mirror of
https://github.com/moby/moby.git
synced 2022-11-09 12:21:53 -05:00
Vendor libnetwork for network inspect --verbose changes
Signed-off-by: Santhosh Manohar <santhosh@docker.com>
This commit is contained in:
parent
8b02a15d52
commit
6708676464
24 changed files with 377 additions and 56 deletions
|
@ -23,7 +23,7 @@ github.com/RackSec/srslog 456df3a81436d29ba874f3590eeeee25d666f8a5
|
|||
github.com/imdario/mergo 0.2.1
|
||||
|
||||
#get libnetwork packages
|
||||
github.com/docker/libnetwork 1a019214c9cb80bd56219e5d6994a22caf302895
|
||||
github.com/docker/libnetwork 4610dd67c7b9828bb4719d8aa2ac53a7f1f739d2
|
||||
github.com/docker/go-events 18b43f1bc85d9cdd42c05a6cd2d444c7a200a894
|
||||
github.com/armon/go-radix e39d623f12e8e41c7b5529e9a9dd67a1e2261f80
|
||||
github.com/armon/go-metrics eb0af217e5e9747e41dd5303755356b62d28e3ec
|
||||
|
|
121
vendor/github.com/docker/libnetwork/agent.go
generated
vendored
121
vendor/github.com/docker/libnetwork/agent.go
generated
vendored
|
@ -44,6 +44,8 @@ type agent struct {
|
|||
sync.Mutex
|
||||
}
|
||||
|
||||
const libnetworkEPTable = "endpoint_table"
|
||||
|
||||
func getBindAddr(ifaceName string) (string, error) {
|
||||
iface, err := net.InterfaceByName(ifaceName)
|
||||
if err != nil {
|
||||
|
@ -285,7 +287,7 @@ func (c *controller) agentInit(listenAddr, bindAddrOrInterface, advertiseAddr st
|
|||
return err
|
||||
}
|
||||
|
||||
ch, cancel := nDB.Watch("endpoint_table", "", "")
|
||||
ch, cancel := nDB.Watch(libnetworkEPTable, "", "")
|
||||
nodeCh, cancel := nDB.Watch(networkdb.NodeTable, "", "")
|
||||
|
||||
c.Lock()
|
||||
|
@ -385,6 +387,111 @@ func (c *controller) agentClose() {
|
|||
agent.networkDB.Close()
|
||||
}
|
||||
|
||||
// Task has the backend container details
|
||||
type Task struct {
|
||||
Name string
|
||||
EndpointID string
|
||||
EndpointIP string
|
||||
Info map[string]string
|
||||
}
|
||||
|
||||
// ServiceInfo has service specific details along with the list of backend tasks
|
||||
type ServiceInfo struct {
|
||||
VIP string
|
||||
LocalLBIndex int
|
||||
Tasks []Task
|
||||
Ports []string
|
||||
}
|
||||
|
||||
type epRecord struct {
|
||||
ep EndpointRecord
|
||||
info map[string]string
|
||||
lbIndex int
|
||||
}
|
||||
|
||||
func (n *network) Services() map[string]ServiceInfo {
|
||||
eps := make(map[string]epRecord)
|
||||
|
||||
if !n.isClusterEligible() {
|
||||
return nil
|
||||
}
|
||||
agent := n.getController().getAgent()
|
||||
if agent == nil {
|
||||
return nil
|
||||
}
|
||||
|
||||
// Walk through libnetworkEPTable and fetch the driver agnostic endpoint info
|
||||
entries := agent.networkDB.GetTableByNetwork(libnetworkEPTable, n.id)
|
||||
for eid, value := range entries {
|
||||
var epRec EndpointRecord
|
||||
nid := n.ID()
|
||||
if err := proto.Unmarshal(value.([]byte), &epRec); err != nil {
|
||||
logrus.Errorf("Unmarshal of libnetworkEPTable failed for endpoint %s in network %s, %v", eid, nid, err)
|
||||
continue
|
||||
}
|
||||
i := n.getController().getLBIndex(epRec.ServiceID, nid, epRec.IngressPorts)
|
||||
eps[eid] = epRecord{
|
||||
ep: epRec,
|
||||
lbIndex: i,
|
||||
}
|
||||
}
|
||||
|
||||
// Walk through the driver's tables, have the driver decode the entries
|
||||
// and return the tuple {ep ID, value}. value is a string that coveys
|
||||
// relevant info about the endpoint.
