Add skip_routes option

devplayer0 · devplayer0 · commit 03694af592d3 · 2021-07-15T18:57:10.000+01:00
diff --git a/README.md b/README.md
@@ -153,6 +153,7 @@ networks:
       bridge: my-bridge
       ipv6: 'true'
       ignore_conflicts: 'false'
+      skip_routes: 'false'
     ipam:
       driver: 'null'
 ```
@@ -168,8 +169,10 @@ Note:
  - If the `docker run` command times out waiting for a lease, you can try increasing the initial timeout value by
    passing `-o lease_timeout=60s` when creating the network (e.g. to increase to 60 seconds)
  - By default, a bridge can only be used for a single DHCP network. There is additionally a check to see if a bridge is
-	is used by any other Docker networks. To disable this check (it's also possible this check might mistakenly detect a
-  conflict), pass `-o ignore_conflicts=true` when creating the network.
+	 is used by any other Docker networks. To disable this check (it's also possible this check might mistakenly detect a
+   conflict), pass `-o ignore_conflicts=true` when creating the network.
+ - `docker-net-dhcp` will try to copy static routes from the host bridge to the container. To disable this behaviour,
+   pass `-o skip_routes=true` when creating the network.
 
 ## Debugging
 
diff --git a/pkg/plugin/network.go b/pkg/plugin/network.go
@@ -326,7 +326,7 @@ func (p *Plugin) DeleteEndpoint(r DeleteEndpointRequest) error {
 	return nil
 }
 
-func (p *Plugin) addRoutes(v6 bool, bridge netlink.Link, r JoinRequest, hint joinHint, res *JoinResponse) error {
+func (p *Plugin) addRoutes(opts *DHCPNetworkOptions, v6 bool, bridge netlink.Link, r JoinRequest, hint joinHint, res *JoinResponse) error {
 	family := unix.AF_INET
 	if v6 {
 		family = unix.AF_INET6
@@ -370,6 +370,11 @@ func (p *Plugin) addRoutes(v6 bool, bridge netlink.Link, r JoinRequest, hint joi
 			continue
 		}
 
+		if opts.SkipRoutes {
+			// Don't do static routes at all
+			continue
+		}
+
 		if route.Protocol == unix.RTPROT_KERNEL ||
 			(family == unix.AF_INET && route.Dst.Contains(hint.IPv4.IP)) ||
 			(family == unix.AF_INET6 && route.Dst.Contains(hint.IPv6.IP)) {
@@ -443,11 +448,11 @@ func (p *Plugin) Join(ctx context.Context, r JoinRequest) (JoinResponse, error)
 		return res, fmt.Errorf("failed to get bridge interface: %w", err)
 	}
 
-	if err := p.addRoutes(false, bridge, r, hint, &res); err != nil {
+	if err := p.addRoutes(&opts, false, bridge, r, hint, &res); err != nil {
 		return res, err
 	}
 	if opts.IPv6 {
-		if err := p.addRoutes(true, bridge, r, hint, &res); err != nil {
+		if err := p.addRoutes(&opts, true, bridge, r, hint, &res); err != nil {
 			return res, err
 		}
 	}
diff --git a/pkg/plugin/plugin.go b/pkg/plugin/plugin.go
@@ -33,6 +33,7 @@ type DHCPNetworkOptions struct {
 	IPv6            bool
 	LeaseTimeout    time.Duration `mapstructure:"lease_timeout"`
 	IgnoreConflicts bool          `mapstructure:"ignore_conflicts"`
+	SkipRoutes      bool          `mapstructure:"skip_routes"`
 }
 
 func decodeOpts(input interface{}) (DHCPNetworkOptions, error) {

Original file line number	Diff line number	Diff line change
`@@ -326,7 +326,7 @@ func (p *Plugin) DeleteEndpoint(r DeleteEndpointRequest) error {`
`326`	`326`	`return nil`
`327`	`327`	`}`
`328`	`328`
`329`		`-func (p Plugin) addRoutes(v6 bool, bridge netlink.Link, r JoinRequest, hint joinHint, res JoinResponse) error {`
	`329`	`+func (p Plugin) addRoutes(opts DHCPNetworkOptions, v6 bool, bridge netlink.Link, r JoinRequest, hint joinHint, res *JoinResponse) error {`
`330`	`330`	`family := unix.AF_INET`
`331`	`331`	`if v6 {`
`332`	`332`	`family = unix.AF_INET6`
`@@ -370,6 +370,11 @@ func (p *Plugin) addRoutes(v6 bool, bridge netlink.Link, r JoinRequest, hint joi`
`370`	`370`	`continue`
`371`	`371`	`}`
`372`	`372`
	`373`	`+ if opts.SkipRoutes {`
	`374`	`+ // Don't do static routes at all`
	`375`	`+ continue`
	`376`	`+ }`
	`377`	`+`
`373`	`378`	`if route.Protocol == unix.RTPROT_KERNEL \|\|`
`374`	`379`	`(family == unix.AF_INET && route.Dst.Contains(hint.IPv4.IP)) \|\|`
`375`	`380`	`(family == unix.AF_INET6 && route.Dst.Contains(hint.IPv6.IP)) {`
`@@ -443,11 +448,11 @@ func (p *Plugin) Join(ctx context.Context, r JoinRequest) (JoinResponse, error)`
`443`	`448`	`return res, fmt.Errorf("failed to get bridge interface: %w", err)`
`444`	`449`	`}`
`445`	`450`
`446`		`- if err := p.addRoutes(false, bridge, r, hint, &res); err != nil {`
	`451`	`+ if err := p.addRoutes(&opts, false, bridge, r, hint, &res); err != nil {`
`447`	`452`	`return res, err`
`448`	`453`	`}`
`449`	`454`	`if opts.IPv6 {`
`450`		`- if err := p.addRoutes(true, bridge, r, hint, &res); err != nil {`
	`455`	`+ if err := p.addRoutes(&opts, true, bridge, r, hint, &res); err != nil {`
`451`	`456`	`return res, err`
`452`	`457`	`}`
`453`	`458`	`}`
Original file line number	Diff line number	Diff line change
`@@ -33,6 +33,7 @@ type DHCPNetworkOptions struct {`
`33`	`33`	`IPv6 bool`
`34`	`34`	LeaseTimeout time.Duration `mapstructure:"lease_timeout"`
`35`	`35`	IgnoreConflicts bool `mapstructure:"ignore_conflicts"`
	`36`	+ SkipRoutes bool `mapstructure:"skip_routes"`
`36`	`37`	`}`
`37`	`38`
`38`	`39`	`func decodeOpts(input interface{}) (DHCPNetworkOptions, error) {`