The VPN interface is configure with a routing metric of 199. If VPN mode
is enabled and we have static IP address configured (which is what we do
on Windows) then all traffic would still go via eth0 and not, as expected,
via the VPN interface.
With this PR we set the metric for eth1 to 200, thus, if VPN mode enabled
traffic will be routed over the VPN interface.
This fix is a bit Uggh, but it's the simplest way to apply this late in the
release cycle without requiring re-run of all OS X tests.
We should fix this properly after this release.
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
Allow the host to configure a static IP address for eth0 by setting the
following DB keys:
- net/config: "static" (default or not set -> dhcp)
- net/address: IP address
- net/netmask: netmask in dot notation
- net/gateway: default gateway
Also allow overwriting/setting "/etc/resolve.conf" by writing to
the "etc/resolv.conf" key.
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
Added a patch to reduce verbosity of vmbus for unknown GUIDs.
Thes happen on every Hyper-V socket connection.
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
When running in VPN mode eth0 and eth1 have default routes, but
eth1 has the lowest metric. However the host CIFS server can
only be contacted via eth0, so always use the eth0 address.
Signed-off-by: David Scott <dave.scott@docker.com>
We now tell the 9P server
proto1:ip1:port1:<address for forwarding>
which means please listen on proto1:ip1:port1, then connect to the port
proxy in Moby and tell it the connection is for <address for forwarding>.
Note this requires a corresponding change in hostnet/vpnkit.
Signed-off-by: David Scott <dave.scott@docker.com>
On a Hyper-V system we can only register one listening endpoint (with
a GUID), so we need to accept connections, read a header and then
start the proxy.
If the binary has argv[0] == "proxy-vsockd" then run this new frontend.
Signed-off-by: David Scott <dave.scott@docker.com>
The tap-vsockd service is started from eth1's pre-up script.
On the Mac: the bind of the AF_HYPERV socket fails, and eth1 is skipped.
On Windows: if there is no database then eth1 is skipped.
On Windows: if the database has network=native then eth1 is brought up.
Signed-off-by: David Scott <dave.scott@docker.com>
We detect Hyper-V by the presence of /sys/bus/vmbus and then run the
/sbin/9pmount-vsock command to establish a socket connection and then
pass the fd to /bin/mount
This patch also hard-codes the database directory
com.docker.driver.amd64-linux
since we can't use the kernel commandline on Hyper-V hosts. It would
probably be better to expose a generic directory name ( / ?) on all
platforms and configure the datbase to store each VM's configuration
in a different directory.
Signed-off-by: David Scott <dave.scott@docker.com>
In `connect` mode the client looping calling `connect` and `close` on a timer.
This could result in the server accepting the connection and the client accidentally
closing it immediately. This patch makes `tap-vsockd` keep trying to (re-)establish
the connection. Note that daemonization is delayed until after the first successful
negotiation, so attempts to send a packet afterwards should succeed.
Signed-off-by: David Scott <dave.scott@docker.com>
Our convention is to print command-line parse failures to the terminal
to allow easier interactive debugging, rather than sending them to
the syslog.
Signed-off-by: David Scott <dave.scott@docker.com>
We daemonize after checking the command-line and binding/connecting
the socket and creating the tap device. Only the ethernet frame
processing happens afterwards.
This patch also includes a new well-known service GUID for the
VPN-proxy ethernet service.
Signed-off-by: David Scott <dave.scott@docker.com>
Older versions of the Linux AF_HVSOCK can only accept() as they
don't allow connections to the parent partition. Support both
modes for now.
Signed-off-by: David Scott <dave.scott@docker.com>
The vmnet protocol expects to tell the client what the MAC address is.
This patch sets it on the TAP device.
Signed-off-by: David Scott <dave.scott@docker.com>
