mirror/webgui
1
0
Fork 0
mirror of https://github.com/unraid/webgui.git synced 2026-05-08 05:12:14 -05:00
Code Issues Packages Projects Releases Wiki Activity

Docker: allow host access on wireless interface

Browse Source
This commit is contained in:
bergware
2025-05-08 16:00:40 +02:00
parent 582cefbfc1
commit cb42fcf436
1 changed files with 38 additions and 35 deletions
Download Patch File Download Diff File Expand all files Collapse all files
etc/rc.d/rc.docker
+38 -35
View File
@@ -10,7 +10,7 @@
# VMs, bare metal, OpenStack clusters, public clouds and more.
#
# LimeTech - modified for Unraid OS
# Bergware - modified for Unraid OS, January 2025
# Bergware - modified for Unraid OS, May 2025
DAEMON="Docker daemon"
UNSHARE="/usr/bin/unshare"
@@ -35,6 +35,11 @@ TMP=/var/tmp/network.tmp
# run & log functions
. /etc/rc.d/rc.runlog
# return interface index
index(){
cat $SYSTEM/$1/ifindex 2>/dev/null
}
# wait for interface to go up
carrier(){
local n e
@@ -213,9 +218,9 @@ container_add_route(){
local NET=${CT[1]#*[}
local LAN=${NET%:*}
if [[ $PID -gt 0 && "eth0 br0 bond0 wlan0" =~ $LAN ]]; then
local THISIP=$(ip -4 -br addr show dev $LAN scope global | awk '{print $3;exit}')
local THISIP=$(ip -4 -br addr show scope global primary dev $LAN | awk '{print $3;exit}')
for CFG in /etc/wireguard/wg*.cfg ; do
local NETWORK=$(ip -4 show route dev $LAN $THISIP | awk '{print $1;exit}')
local NETWORK=$(ip -4 show route $THISIP dev $LAN | awk '{print $1;exit}')
[[ -n $NETWORK ]] && nsenter -n -t $PID ip -4 route add $NETWORK via ${THISIP%/*} dev $LAN 2>/dev/null
done
fi
@@ -341,7 +346,7 @@ docker_network_start(){
fi
# add auto defined networks
SUBNET=; GATEWAY=; SERVER=; RANGE=;
[[ -z ${!AUTO} || ${!AUTO} =~ "4" ]] && IPV4=$(ip -4 -br addr show $NETWORK scope global | awk '{print $3;exit}') || IPV4=
[[ -z ${!AUTO} || ${!AUTO} =~ "4" ]] && IPV4=$(ip -4 -br addr show scope global primary dev $NETWORK | awk '{print $3;exit}') || IPV4=
if [[ -n $IPV4 ]]; then
SUBNET=$(ip -4 route show $IPV4 dev $NETWORK | awk '{print $1;exit}')
SERVER=${IPV4%/*}
@@ -351,7 +356,7 @@ docker_network_start(){
GATEWAY=$(ip -4 route show default dev $NETWORK | awk '{print $3;exit}')
fi
SUBNET6=; GATEWAY6=; SERVER6=;
[[ -z ${!AUTO} || ${!AUTO} =~ "6" ]] && IPV6=$(ip -6 -br addr show $NETWORK scope global -temporary -deprecated | awk '{print $3;exit}') || IPV6=
[[ -z ${!AUTO} || ${!AUTO} =~ "6" ]] && IPV6=$(ip -6 -br addr show scope global primary -deprecated dev $NETWORK | awk '{print $3;exit}') || IPV6=
if [[ -n $IPV6 ]]; then
# get IPV6 subnet, preset to /64 if single host address is given
[[ ${IPV6#*/} == 128 ]] && SUBNET6=$(echo $IPV6 | sed -r 's/^([^:]+):([^:]+):([^:]+):([^:]+).*$/\1:\2:\3:\4::\/64/') || SUBNET6=$(ip -6 route show $IPV6 dev $NETWORK | awk '{print $1;exit}')
@@ -448,48 +453,44 @@ docker_network_start(){
# hack to let containers talk to host
if [[ $TYPE == br ]]; then
LINK=shim-$NETWORK
GW=($(ip -4 route show default dev $NETWORK | awk '{print $3,$5;exit}'))
if [[ $DOCKER_ALLOW_ACCESS == yes && -n $IPV4 ]]; then
# create shim interface and copy parent IPv4 address to shim interface
NET="$IPV4 metric $((1000 - 1 + $(index $NETWORK)))"