|
||||
d, err := n.driver(true)
|
||||
if err != nil {
|
||||
logrus.Errorf("Could not resolve driver for network %s/%s while fetching services: %v", n.networkType, n.ID(), err)
|
||||
return nil
|
||||
}
|
||||
for _, table := range n.driverTables {
|
||||
if table.objType != driverapi.EndpointObject {
|
||||
continue
|
||||
}
|
||||
entries := agent.networkDB.GetTableByNetwork(table.name, n.id)
|
||||
for key, value := range entries {
|
||||
epID, info := d.DecodeTableEntry(table.name, key, value.([]byte))
|
||||
if ep, ok := eps[epID]; !ok {
|
||||
logrus.Errorf("Inconsistent driver and libnetwork state for endpoint %s", epID)
|
||||
} else {
|
||||
ep.info = info
|
||||
eps[epID] = ep
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
// group the endpoints into a map keyed by the service name
|
||||
sinfo := make(map[string]ServiceInfo)
|
||||
for ep, epr := range eps {
|
||||
var (
|
||||
s ServiceInfo
|
||||
ok bool
|
||||
)
|
||||
if s, ok = sinfo[epr.ep.ServiceName]; !ok {
|
||||
s = ServiceInfo{
|
||||
VIP: epr.ep.VirtualIP,
|
||||
LocalLBIndex: epr.lbIndex,
|
||||
}
|
||||
}
|
||||
ports := []string{}
|
||||
if s.Ports == nil {
|
||||
for _, port := range epr.ep.IngressPorts {
|
||||
p := fmt.Sprintf("Target: %d, Publish: %d", port.TargetPort, port.PublishedPort)
|
||||
ports = append(ports, p)
|
||||
}
|
||||
s.Ports = ports
|
||||
}
|
||||
s.Tasks = append(s.Tasks, Task{
|
||||
Name: epr.ep.Name,
|
||||
EndpointID: ep,
|
||||
EndpointIP: epr.ep.EndpointIP,
|
||||
Info: epr.info,
|
||||
})
|
||||
sinfo[epr.ep.ServiceName] = s
|
||||
}
|
||||
return sinfo
|
||||
}
|
||||
|
||||
func (n *network) isClusterEligible() bool {
|
||||
if n.driverScope() != datastore.GlobalScope {
|
||||
return false
|
||||
|
@ -508,7 +615,7 @@ func (ep *endpoint) addServiceInfoToCluster() error {
|
|||
}
|
||||
|
||||
if agent != nil {
|
||||
if err := agent.networkDB.CreateEntry("endpoint_table", n.ID(), ep.ID(), buf); err != nil {
|
||||
if err := agent.networkDB.CreateEntry(libnetworkEPTable, n.ID(), ep.ID(), buf); err != nil {
|
||||
return err
|
||||
}
|
||||
}
|
||||
|
@ -541,7 +648,7 @@ func (ep *endpoint) deleteServiceInfoFromCluster() error {
|
|||
}
|
||||
|
||||
if agent != nil {
|
||||
if err := agent.networkDB.DeleteEntry("endpoint_table", n.ID(), ep.ID()); err != nil {
|
||||
if err := agent.networkDB.DeleteEntry(libnetworkEPTable, n.ID(), ep.ID()); err != nil {
|
||||
return err
|
||||
}
|
||||
}
|
||||
|
@ -559,8 +666,8 @@ func (n *network) addDriverWatches() {
|
|||
if agent == nil {
|
||||
return
|
||||
}
|
||||
for _, tableName := range n.driverTables {
|
||||
ch, cancel := agent.networkDB.Watch(tableName, n.ID(), "")
|
||||
for _, table := range n.driverTables {
|
||||
ch, cancel := agent.networkDB.Watch(table.name, n.ID(), "")
|
||||
agent.Lock()
|
||||
agent.driverCancelFuncs[n.ID()] = append(agent.driverCancelFuncs[n.ID()], cancel)
|
||||
agent.Unlock()
|
||||
|
@ -571,9 +678,9 @@ func (n *network) addDriverWatches() {
|
|||
return
|
||||
}
|
||||
|
||||
agent.networkDB.WalkTable(tableName, func(nid, key string, value []byte) bool {
|
||||
agent.networkDB.WalkTable(table.name, func(nid, key string, value []byte) bool {
|
||||
if nid == n.ID() {
|
||||
d.EventNotify(driverapi.Create, nid, tableName, key, value)
|
||||
d.EventNotify(driverapi.Create, nid, table.name, key, value)
|
||||
}
|
||||
|
||||
return false
|
||||
|
|
37
vendor/github.com/docker/libnetwork/driverapi/driverapi.go
generated
vendored
37
vendor/github.com/docker/libnetwork/driverapi/driverapi.go
generated
vendored
|
@ -72,6 +72,16 @@ type Driver interface {
|
|||
// only invoked for the global scope driver.
|
||||
EventNotify(event EventType, nid string, tableName string, key string, value []byte)
|
||||
|
||||
// DecodeTableEntry passes the driver a key, value pair from table it registered
|
||||
// with libnetwork. Driver should return {object ID, map[string]string} tuple.
|
||||
// If DecodeTableEntry is called for a table associated with NetworkObject or
|
||||
// EndpointObject the return object ID should be the network id or endppoint id
|
||||
// associated with that entry. map should have information about the object that
|
||||
// can be presented to the user.
|
||||
// For exampe: overlay driver returns the VTEP IP of the host that has the endpoint
|
||||
// which is shown in 'network inspect --verbose'
|
||||
DecodeTableEntry(tablename string, key string, value []byte) (string, map[string]string)
|
||||
|
||||
// Type returns the type of this driver, the network type this driver manages
|
||||
Type() string
|
||||
|
||||
|
@ -84,7 +94,7 @@ type Driver interface {
|
|||
type NetworkInfo interface {
|
||||
// TableEventRegister registers driver interest in a given
|
||||
// table name.
|
||||
TableEventRegister(tableName string) error
|
||||
TableEventRegister(tableName string, objType ObjectType) error
|
||||
}
|
||||
|
||||
// InterfaceInfo provides a go interface for drivers to retrive
|
||||
|
@ -175,3 +185,28 @@ const (
|
|||
// Delete event is generated when a table entry is deleted.
