Merge pull request #27395 from mrjana/net

Vendoring libnetwork @04025f2a2eebb

hack/vendor.sh

@@ -70,7 +70,7 @@ clone git github.com/RackSec/srslog 365bf33cd9acc21ae1c355209865f17228ca534e
 clone git github.com/imdario/mergo 0.2.1
 
 #get libnetwork packages
-clone git github.com/docker/libnetwork 848cd92ec23e3ab15a36412030ed61e3844b40e1
+clone git github.com/docker/libnetwork 04025f2a2eebb0d091883e55980dc6916d36842d
 clone git github.com/docker/go-events 18b43f1bc85d9cdd42c05a6cd2d444c7a200a894
 clone git github.com/armon/go-radix e39d623f12e8e41c7b5529e9a9dd67a1e2261f80
 clone git github.com/armon/go-metrics eb0af217e5e9747e41dd5303755356b62d28e3ec

vendor/src/github.com/docker/libnetwork/circle.yml

@@ -1,4 +1,6 @@
 machine:
+  environment:
+    GODIST: "go1.7.1.linux-amd64.tar.gz"
   services:
     - docker
 

vendor/src/github.com/docker/libnetwork/controller.go

@@ -49,6 +49,7 @@ import (
 	"net"
 	"strings"
 	"sync"
+	"time"
 
 	log "github.com/Sirupsen/logrus"
 	"github.com/docker/docker/pkg/discovery"
@@ -640,6 +641,7 @@ func (c *controller) NewNetwork(networkType, name string, id string, options ...
 		generic:     map[string]interface{}{netlabel.GenericData: make(map[string]string)},
 		ipamType:    ipamapi.DefaultIPAM,
 		id:          id,
+		created:     time.Now(),
 		ctrlr:       c,
 		persist:     true,
 		drvOnce:     &sync.Once{},
@@ -882,8 +884,9 @@ func (c *controller) NewSandbox(containerID string, options ...SandboxOption) (s
 		if s.containerID == containerID {
 			// If not a stub, then we already have a complete sandbox.
 			if !s.isStub {
+				sbID := s.ID()
 				c.Unlock()
-				return nil, types.ForbiddenErrorf("container %s is already present: %v", containerID, s)
+				return nil, types.ForbiddenErrorf("container %s is already present in sandbox %s", containerID, sbID)
 			}
 
 			// We already have a stub sandbox from the

vendor/src/github.com/docker/libnetwork/drivers/bridge/bridge.go

@@ -1318,6 +1318,12 @@ func (d *driver) RevokeExternalConnectivity(nid, eid string) error {
 		logrus.Warn(err)
 	}
 
+	endpoint.portMapping = nil
+
+	if err = d.storeUpdate(endpoint); err != nil {
+		return fmt.Errorf("failed to update bridge endpoint %s to store: %v", endpoint.id[0:7], err)
+	}
+
 	return nil
 }
 

vendor/src/github.com/docker/libnetwork/iptables/iptables.go

@@ -206,7 +206,8 @@ func (c *ChainInfo) Forward(action Action, ip net.IP, port int, proto, destAddr
 		// value" by both iptables and ip6tables.
 		daddr = "0/0"
 	}
-	args := []string{"-t", string(Nat), string(action), c.Name,
+
+	args := []string{
 		"-p", proto,
 		"-d", daddr,
 		"--dport", strconv.Itoa(port),
@@ -215,33 +216,31 @@ func (c *ChainInfo) Forward(action Action, ip net.IP, port int, proto, destAddr
 	if !c.HairpinMode {
 		args = append(args, "!", "-i", bridgeName)
 	}
-	if output, err := Raw(args...); err != nil {
+	if err := ProgramRule(Nat, c.Name, action, args); err != nil {
 		return err
-	} else if len(output) != 0 {
-		return ChainError{Chain: "FORWARD", Output: output}
 	}
 
-	if output, err := Raw("-t", string(Filter), string(action), c.Name,
+	args = []string{
 		"!", "-i", bridgeName,
 		"-o", bridgeName,
 		"-p", proto,
 		"-d", destAddr,
 		"--dport", strconv.Itoa(destPort),
-		"-j", "ACCEPT"); err != nil {
+		"-j", "ACCEPT",
+	}
+	if err := ProgramRule(Filter, c.Name, action, args); err != nil {
 		return err
-	} else if len(output) != 0 {
-		return ChainError{Chain: "FORWARD", Output: output}
 	}
 
-	if output, err := Raw("-t", string(Nat), string(action), "POSTROUTING",
+	args = []string{
 		"-p", proto,
 		"-s", destAddr,
 		"-d", destAddr,
 		"--dport", strconv.Itoa(destPort),
-		"-j", "MASQUERADE"); err != nil {
+		"-j", "MASQUERADE",
+	}
+	if err := ProgramRule(Nat, "POSTROUTING", action, args); err != nil {
 		return err
-	} else if len(output) != 0 {
-		return ChainError{Chain: "FORWARD", Output: output}
 	}
 
