GitList

Browse code

Unmap IPv4 addresses loaded from store

When a endpoint's net.IPNet is loaded from store and converted
to a netip.Addr, unmap it so that iptables rules don't contain
IPv4-mapped IPv6 addresses.

Signed-off-by: Rob Murray <rob.murray@docker.com>

Rob Murray authored on 2025/08/28 00:37:00
Showing 1 changed files

daemon/libnetwork/drivers/bridge/bridge_linux.go index 602d6e4..32f002e 100644

daemon/libnetwork/drivers/bridge/bridge_linux.go

History View file @ 071e647

@@ -1231,6 +1231,7 @@ func (d *driver) CreateEndpoint(ctx context.Context, nid, eid string, ifInfo dri
                      func (ep *bridgeEndpoint) netipAddrs() (v4, v6 netip.Addr) {
                      	if ep.addr != nil {
                      		v4, _ = netip.AddrFromSlice(ep.addr.IP)
                     +		v4 = v4.Unmap()
+                     	}
                      	if ep.addrv6 != nil {
                      		v6, _ = netip.AddrFromSlice(ep.addrv6.IP)