From e4109b3b6bb3b6ebd6ba42cac03dfba5ffc6caf4 Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Tue, 25 May 2021 11:29:14 +0200 Subject: [PATCH] vendor: github.com/docker/libnetwork 64b7a4574d1426139437d20e81c0b6d391130ec8 Update libnetwork to make `docker run -p 80:80` functional again on environments with kernel boot parameter `ipv6.disable=1`. full diff: https://github.com/docker/libnetwork/compare/b3507428be5b458cb0e2b4086b13531fb0706e46...64b7a4574d1426139437d20e81c0b6d391130ec8 - fix port forwarding with ipv6.disable=1 - fixes moby/moby/42288 Docker 20.10.6: all containers stopped and cannot start if ipv6 is disabled on host - fixes docker/libnetwork/2629 Network issue with IPv6 following update to version 20.10.6 - fixesdocker/for-linux/1233 Since 20.10.6 it's not possible to run docker on a machine with disabled IPv6 interfaces - vendor: github.com/ishidawataru/sctp f2269e66cdee387bd321445d5d300893449805be - Enforce order of lock acquisitions on network/controller, fixes #2632 - fixes docker/libnetwork/2632 Name resolution stuck due to deadlock between different network struct methods - fixes moby/moby/42032 Docker deamon get's stuck, can't serve DNS requests Signed-off-by: Sebastiaan van Stijn --- hack/dockerfile/install/proxy.installer | 2 +- vendor.conf | 2 +- .../libnetwork/drivers/bridge/port_mapping.go | 31 +++++++++++++++++++ .../github.com/docker/libnetwork/network.go | 26 +++++++++------- .../github.com/docker/libnetwork/vendor.conf | 2 +- 5 files changed, 49 insertions(+), 14 deletions(-) diff --git a/hack/dockerfile/install/proxy.installer b/hack/dockerfile/install/proxy.installer index b7ce672fad..3b0bb4b486 100755 --- a/hack/dockerfile/install/proxy.installer +++ b/hack/dockerfile/install/proxy.installer @@ -3,7 +3,7 @@ # LIBNETWORK_COMMIT is used to build the docker-userland-proxy binary. When # updating the binary version, consider updating github.com/docker/libnetwork # in vendor.conf accordingly -: "${LIBNETWORK_COMMIT:=b3507428be5b458cb0e2b4086b13531fb0706e46}" +: "${LIBNETWORK_COMMIT:=64b7a4574d1426139437d20e81c0b6d391130ec8}" install_proxy() { case "$1" in diff --git a/vendor.conf b/vendor.conf index 81a7e96b2b..aa492fbb9b 100644 --- a/vendor.conf +++ b/vendor.conf @@ -47,7 +47,7 @@ github.com/grpc-ecosystem/go-grpc-middleware 3c51f7f332123e8be5a157c0802a # libnetwork # When updating, also update LIBNETWORK_COMMIT in hack/dockerfile/install/proxy.installer accordingly -github.com/docker/libnetwork b3507428be5b458cb0e2b4086b13531fb0706e46 +github.com/docker/libnetwork 64b7a4574d1426139437d20e81c0b6d391130ec8 github.com/docker/go-events e31b211e4f1cd09aa76fe4ac244571fab96ae47f github.com/armon/go-radix e39d623f12e8e41c7b5529e9a9dd67a1e2261f80 github.com/armon/go-metrics eb0af217e5e9747e41dd5303755356b62d28e3ec diff --git a/vendor/github.com/docker/libnetwork/drivers/bridge/port_mapping.go b/vendor/github.com/docker/libnetwork/drivers/bridge/port_mapping.go index 946130ecdd..17bf36f9dd 100644 --- a/vendor/github.com/docker/libnetwork/drivers/bridge/port_mapping.go +++ b/vendor/github.com/docker/libnetwork/drivers/bridge/port_mapping.go @@ -5,6 +5,7 @@ import ( "errors" "fmt" "net" + "sync" "github.com/docker/libnetwork/types" "github.com/ishidawataru/sctp" @@ -50,6 +51,13 @@ func (n *bridgeNetwork) allocatePortsInternal(bindings []types.PortBinding, cont bs = append(bs, bIPv4) } + // skip adding implicit v6 addr, when the kernel was booted with `ipv6.disable=1` + // https://github.com/moby/moby/issues/42288 + isV6Binding := c.HostIP != nil && c.HostIP.To4() == nil + if !isV6Binding && !IsV6Listenable() { + continue + } + // Allocate IPv6 Port mappings // If the container has no IPv6 address, allow proxying host IPv6 traffic to it // by setting up the binding with the IPv4 interface if the userland proxy is enabled @@ -211,3 +219,26 @@ func (n *bridgeNetwork) releasePort(bnd types.PortBinding) error { return portmapper.Unmap(host) } + +var ( + v6ListenableCached bool + v6ListenableOnce sync.Once +) + +// IsV6Listenable returns true when `[::1]:0` is listenable. +// IsV6Listenable