From 2da61086ea0f7d06108f1ec4ba082f74d2c1c671 Mon Sep 17 00:00:00 2001
From: Madhu Venugopal <madhu@docker.com>
Date: Fri, 5 Feb 2016 18:20:22 -0800
Subject: [PATCH] Vendor libnetwork v0.6.1-rc1

- Fixes #20026. Programming iptables in container use native API.

Signed-off-by: Madhu Venugopal <madhu@docker.com>
---
 hack/vendor.sh                                      |  2 +-
 .../src/github.com/docker/libnetwork/CHANGELOG.md   |  3 +++
 .../docker/libnetwork/iptables/iptables.go          | 13 ++++++++++++-
 vendor/src/github.com/docker/libnetwork/resolver.go |  2 +-
 4 files changed, 17 insertions(+), 3 deletions(-)

diff --git a/hack/vendor.sh b/hack/vendor.sh
index ccae35efb5..a0ea6c2996 100755
--- a/hack/vendor.sh
+++ b/hack/vendor.sh
@@ -29,7 +29,7 @@ clone git github.com/RackSec/srslog 6eb773f331e46fbba8eecb8e794e635e75fc04de
 clone git github.com/imdario/mergo 0.2.1
 
 #get libnetwork packages
-clone git github.com/docker/libnetwork v0.6.0-rc7
+clone git github.com/docker/libnetwork v0.6.1-rc1
 clone git github.com/armon/go-metrics eb0af217e5e9747e41dd5303755356b62d28e3ec
 clone git github.com/hashicorp/go-msgpack 71c2886f5a673a35f909803f38ece5810165097b
 clone git github.com/hashicorp/memberlist 9a1e242e454d2443df330bdd51a436d5a9058fc4
diff --git a/vendor/src/github.com/docker/libnetwork/CHANGELOG.md b/vendor/src/github.com/docker/libnetwork/CHANGELOG.md
index a47d5fa707..1735a29938 100644
--- a/vendor/src/github.com/docker/libnetwork/CHANGELOG.md
+++ b/vendor/src/github.com/docker/libnetwork/CHANGELOG.md
@@ -1,5 +1,8 @@
 # Changelog
 
+## 0.6.1-rc1 (2016-02-05)
+- Fixes https://github.com/docker/docker/issues/20026
+
 ## 0.6.0-rc7 (2016-02-01)
 - Allow inter-network connections via exposed ports
 
diff --git a/vendor/src/github.com/docker/libnetwork/iptables/iptables.go b/vendor/src/github.com/docker/libnetwork/iptables/iptables.go
index b97292225f..ca07893888 100644
--- a/vendor/src/github.com/docker/libnetwork/iptables/iptables.go
+++ b/vendor/src/github.com/docker/libnetwork/iptables/iptables.go
@@ -325,9 +325,11 @@ func Raw(args ...string) ([]byte, error) {
 		if err == nil || !strings.Contains(err.Error(), "was not provided by any .service files") {
 			return output, err
 		}
-
 	}
+	return raw(args...)
+}
 
+func raw(args ...string) ([]byte, error) {
 	if err := initCheck(); err != nil {
 		return nil, err
 	}
@@ -362,6 +364,15 @@ func RawCombinedOutput(args ...string) error {
 	return nil
 }
 
+// RawCombinedOutputNative behave as RawCombinedOutput with the difference it
+// will always invoke `iptables` binary
+func RawCombinedOutputNative(args ...string) error {
+	if output, err := raw(args...); err != nil || len(output) != 0 {
+		return fmt.Errorf("%s (%v)", string(output), err)
+	}
+	return nil
+}
+
 // ExistChain checks if a chain exists
 func ExistChain(chain string, table Table) bool {
 	if _, err := Raw("-t", string(table), "-L", chain); err == nil {
diff --git a/vendor/src/github.com/docker/libnetwork/resolver.go b/vendor/src/github.com/docker/libnetwork/resolver.go
index a839298491..01d3483f08 100644
--- a/vendor/src/github.com/docker/libnetwork/resolver.go
+++ b/vendor/src/github.com/docker/libnetwork/resolver.go
@@ -95,7 +95,7 @@ func (r *resolver) SetupFunc() func() {
 		}
 
 		for _, rule := range rules {
-			r.err = iptables.RawCombinedOutput(rule...)
+			r.err = iptables.RawCombinedOutputNative(rule...)
 			if r.err != nil {
 				return
 			}