Browse code
libnet/pmapi: let portmappers specify NAT/fwding rules
Add two new fields to portmapperapi.PortBinding: NAT and Forwarding.
These can be used by portmappers to specify how they want their callers
(e.g. bridge driver) to reconfigure the host firewall to NAT a host
port, or allow forwarding to the container port.
If portmappers don't want to opt-in to these, they can implement their
own firewall rules, and not fill these fields.
Signed-off-by: Albin Kerouanton <albinker@gmail.com>
Albin Kerouanton authored on 2025/08/06 18:02:32Showing 1 changed files
| ... | ... |
@@ -92,9 +92,25 @@ func (pbReq PortBindingReq) Compare(other PortBindingReq) int {
|
| 92 | 92 |
} |
| 93 | 93 |
|
| 94 | 94 |
type PortBinding struct {
|
| 95 |
+ // PortBinding contains the port binding information reported through the |
|
| 96 |
+ // Engine API. |
|
| 95 | 97 |
types.PortBinding |
| 96 | 98 |
// Mapper is the name of the port mapper used to process this PortBinding. |
| 97 | 99 |
Mapper string |
| 100 |
+ |
|
| 101 |
+ // NAT represents the host IP and port that should be NATed to the |
|
| 102 |
+ // container IP and port specified in types.PortBinding. When set, callers |
|
| 103 |
+ // of the port mapper should reconfigure the host firewall. When it's not |
|
| 104 |
+ // set, callers won't reconfigure the host firewall. |
|
| 105 |
+ // |
|
| 106 |
+ // If the address is invalid, or a non-unicast address, or the port is 0, |
|
| 107 |
+ // it's treated as an error. If both Forwarding and NAT are specified, NAT |
|
| 108 |
+ // takes precedence. |
|
| 109 |
+ NAT netip.AddrPort |
|
| 110 |
+ // Forwarding indicates whether callers of the port mapper should update |
|
| 111 |
+ // the host firewall to allow traffic forwarding to IP:Port. |
|
| 112 |
+ Forwarding bool |
|
| 113 |
+ |
|
| 98 | 114 |
// BoundSocket is used to reserve a host port for the binding. If the |
| 99 | 115 |
// userland proxy is in-use, it's passed to the proxy when the proxy is |
| 100 | 116 |
// started, then it's closed and set to nil here. |