|
||||
Delete
|
||||
)
|
||||
|
||||
// ObjectType represents the type of object driver wants to store in libnetwork's networkDB
|
||||
type ObjectType int
|
||||
|
||||
const (
|
||||
// EndpointObject should be set for libnetwork endpoint object related data
|
||||
EndpointObject ObjectType = 1 + iota
|
||||
// NetworkObject should be set for libnetwork network object related data
|
||||
NetworkObject
|
||||
// OpaqueObject is for driver specific data with no corresponding libnetwork object
|
||||
OpaqueObject
|
||||
)
|
||||
|
||||
// IsValidType validates the passed in type against the valid object types
|
||||
func IsValidType(objType ObjectType) bool {
|
||||
switch objType {
|
||||
case EndpointObject:
|
||||
fallthrough
|
||||
case NetworkObject:
|
||||
fallthrough
|
||||
case OpaqueObject:
|
||||
return true
|
||||
}
|
||||
return false
|
||||
}
|
||||
|
|
4
vendor/github.com/docker/libnetwork/drivers/bridge/bridge.go
generated
vendored
4
vendor/github.com/docker/libnetwork/drivers/bridge/bridge.go
generated
vendored
|
@ -575,6 +575,10 @@ func (d *driver) NetworkFree(id string) error {
|
|||
func (d *driver) EventNotify(etype driverapi.EventType, nid, tableName, key string, value []byte) {
|
||||
}
|
||||
|
||||
func (d *driver) DecodeTableEntry(tablename string, key string, value []byte) (string, map[string]string) {
|
||||
return "", nil
|
||||
}
|
||||
|
||||
// Create a new network using bridge plugin
|
||||
func (d *driver) CreateNetwork(id string, option map[string]interface{}, nInfo driverapi.NetworkInfo, ipV4Data, ipV6Data []driverapi.IPAMData) error {
|
||||
if len(ipV4Data) == 0 || ipV4Data[0].Pool.String() == "0.0.0.0/0" {
|
||||
|
|
6
vendor/github.com/docker/libnetwork/drivers/bridge/setup_ip_tables.go
generated
vendored
6
vendor/github.com/docker/libnetwork/drivers/bridge/setup_ip_tables.go
generated
vendored
|
@ -140,7 +140,6 @@ func setupIPTablesInternal(bridgeIface string, addr net.Addr, icc, ipmasq, hairp
|
|||
hpNatRule = iptRule{table: iptables.Nat, chain: "POSTROUTING", preArgs: []string{"-t", "nat"}, args: []string{"-m", "addrtype", "--src-type", "LOCAL", "-o", bridgeIface, "-j", "MASQUERADE"}}
|
||||
skipDNAT = iptRule{table: iptables.Nat, chain: DockerChain, preArgs: []string{"-t", "nat"}, args: []string{"-i", bridgeIface, "-j", "RETURN"}}
|
||||
outRule = iptRule{table: iptables.Filter, chain: "FORWARD", args: []string{"-i", bridgeIface, "!", "-o", bridgeIface, "-j", "ACCEPT"}}
|
||||
inRule = iptRule{table: iptables.Filter, chain: "FORWARD", args: []string{"-o", bridgeIface, "-m", "conntrack", "--ctstate", "RELATED,ESTABLISHED", "-j", "ACCEPT"}}
|
||||
)
|
||||
|
||||
// Set NAT.
|
||||
|
@ -173,11 +172,6 @@ func setupIPTablesInternal(bridgeIface string, addr net.Addr, icc, ipmasq, hairp
|
|||
return err
|
||||
}
|
||||
|
||||
// Set Accept on incoming packets for existing connections.
|
||||
if err := programChainRule(inRule, "ACCEPT INCOMING", enable); err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
|
|
4
vendor/github.com/docker/libnetwork/drivers/host/host.go
generated
vendored
4
vendor/github.com/docker/libnetwork/drivers/host/host.go
generated
vendored
|
@ -35,6 +35,10 @@ func (d *driver) NetworkFree(id string) error {
|
|||
func (d *driver) EventNotify(etype driverapi.EventType, nid, tableName, key string, value []byte) {
|
||||
}
|
||||
|
||||
func (d *driver) DecodeTableEntry(tablename string, key string, value []byte) (string, map[string]string) {
|
||||
return "", nil
|
||||
}
|
||||
|
||||
func (d *driver) CreateNetwork(id string, option map[string]interface{}, nInfo driverapi.NetworkInfo, ipV4Data, ipV6Data []driverapi.IPAMData) error {
|
||||
d.Lock()
|
||||
defer d.Unlock()
|
||||
|
|
4
vendor/github.com/docker/libnetwork/drivers/ipvlan/ipvlan.go
generated
vendored
4
vendor/github.com/docker/libnetwork/drivers/ipvlan/ipvlan.go
generated
vendored
|
@ -108,3 +108,7 @@ func (d *driver) DiscoverDelete(dType discoverapi.DiscoveryType, data interface{
|
|||
|
||||
func (d *driver) EventNotify(etype driverapi.EventType, nid, tableName, key string, value []byte) {
|
||||
}
|
||||
|
||||
func (d *driver) DecodeTableEntry(tablename string, key string, value []byte) (string, map[string]string) {
|
||||
return "", nil
|
||||
}
|
||||
|
