From b2c04e941b681b6a47eae5f22781d3b7441f94e3 Mon Sep 17 00:00:00 2001
From: Alessandro Boch <aboch@docker.com>
Date: Mon, 1 Feb 2016 14:52:18 -0800
Subject: [PATCH] Vendoring libnetwork 0.6.0-rc7

Signed-off-by: Alessandro Boch <aboch@docker.com>
---
 hack/vendor.sh                                                | 2 +-
 vendor/src/github.com/docker/libnetwork/CHANGELOG.md          | 3 +++
 .../docker/libnetwork/drivers/bridge/setup_ip_tables.go       | 4 ++++
 3 files changed, 8 insertions(+), 1 deletion(-)

diff --git a/hack/vendor.sh b/hack/vendor.sh
index 3e08b5d6c5..e2936bc337 100755
--- a/hack/vendor.sh
+++ b/hack/vendor.sh
@@ -27,7 +27,7 @@ clone git github.com/RackSec/srslog 6eb773f331e46fbba8eecb8e794e635e75fc04de
 clone git github.com/imdario/mergo 0.2.1
 
 #get libnetwork packages
-clone git github.com/docker/libnetwork v0.6.0-rc6
+clone git github.com/docker/libnetwork v0.6.0-rc7
 clone git github.com/armon/go-metrics eb0af217e5e9747e41dd5303755356b62d28e3ec
 clone git github.com/hashicorp/go-msgpack 71c2886f5a673a35f909803f38ece5810165097b
 clone git github.com/hashicorp/memberlist 9a1e242e454d2443df330bdd51a436d5a9058fc4
diff --git a/vendor/src/github.com/docker/libnetwork/CHANGELOG.md b/vendor/src/github.com/docker/libnetwork/CHANGELOG.md
index 2cad329304..a47d5fa707 100644
--- a/vendor/src/github.com/docker/libnetwork/CHANGELOG.md
+++ b/vendor/src/github.com/docker/libnetwork/CHANGELOG.md
@@ -1,5 +1,8 @@
 # Changelog
 
+## 0.6.0-rc7 (2016-02-01)
+- Allow inter-network connections via exposed ports
+
 ## 0.6.0-rc6 (2016-01-30)
 - Properly fixes https://github.com/docker/docker/issues/18814
 
diff --git a/vendor/src/github.com/docker/libnetwork/drivers/bridge/setup_ip_tables.go b/vendor/src/github.com/docker/libnetwork/drivers/bridge/setup_ip_tables.go
index 1d523d6c2c..f5ceed2130 100644
--- a/vendor/src/github.com/docker/libnetwork/drivers/bridge/setup_ip_tables.go
+++ b/vendor/src/github.com/docker/libnetwork/drivers/bridge/setup_ip_tables.go
@@ -138,6 +138,7 @@ func setupIPTablesInternal(bridgeIface string, addr net.Addr, icc, ipmasq, hairp
 		address   = addr.String()
 		natRule   = iptRule{table: iptables.Nat, chain: "POSTROUTING", preArgs: []string{"-t", "nat"}, args: []string{"-s", address, "!", "-o", bridgeIface, "-j", "MASQUERADE"}}
 		hpNatRule = iptRule{table: iptables.Nat, chain: "POSTROUTING", preArgs: []string{"-t", "nat"}, args: []string{"-m", "addrtype", "--src-type", "LOCAL", "-o", bridgeIface, "-j", "MASQUERADE"}}
+		skipDNAT  = iptRule{table: iptables.Nat, chain: DockerChain, preArgs: []string{"-t", "nat"}, args: []string{"-i", bridgeIface, "-j", "RETURN"}}
 		outRule   = iptRule{table: iptables.Filter, chain: "FORWARD", args: []string{"-i", bridgeIface, "!", "-o", bridgeIface, "-j", "ACCEPT"}}
 		inRule    = iptRule{table: iptables.Filter, chain: "FORWARD", args: []string{"-o", bridgeIface, "-m", "conntrack", "--ctstate", "RELATED,ESTABLISHED", "-j", "ACCEPT"}}
 	)
@@ -147,6 +148,9 @@ func setupIPTablesInternal(bridgeIface string, addr net.Addr, icc, ipmasq, hairp
 		if err := programChainRule(natRule, "NAT", enable); err != nil {
 			return err
 		}
+		if err := programChainRule(skipDNAT, "SKIP DNAT", enable); err != nil {
+			return err
+		}
 	}
 
 	// In hairpin mode, masquerade traffic from localhost