Merge pull request #22261 from sanimej/v1.11.1

Vendor Libnetwork v0.7.0-rc.7

hack/vendor.sh

@@ -30,7 +30,7 @@ clone git github.com/RackSec/srslog 259aed10dfa74ea2961eddd1d9847619f6e98837
 clone git github.com/imdario/mergo 0.2.1
 
 #get libnetwork packages
-clone git github.com/docker/libnetwork v0.7.0-rc.6
+clone git github.com/docker/libnetwork v0.7.0-rc.7
 clone git github.com/armon/go-metrics eb0af217e5e9747e41dd5303755356b62d28e3ec
 clone git github.com/hashicorp/go-msgpack 71c2886f5a673a35f909803f38ece5810165097b
 clone git github.com/hashicorp/memberlist 9a1e242e454d2443df330bdd51a436d5a9058fc4

vendor/src/github.com/docker/libnetwork/CHANGELOG.md

@@ -1,5 +1,11 @@
 # Changelog
 
+## 0.7.0-rc.7 (2016-04-22)
+- Fixes https://github.com/docker/libnetwork/issues/1113
+- Fixes https://github.com/docker/libnetwork/issues/1069
+- Fxies https://github.com/docker/libnetwork/issues/1117
+- Increase the concurrent query rate-limit count.
+
 ## 0.7.0-rc.6 (2016-04-10)
 - Flush cached resolver socket on default gateway change
 

vendor/src/github.com/docker/libnetwork/drivers/overlay/ov_network.go

@@ -395,9 +395,10 @@ func (n *network) watchMiss(nlSock *nl.NetlinkSocket) {
 				continue
 			}
 
-			if neigh.IP.To16() != nil {
+			if neigh.IP.To4() == nil {
 				continue
 			}
+			logrus.Debugf("miss notification for dest IP, %v", neigh.IP.String())
 
 			if neigh.State&(netlink.NUD_STALE|netlink.NUD_INCOMPLETE) == 0 {
 				continue

vendor/src/github.com/docker/libnetwork/resolver.go

@@ -9,7 +9,6 @@ import (
 	"time"
 
 	log "github.com/Sirupsen/logrus"
-	"github.com/docker/libnetwork/iptables"
 	"github.com/docker/libnetwork/netutils"
 	"github.com/miekg/dns"
 )
@@ -47,7 +46,7 @@ const (
 	maxExtDNS       = 3 //max number of external servers to try
 	extIOTimeout    = 4 * time.Second
 	defaultRespSize = 512
-	maxConcurrent   = 50
+	maxConcurrent   = 100
 	logInterval     = 2 * time.Second
 	maxDNSID        = 65536
 )
@@ -105,8 +104,6 @@ func (r *resolver) SetupFunc() func() {
 			r.err = fmt.Errorf("error in opening name server socket %v", err)
 			return
 		}
-		laddr := r.conn.LocalAddr()
-		_, ipPort, _ := net.SplitHostPort(laddr.String())
 
 		// Listen on a TCP as well
 		tcpaddr := &net.TCPAddr{
@@ -118,21 +115,6 @@ func (r *resolver) SetupFunc() func() {
 			r.err = fmt.Errorf("error in opening name TCP server socket %v", err)
 			return
 		}
-		ltcpaddr := r.tcpListen.Addr()
-		_, tcpPort, _ := net.SplitHostPort(ltcpaddr.String())
-		rules := [][]string{
-			{"-t", "nat", "-A", "OUTPUT", "-d", resolverIP, "-p", "udp", "--dport", dnsPort, "-j", "DNAT", "--to-destination", laddr.String()},
-			{"-t", "nat", "-A", "POSTROUTING", "-s", resolverIP, "-p", "udp", "--sport", ipPort, "-j", "SNAT", "--to-source", ":" + dnsPort},
-			{"-t", "nat", "-A", "OUTPUT", "-d", resolverIP, "-p", "tcp", "--dport", dnsPort, "-j", "DNAT", "--to-destination", ltcpaddr.String()},
-			{"-t", "nat", "-A", "POSTROUTING", "-s", resolverIP, "-p", "tcp", "--sport", tcpPort, "-j", "SNAT", "--to-source", ":" + dnsPort},
-		}
-
-		for _, rule := range rules {
-			r.err = iptables.RawCombinedOutputNative(rule...)
-			if r.err != nil {
-				return
-			}
-		}
 		r.err = nil
 	})
 }
@@ -142,6 +124,11 @@ func (r *resolver) Start() error {
 	if r.err != nil {
 		return r.err
 	}
+
+	if err := r.setupIPTable(); err != nil {
+		return fmt.Errorf("setting up IP table rules failed: %v", err)
+	}
+
 	s := &dns.Server{Handler: r, PacketConn: r.conn}
 	r.server = s
 	go func() {
@@ -305,6 +292,7 @@ func (r *resolver) ServeDNS(w dns.ResponseWriter, query *dns.Msg) {
 		extConn net.Conn
 		resp    *dns.Msg
 		err     error
+		writer  dns.ResponseWriter
 	)
 
