From 1be540b99bdf7557d4c3183b822b5bea230b0141 Mon Sep 17 00:00:00 2001
From: Alessandro Boch <aboch@docker.com>
Date: Wed, 21 Oct 2015 09:10:21 -0700
Subject: [PATCH 1/2] Vendoring in libnetwork for the anonymous endpoint

- commit f3c8ebf46b890d4612c5d98e792280d13abdb761

Signed-off-by: Alessandro Boch <aboch@docker.com>
---
 hack/vendor.sh                                |  2 +-
 .../github.com/docker/libnetwork/endpoint.go  | 21 +++++++++++++++++++
 .../github.com/docker/libnetwork/network.go   |  4 ++++
 3 files changed, 26 insertions(+), 1 deletion(-)

diff --git a/hack/vendor.sh b/hack/vendor.sh
index c10040165f..44cf833b61 100755
--- a/hack/vendor.sh
+++ b/hack/vendor.sh
@@ -21,7 +21,7 @@ clone git github.com/vdemeester/shakers 3c10293ce22b900c27acad7b28656196fcc2f73b
 clone git golang.org/x/net 3cffabab72adf04f8e3b01c5baf775361837b5fe https://github.com/golang/net.git
 
 #get libnetwork packages
-clone git github.com/docker/libnetwork 0d7a57ddb94a92a57755eec5dc54f905287c7e65
+clone git github.com/docker/libnetwork f3c8ebf46b890d4612c5d98e792280d13abdb761
 clone git github.com/armon/go-metrics eb0af217e5e9747e41dd5303755356b62d28e3ec
 clone git github.com/hashicorp/go-msgpack 71c2886f5a673a35f909803f38ece5810165097b
 clone git github.com/hashicorp/memberlist 9a1e242e454d2443df330bdd51a436d5a9058fc4
diff --git a/vendor/src/github.com/docker/libnetwork/endpoint.go b/vendor/src/github.com/docker/libnetwork/endpoint.go
index fdd0bf6641..b9933953a5 100644
--- a/vendor/src/github.com/docker/libnetwork/endpoint.go
+++ b/vendor/src/github.com/docker/libnetwork/endpoint.go
@@ -57,6 +57,7 @@ type endpoint struct {
 	joinInfo      *endpointJoinInfo
 	sandboxID     string
 	exposedPorts  []types.TransportPort
+	anonymous     bool
 	generic       map[string]interface{}
 	joinLeaveDone chan struct{}
 	dbIndex       uint64
@@ -77,6 +78,7 @@ func (ep *endpoint) MarshalJSON() ([]byte, error) {
 		epMap["generic"] = ep.generic
 	}
 	epMap["sandbox"] = ep.sandboxID
+	epMap["anonymous"] = ep.anonymous
 	return json.Marshal(epMap)
 }
 
@@ -105,6 +107,10 @@ func (ep *endpoint) UnmarshalJSON(b []byte) (err error) {
 	if v, ok := epMap["generic"]; ok {
 		ep.generic = v.(map[string]interface{})
 	}
+
+	if v, ok := epMap["anonymous"]; ok {
+		ep.anonymous = v.(bool)
+	}
 	return nil
 }
 
@@ -122,6 +128,7 @@ func (ep *endpoint) CopyTo(o datastore.KVObject) error {
 	dstEp.sandboxID = ep.sandboxID
 	dstEp.dbIndex = ep.dbIndex
 	dstEp.dbExists = ep.dbExists
+	dstEp.anonymous = ep.anonymous
 
 	if ep.iface != nil {
 		dstEp.iface = &endpointInterface{}
@@ -161,6 +168,12 @@ func (ep *endpoint) Network() string {
 	return ep.network.name
 }
 
+func (ep *endpoint) isAnonymous() bool {
+	ep.Lock()
+	defer ep.Unlock()
+	return ep.anonymous
+}
+
 // endpoint Key structure : endpoint/network-id/endpoint-id
 func (ep *endpoint) Key() []string {
 	if ep.network == nil {
@@ -603,6 +616,14 @@ func CreateOptionPortMapping(portBindings []types.PortBinding) EndpointOption {
 	}
 }
 
