diff --git a/hack/dockerfile/install/proxy.installer b/hack/dockerfile/install/proxy.installer index 046d038312..1a48ec96c2 100755 --- a/hack/dockerfile/install/proxy.installer +++ b/hack/dockerfile/install/proxy.installer @@ -3,7 +3,7 @@ # LIBNETWORK_COMMIT is used to build the docker-userland-proxy binary. When # updating the binary version, consider updating github.com/docker/libnetwork # in vendor.conf accordingly -: "${LIBNETWORK_COMMIT:=a543cbc4871f904b0efe205708eb45d72e65fd8b}" +: "${LIBNETWORK_COMMIT:=5c6a95bfb20c61571a00f913c6b91959ede84e8d}" install_proxy() { case "$1" in diff --git a/vendor.conf b/vendor.conf index c50dcf5899..5338a2e22a 100644 --- a/vendor.conf +++ b/vendor.conf @@ -47,7 +47,7 @@ github.com/grpc-ecosystem/go-grpc-middleware 3c51f7f332123e8be5a157c0802a # libnetwork # When updating, also update LIBNETWORK_COMMIT in hack/dockerfile/install/proxy.installer accordingly -github.com/docker/libnetwork a543cbc4871f904b0efe205708eb45d72e65fd8b +github.com/docker/libnetwork 5c6a95bfb20c61571a00f913c6b91959ede84e8d github.com/docker/go-events e31b211e4f1cd09aa76fe4ac244571fab96ae47f github.com/armon/go-radix e39d623f12e8e41c7b5529e9a9dd67a1e2261f80 github.com/armon/go-metrics eb0af217e5e9747e41dd5303755356b62d28e3ec diff --git a/vendor/github.com/docker/libnetwork/drivers/bridge/bridge.go b/vendor/github.com/docker/libnetwork/drivers/bridge/bridge.go index f8e751baf2..f2e771a94b 100644 --- a/vendor/github.com/docker/libnetwork/drivers/bridge/bridge.go +++ b/vendor/github.com/docker/libnetwork/drivers/bridge/bridge.go @@ -779,13 +779,13 @@ func (d *driver) createNetwork(config *networkConfiguration) (err error) { {d.config.EnableIPTables, network.setupIP4Tables}, // Setup IP6Tables. - {d.config.EnableIP6Tables, network.setupIP6Tables}, + {config.EnableIPv6 && d.config.EnableIP6Tables, network.setupIP6Tables}, //We want to track firewalld configuration so that //if it is started/reloaded, the rules can be applied correctly {d.config.EnableIPTables, network.setupFirewalld}, // same for IPv6 - {d.config.EnableIP6Tables, network.setupFirewalld6}, + {config.EnableIPv6 && d.config.EnableIP6Tables, network.setupFirewalld6}, // Setup DefaultGatewayIPv4 {config.DefaultGatewayIPv4 != nil, setupGatewayIPv4}, diff --git a/vendor/github.com/docker/libnetwork/drivers/bridge/setup_ip_tables.go b/vendor/github.com/docker/libnetwork/drivers/bridge/setup_ip_tables.go index c483dda82b..1d20ecbe13 100644 --- a/vendor/github.com/docker/libnetwork/drivers/bridge/setup_ip_tables.go +++ b/vendor/github.com/docker/libnetwork/drivers/bridge/setup_ip_tables.go @@ -178,7 +178,11 @@ func (n *bridgeNetwork) setupIPTables(ipVersion iptables.IPVersion, maskedAddr * return iptable.ProgramChain(filterChain, config.BridgeName, hairpinMode, false) }) - n.portMapper.SetIptablesChain(natChain, n.getNetworkBridgeName()) + if ipVersion == iptables.IPv4 { + n.portMapper.SetIptablesChain(natChain, n.getNetworkBridgeName()) + } else { + n.portMapperV6.SetIptablesChain(natChain, n.getNetworkBridgeName()) + } } d.Lock() diff --git a/vendor/github.com/docker/libnetwork/iptables/iptables.go b/vendor/github.com/docker/libnetwork/iptables/iptables.go index 0ebda6f8fd..20c35d46de 100644 --- a/vendor/github.com/docker/libnetwork/iptables/iptables.go +++ b/vendor/github.com/docker/libnetwork/iptables/iptables.go @@ -533,8 +533,10 @@ func (iptable IPTable) raw(args ...string) ([]byte, error) { } path := iptablesPath + commandName := "iptables" if iptable.Version == IPv6 { path = ip6tablesPath + commandName = "ip6tables" } logrus.Debugf("%s, %v", path, args) @@ -542,7 +544,7 @@ func (iptable IPTable) raw(args ...string) ([]byte, error) { startTime := time.Now() output, err := exec.Command(path, args...).CombinedOutput() if err != nil { - return nil, fmt.Errorf("iptables failed: iptables %v: %s (%s)", strings.Join(args, " "), output, err) + return nil, fmt.Errorf("iptables failed: %s %v: %s (%s)", commandName, strings.Join(args, " "), output, err) } return filterOutput(startTime, output, args...), err