kotovalexarian-likes-github/moby--moby
1
0
Fork 0
mirror of https://github.com/moby/moby.git synced 2022-11-09 12:21:53 -05:00
Code Releases Activity

Deallocate port before trying to delete iptables chain

Browse source 
Fixes #7954
Signed-off-by: Alexandr Morozov <lk4d4math@gmail.com>
This commit is contained in:
Alexandr Morozov 2014-09-09 16:47:25 +04:00
parent f1095b801e
commit 2e7cf6b0ce
2 changed files with 31 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
daemon/networkdriver/portmapper/mapper.go
View file

@ -4,11 +4,11 @@ import (
"errors" "errors"
"fmt" "fmt"
"net" "net"
"strings"
"sync" "sync"
"github.com/docker/docker/daemon/networkdriver/portallocator" "github.com/docker/docker/daemon/networkdriver/portallocator"
"github.com/docker/docker/pkg/iptables" "github.com/docker/docker/pkg/iptables"
"github.com/docker/docker/pkg/log"
) )
type mapping struct { type mapping struct {
@ -127,10 +127,7 @@ func Unmap(host net.Addr) error {
containerIP, containerPort := getIPAndPort(data.container) containerIP, containerPort := getIPAndPort(data.container)
hostIP, hostPort := getIPAndPort(data.host) hostIP, hostPort := getIPAndPort(data.host)
if err := forward(iptables.Delete, data.proto, hostIP, hostPort, containerIP.String(), containerPort); err != nil { if err := forward(iptables.Delete, data.proto, hostIP, hostPort, containerIP.String(), containerPort); err != nil {
// skip "no chain" errors because we can safely release port in this case log.Errorf("Error on iptables delete: %s", err)
if !strings.Contains(err.Error(), "No chain/target/match by that name") {
return err
}
} }
switch a := host.(type) { switch a := host.(type) {
@ -139,7 +136,6 @@ func Unmap(host net.Addr) error {
case *net.UDPAddr: case *net.UDPAddr:
return portallocator.ReleasePort(a.IP, "udp", a.Port) return portallocator.ReleasePort(a.IP, "udp", a.Port)
} }
return nil return nil
} }

29
integration-cli/docker_cli_run_test.go
View file

@ -1846,3 +1846,32 @@ func TestRunNetworkNotInitializedNoneMode(t *testing.T) {
deleteAllContainers() deleteAllContainers()
logDone("run - network must not be initialized in 'none' mode") logDone("run - network must not be initialized in 'none' mode")
} }
func TestRunDeallocatePortOnMissingIptablesRule(t *testing.T) {
cmd := exec.Command(dockerBinary, "run", "-d", "-p", "23:23", "busybox", "top")
out, _, err := runCommandWithOutput(cmd)
if err != nil {
t.Fatal(err)
}
id := strings.TrimSpace(out)
ip, err := inspectField(id, "NetworkSettings.IPAddress")
if err != nil {
t.Fatal(err)
}
iptCmd := exec.Command("iptables", "-D", "FORWARD", "-d", fmt.Sprintf("%s/32", ip),
"!", "-i", "docker0", "-o", "docker0", "-p", "tcp", "-m", "tcp", "--dport", "23", "-j", "ACCEPT")
out, _, err = runCommandWithOutput(iptCmd)
if err != nil {
t.Fatal(err, out)
}
if err := deleteContainer(id); err != nil {
t.Fatal(err)
}
cmd = exec.Command(dockerBinary, "run", "-d", "-p", "23:23", "busybox", "top")
out, _, err = runCommandWithOutput(cmd)
if err != nil {
t.Fatal(err, out)
}
deleteAllContainers()
logDone("run - port should be deallocated even on iptables error")
}