From 4ddebbe77f15da13f2f7736859cfc1939858d1a8 Mon Sep 17 00:00:00 2001 From: John Howard Date: Tue, 11 Sep 2018 14:43:09 -0700 Subject: [PATCH] Vendor libnetwork @ 36d3bed0e9 Signed-off-by: John Howard --- hack/dockerfile/install/proxy.installer | 2 +- vendor.conf | 2 +- .../docker/libnetwork/bitseq/sequence.go | 2 +- .../docker/libnetwork/diagnostic/server.go | 2 +- .../libnetwork/drivers/bridge/bridge.go | 2 +- .../drivers/ipvlan/ipvlan_endpoint.go | 2 +- .../github.com/docker/libnetwork/ipvs/ipvs.go | 16 +++--- .../docker/libnetwork/ipvs/netlink.go | 4 ++ .../docker/libnetwork/ns/init_windows.go | 3 + .../docker/libnetwork/osl/interface_linux.go | 2 +- .../docker/libnetwork/osl/namespace_linux.go | 2 +- .../libnetwork/portallocator/portallocator.go | 2 + .../portallocator/portallocator_windows.go | 1 + .../docker/libnetwork/resolver_unix.go | 2 +- .../docker/libnetwork/service_linux.go | 56 +++++++++++++------ .../github.com/docker/libnetwork/vendor.conf | 9 ++- 16 files changed, 71 insertions(+), 38 deletions(-) create mode 100644 vendor/github.com/docker/libnetwork/ns/init_windows.go create mode 100644 vendor/github.com/docker/libnetwork/portallocator/portallocator_windows.go diff --git a/hack/dockerfile/install/proxy.installer b/hack/dockerfile/install/proxy.installer index ed9ab53632..54002cb798 100755 --- a/hack/dockerfile/install/proxy.installer +++ b/hack/dockerfile/install/proxy.installer @@ -3,7 +3,7 @@ # LIBNETWORK_COMMIT is used to build the docker-userland-proxy binary. When # updating the binary version, consider updating github.com/docker/libnetwork # in vendor.conf accordingly -LIBNETWORK_COMMIT=f30a35b091cc2a431ef9856c75c343f75bb5f2e2 +LIBNETWORK_COMMIT=36d3bed0e9f4b3c8c66df9bd45278bb90b33e911 install_proxy() { case "$1" in diff --git a/vendor.conf b/vendor.conf index 48ed5d195c..a737b96098 100644 --- a/vendor.conf +++ b/vendor.conf @@ -37,7 +37,7 @@ github.com/mitchellh/hashstructure 2bca23e0e452137f789efbc8610126fd8b94f73b #get libnetwork packages # When updating, also update LIBNETWORK_COMMIT in hack/dockerfile/install/proxy accordingly -github.com/docker/libnetwork a79d3687931697244b8e03485bf7b2042f8ec6b6 +github.com/docker/libnetwork 36d3bed0e9f4b3c8c66df9bd45278bb90b33e911 github.com/docker/go-events 9461782956ad83b30282bf90e31fa6a70c255ba9 github.com/armon/go-radix e39d623f12e8e41c7b5529e9a9dd67a1e2261f80 github.com/armon/go-metrics eb0af217e5e9747e41dd5303755356b62d28e3ec diff --git a/vendor/github.com/docker/libnetwork/bitseq/sequence.go b/vendor/github.com/docker/libnetwork/bitseq/sequence.go index 2235601ac3..e10b2eedc0 100644 --- a/vendor/github.com/docker/libnetwork/bitseq/sequence.go +++ b/vendor/github.com/docker/libnetwork/bitseq/sequence.go @@ -32,7 +32,7 @@ var ( ErrBitAllocated = errors.New("requested bit is already allocated") ) -// Handle contains the sequece representing the bitmask and its identifier +// Handle contains the sequence representing the bitmask and its identifier type Handle struct { bits uint64 unselected uint64 diff --git a/vendor/github.com/docker/libnetwork/diagnostic/server.go b/vendor/github.com/docker/libnetwork/diagnostic/server.go index cca30cd32e..6c9372d682 100644 --- a/vendor/github.com/docker/libnetwork/diagnostic/server.go +++ b/vendor/github.com/docker/libnetwork/diagnostic/server.go @@ -95,7 +95,7 @@ func (s *Server) EnableDiagnostic(ip string, port int) { s.srv = srv s.enable = 1 go func(n *Server) { - // Ingore ErrServerClosed that is returned on the Shutdown call + // Ignore ErrServerClosed that is returned on the Shutdown call if err := srv.ListenAndServe(); err != nil && err != http.ErrServerClosed { logrus.Errorf("ListenAndServe