 	if query == nil || len(query.Question) == 0 {
@@ -342,7 +330,9 @@ func (r *resolver) ServeDNS(w dns.ResponseWriter, query *dns.Msg) {
 		if resp.Len() > maxSize {
 			truncateResp(resp, maxSize, proto == "tcp")
 		}
+		writer = w
 	} else {
+		queryID := query.Id
 		for i := 0; i < maxExtDNS; i++ {
 			extDNS := &r.extDNSList[i]
 			if extDNS.ipStr == "" {
@@ -388,11 +378,11 @@ func (r *resolver) ServeDNS(w dns.ResponseWriter, query *dns.Msg) {
 
 			// forwardQueryStart stores required context to mux multiple client queries over
 			// one connection; and limits the number of outstanding concurrent queries.
-			if r.forwardQueryStart(w, query) == false {
+			if r.forwardQueryStart(w, query, queryID) == false {
 				old := r.tStamp
 				r.tStamp = time.Now()
 				if r.tStamp.Sub(old) > logInterval {
-					log.Errorf("More than %v concurrent queries from %s", maxConcurrent, w.LocalAddr().String())
+					log.Errorf("More than %v concurrent queries from %s", maxConcurrent, extConn.LocalAddr().String())
 				}
 				continue
 			}
@@ -418,32 +408,33 @@ func (r *resolver) ServeDNS(w dns.ResponseWriter, query *dns.Msg) {
 
 			// Retrieves the context for the forwarded query and returns the client connection
 			// to send the reply to
-			w = r.forwardQueryEnd(w, resp)
+			writer = r.forwardQueryEnd(w, resp)
-			if w == nil {
+			if writer == nil {
 				continue
 			}
 
 			resp.Compress = true
 			break
 		}
-
+		if resp == nil || writer == nil {
-		if resp == nil || w == nil {
 			return
 		}
 	}
 
-	err = w.WriteMsg(resp)
+	if writer == nil {
-	if err != nil {
+		return
+	}
+	if err = writer.WriteMsg(resp); err != nil {
 		log.Errorf("error writing resolver resp, %s", err)
 	}
 }
 
-func (r *resolver) forwardQueryStart(w dns.ResponseWriter, msg *dns.Msg) bool {
+func (r *resolver) forwardQueryStart(w dns.ResponseWriter, msg *dns.Msg, queryID uint16) bool {
 	proto := w.LocalAddr().Network()
 	dnsID := uint16(rand.Intn(maxDNSID))
 
 	cc := clientConn{
-		dnsID:      msg.Id,
+		dnsID:      queryID,
 		respWriter: w,
 	}
 
@@ -462,7 +453,7 @@ func (r *resolver) forwardQueryStart(w dns.ResponseWriter, msg *dns.Msg) bool {
 		for ok := true; ok == true; dnsID = uint16(rand.Intn(maxDNSID)) {
 			_, ok = r.client[dnsID]
 		}
-		log.Debugf("client dns id %v, changed id %v", msg.Id, dnsID)
+		log.Debugf("client dns id %v, changed id %v", queryID, dnsID)
 		r.client[dnsID] = cc
 		msg.Id = dnsID
 	default:
@@ -497,6 +488,7 @@ func (r *resolver) forwardQueryEnd(w dns.ResponseWriter, msg *dns.Msg) dns.Respo
 			log.Debugf("Can't retrieve client context for dns id %v", msg.Id)
 			return nil
 		}
+		log.Debugf("dns msg id %v, client id %v", msg.Id, cc.dnsID)
 		delete(r.client, msg.Id)
 		msg.Id = cc.dnsID
 		w = cc.respWriter

