Add `skip_routes` option

3 years ago · 03694af592
parent 70068d5294
commit 03694af592
3 changed files with 14 additions and 5 deletions
--- a/README.md
+++ b/README.md
@ -153,6 +153,7 @@ networks:
      bridge: my-bridge
      ipv6: 'true'
      ignore_conflicts: 'false'
+      skip_routes: 'false'
    ipam:
      driver: 'null'
 ```
@ -168,8 +169,10 @@ Note:
 - If the `docker run` command times out waiting for a lease, you can try increasing the initial timeout value by
   passing `-o lease_timeout=60s` when creating the network (e.g. to increase to 60 seconds)
 - By default, a bridge can only be used for a single DHCP network. There is additionally a check to see if a bridge is
-	is used by any other Docker networks. To disable this check (it's also possible this check might mistakenly detect a
-  conflict), pass `-o ignore_conflicts=true` when creating the network.
+	 is used by any other Docker networks. To disable this check (it's also possible this check might mistakenly detect a
+   conflict), pass `-o ignore_conflicts=true` when creating the network.
+ - `docker-net-dhcp` will try to copy static routes from the host bridge to the container. To disable this behaviour,
+   pass `-o skip_routes=true` when creating the network.

 ## Debugging

--- a/pkg/plugin/network.go
+++ b/pkg/plugin/network.go
@ -326,7 +326,7 @@ func (p *Plugin) DeleteEndpoint(r DeleteEndpointRequest) error {
 	return nil
 }

-func (p *Plugin) addRoutes(v6 bool, bridge netlink.Link, r JoinRequest, hint joinHint, res *JoinResponse) error {
+func (p *Plugin) addRoutes(opts *DHCPNetworkOptions, v6 bool, bridge netlink.Link, r JoinRequest, hint joinHint, res *JoinResponse) error {
 	family := unix.AF_INET
 	if v6 {
 		family = unix.AF_INET6
@ -370,6 +370,11 @@ func (p *Plugin) addRoutes(v6 bool, bridge netlink.Link, r JoinRequest, hint joi
 			continue
 		}

+		if opts.SkipRoutes {
+			// Don't do static routes at all
+			continue
+		}
+
 		if route.Protocol == unix.RTPROT_KERNEL ||
 			(family == unix.AF_INET && route.Dst.Contains(hint.IPv4.IP)) ||
 			(family == unix.AF_INET6 && route.Dst.Contains(hint.IPv6.IP)) {
@ -443,11 +448,11 @@ func (p *Plugin) Join(ctx context.Context, r JoinRequest) (JoinResponse, error)
 		return res, fmt.Errorf("failed to get bridge interface: %w", err)
 	}

-	if err := p.addRoutes(false, bridge, r, hint, &res); err != nil {
+	if err := p.addRoutes(&opts, false, bridge, r, hint, &res); err != nil {
 		return res, err
 	}
 	if opts.IPv6 {
-		if err := p.addRoutes(true, bridge, r, hint, &res); err != nil {
+		if err := p.addRoutes(&opts, true, bridge, r, hint, &res); err != nil {
 			return res, err
 		}
 	}
--- a/pkg/plugin/plugin.go
+++ b/pkg/plugin/plugin.go
@ -33,6 +33,7 @@ type DHCPNetworkOptions struct {
 	IPv6            bool
 	LeaseTimeout    time.Duration `mapstructure:"lease_timeout"`
 	IgnoreConflicts bool          `mapstructure:"ignore_conflicts"`
+	SkipRoutes      bool          `mapstructure:"skip_routes"`
 }

 func decodeOpts(input interface{}) (DHCPNetworkOptions, error) {