From 161c12142594d602ed46ef7601a57e3761d52f99 Mon Sep 17 00:00:00 2001
From: Alessandro Boch <aboch@docker.com>
Date: Wed, 14 Sep 2016 14:46:05 -0700
Subject: [PATCH] Vendoring libnetwork @c8ce8c7

Signed-off-by: Alessandro Boch <aboch@docker.com>
---
 hack/vendor.sh                                |  2 +-
 .../docker/libnetwork/bitseq/sequence.go      |  2 +-
 .../docker/libnetwork/controller.go           | 12 ++++++++
 .../docker/libnetwork/portmapper/mapper.go    | 14 +++++----
 .../github.com/docker/libnetwork/resolver.go  | 15 ++++++++++
 .../github.com/docker/libnetwork/sandbox.go   |  1 +
 .../docker/libnetwork/sandbox_dns_unix.go     | 30 +++++++++++++++++--
 7 files changed, 67 insertions(+), 9 deletions(-)

diff --git a/hack/vendor.sh b/hack/vendor.sh
index 5efd4a444b..a21de73055 100755
--- a/hack/vendor.sh
+++ b/hack/vendor.sh
@@ -71,7 +71,7 @@ clone git github.com/RackSec/srslog 259aed10dfa74ea2961eddd1d9847619f6e98837
 clone git github.com/imdario/mergo 0.2.1
 
 #get libnetwork packages
-clone git github.com/docker/libnetwork 51d88e9ae63f4164f3678fe74feda89d6990befa
+clone git github.com/docker/libnetwork c8ce8c78b46da08976cfb817011ca5cb97adb576
 clone git github.com/docker/go-events 18b43f1bc85d9cdd42c05a6cd2d444c7a200a894
 clone git github.com/armon/go-radix e39d623f12e8e41c7b5529e9a9dd67a1e2261f80
 clone git github.com/armon/go-metrics eb0af217e5e9747e41dd5303755356b62d28e3ec
diff --git a/vendor/src/github.com/docker/libnetwork/bitseq/sequence.go b/vendor/src/github.com/docker/libnetwork/bitseq/sequence.go
index 550bcbb825..fb99944098 100644
--- a/vendor/src/github.com/docker/libnetwork/bitseq/sequence.go
+++ b/vendor/src/github.com/docker/libnetwork/bitseq/sequence.go
@@ -197,7 +197,7 @@ func (h *Handle) getCopy() *Handle {
 
 // SetAnyInRange atomically sets the first unset bit in the specified range in the sequence and returns the corresponding ordinal
 func (h *Handle) SetAnyInRange(start, end uint64) (uint64, error) {
-	if end-start <= 0 || end >= h.bits {
+	if end < start || end >= h.bits {
 		return invalidPos, fmt.Errorf("invalid bit range [%d, %d]", start, end)
 	}
 	if h.Unselected() == 0 {
diff --git a/vendor/src/github.com/docker/libnetwork/controller.go b/vendor/src/github.com/docker/libnetwork/controller.go
index b2499dc7f5..c63535d1b8 100644
--- a/vendor/src/github.com/docker/libnetwork/controller.go
+++ b/vendor/src/github.com/docker/libnetwork/controller.go
@@ -52,6 +52,7 @@ import (
 
 	log "github.com/Sirupsen/logrus"
 	"github.com/docker/docker/pkg/discovery"
+	"github.com/docker/docker/pkg/locker"
 	"github.com/docker/docker/pkg/plugins"
 	"github.com/docker/docker/pkg/stringid"
 	"github.com/docker/libnetwork/cluster"
@@ -149,6 +150,7 @@ type controller struct {
 	ingressSandbox         *sandbox
 	sboxOnce               sync.Once
 	agent                  *agent
+	networkLocker          *locker.Locker
 	agentInitDone          chan struct{}
 	keys                   []*types.EncryptionKey
 	clusterConfigAvailable bool
@@ -169,6 +171,7 @@ func New(cfgOptions ...config.Option) (NetworkController, error) {
 		svcRecords:      make(map[string]svcInfo),
 		serviceBindings: make(map[serviceKey]*service),
 		agentInitDone:   make(chan struct{}),
+		networkLocker:   locker.New(),
 	}
 
 	if err := c.initStores(); err != nil {
@@ -614,6 +617,15 @@ func (c *controller) RegisterDriver(networkType string, driver driverapi.Driver,
 // NewNetwork creates a new network of the specified network type. The options
 // are network specific and modeled in a generic way.
 func (c *controller) NewNetwork(networkType, name string, id string, options ...NetworkOption) (Network, error) {
+	if id != "" {
+		c.networkLocker.Lock(id)
+		defer c.networkLocker.Unlock(id)
+
+		if _, err := c.NetworkByID(id); err == nil {
+			return nil, NetworkNameError(id)
+		}
+	}
+
 	if !config.IsValidName(name) {
 		return nil, ErrInvalidName(name)
 	}
diff --git a/vendor/src/github.com/docker/libnetwork/portmapper/mapper.go b/vendor/src/github.com/docker/libnetwork/portmapper/mapper.go
index 0bf7630557..6a1bb08ffb 100644
--- a/vendor/src/github.com/docker/libnetwork/portmapper/mapper.go
+++ b/vendor/src/github.com/docker/libnetwork/portmapper/mapper.go
@@ -134,16 +134,20 @@ func (pm *PortMapper) MapRange(container net.Addr, hostIP net.IP, hostPortStart,
 	}
 
