From 359668452f1019d752487f629f5e2e356d830240 Mon Sep 17 00:00:00 2001
From: Kay Yan <kay.yan@daocloud.io>
Date: Wed, 25 Oct 2023 14:05:46 +0000
Subject: [PATCH] support ip-masq option

Signed-off-by: Kay Yan <kay.yan@daocloud.io>
---
 pkg/netutil/netutil_unix.go | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/pkg/netutil/netutil_unix.go b/pkg/netutil/netutil_unix.go
index 0e6c7b6c9b5..b75bf62a6c4 100644
--- a/pkg/netutil/netutil_unix.go
+++ b/pkg/netutil/netutil_unix.go
@@ -25,6 +25,7 @@ import (
 	"net"
 	"os/exec"
 	"path/filepath"
+	"strconv"
 	"strings"
 
 	"github.com/Masterminds/semver/v3"
@@ -94,6 +95,7 @@ func (e *CNIEnv) generateCNIPlugins(driver string, name string, ipam map[string]
 	switch driver {
 	case "bridge":
 		mtu := 0
+		iPMasq := true
 		for opt, v := range opts {
 			switch opt {
 			case "mtu", "com.docker.network.driver.mtu":
@@ -101,6 +103,11 @@ func (e *CNIEnv) generateCNIPlugins(driver string, name string, ipam map[string]
 				if err != nil {
 					return nil, err
 				}
+			case "ip-masq", "com.docker.network.bridge.enable_ip_masquerade":
+				iPMasq, err = strconv.ParseBool(v)
+				if err != nil {
+					return nil, err
+				}
 			default:
 				return nil, fmt.Errorf("unsupported %q network option %q", driver, opt)
 			}
@@ -114,7 +121,7 @@ func (e *CNIEnv) generateCNIPlugins(driver string, name string, ipam map[string]
 		bridge.MTU = mtu
 		bridge.IPAM = ipam
 		bridge.IsGW = true
-		bridge.IPMasq = true
+		bridge.IPMasq = iPMasq
 		bridge.HairpinMode = true
 		plugins = []CNIPlugin{bridge, newPortMapPlugin(), newFirewallPlugin(), newTuningPlugin()}
 		plugins = fixUpIsolation(e, name, plugins)