103 const int ipVersion);
104
105std::string createPreroutingRule(const PortForward &portForward,
106 const std::string &id,
107 const std::string &ipAddress,
108 const int ipVersion);
109
110std::string createForwardingRule(const PortForward &portForward,
111 const std::string &id,
112 const std::string &ipAddress,
113 const int ipVersion);
114
115bool constructContainerToHostRules(std::vector<Netfilter::RuleSet> &ruleSets,
116 const std::string &containerId,
117 const std::string &containerAddress,
118 const std::string &vethName,
119 const std::vector<struct PortForward> &ports,
120 const int ipVersion);
121
122std::string createDnatRule(const PortForward &portForward,
123 const std::string &id,
124 const std::string &ipAddress,
125 const int ipVersion);
126
127std::string createAcceptRule(const PortForward &portForward,
128 const std::string &id,
129 const std::string &ipAddress,
130 const std::string &vethName,
131 const int ipVersion);
132
133std::string createMasqueradeDnatRule(const PortForward &portForward,
134 const std::string &id,
135 const std::string &ipAddress,
136 const int ipVersion);
137
138std::string createMasqueradeSnatRule(const PortForward &portForward,
139 const std::string &id,
140 const std::string &ipAddress,
141 const int ipVersion);
142
143std::string createLocalLinkSnatRule(const PortForward &portForward,
144 const std::string &id,
145 const std::string &ipAddress,
146 const int ipVersion);
147
148std::string createNoIpv6LocalRule(const PortForward &portForward,
149 const std::string &id,
150 const std::string &ipAddress,
151 const int ipVersion);
152
153#endif // !defined(PORTFORWARDING_H)
PortForwarding
Used to add iptables firewall rules to allow port forwarding between the container and the host.
PortForwarding::addLocalhostMasquerading
bool addLocalhostMasquerading(const std::shared_ptr< NetworkingHelper > &helper, const std::shared_ptr< DobbyRdkPluginUtils > &utils, rt_defs_plugins_networking_data_port_forwarding *portsConfig)
Adds iptables rules to forward packets from the container localhost to the host's localhost on specif...
Definition PortForwarding.cpp:222
PortForwarding::removePortForwards
bool removePortForwards(const std::shared_ptr< Netfilter > &netfilter, const std::shared_ptr< NetworkingHelper > &helper, const std::string &containerId, rt_defs_plugins_networking_data_port_forwarding *portsConfig)
Removes port forwarding rules assigned to the container.
Definition PortForwarding.cpp:135
PortForwarding::addPortForwards
bool addPortForwards(const std::shared_ptr< Netfilter > &netfilter, const std::shared_ptr< NetworkingHelper > &helper, const std::string &containerId, rt_defs_plugins_networking_data_port_forwarding *portsConfig)
Adds the two iptables firewall rules to enable port forwarding.
Definition PortForwarding.cpp:41
PortForward
Definition PortForwarding.h:74
PortForwards
Definition PortForwarding.h:80
Generated by doxygen 1.9.8