 	containerIP, containerPort := getIPAndPort(m.container)
-	if err := pm.forward(iptables.Append, m.proto, hostIP, allocatedHostPort, containerIP.String(), containerPort); err != nil {
-		return nil, err
+	if hostIP.To4() != nil {
+		if err := pm.forward(iptables.Append, m.proto, hostIP, allocatedHostPort, containerIP.String(), containerPort); err != nil {
+			return nil, err
+		}
 	}
 
 	cleanup := func() error {
 		// need to undo the iptables rules before we return
 		m.userlandProxy.Stop()
-		pm.forward(iptables.Delete, m.proto, hostIP, allocatedHostPort, containerIP.String(), containerPort)
-		if err := pm.Allocator.ReleasePort(hostIP, m.proto, allocatedHostPort); err != nil {
-			return err
+		if hostIP.To4() != nil {
+			pm.forward(iptables.Delete, m.proto, hostIP, allocatedHostPort, containerIP.String(), containerPort)
+			if err := pm.Allocator.ReleasePort(hostIP, m.proto, allocatedHostPort); err != nil {
+				return err
+			}
 		}
 
 		return nil
diff --git a/vendor/src/github.com/docker/libnetwork/resolver.go b/vendor/src/github.com/docker/libnetwork/resolver.go
index b9eb4f3ff2..fcb1a00a02 100644
--- a/vendor/src/github.com/docker/libnetwork/resolver.go
+++ b/vendor/src/github.com/docker/libnetwork/resolver.go
@@ -325,6 +325,21 @@ func (r *resolver) ServeDNS(w dns.ResponseWriter, query *dns.Msg) {
 		return
 	}
 
+	// If the user sets ndots > 0 explicitly and the query is
+	// in the root domain don't forward it out. We will return
+	// failure and let the client retry with the search domain
+	// attached
+	if resp == nil {
+		switch query.Question[0].Qtype {
+		case dns.TypeA:
+			fallthrough
+		case dns.TypeAAAA:
+			if r.sb.ndotsSet && !strings.Contains(strings.TrimSuffix(name, "."), ".") {
+				resp = createRespMsg(query)
+			}
+		}
+	}
+
 	proto := w.LocalAddr().Network()
 	maxSize := 0
 	if proto == "tcp" {
diff --git a/vendor/src/github.com/docker/libnetwork/sandbox.go b/vendor/src/github.com/docker/libnetwork/sandbox.go
index 4367518d70..ed439ff608 100644
--- a/vendor/src/github.com/docker/libnetwork/sandbox.go
+++ b/vendor/src/github.com/docker/libnetwork/sandbox.go
@@ -86,6 +86,7 @@ type sandbox struct {
 	isStub             bool
 	inDelete           bool
 	ingress            bool
+	ndotsSet           bool
 	sync.Mutex
 }
 
diff --git a/vendor/src/github.com/docker/libnetwork/sandbox_dns_unix.go b/vendor/src/github.com/docker/libnetwork/sandbox_dns_unix.go
index 0c649a9b9e..cd9e66224f 100644
--- a/vendor/src/github.com/docker/libnetwork/sandbox_dns_unix.go
+++ b/vendor/src/github.com/docker/libnetwork/sandbox_dns_unix.go
@@ -8,6 +8,8 @@ import (
 	"os"
 	"path"
 	"path/filepath"
+	"strconv"
+	"strings"
 
 	log "github.com/Sirupsen/logrus"
 	"github.com/docker/libnetwork/etchosts"
@@ -313,8 +315,32 @@ func (sb *sandbox) rebuildDNS() error {
 	// external v6 DNS servers has to be listed in resolv.conf
 	dnsList = append(dnsList, resolvconf.GetNameservers(currRC.Content, types.IPv6)...)
 
-	// Resolver returns the options in the format resolv.conf expects
-	dnsOptionsList = append(dnsOptionsList, sb.resolver.ResolverOptions()...)
+	// If the user config and embedded DNS server both have ndots option set,
+	// remember the user's config so that unqualified names not in the docker
+	// domain can be dropped.
+	resOptions := sb.resolver.ResolverOptions()
+
+dnsOpt:
+	for _, resOpt := range resOptions {
+		if strings.Contains(resOpt, "ndots") {
+			for _, option := range dnsOptionsList {
+				if strings.Contains(option, "ndots") {
+					parts := strings.Split(option, ":")
+					if len(parts) != 2 {
+						return fmt.Errorf("invalid ndots option %v", option)
+					}
+					if num, err := strconv.Atoi(parts[1]); err != nil {
+						return fmt.Errorf("invalid number for ndots option %v", option)
+					} else if num > 0 {
+						sb.ndotsSet = true
+						break dnsOpt
+					}
+				}
+			}
+		}
+	}
+
+	dnsOptionsList = append(dnsOptionsList, resOptions...)
 
 	_, err = resolvconf.Build(sb.config.resolvConfPath, dnsList, dnsSearchList, dnsOptionsList)
 	return err