summaryrefslogtreecommitdiff
path: root/libnetwork/service_linux.go
diff options
context:
space:
mode:
authorMadhu Venugopal <madhu@docker.com>2016-11-20 16:54:32 -0800
committerMadhu Venugopal <madhu@docker.com>2016-11-21 08:57:40 -0800
commit684ea925156f4c0abefb97007834fb65a9917e54 (patch)
tree8f2c301de542e9e049035bb65b6e5ef8b175b40c /libnetwork/service_linux.go
parentb6540296b0769cafb5f587e56ccea40cf065059b (diff)
downloaddocker-684ea925156f4c0abefb97007834fb65a9917e54.tar.gz
Add a ICMP reply rule for service VIP
Ping on VIP has been behaving inconsistently depending on if a task for a service is local or remote. With this fix, the ICMP echo-request packets to service VIP are replied to by the NAT rule to self Signed-off-by: Madhu Venugopal <madhu@docker.com>
Diffstat (limited to 'libnetwork/service_linux.go')
-rw-r--r--libnetwork/service_linux.go3
1 files changed, 3 insertions, 0 deletions
diff --git a/libnetwork/service_linux.go b/libnetwork/service_linux.go
index 9edbadefe8..be8dc84d3e 100644
--- a/libnetwork/service_linux.go
+++ b/libnetwork/service_linux.go
@@ -654,6 +654,9 @@ func fwMarker() {
rule := strings.Fields(fmt.Sprintf("-t mangle %s OUTPUT -d %s/32 -j MARK --set-mark %d", addDelOpt, vip, fwMark))
rules = append(rules, rule)
+ rule = strings.Fields(fmt.Sprintf("-t nat %s OUTPUT -p icmp --icmp echo-request -d %s -j DNAT --to 127.0.0.1", addDelOpt, vip))
+ rules = append(rules, rule)
+
for _, rule := range rules {
if err := iptables.RawCombinedOutputNative(rule...); err != nil {
logrus.Errorf("setting up rule failed, %v: %v", rule, err)
View Lorry Controller Status