+// CreateOptionAnonymous function returns an option setter for setting
+// this endpoint as anonymous
+func CreateOptionAnonymous() EndpointOption {
+	return func(ep *endpoint) {
+		ep.anonymous = true
+	}
+}
+
 // JoinOptionPriority function returns an option setter for priority option to
 // be passed to the endpoint.Join() method.
 func JoinOptionPriority(ep Endpoint, prio int) EndpointOption {
diff --git a/vendor/src/github.com/docker/libnetwork/network.go b/vendor/src/github.com/docker/libnetwork/network.go
index 7b14fc830b..69b0e755a7 100644
--- a/vendor/src/github.com/docker/libnetwork/network.go
+++ b/vendor/src/github.com/docker/libnetwork/network.go
@@ -753,6 +753,10 @@ func (n *network) EndpointByID(id string) (Endpoint, error) {
 }
 
 func (n *network) updateSvcRecord(ep *endpoint, localEps []*endpoint, isAdd bool) {
+	if ep.isAnonymous() {
+		return
+	}
+
 	c := n.getController()
 	sr, ok := c.svcDb[n.ID()]
 	if !ok {

From 20faaaa872444b6fffbc5a6d30310a782caafe0f Mon Sep 17 00:00:00 2001
From: Alessandro Boch <aboch@docker.com>
Date: Thu, 22 Oct 2015 08:41:50 -0700
Subject: [PATCH 2/2] Turn off service discovery when icc==false

- Turn off built-in service discovery on docker0 bridge
  when icc is false

Signed-off-by: Alessandro Boch <aboch@docker.com>
---
 daemon/container_unix.go                      |  8 +-
 .../docker_cli_network_unix_test.go           | 77 +++++++++++++++++++
 2 files changed, 83 insertions(+), 2 deletions(-)

diff --git a/daemon/container_unix.go b/daemon/container_unix.go
index 5864e7db7f..d7e9be7b09 100644
--- a/daemon/container_unix.go
+++ b/daemon/container_unix.go
@@ -777,7 +777,7 @@ func (container *Container) updateNetwork() error {
 	return nil
 }
 
-func (container *Container) buildCreateEndpointOptions() ([]libnetwork.EndpointOption, error) {
+func (container *Container) buildCreateEndpointOptions(n libnetwork.Network) ([]libnetwork.EndpointOption, error) {
 	var (
 		portSpecs     = make(nat.PortSet)
 		bindings      = make(nat.PortMap)
@@ -855,6 +855,10 @@ func (container *Container) buildCreateEndpointOptions() ([]libnetwork.EndpointO
 		createOptions = append(createOptions, libnetwork.EndpointOptionGeneric(genericOption))
 	}
 
+	if n.Name() == "bridge" && !container.daemon.config().Bridge.InterContainerCommunication {
+		createOptions = append(createOptions, libnetwork.CreateOptionAnonymous())
+	}
+
 	return createOptions, nil
 }
 
@@ -944,7 +948,7 @@ func (container *Container) connectToNetwork(idOrName string, updateSettings boo
 		return err
 	}
 
-	createOptions, err := container.buildCreateEndpointOptions()
+	createOptions, err := container.buildCreateEndpointOptions(n)
 	if err != nil {
 		return err
 	}
diff --git a/integration-cli/docker_cli_network_unix_test.go b/integration-cli/docker_cli_network_unix_test.go
index 0df5236b98..f5a3674ea7 100644
--- a/integration-cli/docker_cli_network_unix_test.go
+++ b/integration-cli/docker_cli_network_unix_test.go
@@ -384,3 +384,80 @@ func (s *DockerNetworkSuite) TestDockerNetworkDriverOptions(c *check.C) {
 	dockerCmd(c, "network", "rm", "testopt")
 