|
4
vendor/github.com/docker/libnetwork/drivers/macvlan/macvlan.go
generated
vendored
4
vendor/github.com/docker/libnetwork/drivers/macvlan/macvlan.go
generated
vendored
|
@ -110,3 +110,7 @@ func (d *driver) DiscoverDelete(dType discoverapi.DiscoveryType, data interface{
|
|||
|
||||
func (d *driver) EventNotify(etype driverapi.EventType, nid, tableName, key string, value []byte) {
|
||||
}
|
||||
|
||||
func (d *driver) DecodeTableEntry(tablename string, key string, value []byte) (string, map[string]string) {
|
||||
return "", nil
|
||||
}
|
||||
|
|
4
vendor/github.com/docker/libnetwork/drivers/null/null.go
generated
vendored
4
vendor/github.com/docker/libnetwork/drivers/null/null.go
generated
vendored
|
@ -35,6 +35,10 @@ func (d *driver) NetworkFree(id string) error {
|
|||
func (d *driver) EventNotify(etype driverapi.EventType, nid, tableName, key string, value []byte) {
|
||||
}
|
||||
|
||||
func (d *driver) DecodeTableEntry(tablename string, key string, value []byte) (string, map[string]string) {
|
||||
return "", nil
|
||||
}
|
||||
|
||||
func (d *driver) CreateNetwork(id string, option map[string]interface{}, nInfo driverapi.NetworkInfo, ipV4Data, ipV6Data []driverapi.IPAMData) error {
|
||||
d.Lock()
|
||||
defer d.Unlock()
|
||||
|
|
70
vendor/github.com/docker/libnetwork/drivers/overlay/encryption.go
generated
vendored
70
vendor/github.com/docker/libnetwork/drivers/overlay/encryption.go
generated
vendored
|
@ -20,7 +20,7 @@ import (
|
|||
)
|
||||
|
||||
const (
|
||||
mark = uint32(0xD0C4E3)
|
||||
r = 0xD0C4E3
|
||||
timeout = 30
|
||||
pktExpansion = 26 // SPI(4) + SeqN(4) + IV(8) + PadLength(1) + NextHeader(1) + ICV(8)
|
||||
)
|
||||
|
@ -31,6 +31,8 @@ const (
|
|||
bidir
|
||||
)
|
||||
|
||||
var spMark = netlink.XfrmMark{Value: uint32(r), Mask: 0xffffffff}
|
||||
|
||||
type key struct {
|
||||
value []byte
|
||||
tag uint32
|
||||
|
@ -201,7 +203,7 @@ func programMangle(vni uint32, add bool) (err error) {
|
|||
var (
|
||||
p = strconv.FormatUint(uint64(vxlanPort), 10)
|
||||
c = fmt.Sprintf("0>>22&0x3C@12&0xFFFFFF00=%d", int(vni)<<8)
|
||||
m = strconv.FormatUint(uint64(mark), 10)
|
||||
m = strconv.FormatUint(uint64(r), 10)
|
||||
chain = "OUTPUT"
|
||||
rule = []string{"-p", "udp", "--dport", p, "-m", "u32", "--u32", c, "-j", "MARK", "--set-mark", m}
|
||||
a = "-A"
|
||||
|
@ -271,6 +273,7 @@ func programSA(localIP, remoteIP net.IP, spi *spi, k *key, dir int, add bool) (f
|
|||
Proto: netlink.XFRM_PROTO_ESP,
|
||||
Spi: spi.reverse,
|
||||
Mode: netlink.XFRM_MODE_TRANSPORT,
|
||||
Reqid: r,
|
||||
}
|
||||
if add {
|
||||
rSA.Aead = buildAeadAlgo(k, spi.reverse)
|
||||
|
@ -296,6 +299,7 @@ func programSA(localIP, remoteIP net.IP, spi *spi, k *key, dir int, add bool) (f
|
|||
Proto: netlink.XFRM_PROTO_ESP,
|
||||
Spi: spi.forward,
|
||||
Mode: netlink.XFRM_MODE_TRANSPORT,
|
||||
Reqid: r,
|
||||
}
|
||||
if add {
|
||||
fSA.Aead = buildAeadAlgo(k, spi.forward)
|
||||
|
@ -325,17 +329,18 @@ func programSP(fSA *netlink.XfrmState, rSA *netlink.XfrmState, add bool) error {
|
|||
xfrmProgram = ns.NlHandle().XfrmPolicyAdd
|
||||
}
|
||||
|
||||
fullMask := net.CIDRMask(8*len(fSA.Src), 8*len(fSA.Src))
|
||||
// Create a congruent cidr
|
||||
s := types.GetMinimalIP(fSA.Src)
|
||||
d := types.GetMinimalIP(fSA.Dst)
|
||||
fullMask := net.CIDRMask(8*len(s), 8*len(s))
|
||||
|
||||
fPol := &netlink.XfrmPolicy{
|
||||
Src: &net.IPNet{IP: fSA.Src, Mask: fullMask},
|
||||
Dst: &net.IPNet{IP: fSA.Dst, Mask: fullMask},
|
||||
Src: &net.IPNet{IP: s, Mask: fullMask},
|
||||
Dst: &net.IPNet{IP: d, Mask: fullMask},
|
||||
Dir: netlink.XFRM_DIR_OUT,
|
||||
Proto: 17,
|
||||
DstPort: 4789,
|
||||
Mark: &netlink.XfrmMark{
|
||||
Value: mark,
|
||||
},
|
||||
Mark: &spMark,
|
||||
Tmpls: []netlink.XfrmPolicyTmpl{
|
||||
{
|
||||
Src: fSA.Src,
|
||||
|
@ -343,6 +348,7 @@ func programSP(fSA *netlink.XfrmState, rSA *netlink.XfrmState, add bool) error {
|
|||
Proto: netlink.XFRM_PROTO_ESP,
|
||||
Mode: netlink.XFRM_MODE_TRANSPORT,
|
||||
Spi: fSA.Spi,
|
||||
Reqid: r,
|
||||
},
|
||||
},
|
||||
}
|
||||
|
@ -426,6 +432,8 @@ func (d *driver) secMapWalk(f func(string, []*spi) ([]*spi, bool)) error {
|
|||
}
|
||||
|
||||
func (d *driver) setKeys(keys []*key) error {
|
||||