error: %s", err) atomic.SwapInt32(&n.enable, 0) diff --git a/vendor/github.com/docker/libnetwork/drivers/bridge/bridge.go b/vendor/github.com/docker/libnetwork/drivers/bridge/bridge.go index 535da3c1ad..b617ea7bc4 100644 --- a/vendor/github.com/docker/libnetwork/drivers/bridge/bridge.go +++ b/vendor/github.com/docker/libnetwork/drivers/bridge/bridge.go @@ -598,7 +598,7 @@ func (d *driver) checkConflict(config *networkConfiguration) error { nwConfig := nw.config nw.Unlock() if err := nwConfig.Conflicts(config); err != nil { - if config.DefaultBridge { + if nwConfig.DefaultBridge { // We encountered and identified a stale default network // We must delete it as libnetwork is the source of truth // The default network being created must be the only one diff --git a/vendor/github.com/docker/libnetwork/drivers/ipvlan/ipvlan_endpoint.go b/vendor/github.com/docker/libnetwork/drivers/ipvlan/ipvlan_endpoint.go index 89e2edd7c9..336b681bab 100644 --- a/vendor/github.com/docker/libnetwork/drivers/ipvlan/ipvlan_endpoint.go +++ b/vendor/github.com/docker/libnetwork/drivers/ipvlan/ipvlan_endpoint.go @@ -24,7 +24,7 @@ func (d *driver) CreateEndpoint(nid, eid string, ifInfo driverapi.InterfaceInfo, return fmt.Errorf("network id %q not found", nid) } if ifInfo.MacAddress() != nil { - return fmt.Errorf("%s interfaces do not support custom mac address assigment", ipvlanType) + return fmt.Errorf("%s interfaces do not support custom mac address assignment", ipvlanType) } ep := &endpoint{ id: eid, diff --git a/vendor/github.com/docker/libnetwork/ipvs/ipvs.go b/vendor/github.com/docker/libnetwork/ipvs/ipvs.go index effbb716eb..ab10717089 100644 --- a/vendor/github.com/docker/libnetwork/ipvs/ipvs.go +++ b/vendor/github.com/docker/libnetwork/ipvs/ipvs.go @@ -53,13 +53,15 @@ type SvcStats struct { // Destination defines an IPVS destination (real server) in its // entirety. type Destination struct { - Address net.IP - Port uint16 - Weight int - ConnectionFlags uint32 - AddressFamily uint16 - UpperThreshold uint32 - LowerThreshold uint32 + Address net.IP + Port uint16 + Weight int + ConnectionFlags uint32 + AddressFamily uint16 + UpperThreshold uint32 + LowerThreshold uint32 + ActiveConnections int + InactiveConnections int } // Handle provides a namespace specific ipvs handle to program ipvs diff --git a/vendor/github.com/docker/libnetwork/ipvs/netlink.go b/vendor/github.com/docker/libnetwork/ipvs/netlink.go index f88057f7b7..3c7b1a562a 100644 --- a/vendor/github.com/docker/libnetwork/ipvs/netlink.go +++ b/vendor/github.com/docker/libnetwork/ipvs/netlink.go @@ -439,6 +439,10 @@ func assembleDestination(attrs []syscall.NetlinkRouteAttr) (*Destination, error) d.LowerThreshold = native.Uint32(attr.Value) case ipvsDestAttrAddressFamily: d.AddressFamily = native.Uint16(attr.Value) + case ipvsDestAttrActiveConnections: + d.ActiveConnections = int(native.Uint16(attr.Value)) + case ipvsDestAttrInactiveConnections: + d.InactiveConnections = int(native.Uint16(attr.Value)) } } return &d, nil diff --git a/vendor/github.com/docker/libnetwork/ns/init_windows.go b/vendor/github.com/docker/libnetwork/ns/init_windows.go new file mode 100644 index 0000000000..f5838f81dd --- /dev/null +++ b/vendor/github.com/docker/libnetwork/ns/init_windows.go @@ -0,0 +1,3 @@ +package ns + +// File is present so that go build ./... is closer to working on Windows from repo root. diff --git a/vendor/github.com/docker/libnetwork/osl/interface_linux.go b/vendor/github.com/docker/libnetwork/osl/interface_linux.go index a924af4bdf..4f8ff3d639 100644 --- a/vendor/github.com/docker/libnetwork/osl/interface_linux.go +++ b/vendor/github.com/docker/libnetwork/osl/interface_linux.go @@ -297,7 +297,7 @@ func (n *networkNamespace) AddInterface(srcName, dstPrefix string, options ...If logrus.Errorf("renaming interface (%s->%s) failed, %v after config error %v", i.DstName(), i.SrcName(), nerr, err) } if nerr := nlh.LinkSetNsFd(iface, ns.ParseHandlerInt()); nerr != nil { - logrus.Errorf("moving inteface %s to host ns failed, %v, after config error %v", i.SrcName(), nerr, err) + logrus.Errorf("moving interface %s to host ns failed, %v, after config error %v", i.SrcName(), nerr, err) } return err } diff --git a/vendor/github.com/docker/libnetwork/osl/namespace_linux.go b/vendor/github.com/docker/libnetwork/osl/namespace_linux.go index 45c46852fc..abb748b567 100644 --- a/vendor/github.com/docker/libnetwork/osl/namespace_linux.go +++ b/vendor/github.com/docker/libnetwork/osl/namespace_linux.go @@ -227,7 +227,7 @@ func NewSandbox(key string, osCreate, isRestore bool) (Sandbox, error) { logrus.Warnf("Failed to set the timeout on the sandbox netlink handle sockets: %v", err) } // In live-restore mode, IPV6 entries are getting cleaned up due to below code - // We should retain IPV6 configrations in live-restore mode when Docker Daemon + // We should retain IPV6 configurations in live-restore mode when Docker Daemon // comes back. It should work as it is on other cases // As starting point, disable IPv6 on all interfaces if !isRestore && !n.isDefault { diff --git a/vendor/github.com/docker/libnetwork/portallocator/portallocator.go b/vendor/github.com/docker/libnetwork/portallocator/portallocator.go index 9798d23eb1..191b478ccd 100644 --- a/vendor/github.com/docker/libnetwork/portallocator/portallocator.go +++ b/vendor/github.com/docker/libnetwork/portallocator/portallocator.go @@ -1,3 +1,5 @@ +// +build !windows + package portallocator import ( diff --git a/vendor/github.com/docker/libnetwork/portallocator/portallocator_windows.go b/vendor/github.com/docker/libnetwork/portallocator/portallocator_windows.go new file mode 100644 index 0000000000..f07ae884f8 --- /dev/null +++ b/vendor/github.com/docker/libnetwork/portallocator/portallocator_windows.go @@ -0,0 +1 @@ +package portallocator diff --git a/vendor/github.com/docker/libnetwork/resolver_unix.go b/vendor/github.com/docker/libnetwork/resolver_unix.go index b35009ee74..f4e4ad6184 100644 --- a/vendor/github.com/docker/libnetwork/resolver_unix.go +++ b/vendor/github.com/docker/libnetwork/resolver_unix.go @@ -76,7 +76,7 @@ func reexecSetupResolver() { for _, rule := range rules { if iptables.RawCombinedOutputNative(rule...) != nil { - logrus.Errorf("setting up rule failed, %v", rule) + logrus.Errorf("set up rule failed, %v", rule) } } } diff --git a/vendor/github.com/docker/libnetwork/service_linux.go b/vendor/github.com/docker/libnetwork/service_linux.go index a97d24b59e..3d61adeb67 100644 --- a/vendor/github.com/docker/libnetwork/service_linux.go +++ b/vendor/github.com/docker/libnetwork/service_linux.go @@ -135,8 +135,7 @@ func (n *network) addLBBackend(ip net.IP, lb *loadBalancer) { if ep := sb.getGatewayEndpoint(); ep != nil { gwIP = ep.Iface().Address().IP } - filteredPorts := filterPortConfigs(lb.service.ingressPorts, false) - if err := programIngress(gwIP, filteredPorts, false); err != nil { + if err := programIngress(gwIP, lb.service.ingressPorts, false); err != nil { logrus.Errorf("Failed to add ingress: %v", err) return } @@ -227,8 +226,7 @@ func (n *network) rmLBBackend(ip net.IP, lb *loadBalancer, rmService bool, fullR if ep := sb.getGatewayEndpoint(); ep != nil { gwIP = ep.Iface().Address().IP } - filteredPorts := filterPortConfigs(lb.service.ingressPorts, true) - if err := programIngress(gwIP, filteredPorts, true); err != nil { + if err := programIngress(gwIP, lb.service.ingressPorts, true); err != nil { logrus.Errorf("Failed to delete ingress: %v", err) } } @@ -299,8 +297,10 @@ func filterPortConfigs(ingressPorts []*PortConfig, isDelete bool) []*PortConfig func programIngress(gwIP net.IP, ingressPorts []*PortConfig, isDelete bool) error { addDelOpt := "-I" + rollbackAddDelOpt := "-D" if isDelete { addDelOpt = "-D" + rollbackAddDelOpt = "-I" } ingressMu.Lock() @@ -381,18 +381,35 @@ func programIngress(gwIP net.IP, ingressPorts []*PortConfig, isDelete bool) erro } } - for _, iPort := range ingressPorts { + //Filter the ingress ports until port rules start to be added/deleted + filteredPorts := filterPortConfigs(ingressPorts, isDelete) + rollbackRules := make([][]string, 0, len(filteredPorts)*3) + var portErr error + defer func() { + if portErr != nil && !isDelete { + filterPortConfigs(filteredPorts, !isDelete) + for _, rule := range rollbackRules { + if err := iptables.RawCombinedOutput(rule...); err != nil { + logrus.Warnf("roll back rule failed, %v: %v", rule, err) + } + } + } + }() + + for _, iPort := range filteredPorts { if iptables.ExistChain(ingressChain, iptables.Nat) { rule := strings.Fields(fmt.Sprintf("-t nat %s %s -p %s --dport %d -j DNAT --to-destination %s:%d", addDelOpt, ingressChain, strings.ToLower(PortConfig_Protocol_name[int32(iPort.Protocol)]), iPort.PublishedPort, gwIP, iPort.PublishedPort)) - if err := iptables.RawCombinedOutput(rule...); err != nil { - errStr := fmt.Sprintf("setting up rule failed, %v: %v", rule, err) + if portErr = iptables.RawCombinedOutput(rule...); portErr != nil { + errStr := fmt.Sprintf("set up rule failed, %v: %v", rule, portErr) if !isDelete { return fmt.Errorf("%s", errStr) } - logrus.Infof("%s", errStr) } + rollbackRule := strings.Fields(fmt.Sprintf("-t nat %s %s -p %s --dport %d -j DNAT --to-destination %s:%d", rollbackAddDelOpt, + ingressChain, strings.ToLower(PortConfig_Protocol_name[int32(iPort.Protocol)]), iPort.PublishedPort, gwIP, iPort.PublishedPort)) + rollbackRules = append(rollbackRules, rollbackRule) } // Filter table rules to allow a published service to be accessible in the local node from.. @@ -400,24 +417,29 @@ func programIngress(gwIP net.IP, ingressPorts []*PortConfig, isDelete bool) erro // 2) unmanaged containers on bridge networks rule := strings.Fields(fmt.Sprintf("%s %s -m state -p %s --sport %d --state ESTABLISHED,RELATED -j ACCEPT", addDelOpt, ingressChain, strings.ToLower(PortConfig_Protocol_name[int32(iPort.Protocol)]), iPort.PublishedPort)) - if err := iptables.RawCombinedOutput(rule...); err != nil { - errStr := fmt.Sprintf("setting up rule failed, %v: %v", rule, err) + if portErr = iptables.RawCombinedOutput(rule...); portErr != nil { + errStr := fmt.Sprintf("set up rule failed, %v: %v", rule, portErr) if !isDelete { return fmt.Errorf("%s", errStr) } logrus.Warnf("%s", errStr) } + rollbackRule := strings.Fields(fmt.Sprintf("%s %s -m state -p %s --sport %d --state ESTABLISHED,RELATED -j ACCEPT", rollbackAddDelOpt, + ingressChain, strings.ToLower(PortConfig_Protocol_name[int32(iPort.Protocol)]), iPort.PublishedPort)) + rollbackRules = append(rollbackRules, rollbackRule) rule = strings.Fields(fmt.Sprintf("%s %s -p %s --dport %d -j ACCEPT", addDelOpt, ingressChain, strings.ToLower(PortConfig_Protocol_name[int32(iPort.Protocol)]), iPort.PublishedPort)) - if err := iptables.RawCombinedOutput(rule...); err != nil { - errStr := fmt.Sprintf("setting up rule failed, %v: %v", rule, err) + if portErr = iptables.RawCombinedOutput(rule...); portErr != nil { + errStr := fmt.Sprintf("set up rule failed, %v: %v", rule, portErr) if !isDelete { return