 }
+
+func (s *DockerDaemonSuite) TestDockerNetworkDiscoveryICCFalse(c *check.C) {
+	// When icc == false, containers' etc/hosts should not be populated with containers' names
+	hostsFile := "/etc/hosts"
+	bridgeName := "external-bridge"
+	bridgeIP := "192.169.255.254/24"
+	out, err := createInterface(c, "bridge", bridgeName, bridgeIP)
+	c.Assert(err, check.IsNil, check.Commentf(out))
+	defer deleteInterface(c, bridgeName)
+
+	err = s.d.StartWithBusybox("--bridge", bridgeName, "--icc=false")
+	c.Assert(err, check.IsNil)
+	defer s.d.Restart()
+
+	// run two containers and store first container's etc/hosts content
+	out, err = s.d.Cmd("run", "-d", "busybox", "top")
+	c.Assert(err, check.IsNil)
+	cid1 := strings.TrimSpace(out)
+	defer s.d.Cmd("stop", cid1)
+
+	hosts, err := s.d.Cmd("exec", cid1, "cat", hostsFile)
+	c.Assert(err, checker.IsNil)
+
+	out, err = s.d.Cmd("run", "-d", "busybox", "top")
+	c.Assert(err, check.IsNil)
+	cid2 := strings.TrimSpace(out)
+
+	// verify first container's etc/hosts file has not changed after spawning second container
+	hostsPost, err := s.d.Cmd("exec", cid1, "cat", hostsFile)
+	c.Assert(err, checker.IsNil)
+	c.Assert(string(hosts), checker.Equals, string(hostsPost),
+		check.Commentf("Unexpected %s change on second container creation", hostsFile))
+
+	// stop container 2 and verify first container's etc/hosts has not changed
+	_, err = s.d.Cmd("stop", cid2)
+	c.Assert(err, check.IsNil)
+
+	hostsPost, err = s.d.Cmd("exec", cid1, "cat", hostsFile)
+	c.Assert(err, checker.IsNil)
+	c.Assert(string(hosts), checker.Equals, string(hostsPost),
+		check.Commentf("Unexpected %s change on second container creation", hostsFile))
+
+	// but discovery is on when connecting to non default bridge network
+	network := "anotherbridge"
+	out, err = s.d.Cmd("network", "create", network)
+	c.Assert(err, check.IsNil, check.Commentf(out))
+	defer s.d.Cmd("network", "rm", network)
+
+	out, err = s.d.Cmd("network", "connect", network, cid1)
+	c.Assert(err, check.IsNil, check.Commentf(out))
+
+	hostsPost, err = s.d.Cmd("exec", cid1, "cat", hostsFile)
+	c.Assert(err, checker.IsNil)
+	c.Assert(string(hosts), checker.Equals, string(hostsPost),
+		check.Commentf("Unexpected %s change on second network connection", hostsFile))
+
+	cName := "container3"
+	out, err = s.d.Cmd("run", "-d", "--net", network, "--name", cName, "busybox", "top")
+	c.Assert(err, check.IsNil, check.Commentf(out))
+	cid3 := strings.TrimSpace(out)
+	defer s.d.Cmd("stop", cid3)
+
+	// container1 etc/hosts file should contain an entry for the third container
+	hostsPost, err = s.d.Cmd("exec", cid1, "cat", hostsFile)
+	c.Assert(err, checker.IsNil)
+	c.Assert(string(hostsPost), checker.Contains, cName,
+		check.Commentf("Container 1  %s file does not contain entries for named container %q: %s", hostsFile, cName, string(hostsPost)))
+
+	// on container3 disconnect, first container's etc/hosts should go back to original form
+	out, err = s.d.Cmd("network", "disconnect", network, cid3)
+	c.Assert(err, check.IsNil, check.Commentf(out))
+
+	hostsPost, err = s.d.Cmd("exec", cid1, "cat", hostsFile)
+	c.Assert(err, checker.IsNil)
+	c.Assert(string(hosts), checker.Equals, string(hostsPost),
+		check.Commentf("Unexpected %s content after disconnecting from second network", hostsFile))
+}