// Remove any stale policy, state
|
||||
clearEncryptionStates()
|
||||
// Accept the encryption keys and clear any stale encryption map
|
||||
d.Lock()
|
||||
d.keys = keys
|
||||
|
@ -526,7 +534,7 @@ func updateNodeKey(lIP, aIP, rIP net.IP, idxs []*spi, curKeys []*key, newIdx, pr
|
|||
}
|
||||
|
||||
if newIdx > -1 {
|
||||
// +RSA2
|
||||
// +rSA2
|
||||
programSA(lIP, rIP, spis[newIdx], curKeys[newIdx], reverse, true)
|
||||
}
|
||||
|
||||
|
@ -535,16 +543,17 @@ func updateNodeKey(lIP, aIP, rIP net.IP, idxs []*spi, curKeys []*key, newIdx, pr
|
|||
fSA2, _, _ := programSA(lIP, rIP, spis[priIdx], curKeys[priIdx], forward, true)
|
||||
|
||||
// +fSP2, -fSP1
|
||||
fullMask := net.CIDRMask(8*len(fSA2.Src), 8*len(fSA2.Src))
|
||||
s := types.GetMinimalIP(fSA2.Src)
|
||||
d := types.GetMinimalIP(fSA2.Dst)
|
||||
fullMask := net.CIDRMask(8*len(s), 8*len(s))
|
||||
|
||||
fSP1 := &netlink.XfrmPolicy{
|
||||
Src: &net.IPNet{IP: fSA2.Src, Mask: fullMask},
|
||||
Dst: &net.IPNet{IP: fSA2.Dst, Mask: fullMask},
|
||||
Src: &net.IPNet{IP: s, Mask: fullMask},
|
||||
Dst: &net.IPNet{IP: d, Mask: fullMask},
|
||||
Dir: netlink.XFRM_DIR_OUT,
|
||||
Proto: 17,
|
||||
DstPort: 4789,
|
||||
Mark: &netlink.XfrmMark{
|
||||
Value: mark,
|
||||
},
|
||||
Mark: &spMark,
|
||||
Tmpls: []netlink.XfrmPolicyTmpl{
|
||||
{
|
||||
Src: fSA2.Src,
|
||||
|
@ -552,6 +561,7 @@ func updateNodeKey(lIP, aIP, rIP net.IP, idxs []*spi, curKeys []*key, newIdx, pr
|
|||
Proto: netlink.XFRM_PROTO_ESP,
|
||||
Mode: netlink.XFRM_MODE_TRANSPORT,
|
||||
Spi: fSA2.Spi,
|
||||
Reqid: r,
|
||||
},
|
||||
},
|
||||
}
|
||||
|
@ -597,3 +607,33 @@ func (n *network) maxMTU() int {
|
|||
}
|
||||
return mtu
|
||||
}
|
||||
|
||||
func clearEncryptionStates() {
|
||||
nlh := ns.NlHandle()
|
||||
spList, err := nlh.XfrmPolicyList(netlink.FAMILY_ALL)
|
||||
if err != nil {
|
||||
logrus.Warnf("Failed to retrieve SP list for cleanup: %v", err)
|
||||
}
|
||||
saList, err := nlh.XfrmStateList(netlink.FAMILY_ALL)
|
||||
if err != nil {
|
||||
logrus.Warnf("Failed to retrieve SA list for cleanup: %v", err)
|
||||
}
|
||||
for _, sp := range spList {
|
||||
if sp.Mark != nil && sp.Mark.Value == spMark.Value {
|
||||
if err := nlh.XfrmPolicyDel(&sp); err != nil {
|
||||
logrus.Warnf("Failed to delete stale SP %s: %v", sp, err)
|
||||
continue
|
||||
}
|
||||
logrus.Debugf("Removed stale SP: %s", sp)
|
||||
}
|
||||
}
|
||||
for _, sa := range saList {
|
||||
if sa.Reqid == r {
|
||||
if err := nlh.XfrmStateDel(&sa); err != nil {
|
||||
logrus.Warnf("Failed to delete stale SA %s: %v", sa, err)
|
||||
continue
|
||||
}
|
||||
logrus.Debugf("Removed stale SA: %s", sa)
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
17
vendor/github.com/docker/libnetwork/drivers/overlay/joinleave.go
generated
vendored
17
vendor/github.com/docker/libnetwork/drivers/overlay/joinleave.go
generated
vendored
|
@ -145,6 +145,23 @@ func (d *driver) Join(nid, eid string, sboxKey string, jinfo driverapi.JoinInfo,
|
|||
return nil
|
||||
}
|
||||
|
||||
func (d *driver) DecodeTableEntry(tablename string, key string, value []byte) (string, map[string]string) {
|
||||
if tablename != ovPeerTable {
|
||||
logrus.Errorf("DecodeTableEntry: unexpected table name %s", tablename)
|
||||
return "", nil
|
||||
}
|
||||
|
||||
var peer PeerRecord
|
||||
if err := proto.Unmarshal(value, &peer); err != nil {
|
||||
logrus.Errorf("DecodeTableEntry: failed to unmarshal peer record for key %s: %v", key, err)
|
||||
return "", nil
|
||||
}
|
||||
|
||||
return key, map[string]string{
|
||||
"Host IP": peer.TunnelEndpointIP,
|
||||
}
|
||||
}
|
||||
|
||||
func (d *driver) EventNotify(etype driverapi.EventType, nid, tableName, key string, value []byte) {
|
||||
if tableName != ovPeerTable {
|
||||
logrus.Errorf("Unexpected table notification for table %s received", tableName)
|
||||
|
|
2
vendor/github.com/docker/libnetwork/drivers/overlay/ov_network.go
generated
vendored
2
vendor/github.com/docker/libnetwork/drivers/overlay/ov_network.go
generated
vendored
|
@ -159,7 +159,7 @@ func (d *driver) CreateNetwork(id string, option map[string]interface{}, nInfo d
|
|||
}
|
||||
|
||||
if nInfo != nil {
|
||||
if err := nInfo.TableEventRegister(ovPeerTable); err != nil {
|
||||
