Conversation
robmry
force-pushed
the
nftables
branch
15 times, most recently
from
ad3325d to
c3b1124
Compare
robmry
force-pushed
the
nftables
branch
2 times, most recently
from
4b945e2 to
a661ebb
Compare
robmry
force-pushed
the
nftables
branch
8 times, most recently
from
3ab54b1 to
110aa76
Compare
robmry
force-pushed
the
nftables
branch
4 times, most recently
from
0462576 to
496c108
Compare
robmry
force-pushed
the
nftables
branch
4 times, most recently
from
11bb82a to
558c534
Compare
robmry
force-pushed
the
nftables
branch
3 times, most recently
from
840d405 to
04d6a1d
Compare
robmry
force-pushed
the
nftables
branch
10 times, most recently
from
4222321 to
3207295
Compare
robmry
force-pushed
the
nftables
branch
2 times, most recently
from
176ebf3 to
97caa67
Compare
Make base chain priorities in the bridge's nftables tables
configurable.
For example, in daemon.json:
"bridge-nftables-priorities": {
"filter-FORWARD": "3",
"nat-POSTROUTING": "101",
"nat-PREROUTING": "-101",
"nat-OUTPUT": "-102",
"raw-PREROUTING": "-301"
},
Or, on the command line:
dockerd --bridge-nftables-priority filter-FORWARD=3 ...
Signed-off-by: Rob Murray <rob.murray@docker.com>
Signed-off-by: Rob Murray <rob.murray@docker.com>
Add nftables.Modifier, to hold a queue of commands that can be applied using Modifier.Apply. No updates are made to the underlying Table until Apply is called, errors in the queue if commands are deferred until Apply. This has the advantages that: - less error handling is needed in code that generates update commands - it's transactional, without needing explicit transactions Minor disadvantages are that it's slightly more difficult to debug updates, as it's no longer possible to step through the call making an update to the Table manipulation in a debugger - and errors in the command, and errors like trying to update a nonexistent chain/set/vmap, deleting an object that doesn't exist or creating a duplicate are not reported until the updates are applied (so, it's a little less clear where the update came from). Signed-off-by: Rob Murray <rob.murray@docker.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
- What I did
- How I did it
- How to verify it
- Human readable description for the release notes
- A picture of a cute animal (not mandatory but encouraged)