vendor/src/github.com/docker/libnetwork/resolver_unix.go

@@ -0,0 +1,77 @@
+// +build !windows
+
+package libnetwork
+
+import (
+	"fmt"
+	"net"
+	"os"
+	"os/exec"
+	"runtime"
+
+	log "github.com/Sirupsen/logrus"
+	"github.com/docker/docker/pkg/reexec"
+	"github.com/docker/libnetwork/iptables"
+	"github.com/vishvananda/netns"
+)
+
+func init() {
+	reexec.Register("setup-resolver", reexecSetupResolver)
+}
+
+func reexecSetupResolver() {
+	runtime.LockOSThread()
+	defer runtime.UnlockOSThread()
+
+	if len(os.Args) < 4 {
+		log.Error("invalid number of arguments..")
+		os.Exit(1)
+	}
+
+	_, ipPort, _ := net.SplitHostPort(os.Args[2])
+	_, tcpPort, _ := net.SplitHostPort(os.Args[3])
+	rules := [][]string{
+		{"-t", "nat", "-A", "OUTPUT", "-d", resolverIP, "-p", "udp", "--dport", dnsPort, "-j", "DNAT", "--to-destination", os.Args[2]},
+		{"-t", "nat", "-A", "POSTROUTING", "-s", resolverIP, "-p", "udp", "--sport", ipPort, "-j", "SNAT", "--to-source", ":" + dnsPort},
+		{"-t", "nat", "-A", "OUTPUT", "-d", resolverIP, "-p", "tcp", "--dport", dnsPort, "-j", "DNAT", "--to-destination", os.Args[3]},
+		{"-t", "nat", "-A", "POSTROUTING", "-s", resolverIP, "-p", "tcp", "--sport", tcpPort, "-j", "SNAT", "--to-source", ":" + dnsPort},
+	}
+
+	f, err := os.OpenFile(os.Args[1], os.O_RDONLY, 0)
+	if err != nil {
+		log.Errorf("failed get network namespace %q: %v", os.Args[1], err)
+		os.Exit(2)
+	}
+	defer f.Close()
+
+	nsFD := f.Fd()
+	if err = netns.Set(netns.NsHandle(nsFD)); err != nil {
+		log.Errorf("setting into container net ns %v failed, %v", os.Args[1], err)
+		os.Exit(3)
+	}
+
+	for _, rule := range rules {
+		if iptables.RawCombinedOutputNative(rule...) != nil {
+			log.Errorf("setting up rule failed, %v", rule)
+		}
+	}
+}
+
+func (r *resolver) setupIPTable() error {
+	if r.err != nil {
+		return r.err
+	}
+	laddr := r.conn.LocalAddr().String()
+	ltcpaddr := r.tcpListen.Addr().String()
+
+	cmd := &exec.Cmd{
+		Path:   reexec.Self(),
+		Args:   append([]string{"setup-resolver"}, r.sb.Key(), laddr, ltcpaddr),
+		Stdout: os.Stdout,
+		Stderr: os.Stderr,
+	}
+	if err := cmd.Run(); err != nil {
+		return fmt.Errorf("reexec failed: %v", err)
+	}
+	return nil
+}

vendor/src/github.com/docker/libnetwork/resolver_windows.go

@@ -0,0 +1,7 @@
+// +build windows
+
+package libnetwork
+
+func (r *resolver) setupIPTable() error {
+	return nil
+}

vendor/src/github.com/docker/libnetwork/sandbox.go

@@ -436,6 +436,7 @@ func (sb *sandbox) ResolveName(name string, ipType int) ([]net.IP, bool) {
 	// {a.b in network c.d},
 	// {a in network b.c.d},
 
+	log.Debugf("Name To resolve: %v", name)
 	name = strings.TrimSuffix(name, ".")
 	reqName := []string{name}
 	networkName := []string{""}
@@ -456,7 +457,6 @@ func (sb *sandbox) ResolveName(name string, ipType int) ([]net.IP, bool) {
 
 	epList := sb.getConnectedEndpoints()
 	for i := 0; i < len(reqName); i++ {
-		log.Debugf("To resolve: %v in %v", reqName[i], networkName[i])
 
 		// First check for local container alias
 		ip, ipv6Miss := sb.resolveName(reqName[i], networkName[i], epList, true, ipType)