if err := nInfo.TableEventRegister(ovPeerTable, driverapi.EndpointObject); err != nil {
|
||||
return err
|
||||
}
|
||||
}
|
||||
|
|
4
vendor/github.com/docker/libnetwork/drivers/overlay/ovmanager/ovmanager.go
generated
vendored
4
vendor/github.com/docker/libnetwork/drivers/overlay/ovmanager/ovmanager.go
generated
vendored
|
@ -199,6 +199,10 @@ func (d *driver) CreateNetwork(id string, option map[string]interface{}, nInfo d
|
|||
func (d *driver) EventNotify(etype driverapi.EventType, nid, tableName, key string, value []byte) {
|
||||
}
|
||||
|
||||
func (d *driver) DecodeTableEntry(tablename string, key string, value []byte) (string, map[string]string) {
|
||||
return "", nil
|
||||
}
|
||||
|
||||
func (d *driver) DeleteNetwork(nid string) error {
|
||||
return types.NotImplementedErrorf("not implemented")
|
||||
}
|
||||
|
|
4
vendor/github.com/docker/libnetwork/drivers/remote/driver.go
generated
vendored
4
vendor/github.com/docker/libnetwork/drivers/remote/driver.go
generated
vendored
|
@ -116,6 +116,10 @@ func (d *driver) NetworkFree(id string) error {
|
|||
func (d *driver) EventNotify(etype driverapi.EventType, nid, tableName, key string, value []byte) {
|
||||
}
|
||||
|
||||
func (d *driver) DecodeTableEntry(tablename string, key string, value []byte) (string, map[string]string) {
|
||||
return "", nil
|
||||
}
|
||||
|
||||
func (d *driver) CreateNetwork(id string, options map[string]interface{}, nInfo driverapi.NetworkInfo, ipV4Data, ipV6Data []driverapi.IPAMData) error {
|
||||
create := &api.CreateNetworkRequest{
|
||||
NetworkID: id,
|
||||
|
|
4
vendor/github.com/docker/libnetwork/drivers/solaris/bridge/bridge.go
generated
vendored
4
vendor/github.com/docker/libnetwork/drivers/solaris/bridge/bridge.go
generated
vendored
|
@ -175,6 +175,10 @@ func (d *driver) NetworkFree(id string) error {
|
|||
func (d *driver) EventNotify(etype driverapi.EventType, nid, tableName, key string, value []byte) {
|
||||
}
|
||||
|
||||
func (d *driver) DecodeTableEntry(tablename string, key string, value []byte) (string, map[string]string) {
|
||||
return "", nil
|
||||
}
|
||||
|
||||
func (d *driver) CreateNetwork(id string, option map[string]interface{}, nInfo driverapi.NetworkInfo, ipV4Data, ipV6Data []driverapi.IPAMData) error {
|
||||
if len(ipV4Data) == 0 || ipV4Data[0].Pool.String() == "0.0.0.0/0" {
|
||||
return types.BadRequestErrorf("ipv4 pool is empty")
|
||||
|
|
4
vendor/github.com/docker/libnetwork/drivers/solaris/overlay/joinleave.go
generated
vendored
4
vendor/github.com/docker/libnetwork/drivers/solaris/overlay/joinleave.go
generated
vendored
|
@ -149,6 +149,10 @@ func (d *driver) EventNotify(etype driverapi.EventType, nid, tableName, key stri
|
|||
d.peerAdd(nid, eid, addr.IP, addr.Mask, mac, vtep, true)
|
||||
}
|
||||
|
||||
func (d *driver) DecodeTableEntry(tablename string, key string, value []byte) (string, map[string]string) {
|
||||
return "", nil
|
||||
}
|
||||
|
||||
// Leave method is invoked when a Sandbox detaches from an endpoint.
|
||||
func (d *driver) Leave(nid, eid string) error {
|
||||
if err := validateID(nid, eid); err != nil {
|
||||
|
|
2
vendor/github.com/docker/libnetwork/drivers/solaris/overlay/ov_network.go
generated
vendored
2
vendor/github.com/docker/libnetwork/drivers/solaris/overlay/ov_network.go
generated
vendored
|
@ -153,7 +153,7 @@ func (d *driver) CreateNetwork(id string, option map[string]interface{}, nInfo d
|
|||
}
|
||||
|
||||
if nInfo != nil {
|
||||
if err := nInfo.TableEventRegister(ovPeerTable); err != nil {
|
||||
if err := nInfo.TableEventRegister(ovPeerTable, driverapi.EndpointObject); err != nil {
|
||||
return err
|
||||
}
|
||||
}
|
||||
|
|
4
vendor/github.com/docker/libnetwork/drivers/windows/overlay/joinleave_windows.go
generated
vendored
4
vendor/github.com/docker/libnetwork/drivers/windows/overlay/joinleave_windows.go
generated
vendored
|
@ -93,6 +93,10 @@ func (d *driver) EventNotify(etype driverapi.EventType, nid, tableName, key stri
|
|||
d.peerAdd(nid, eid, addr.IP, addr.Mask, mac, vtep, true)
|
||||
}
|
||||
|
||||
func (d *driver) DecodeTableEntry(tablename string, key string, value []byte) (string, map[string]string) {
|
||||
return "", nil
|
||||
}
|
||||
|
||||
// Leave method is invoked when a Sandbox detaches from an endpoint.
