From 9ae9f9812bc078523d64625793c079d99215cb63 Mon Sep 17 00:00:00 2001 From: Jana Radhakrishnan Date: Fri, 14 Oct 2016 11:12:24 -0700 Subject: [PATCH] Vendoring libnetwork @04025f2a2eebb Fixes #27323 Signed-off-by: Jana Radhakrishnan --- hack/vendor.sh | 2 +- .../github.com/docker/libnetwork/circle.yml | 2 + .../docker/libnetwork/controller.go | 5 +- .../libnetwork/drivers/bridge/bridge.go | 6 ++ .../docker/libnetwork/iptables/iptables.go | 57 ++++++++++--------- .../github.com/docker/libnetwork/network.go | 20 +++++++ .../docker/libnetwork/networkdb/networkdb.go | 10 ++-- .../docker/libnetwork/service_linux.go | 8 ++- 8 files changed, 76 insertions(+), 34 deletions(-) diff --git a/hack/vendor.sh b/hack/vendor.sh index af506e077b..f826489b86 100755 --- a/hack/vendor.sh +++ b/hack/vendor.sh @@ -70,7 +70,7 @@ clone git github.com/RackSec/srslog 365bf33cd9acc21ae1c355209865f17228ca534e clone git github.com/imdario/mergo 0.2.1 #get libnetwork packages -clone git github.com/docker/libnetwork 848cd92ec23e3ab15a36412030ed61e3844b40e1 +clone git github.com/docker/libnetwork 04025f2a2eebb0d091883e55980dc6916d36842d clone git github.com/docker/go-events 18b43f1bc85d9cdd42c05a6cd2d444c7a200a894 clone git github.com/armon/go-radix e39d623f12e8e41c7b5529e9a9dd67a1e2261f80 clone git github.com/armon/go-metrics eb0af217e5e9747e41dd5303755356b62d28e3ec diff --git a/vendor/src/github.com/docker/libnetwork/circle.yml b/vendor/src/github.com/docker/libnetwork/circle.yml index a5db509c67..bd34a8f19b 100644 --- a/vendor/src/github.com/docker/libnetwork/circle.yml +++ b/vendor/src/github.com/docker/libnetwork/circle.yml @@ -1,4 +1,6 @@ machine: + environment: + GODIST: "go1.7.1.linux-amd64.tar.gz" services: - docker diff --git a/vendor/src/github.com/docker/libnetwork/controller.go b/vendor/src/github.com/docker/libnetwork/controller.go index 2943c8c0a0..914287a5be 100644 --- a/vendor/src/github.com/docker/libnetwork/controller.go +++ b/vendor/src/github.com/docker/libnetwork/controller.go @@ -49,6 +49,7 @@ import ( "net" "strings" "sync" + "time" log "github.com/Sirupsen/logrus" "github.com/docker/docker/pkg/discovery" @@ -640,6 +641,7 @@ func (c *controller) NewNetwork(networkType, name string, id string, options ... generic: map[string]interface{}{netlabel.GenericData: make(map[string]string)}, ipamType: ipamapi.DefaultIPAM, id: id, + created: time.Now(), ctrlr: c, persist: true, drvOnce: &sync.Once{}, @@ -882,8 +884,9 @@ func (c *controller) NewSandbox(containerID string, options ...SandboxOption) (s if s.containerID == containerID { // If not a stub, then we already have a complete sandbox. if !s.isStub { + sbID := s.ID() c.Unlock() - return nil, types.ForbiddenErrorf("container %s is already present: %v", containerID, s) + return nil, types.ForbiddenErrorf("container %s is already present in sandbox %s", containerID, sbID) } // We already have a stub sandbox from the diff --git a/vendor/src/github.com/docker/libnetwork/drivers/bridge/bridge.go b/vendor/src/github.com/docker/libnetwork/drivers/bridge/bridge.go index 777f7b162e..64492eddc2 100644 --- a/vendor/src/github.com/docker/libnetwork/drivers/bridge/bridge.go +++ b/vendor/src/github.com/docker/libnetwork/drivers/bridge/bridge.go @@ -1318,6 +1318,12 @@ func (d *driver) RevokeExternalConnectivity(nid, eid string) error { logrus.Warn(err) } + endpoint.portMapping = nil + + if err = d.storeUpdate(endpoint); err != nil { + return fmt.Errorf("failed to update bridge endpoint %s to store: %v", endpoint.id[0:7], err) + } + return nil } diff --git a/vendor/src/github.com/docker/libnetwork/iptables/iptables.go b/vendor/src/github.com/docker/libnetwork/iptables/iptables.go index f6ddaed775..340bba6b0b 100644 --- a/vendor/src/github.com/docker/libnetwork/iptables/iptables.go +++ b/vendor/src/github.com/docker/libnetwork/iptables/iptables.go @@ -206,7 +206,8 @@ func (c *ChainInfo) Forward(action Action, ip net.IP, port int, proto, destAddr // value" by both iptables and ip6tables. daddr = "0/0" } - args := []string{"-t", string(Nat), string(action), c.Name, + + args := []string{ "-p", proto, "-d", daddr, "--dport", strconv.Itoa(port), @@ -215,33 +216,31 @@ func (c *ChainInfo) Forward(action Action, ip net.IP, port int, proto, destAddr if !c.HairpinMode { args = append(args, "!", "-i", bridgeName) } - if output, err := Raw(args...); err != nil { + if err := ProgramRule(Nat, c.Name, action, args); err != nil { return err - } else if len(output) != 0 { - return ChainError{Chain: "FORWARD", Output: output} } - if output, err := Raw("-t", string(Filter), string(action), c.Name, + args = []string{ "!", "-i", bridgeName, "-o", bridgeName, "-p", proto, "-d", destAddr, "--dport", strconv.Itoa(destPort), - "-j", "ACCEPT"); err != nil { + "-j", "ACCEPT", + } + if err := ProgramRule(Filter, c.Name, action, args); err != nil { return err - } else if len(output) != 0 { - return ChainError{Chain: "FORWARD", Output: output} } - if output, err := Raw("-t", string(Nat), string(action), "POSTROUTING", + args = []string{ "-p", proto, "-s", destAddr, "-d", destAddr, "--dport", strconv.Itoa(destPort), - "-j", "MASQUERADE"); err != nil { + "-j", "MASQUERADE", + } + if err := ProgramRule(Nat, "POSTROUTING", action, args); err != nil { return err - } else if len(output) != 0 { - return ChainError{Chain: "FORWARD", Output: output} } return nil @@ -250,31 +249,37 @@ func (c *ChainInfo) Forward(action Action, ip net.IP, port int, proto, destAddr // Link adds reciprocal ACCEPT rule for two supplied IP addresses. // Traffic is allowed from ip1 to ip2 and vice-versa func (c *ChainInfo) Link(action Action, ip1, ip2 net.IP, port int, proto string, bridgeName string) error { - if output, err := Raw("-t", string(Filter), string(action), c.Name, + // forward + args := []string{ "-i", bridgeName, "-o", bridgeName, "-p", proto, "-s", ip1.String(), "-d", ip2.String(), "--dport", strconv.Itoa(port), - "-j", "ACCEPT"); err != nil { - return err - } else if len(output) != 0 { - return fmt.Errorf("Error iptables forward: %s", output) + "-j", "ACCEPT", } - if output, err := Raw("-t", string(Filter), string(action), c.Name, - "-i", bridgeName, "-o", bridgeName, - "-p", proto, - "-s", ip2.String(), - "-d", ip1.String(), - "--sport", strconv.Itoa(port), - "-j", "ACCEPT"); err != nil { + if err := ProgramRule(Filter, c.Name, action, args); err != nil { + return err + } + // reverse + args[7], args[9] = args[9], args[7] + args[10] = "--sport" + if err := ProgramRule(Filter, c.Name, action, args); err != nil { return err - } else if len(output) != 0 { - return fmt.Errorf("Error iptables forward: %s", output) } return nil } +// ProgramRule adds the rule specified by args only if the +// rule is not already present in the chain. Reciprocally, +// it removes the rule only if present. +func ProgramRule(table Table, chain string, action Action, args []string) error { + if Exists(table, chain, args...) != (action == Delete) { + return nil + } + return RawCombinedOutput(append([]string{"-t", string(table), string(action), chain}, args...)