Dobby 3.0
Dobby “Docker based Thingy” is a tool for managing and running OCI containers using crun
Loading...
Searching...
No Matches
Functions
PortForwarding Namespace Reference

Used to add iptables firewall rules to allow port forwarding between the container and the host. More...

Functions

bool addPortForwards (const std::shared_ptr< Netfilter > &netfilter, const std::shared_ptr< NetworkingHelper > &helper, const std::string &containerId, rt_defs_plugins_networking_data_port_forwarding *portsConfig)
 Adds the two iptables firewall rules to enable port forwarding.
 
bool removePortForwards (const std::shared_ptr< Netfilter > &netfilter, const std::shared_ptr< NetworkingHelper > &helper, const std::string &containerId, rt_defs_plugins_networking_data_port_forwarding *portsConfig)
 Removes port forwarding rules assigned to the container.
 
bool addLocalhostMasquerading (const std::shared_ptr< NetworkingHelper > &helper, const std::shared_ptr< DobbyRdkPluginUtils > &utils, rt_defs_plugins_networking_data_port_forwarding *portsConfig)
 Adds iptables rules to forward packets from the container localhost to the host's localhost on specific ports. This removes the need to edit code to point to the bridge IP directly.
 

Detailed Description

Used to add iptables firewall rules to allow port forwarding between the container and the host.

Has the ability to both add rules to forward ports from container to host and from host to container.

See also
the plugin's README.md for more details on usage.

This adds the necessary rules to iptables when the container is started and deletes them again when the container is stopped. All the rules are tagged (via an iptables comment) with the name of the container, this should ensure rules are correctly added and removed.

Function Documentation

◆ addLocalhostMasquerading()

bool PortForwarding::addLocalhostMasquerading ( const std::shared_ptr< NetworkingHelper > &  helper,
const std::shared_ptr< DobbyRdkPluginUtils > &  utils,
rt_defs_plugins_networking_data_port_forwarding *  portsConfig 
)

Adds iptables rules to forward packets from the container localhost to the host's localhost on specific ports. This removes the need to edit code to point to the bridge IP directly.

This must be run inside the container's network namespace

Parameters
[in]netfilterInstance of Netfilter class.
[in]helperInstance of NetworkingHelper.
[in]containerIdContainer identifier.
[in]portsConfiglibocispec structs containing ports to forward.
Returns
true on success, otherwise false.

◆ addPortForwards()

bool PortForwarding::addPortForwards ( const std::shared_ptr< Netfilter > &  netfilter,
const std::shared_ptr< NetworkingHelper > &  helper,
const std::string &  containerId,
rt_defs_plugins_networking_data_port_forwarding *  portsConfig 
)

Adds the two iptables firewall rules to enable port forwarding.

The 'protocol' field can be omitted in which case TCP will be specified.

Parameters
[in]netfilterInstance of Netfilter class.
[in]helperInstance of NetworkingHelper.
[in]containerIdContainer identifier.
[in]portsConfiglibocispec structs containing ports to forward.
Returns
true on success, otherwise false.

◆ removePortForwards()

bool PortForwarding::removePortForwards ( const std::shared_ptr< Netfilter > &  netfilter,
const std::shared_ptr< NetworkingHelper > &  helper,
const std::string &  containerId,
rt_defs_plugins_networking_data_port_forwarding *  portsConfig 
)

Removes port forwarding rules assigned to the container.

Parameters
[in]netfilterInstance of Netfilter class.
[in]helperInstance of NetworkingHelper.
[in]containerIdContainer identifier.
[in]portsConfiglibocispec structs containing ports to forward.
Returns
true on success, otherwise false.
Generated by doxygen 1.9.8