|
||||
func (d *driver) Leave(nid, eid string) error {
|
||||
if err := validateID(nid, eid); err != nil {
|
||||
|
|
2
vendor/github.com/docker/libnetwork/drivers/windows/overlay/ov_network_windows.go
generated
vendored
2
vendor/github.com/docker/libnetwork/drivers/windows/overlay/ov_network_windows.go
generated
vendored
|
@ -169,7 +169,7 @@ func (d *driver) CreateNetwork(id string, option map[string]interface{}, nInfo d
|
|||
n.interfaceName = interfaceName
|
||||
|
||||
if nInfo != nil {
|
||||
if err := nInfo.TableEventRegister(ovPeerTable); err != nil {
|
||||
if err := nInfo.TableEventRegister(ovPeerTable, driverapi.EndpointObject); err != nil {
|
||||
return err
|
||||
}
|
||||
}
|
||||
|
|
4
vendor/github.com/docker/libnetwork/drivers/windows/windows.go
generated
vendored
4
vendor/github.com/docker/libnetwork/drivers/windows/windows.go
generated
vendored
|
@ -183,6 +183,10 @@ func (c *networkConfiguration) processIPAM(id string, ipamV4Data, ipamV6Data []d
|
|||
func (d *driver) EventNotify(etype driverapi.EventType, nid, tableName, key string, value []byte) {
|
||||
}
|
||||
|
||||
func (d *driver) DecodeTableEntry(tablename string, key string, value []byte) (string, map[string]string) {
|
||||
return "", nil
|
||||
}
|
||||
|
||||
// Create a new network
|
||||
func (d *driver) CreateNetwork(id string, option map[string]interface{}, nInfo driverapi.NetworkInfo, ipV4Data, ipV6Data []driverapi.IPAMData) error {
|
||||
if _, err := d.getNetwork(id); err == nil {
|
||||
|
|
71
vendor/github.com/docker/libnetwork/iptables/iptables.go
generated
vendored
71
vendor/github.com/docker/libnetwork/iptables/iptables.go
generated
vendored
|
@ -50,8 +50,7 @@ var (
|
|||
bestEffortLock sync.Mutex
|
||||
// ErrIptablesNotFound is returned when the rule is not found.
|
||||
ErrIptablesNotFound = errors.New("Iptables not found")
|
||||
probeOnce sync.Once
|
||||
firewalldOnce sync.Once
|
||||
initOnce sync.Once
|
||||
)
|
||||
|
||||
// ChainInfo defines the iptables chain.
|
||||
|
@ -86,22 +85,32 @@ func initFirewalld() {
|
|||
}
|
||||
}
|
||||
|
||||
func detectIptables() {
|
||||
path, err := exec.LookPath("iptables")
|
||||
if err != nil {
|
||||
return
|
||||
}
|
||||
iptablesPath = path
|
||||
supportsXlock = exec.Command(iptablesPath, "--wait", "-L", "-n").Run() == nil
|
||||
mj, mn, mc, err := GetVersion()
|
||||
if err != nil {
|
||||
logrus.Warnf("Failed to read iptables version: %v", err)
|
||||
return
|
||||
}
|
||||
supportsCOpt = supportsCOption(mj, mn, mc)
|
||||
}
|
||||
|
||||
func initIptables() {
|
||||
probe()
|
||||
initFirewalld()
|
||||
detectIptables()
|
||||
}
|
||||
|
||||
func initCheck() error {
|
||||
initOnce.Do(initIptables)
|
||||
|
||||
if iptablesPath == "" {
|
||||
probeOnce.Do(probe)
|
||||
firewalldOnce.Do(initFirewalld)
|
||||
path, err := exec.LookPath("iptables")
|
||||
if err != nil {
|
||||
return ErrIptablesNotFound
|
||||
}
|
||||
iptablesPath = path
|
||||
supportsXlock = exec.Command(iptablesPath, "--wait", "-L", "-n").Run() == nil
|
||||
mj, mn, mc, err := GetVersion()
|
||||
if err != nil {
|
||||
logrus.Warnf("Failed to read iptables version: %v", err)
|
||||
return nil
|
||||
}
|
||||
supportsCOpt = supportsCOption(mj, mn, mc)
|
||||
return ErrIptablesNotFound
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
@ -189,6 +198,26 @@ func ProgramChain(c *ChainInfo, bridgeName string, hairpinMode, enable bool) err
|
|||
}
|
||||
|
||||
}
|
||||
establish := []string{
|
||||
"-o", bridgeName,
|
||||
"-m", "conntrack",
|
||||
"--ctstate", "RELATED,ESTABLISHED",
|
||||
"-j", "ACCEPT"}
|
||||
if !Exists(Filter, "FORWARD", establish...) && enable {
|
||||
insert := append([]string{string(Insert), "FORWARD"}, establish...)
|
||||
if output, err := Raw(insert...); err != nil {
|
||||
return err
|
||||
} else if len(output) != 0 {
|
||||
return fmt.Errorf("Could not create establish rule to %s: %s", c.Table, output)
|
||||
}
|
||||
} else if Exists(Filter, "FORWARD", establish...) && !enable {
|
||||
del := append([]string{string(Delete), "FORWARD"}, establish...)
|
||||
if output, err := Raw(del...); err != nil {
|
||||
return err
|
||||
} else if len(output) != 0 {
|
||||
return fmt.Errorf("Could not delete establish rule from %s: %s", c.Table, output)
|
||||
}
|
||||
}
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
@ -353,7 +382,11 @@ func exists(native bool, table Table, chain string, rule ...string) bool {
|
|||
table = Filter
|
||||
}
|
||||
|
||||
initCheck()
|
||||
if err := initCheck(); err != nil {
|
||||
// The exists() signature does not allow us to return an error, but at least
|
||||
// we can skip the (likely invalid) exec invocation.