...) +} + // Prerouting adds linking rule to nat/PREROUTING chain. func (c *ChainInfo) Prerouting(action Action, args ...string) error { a := []string{"-t", string(Nat), string(action), "PREROUTING"} diff --git a/vendor/src/github.com/docker/libnetwork/network.go b/vendor/src/github.com/docker/libnetwork/network.go index 4901c91bc7..8a068d22e9 100644 --- a/vendor/src/github.com/docker/libnetwork/network.go +++ b/vendor/src/github.com/docker/libnetwork/network.go @@ -6,6 +6,7 @@ import ( "net" "strings" "sync" + "time" log "github.com/Sirupsen/logrus" "github.com/docker/docker/pkg/stringid" @@ -65,6 +66,7 @@ type NetworkInfo interface { Internal() bool Labels() map[string]string Dynamic() bool + Created() time.Time } // EndpointWalker is a client provided function which will be used to walk the Endpoints. @@ -166,6 +168,7 @@ type network struct { name string networkType string id string + created time.Time scope string labels map[string]string ipamType string @@ -208,6 +211,13 @@ func (n *network) ID() string { return n.id } +func (n *network) Created() time.Time { + n.Lock() + defer n.Unlock() + + return n.created +} + func (n *network) Type() string { n.Lock() defer n.Unlock() @@ -320,6 +330,7 @@ func (n *network) CopyTo(o datastore.KVObject) error { dstN := o.(*network) dstN.name = n.name dstN.id = n.id + dstN.created = n.created dstN.networkType = n.networkType dstN.scope = n.scope dstN.dynamic = n.dynamic @@ -397,6 +408,7 @@ func (n *network) MarshalJSON() ([]byte, error) { netMap := make(map[string]interface{}) netMap["name"] = n.name netMap["id"] = n.id + netMap["created"] = n.created netMap["networkType"] = n.networkType netMap["scope"] = n.scope netMap["labels"] = n.labels @@ -451,6 +463,14 @@ func (n *network) UnmarshalJSON(b []byte) (err error) { } n.name = netMap["name"].(string) n.id = netMap["id"].(string) + // "created" is not available in older versions + if v, ok := netMap["created"]; ok { + // n.created is time.Time but marshalled as string + if err = n.created.UnmarshalText([]byte(v.(string))); err != nil { + log.Warnf("failed to unmarshal creation time %v: %v", v, err) + n.created = time.Time{} + } + } n.networkType = netMap["networkType"].(string) n.enableIPv6 = netMap["enableIPv6"].(bool) diff --git a/vendor/src/github.com/docker/libnetwork/networkdb/networkdb.go b/vendor/src/github.com/docker/libnetwork/networkdb/networkdb.go index a8c942c9cc..816a07ce71 100644 --- a/vendor/src/github.com/docker/libnetwork/networkdb/networkdb.go +++ b/vendor/src/github.com/docker/libnetwork/networkdb/networkdb.go @@ -496,14 +496,14 @@ func (nDB *NetworkDB) addNetworkNode(nid string, nodeName string) { // this func (nDB *NetworkDB) deleteNetworkNode(nid string, nodeName string) { nodes := nDB.networkNodes[nid] - for i, name := range nodes { + newNodes := make([]string, 0, len(nodes)-1) + for _, name := range nodes { if name == nodeName { - nodes[i] = nodes[len(nodes)-1] - nodes = nodes[:len(nodes)-1] - break + continue } + newNodes = append(newNodes, name) } - nDB.networkNodes[nid] = nodes + nDB.networkNodes[nid] = newNodes } // findCommonnetworks find the networks that both this node and the diff --git a/vendor/src/github.com/docker/libnetwork/service_linux.go b/vendor/src/github.com/docker/libnetwork/service_linux.go index 5e3802a823..158411d140 100644 --- a/vendor/src/github.com/docker/libnetwork/service_linux.go +++ b/vendor/src/github.com/docker/libnetwork/service_linux.go @@ -41,8 +41,15 @@ func newService(name string, id string, ingressPorts []*PortConfig, aliases []st func (c *controller) cleanupServiceBindings(cleanupNID string) { var cleanupFuncs []func() + c.Lock() + services := make([]*service, 0, len(c.serviceBindings)) for _, s := range c.serviceBindings { + services = append(services, s) + } + c.Unlock() + + for _, s := range services { s.Lock() for nid, lb := range s.loadBalancers { if cleanupNID != "" && nid != cleanupNID { @@ -67,7 +74,6 @@ func (c *controller) cleanupServiceBindings(cleanupNID string) { } s.Unlock() } - c.Unlock() for _, f := range cleanupFuncs { f()