Merge pull request #772 from BSWANG/master

`portmap` support masquerade all
containernetworking · Jan 9, 2023 · a3b678e · a3b678e
2 parents 87ccb89 + 0463fd1
commit a3b678e
Show file tree

Hide file tree

Showing 2 changed files with 12 additions and 2 deletions.
diff --git a/plugins/meta/portmap/main.go b/plugins/meta/portmap/main.go
@@ -54,6 +54,7 @@ type PortMapConf struct {
 	SNAT                 *bool     `json:"snat,omitempty"`
 	ConditionsV4         *[]string `json:"conditionsV4"`
 	ConditionsV6         *[]string `json:"conditionsV6"`
+	MasqAll              bool      `json:"masqAll,omitempty"`
 	MarkMasqBit          *int      `json:"markMasqBit"`
 	ExternalSetMarkChain *string   `json:"externalSetMarkChain"`
 	RuntimeConfig        struct {

diff --git a/plugins/meta/portmap/portmap.go b/plugins/meta/portmap/portmap.go
@@ -248,13 +248,22 @@ func fillDnatRules(c *chain, config *PortMapConf, containerNet net.IPNet) {
 			hpRule := make([]string, len(ruleBase), len(ruleBase)+4)
 			copy(hpRule, ruleBase)
 
+			masqCIDR := containerNet.String()
+			if config.MasqAll {
+				if isV6 {
+					masqCIDR = "::/0"
+				} else {
+					masqCIDR = "0.0.0.0/0"
+				}
+			}
+
 			hpRule = append(hpRule,
-				"-s", containerNet.String(),
+				"-s", masqCIDR,
 				"-j", setMarkChainName,
 			)
 			c.rules = append(c.rules, hpRule)
 
-			if !isV6 {
+			if !isV6 && !config.MasqAll {
 				// localhost
 				localRule := make([]string, len(ruleBase), len(ruleBase)+4)
 				copy(localRule, ruleBase)