|
||||
return false
|
||||
}
|
||||
|
||||
if supportsCOpt {
|
||||
// if exit status is 0 then return true, the rule exists
|
||||
|
@ -436,9 +469,9 @@ func ExistChain(chain string, table Table) bool {
|
|||
return false
|
||||
}
|
||||
|
||||
// GetVersion reads the iptables version numbers
|
||||
// GetVersion reads the iptables version numbers during initialization
|
||||
func GetVersion() (major, minor, micro int, err error) {
|
||||
out, err := Raw("--version")
|
||||
out, err := exec.Command(iptablesPath, "--version").CombinedOutput()
|
||||
if err == nil {
|
||||
major, minor, micro = parseVersionNumbers(string(out))
|
||||
}
|
||||
|
|
23
vendor/github.com/docker/libnetwork/network.go
generated
vendored
23
vendor/github.com/docker/libnetwork/network.go
generated
vendored
|
@ -74,6 +74,9 @@ type NetworkInfo interface {
|
|||
// gossip cluster. For non-dynamic overlay networks and bridge networks it returns an
|
||||
// empty slice
|
||||
Peers() []networkdb.PeerInfo
|
||||
//Services returns a map of services keyed by the service name with the details
|
||||
//of all the tasks that belong to the service. Applicable only in swarm mode.
|
||||
Services() map[string]ServiceInfo
|
||||
}
|
||||
|
||||
// EndpointWalker is a client provided function which will be used to walk the Endpoints.
|
||||
|
@ -108,6 +111,11 @@ type servicePorts struct {
|
|||
target []serviceTarget
|
||||
}
|
||||
|
||||
type networkDBTable struct {
|
||||
name string
|
||||
objType driverapi.ObjectType
|
||||
}
|
||||
|
||||
// IpamConf contains all the ipam related configurations for a network
|
||||
type IpamConf struct {
|
||||
// The master address pool for containers and network interfaces
|
||||
|
@ -208,7 +216,7 @@ type network struct {
|
|||
attachable bool
|
||||
inDelete bool
|
||||
ingress bool
|
||||
driverTables []string
|
||||
driverTables []networkDBTable
|
||||
dynamic bool
|
||||
sync.Mutex
|
||||
}
|
||||
|
@ -1607,11 +1615,18 @@ func (n *network) Labels() map[string]string {
|
|||
return lbls
|
||||
}
|
||||
|
||||
func (n *network) TableEventRegister(tableName string) error {
|
||||
func (n *network) TableEventRegister(tableName string, objType driverapi.ObjectType) error {
|
||||
if !driverapi.IsValidType(objType) {
|
||||
return fmt.Errorf("invalid object type %v in registering table, %s", objType, tableName)
|
||||
}
|
||||
|
||||
t := networkDBTable{
|
||||
name: tableName,
|
||||
objType: objType,
|
||||
}
|
||||
n.Lock()
|
||||
defer n.Unlock()
|
||||
|
||||
n.driverTables = append(n.driverTables, tableName)
|
||||
n.driverTables = append(n.driverTables, t)
|
||||
return nil
|
||||
}
|
||||
|
||||
|
|
16
vendor/github.com/docker/libnetwork/networkdb/networkdb.go
generated
vendored
16
vendor/github.com/docker/libnetwork/networkdb/networkdb.go
generated
vendored
|
@ -307,6 +307,22 @@ func (nDB *NetworkDB) UpdateEntry(tname, nid, key string, value []byte) error {
|
|||
return nil
|
||||
}
|
||||
|
||||
// GetTableByNetwork walks the networkdb by the give table and network id and
|
||||
// returns a map of keys and values
|
||||
func (nDB *NetworkDB) GetTableByNetwork(tname, nid string) map[string]interface{} {
|
||||
entries := make(map[string]interface{})
|
||||
nDB.indexes[byTable].WalkPrefix(fmt.Sprintf("/%s/%s", tname, nid), func(k string, v interface{}) bool {
|
||||
entry := v.(*entry)
|
||||
if entry.deleting {
|
||||
return false
|
||||
}
|
||||
key := k[strings.LastIndex(k, "/")+1:]
|
||||
entries[key] = entry.value
|
||||
return false
|
||||
})
|
||||
return entries
|
||||
}
|
||||
|
||||
// DeleteEntry deletes a table entry in NetworkDB for given (network,
|
||||
// table, key) tuple and if the NetworkDB is part of the cluster
|
||||
// propagates this event to the cluster.
|
||||
|
|
20
vendor/github.com/docker/libnetwork/service_common.go
generated
vendored
20
vendor/github.com/docker/libnetwork/service_common.go
generated
vendored
|
@ -18,6 +18,26 @@ func newService(name string, id string, ingressPorts []*PortConfig, aliases []st
|
|||
}
|
||||
}
|
||||
|
||||
func (c *controller) getLBIndex(sid, nid string, ingressPorts []*PortConfig) int {
|
||||
skey := serviceKey{
|
||||
id: sid,
|
||||
ports: portConfigs(ingressPorts).String(),
|
||||
}
|
||||
c.Lock()
|
||||
s, ok := c.serviceBindings[skey]
|
||||
c.Unlock()
|
||||
|
||||
if !ok {
|
||||
return 0
|
||||
}
|
||||
|
||||
s.Lock()
|
||||
lb := s.loadBalancers[nid]
|
||||
s.Unlock()
|
||||
|
||||
return int(lb.fwMark)
|
||||
}
|
||||
|
||||
func (c *controller) cleanupServiceBindings(cleanupNID string) {
|
||||
var cleanupFuncs []func()
|
||||
|
||||
|
|
Loading…
Add table
Reference in a new issue