fmt.Errorf("%s", errStr) } - logrus.Warnf("%s", errStr) } + rollbackRule = strings.Fields(fmt.Sprintf("%s %s -p %s --dport %d -j ACCEPT", rollbackAddDelOpt, + ingressChain, strings.ToLower(PortConfig_Protocol_name[int32(iPort.Protocol)]), iPort.PublishedPort)) + rollbackRules = append(rollbackRules, rollbackRule) if err := plumbProxy(iPort, isDelete); err != nil { logrus.Warnf("failed to create proxy for port %d: %v", iPort.PublishedPort, err) @@ -648,7 +670,7 @@ func fwMarker() { for _, rule := range rules { if err := iptables.RawCombinedOutputNative(rule...); err != nil { - logrus.Errorf("setting up rule failed, %v: %v", rule, err) + logrus.Errorf("set up rule failed, %v: %v", rule, err) os.Exit(8) } } @@ -735,7 +757,7 @@ func redirector() { for _, rule := range rules { if err := iptables.RawCombinedOutputNative(rule...); err != nil { - logrus.Errorf("setting up rule failed, %v: %v", rule, err) + logrus.Errorf("set up rule failed, %v: %v", rule, err) os.Exit(6) } } @@ -752,14 +774,14 @@ func redirector() { } { if !iptables.ExistsNative(iptables.Filter, "INPUT", rule...) { if err := iptables.RawCombinedOutputNative(append([]string{"-A", "INPUT"}, rule...)...); err != nil { - logrus.Errorf("setting up rule failed, %v: %v", rule, err) + logrus.Errorf("set up rule failed, %v: %v", rule, err) os.Exit(7) } } rule[0] = "-s" if !iptables.ExistsNative(iptables.Filter, "OUTPUT", rule...) { if err := iptables.RawCombinedOutputNative(append([]string{"-A", "OUTPUT"}, rule...)...); err != nil { - logrus.Errorf("setting up rule failed, %v: %v", rule, err) + logrus.Errorf("set up rule failed, %v: %v", rule, err) os.Exit(8) } } diff --git a/vendor/github.com/docker/libnetwork/vendor.conf b/vendor/github.com/docker/libnetwork/vendor.conf index 0a99a438f6..f2bb55223e 100644 --- a/vendor/github.com/docker/libnetwork/vendor.conf +++ b/vendor/github.com/docker/libnetwork/vendor.conf @@ -1,21 +1,21 @@ github.com/Azure/go-ansiterm d6e3b3328b783f23731bc4d058875b0371ff8109 github.com/BurntSushi/toml a368813c5e648fee92e5f6c30e3944ff9d5e8895 -github.com/Microsoft/go-winio v0.4.7 -github.com/Microsoft/hcsshim v0.6.11 +github.com/Microsoft/go-winio v0.4.11 +github.com/Microsoft/hcsshim v0.7.3 github.com/armon/go-metrics eb0af217e5e9747e41dd5303755356b62d28e3ec github.com/armon/go-radix e39d623f12e8e41c7b5529e9a9dd67a1e2261f80 -github.com/boltdb/bolt fff57c100f4dea1905678da7e90d92429dff2904 github.com/codegangsta/cli a65b733b303f0055f8d324d805f393cd3e7a7904 github.com/containerd/continuity d3c23511c1bf5851696cba83143d9cbcd666869b github.com/coreos/etcd v3.2.1 github.com/coreos/go-semver v0.2.0 github.com/deckarep/golang-set ef32fa3046d9f249d399f98ebaf9be944430fd1d +go.etcd.io/bbolt v1.3.1-etcd.8 github.com/docker/docker 162ba6016def672690ee4a1f3978368853a1e149 github.com/docker/go-connections 7beb39f0b969b075d1325fecb092faf27fd357b6 github.com/docker/go-events 9461782956ad83b30282bf90e31fa6a70c255ba9 github.com/docker/go-units 9e638d38cf6977a37a8ea0078f3ee75a7cdb2dd1 -github.com/docker/libkv 1d8431073ae03cdaedb198a89722f3aab6d418ef +github.com/docker/libkv 458977154600b9f23984d9f4b82e79570b5ae12b github.com/godbus/dbus v4.0.0 github.com/gogo/protobuf v1.0.0 @@ -36,7 +36,6 @@ github.com/opencontainers/runc 69663f0bd4b60df09991c08812a60108003fa340 github.com/opencontainers/runtime-spec v1.0.1 github.com/samuel/go-zookeeper d0e0d8e11f318e000a8cc434616d69e329edc374 github.com/sirupsen/logrus v1.0.3 -github.com/syndtr/gocapability 33e07d32887e1e06b7c025f27ce52f62c7990bc0 github.com/ugorji/go f1f1a805ed361a0e078bb537e4ea78cd37dcf065 github.com/vishvananda/netlink b2de5d10e38ecce8607e6b438b6d174f389a004e github.com/vishvananda/netns 604eaf189ee867d8c147fafc28def2394e878d25