returns false mostly when the kernel was booted with `ipv6.disable=1` option. +func IsV6Listenable() bool { + v6ListenableOnce.Do(func() { + ln, err := net.Listen("tcp6", "[::1]:0") + if err != nil { + // When the kernel was booted with `ipv6.disable=1`, + // we get err "listen tcp6 [::1]:0: socket: address family not supported by protocol" + // https://github.com/moby/moby/issues/42288 + logrus.Debugf("port_mapping: v6Listenable=false (%v)", err) + } else { + v6ListenableCached = true + ln.Close() + } + }) + return v6ListenableCached +} diff --git a/vendor/github.com/docker/libnetwork/network.go b/vendor/github.com/docker/libnetwork/network.go index a7a6d0748b..2514d6c4fc 100644 --- a/vendor/github.com/docker/libnetwork/network.go +++ b/vendor/github.com/docker/libnetwork/network.go @@ -1409,21 +1409,21 @@ func (n *network) addSvcRecords(eID, name, serviceID string, epIP, epIPv6 net.IP if n.ingress { return } - - logrus.Debugf("%s (%.7s).addSvcRecords(%s, %s, %s, %t) %s sid:%s", eID, n.ID(), name, epIP, epIPv6, ipMapUpdate, method, serviceID) + networkID := n.ID() + logrus.Debugf("%s (%.7s).addSvcRecords(%s, %s, %s, %t) %s sid:%s", eID, networkID, name, epIP, epIPv6, ipMapUpdate, method, serviceID) c := n.getController() c.Lock() defer c.Unlock() - sr, ok := c.svcRecords[n.ID()] + sr, ok := c.svcRecords[networkID] if !ok { sr = svcInfo{ svcMap: setmatrix.NewSetMatrix(), svcIPv6Map: setmatrix.NewSetMatrix(), ipMap: setmatrix.NewSetMatrix(), } - c.svcRecords[n.ID()] = sr + c.svcRecords[networkID] = sr } if ipMapUpdate { @@ -1445,14 +1445,14 @@ func (n *network) deleteSvcRecords(eID, name, serviceID string, epIP net.IP, epI if n.ingress { return } - - logrus.Debugf("%s (%.7s).deleteSvcRecords(%s, %s, %s, %t) %s sid:%s ", eID, n.ID(), name, epIP, epIPv6, ipMapUpdate, method, serviceID) + networkID := n.ID() + logrus.Debugf("%s (%.7s).deleteSvcRecords(%s, %s, %s, %t) %s sid:%s ", eID, networkID, name, epIP, epIPv6, ipMapUpdate, method, serviceID) c := n.getController() c.Lock() defer c.Unlock() - sr, ok := c.svcRecords[n.ID()] + sr, ok := c.svcRecords[networkID] if !ok { return } @@ -1972,9 +1972,10 @@ func (n *network) ResolveName(req string, ipType int) ([]net.IP, bool) { var ipv6Miss bool c := n.getController() + networkID := n.ID() c.Lock() defer c.Unlock() - sr, ok := c.svcRecords[n.ID()] + sr, ok := c.svcRecords[networkID] if !ok { return nil, false @@ -2012,10 +2013,11 @@ func (n *network) ResolveName(req string, ipType int) ([]net.IP, bool) { } func (n *network) HandleQueryResp(name string, ip net.IP) { + networkID := n.ID() c := n.getController() c.Lock() defer c.Unlock() - sr, ok := c.svcRecords[n.ID()] + sr, ok := c.svcRecords[networkID] if !ok { return @@ -2031,10 +2033,11 @@ func (n *network) HandleQueryResp(name string, ip net.IP) { } func (n *network) ResolveIP(ip string) string { + networkID := n.ID() c := n.getController() c.Lock() defer c.Unlock() - sr, ok := c.svcRecords[n.ID()] + sr, ok := c.svcRecords[networkID] if !ok { return "" @@ -2085,9 +2088,10 @@ func (n *network) ResolveService(name string) ([]*net.SRV, []net.IP) { proto := parts[1] svcName := strings.Join(parts[2:], ".") + networkID := n.ID() c.Lock() defer c.Unlock() - sr, ok := c.svcRecords[n.ID()] + sr, ok := c.svcRecords[networkID] if !ok { return nil, nil diff --git a/vendor/github.com/docker/libnetwork/vendor.conf b/vendor/github.com/docker/libnetwork/vendor.conf index 52aaac27d3..36e10194bf 100644 --- a/vendor/github.com/docker/libnetwork/vendor.conf +++ b/vendor/github.com/docker/libnetwork/vendor.conf @@ -43,7 +43,7 @@ golang.org/x/net ab34263943818b32f575efc978a3 golang.org/x/sys ed371f2e16b4b305ee99df548828de367527b76b golang.org/x/sync cd5d95a43a6e21273425c7ae415d3df9ea832eeb github.com/pkg/errors 614d223910a179a466c1767a985424175c39b465 # v0.9.1 -github.com/ishidawataru/sctp 6e2cb1366111dcf547c13531e3a263a067715847 +github.com/ishidawataru/sctp f2269e66cdee387bd321445d5d300893449805be go.opencensus.io 9c377598961b706d1542bd2d84d538b5094d596e # v0.22.0 gotest.tools/v3 bb0d8a963040ea5048dcef1a14d8f8b58a33d4b3 # v3.0.2