# create shim interface
[[ -e $SYSTEM/$LINK ]] || run ip link add link $NETWORK name $LINK type $ATTACH mode $MODE
run ip addr flush dev $LINK scope global
run ip -4 addr add $IPV4 dev $LINK metric 0
# disable IPv6 on shim interface
echo 1 >$CONF6/$LINK/disable_ipv6
run ip -6 addr flush dev $LINK
# copy parent IPv4 address to shim interface
run ip addr add $NET dev $LINK
run ip link set $LINK up
if [[ -n $GW ]]; then
if [[ -z ${GW[1]} ]]; then
METRIC=1
METRICS=$(ip -4 route show default | grep -Po 'metric \K\d+')
while [[ " $METRICS " =~ " $METRIC " ]]; do ((METRIC++)); done
# update existing route to avoid conflict with shim route
run ip -4 route del default via $GW dev $NETWORK
run ip -4 route add default via $GW dev $NETWORK metric $METRIC
fi
run ip -4 route add default via $GW dev $LINK metric 0
fi
log "created network $LINK for host access"
elif [[ -e $SYSTEM/$LINK ]]; then
# remove shim interface
[[ -n $GW ]] && ip -4 route del default via $GW dev $LINK
run ip addr flush dev $LINK
run ip link set $LINK down
run ip link del $LINK
fi
elif [[ $TYPE != wlan ]]; then
else
if [[ $TYPE == wlan ]]; then
VHOST=shim-$NETWORK
INDEX=3000
else
VHOST=vhost${NETWORK//[^0-9.]/}
INDEX=1000
fi
INDEX=$(($INDEX - 1 + $(index $NETWORK)))
if [[ $DOCKER_ALLOW_ACCESS == yes && -n $IPV4 ]]; then
run ip addr flush dev $VHOST scope global
# copy IPv4 address to vhost interface
run ip -4 addr add $IPV4 dev $VHOST metric 0
# disable IPv6 on vhost interface
echo 1 >$CONF6/$VHOST/disable_ipv6
run ip -6 addr flush dev $VHOST
# copy parent IPv4 address to vhost interface
IPS="$(ip -4 -br addr show scope global dev $VHOST | awk '{$1="";$2="";print;exit}' | sed -r 's/ metric [0-9]+//g')"
[[ ! $IPS =~ $IPV4 ]] && run ip addr add $IPV4 metric $INDEX dev $VHOST
log "prepared network $VHOST for host access"
else
VHOST=vhost${NETWORK//[^0-9.]/}
if [[ -e $SYSTEM/$VHOST ]]; then
# remove IP addresses of vhost
run ip addr flush dev $VHOST scope global
# remove routing of vhost
run ip -4 route flush dev $VHOST
run ip -6 route flush dev $VHOST
# remove parent IPv4 address from vhost interface
run ip addr del $IPV4 metric $INDEX dev $VHOST
fi
fi
fi
@@ -516,23 +517,25 @@ docker_network_stop(){
fi
driver ${NIC//[0-9]/}
for NETWORK in $(network $ATTACH ${NIC//[^0-9]/}); do
[[ $STOCK =~ ${NETWORK%%[0-9]*} || $DOCKER_USER_NETWORKS != preserve ]] && docker network rm $NETWORK >/dev/null
[[ $STOCK =~ ${NETWORK%%[0-9]*} || $DOCKER_USER_NETWORKS != preserve ]] && docker network rm $NETWORK &>/dev/null
TYPE=${NETWORK//[0-9.]/}
if [[ $TYPE == br ]]; then
LINK=shim-$NETWORK
if [[ -e $SYSTEM/$LINK ]]; then
GW=$(ip -4 route show default dev $LINK | awk '{print $3;exit}')
[[ -n $GW ]] && run ip -4 route del default via $GW dev $LINK
run ip addr flush dev $LINK
run ip link set $LINK down
run ip link del $LINK
fi
else
elif [[ $TYPE != wlan ]]; then
VHOST=vhost${NETWORK//[^0-9.]/}
[[ -e $SYSTEM/$VHOST ]] && run ip addr flush dev $VHOST
fi
done
done
if [[ -e $SYSTEM/shim-wlan0 ]]; then
NET=$(ip -4 -br addr show scope global primary dev shim-wlan0 | awk '{print $3,$4,$5;exit}')
[[ -n $NET ]] && run ip addr del $NET dev shim-wlan0
fi
log "Network stopped."
}