From 77e06fda0c9457c99a210e9648c064b44805fa2d Mon Sep 17 00:00:00 2001 From: Tibor Vass Date: Sun, 31 May 2020 23:42:53 +0000 Subject: [PATCH] vendor libnetwork to 153d0769a1181bf591a9637fd487a541ec7db1e6 Signed-off-by: Tibor Vass --- hack/dockerfile/install/proxy.installer | 2 +- vendor.conf | 2 +- .../libnetwork/drivers/bridge/bridge.go | 6 ++++++ .../libnetwork/drivers/bridge/setup_device.go | 19 +++++++++++++++++++ 4 files changed, 27 insertions(+), 2 deletions(-) diff --git a/hack/dockerfile/install/proxy.installer b/hack/dockerfile/install/proxy.installer index ffd462bbcc..fde2eada9b 100755 --- a/hack/dockerfile/install/proxy.installer +++ b/hack/dockerfile/install/proxy.installer @@ -3,7 +3,7 @@ # LIBNETWORK_COMMIT is used to build the docker-userland-proxy binary. When # updating the binary version, consider updating github.com/docker/libnetwork # in vendor.conf accordingly -: ${LIBNETWORK_COMMIT:=71d4d82a5ce50453b1121d95544f0a2ae95bef9b} # bump_19.03 branch +: ${LIBNETWORK_COMMIT:=153d0769a1181bf591a9637fd487a541ec7db1e6} # bump_19.03 branch install_proxy() { case "$1" in diff --git a/vendor.conf b/vendor.conf index 0a9ff96823..3732cd4785 100644 --- a/vendor.conf +++ b/vendor.conf @@ -38,7 +38,7 @@ github.com/gofrs/flock 7f43ea2e6a643ad441fc12d0ecc0 # libnetwork # When updating, also update LIBNETWORK_COMMIT in hack/dockerfile/install/proxy.installer accordingly -github.com/docker/libnetwork 71d4d82a5ce50453b1121d95544f0a2ae95bef9b # bump_19.03 branch +github.com/docker/libnetwork 153d0769a1181bf591a9637fd487a541ec7db1e6 # bump_19.03 branch github.com/docker/go-events e31b211e4f1cd09aa76fe4ac244571fab96ae47f github.com/armon/go-radix e39d623f12e8e41c7b5529e9a9dd67a1e2261f80 github.com/armon/go-metrics eb0af217e5e9747e41dd5303755356b62d28e3ec diff --git a/vendor/github.com/docker/libnetwork/drivers/bridge/bridge.go b/vendor/github.com/docker/libnetwork/drivers/bridge/bridge.go index b617ea7bc4..22ee29e238 100644 --- a/vendor/github.com/docker/libnetwork/drivers/bridge/bridge.go +++ b/vendor/github.com/docker/libnetwork/drivers/bridge/bridge.go @@ -679,6 +679,12 @@ func (d *driver) createNetwork(config *networkConfiguration) (err error) { bridgeAlreadyExists := bridgeIface.exists() if !bridgeAlreadyExists { bridgeSetup.queueStep(setupDevice) + bridgeSetup.queueStep(setupDefaultSysctl) + } + + // For the default bridge, set expected sysctls + if config.DefaultBridge { + bridgeSetup.queueStep(setupDefaultSysctl) } // Even if a bridge exists try to setup IPv4. diff --git a/vendor/github.com/docker/libnetwork/drivers/bridge/setup_device.go b/vendor/github.com/docker/libnetwork/drivers/bridge/setup_device.go index 548ad951df..1343305ae9 100644 --- a/vendor/github.com/docker/libnetwork/drivers/bridge/setup_device.go +++ b/vendor/github.com/docker/libnetwork/drivers/bridge/setup_device.go @@ -2,6 +2,9 @@ package bridge import ( "fmt" + "io/ioutil" + "os" + "path/filepath" "github.com/docker/docker/pkg/parsers/kernel" "github.com/docker/libnetwork/netutils" @@ -49,6 +52,22 @@ func setupDevice(config *networkConfiguration, i *bridgeInterface) error { return err } +func setupDefaultSysctl(config *networkConfiguration, i *bridgeInterface) error { + // Disable IPv6 router advertisements originating on the bridge + sysPath := filepath.Join("/proc/sys/net/ipv6/conf/", config.BridgeName, "accept_ra") + if _, err := os.Stat(sysPath); err != nil { + logrus. + WithField("bridge", config.BridgeName). + WithField("syspath", sysPath). + Info("failed to read ipv6 net.ipv6.conf..accept_ra") + return nil + } + if err := ioutil.WriteFile(sysPath, []byte{'0', '\n'}, 0644); err != nil { + return fmt.Errorf("libnetwork: Unable to disable IPv6 router advertisement: %v", err) + } + return nil +} + // SetupDeviceUp ups the given bridge interface. func setupDeviceUp(config *networkConfiguration, i *bridgeInterface) error { err := i.nlh.LinkSetUp(i.Link)