Merge pull request #364 from bgray-sky/add_inter_container_networking

ENTDAI-732: Add inter container networking

bundle/runtime-schemas/defs-plugins.json

@@ -302,6 +302,32 @@
                                     }
                                 }
                             }
+                        },
+                        "interContainer": {
+                            "type": "array",
+                            "items": {
+                                "type": "object",
+                                "required": [
+                                    "direction",
+                                    "port"
+                                ],
+                                "properties": {
+                                    "direction": {
+                                        "type": "string",
+                                        "enum": ["in", "out"]
+                                    },
+                                    "port": {
+                                        "$ref": "defs.json#/definitions/uint16"
+                                    },
+                                    "protocol": {
+                                        "type": "string",
+                                        "enum": ["tcp", "udp"]
+                                    },
+                                    "localhostMasquerade": {
+                                        "type": "boolean"
+                                    }
+                                }
+                            }
                         }
                     }
                 }

rdkPlugins/Networking/CMakeLists.txt

@@ -32,6 +32,7 @@ add_library( ${PROJECT_NAME}
         source/TapInterface.cpp
         source/StdStreamPipe.cpp
         source/IPAllocator.cpp
+        source/InterContainerRouting.cpp
 )
 
 install(

rdkPlugins/Networking/README.md

@@ -42,6 +42,19 @@ Add the following section to your OCI runtime configuration `config.json` file t
                         "ip": "239.255.255.250",
                         "port": 1900
                     }
+                ],
+                "interContainer": [
+                    {
+                        "direction": "in",
+                        "port": 12345,
+                        "protocol": "tcp",
+                        "localhostMasquerade": true
+                    },
+                    {
+                        "direction": "out",
+                        "port": 2468,
+                        "protocol": "tcp"
+                    }
                 ]
             }
         }
@@ -214,6 +227,18 @@ Multicast forwarding requires the following to be present on the device:
 - `smcroute` version 2.4.4 or later
 
 
+### Inter-container Communication
+
+_Note: This feature is only available for `nat` network type. Both containers must use `nat` networking._
+
+The `interContainer` field allows containers to communicate. One container needs a configuration with direction `in`,
+port, and protocol to act as a server. Another container needs a configuration with the same protocol and port,
+but with direction `out` to act as a client.
+
+The `localhostMasquerade` field allows the server container to bind to localhost. For the client container, it allows
+connecting to localhost, forwarding the connection to the server container. `localhostMasquerade` is only enabled for IPv4.
+
+
 ## Settings
 
 The Networking plugin uses external interfaces defined in the Dobby settings file (default location `/etc/dobby.json`) to create iptables rules and enable port forwarding on the interfaces.

rdkPlugins/Networking/include/InterContainerRouting.h

@@ -0,0 +1,61 @@
+/*
+ * If not stated otherwise in this file or this component's LICENSE file the
+ * following copyright and licenses apply:
+ *
+ * Copyright 2025 Sky UK
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+#ifndef INTERCONTAINERROUTING_H
+#define INTERCONTAINERROUTING_H
+
+#include "Netfilter.h"
+#include "NetworkingHelper.h"
+#include "DobbyRdkPluginUtils.h"
+#include <rt_defs_plugins.h>
+
+#include <memory>
+
+
+// -----------------------------------------------------------------------------
+/**
+ *  @namespace InterContainerRouting
+ *
+ *  @brief Used to add iptables firewall rules to allow a container to either
+ *  expose a port to another container or to access a port on another container.
+ *
+ *  @see the plugin's README.md for more details on usage.
+ *
+ *  This adds the necessary rules to iptables when the container is started and
+ *  deletes them again when the container is stopped.  All the rules are tagged
+ *  (via an iptables comment) with the name of the container, this should ensure
+ *  rules are correctly added and removed.
+ *
+ */
+namespace InterContainerRouting
+{
+    bool addRules(const std::shared_ptr<Netfilter> &netfilter,
+                  const std::shared_ptr<NetworkingHelper> &helper,
+                  const std::shared_ptr<DobbyRdkPluginUtils> &utils,
+                  rt_defs_plugins_networking_data_inter_container_element * const *portConfigs,
+                  size_t numPortConfigs);
+
+    bool removeRules(const std::shared_ptr<Netfilter> &netfilter,
+                     const std::shared_ptr<NetworkingHelper> &helper,
+                     const std::shared_ptr<DobbyRdkPluginUtils> &utils,
+                     rt_defs_plugins_networking_data_inter_container_element * const *portConfigs,
+                     size_t numPortConfigs);
+};
+
+
+#endif // !defined(INTERCONTAINERROUTING_H)