 	return nil
@@ -250,31 +249,37 @@ func (c *ChainInfo) Forward(action Action, ip net.IP, port int, proto, destAddr
 // Link adds reciprocal ACCEPT rule for two supplied IP addresses.
 // Traffic is allowed from ip1 to ip2 and vice-versa
 func (c *ChainInfo) Link(action Action, ip1, ip2 net.IP, port int, proto string, bridgeName string) error {
-	if output, err := Raw("-t", string(Filter), string(action), c.Name,
+	// forward
+	args := []string{
 		"-i", bridgeName, "-o", bridgeName,
 		"-p", proto,
 		"-s", ip1.String(),
 		"-d", ip2.String(),
 		"--dport", strconv.Itoa(port),
-		"-j", "ACCEPT"); err != nil {
+		"-j", "ACCEPT",
-		return err
-	} else if len(output) != 0 {
-		return fmt.Errorf("Error iptables forward: %s", output)
 	}
-	if output, err := Raw("-t", string(Filter), string(action), c.Name,
+	if err := ProgramRule(Filter, c.Name, action, args); err != nil {
-		"-i", bridgeName, "-o", bridgeName,
+		return err
-		"-p", proto,
+	}
-		"-s", ip2.String(),
+	// reverse
-		"-d", ip1.String(),
+	args[7], args[9] = args[9], args[7]
-		"--sport", strconv.Itoa(port),
+	args[10] = "--sport"
-		"-j", "ACCEPT"); err != nil {
+	if err := ProgramRule(Filter, c.Name, action, args); err != nil {
 		return err
-	} else if len(output) != 0 {
-		return fmt.Errorf("Error iptables forward: %s", output)
 	}
 	return nil
 }
 
+// ProgramRule adds the rule specified by args only if the
+// rule is not already present in the chain. Reciprocally,
+// it removes the rule only if present.
+func ProgramRule(table Table, chain string, action Action, args []string) error {
+	if Exists(table, chain, args...) != (action == Delete) {
+		return nil
+	}
+	return RawCombinedOutput(append([]string{"-t", string(table), string(action), chain}, args...)...)
+}
+
 // Prerouting adds linking rule to nat/PREROUTING chain.
 func (c *ChainInfo) Prerouting(action Action, args ...string) error {
 	a := []string{"-t", string(Nat), string(action), "PREROUTING"}

vendor/src/github.com/docker/libnetwork/network.go

@@ -6,6 +6,7 @@ import (
 	"net"
 	"strings"
 	"sync"
+	"time"
 
 	log "github.com/Sirupsen/logrus"
 	"github.com/docker/docker/pkg/stringid"
@@ -65,6 +66,7 @@ type NetworkInfo interface {
 	Internal() bool
 	Labels() map[string]string
 	Dynamic() bool
+	Created() time.Time
 }
 
 // EndpointWalker is a client provided function which will be used to walk the Endpoints.
@@ -166,6 +168,7 @@ type network struct {
 	name         string
 	networkType  string
 	id           string
+	created      time.Time
 	scope        string
 	labels       map[string]string
 	ipamType     string
@@ -208,6 +211,13 @@ func (n *network) ID() string {
 	return n.id
 }
 
+func (n *network) Created() time.Time {
+	n.Lock()
+	defer n.Unlock()
+
+	return n.created
+}
+
 func (n *network) Type() string {
 	n.Lock()
 	defer n.Unlock()
@@ -320,6 +330,7 @@ func (n *network) CopyTo(o datastore.KVObject) error {
 	dstN := o.(*network)
 	dstN.name = n.name
 	dstN.id = n.id
+	dstN.created = n.created
 	dstN.networkType = n.networkType
 	dstN.scope = n.scope
 	dstN.dynamic = n.dynamic
@@ -397,6 +408,7 @@ func (n *network) MarshalJSON() ([]byte, error) {
 	netMap := make(map[string]interface{})
 	netMap["name"] = n.name
 	netMap["id"] = n.id
+	netMap["created"] = n.created
 	netMap["networkType"] = n.networkType
 	netMap["scope"] = n.scope
 	netMap["labels"] = n.labels
@@ -451,6 +463,14 @@ func (n *network) UnmarshalJSON(b []byte) (err error) {
 	}
 	n.name = netMap["name"].(string)
 	n.id = netMap["id"].(string)
+	// "created" is not available in older versions
+	if v, ok := netMap["created"]; ok {
+		// n.created is time.Time but marshalled as string
+		if err = n.created.UnmarshalText([]byte(v.(string))); err != nil {
+			log.Warnf("failed to unmarshal creation time %v: %v", v, err)
+			n.created = time.Time{}
+		}
+	}
 	n.networkType = netMap["networkType"].(string)
 	n.enableIPv6 = netMap["enableIPv6"].(bool)
 

vendor/src/github.com/docker/libnetwork/networkdb/networkdb.go

@@ -496,14 +496,14 @@ func (nDB *NetworkDB) addNetworkNode(nid string, nodeName string) {
 // this
 func (nDB *NetworkDB) deleteNetworkNode(nid string, nodeName string) {
 	nodes := nDB.networkNodes[nid]
-	for i, name := range nodes {
+	newNodes := make([]string, 0, len(nodes)-1)
+	for _, name := range nodes {
 		if name == nodeName {
-			nodes[i] = nodes[len(nodes)-1]
+			continue
-			nodes = nodes[:len(nodes)-1]
-			break
 		}
+		newNodes = append(newNodes, name)
 	}
-	nDB.networkNodes[nid] = nodes
+	nDB.networkNodes[nid] = newNodes
 }
 
 // findCommonnetworks find the networks that both this node and the

vendor/src/github.com/docker/libnetwork/service_linux.go

@@ -41,8 +41,15 @@ func newService(name string, id string, ingressPorts []*PortConfig, aliases []st
 
 func (c *controller) cleanupServiceBindings(cleanupNID string) {
 	var cleanupFuncs []func()
+
 	c.Lock()
+	services := make([]*service, 0, len(c.serviceBindings))
 	for _, s := range c.serviceBindings {
+		services = append(services, s)
+	}
+	c.Unlock()
+
+	for _, s := range services {
 		s.Lock()
 		for nid, lb := range s.loadBalancers {
 			if cleanupNID != "" && nid != cleanupNID {
@@ -67,7 +74,6 @@ func (c *controller) cleanupServiceBindings(cleanupNID string) {
 		}
 		s.Unlock()
 	}
-	c.Unlock()
 
 	for _, f := range cleanupFuncs {
 		f()