From d23e8a7da58c119a8dda59484e9b180c6f25daed Mon Sep 17 00:00:00 2001
From: Brian Goff <cpuguy83@gmail.com>
Date: Fri, 12 Jan 2018 17:30:19 -0500
Subject: [PATCH] Update libnetwork commit

New Commit: fcf1c3b5e57833aaaa756ae3c4140ea54da00319

Signed-off-by: Brian Goff <cpuguy83@gmail.com>
---
 hack/dockerfile/binaries-commits              |  2 +-
 vendor.conf                                   |  2 +-
 .../docker/libnetwork/controller.go           |  4 +---
 .../libnetwork/drivers/overlay/ov_network.go  | 20 +++++++++++++++++--
 .../docker/libnetwork/firewall_linux.go       | 11 ++++++++++
 .../docker/libnetwork/firewall_others.go      |  2 +-
 6 files changed, 33 insertions(+), 8 deletions(-)

diff --git a/hack/dockerfile/binaries-commits b/hack/dockerfile/binaries-commits
index eddec4034e..12f39afd61 100644
--- a/hack/dockerfile/binaries-commits
+++ b/hack/dockerfile/binaries-commits
@@ -10,7 +10,7 @@ RUNC_COMMIT=b2567b37d7b75eb4cf325b77297b140ea686ce8f
 # fixes or new APIs.
 CONTAINERD_COMMIT=89623f28b87a6004d4b785663257362d1658a729 # v1.0.0
 TINI_COMMIT=949e6facb77383876aeff8a6944dde66b3089574
-LIBNETWORK_COMMIT=7b2b1feb1de4817d522cc372af149ff48d25028e
+LIBNETWORK_COMMIT=fcf1c3b5e57833aaaa756ae3c4140ea54da00319
 VNDR_COMMIT=a6e196d8b4b0cbbdc29aebdb20c59ac6926bb384
 
 # Linting
diff --git a/vendor.conf b/vendor.conf
index b417be6951..b6db1fa257 100644
--- a/vendor.conf
+++ b/vendor.conf
@@ -31,7 +31,7 @@ github.com/moby/buildkit aaff9d591ef128560018433fe61beb802e149de8
 github.com/tonistiigi/fsutil dea3a0da73aee887fc02142d995be764106ac5e2
 
 #get libnetwork packages
-github.com/docker/libnetwork 315a076a4e9ded2abc950318c71d5f1637547977 
+github.com/docker/libnetwork fcf1c3b5e57833aaaa756ae3c4140ea54da00319
 github.com/docker/go-events 9461782956ad83b30282bf90e31fa6a70c255ba9
 github.com/armon/go-radix e39d623f12e8e41c7b5529e9a9dd67a1e2261f80
 github.com/armon/go-metrics eb0af217e5e9747e41dd5303755356b62d28e3ec
diff --git a/vendor/github.com/docker/libnetwork/controller.go b/vendor/github.com/docker/libnetwork/controller.go
index e9389487a3..f6619ecafd 100644
--- a/vendor/github.com/docker/libnetwork/controller.go
+++ b/vendor/github.com/docker/libnetwork/controller.go
@@ -882,9 +882,7 @@ addToStore:
 		c.Unlock()
 	}
 
-	c.Lock()
-	arrangeUserFilterRule()
-	c.Unlock()
+	c.arrangeUserFilterRule()
 
 	return network, nil
 }
diff --git a/vendor/github.com/docker/libnetwork/drivers/overlay/ov_network.go b/vendor/github.com/docker/libnetwork/drivers/overlay/ov_network.go
index 47e3d78848..d33939beeb 100644
--- a/vendor/github.com/docker/libnetwork/drivers/overlay/ov_network.go
+++ b/vendor/github.com/docker/libnetwork/drivers/overlay/ov_network.go
@@ -711,7 +711,7 @@ func (n *network) initSandbox(restore bool) error {
 	n.setNetlinkSocket(nlSock)
 
 	if err == nil {
-		go n.watchMiss(nlSock)
+		go n.watchMiss(nlSock, key)
 	} else {
 		logrus.Errorf("failed to subscribe to neighbor group netlink messages for overlay network %s in sbox %s: %v",
 			n.id, sbox.Key(), err)
@@ -720,7 +720,23 @@ func (n *network) initSandbox(restore bool) error {
 	return nil
 }
 
-func (n *network) watchMiss(nlSock *nl.NetlinkSocket) {
+func (n *network) watchMiss(nlSock *nl.NetlinkSocket, nsPath string) {
+	// With the new version of the netlink library the deserialize function makes
+	// requests about the interface of the netlink message. This can succeed only
+	// if this go routine is in the target namespace. For this reason following we
+	// lock the thread on that namespace
+	runtime.LockOSThread()
+	defer runtime.UnlockOSThread()
+	newNs, err := netns.GetFromPath(nsPath)
+	if err != nil {
+		logrus.WithError(err).Errorf("failed to get the namespace %s", nsPath)
+		return
+	}
+	defer newNs.Close()
+	if err = netns.Set(newNs); err != nil {
+		logrus.WithError(err).Errorf("failed to enter the namespace %s", nsPath)
+		return
+	}
 	for {
 		msgs, err := nlSock.Receive()
 		if err != nil {
diff --git a/vendor/github.com/docker/libnetwork/firewall_linux.go b/vendor/github.com/docker/libnetwork/firewall_linux.go
index b2232ac7a5..54f9621f81 100644
--- a/vendor/github.com/docker/libnetwork/firewall_linux.go
+++ b/vendor/github.com/docker/libnetwork/firewall_linux.go
@@ -7,6 +7,17 @@ import (
 
 const userChain = "DOCKER-USER"
 
+func (c *controller) arrangeUserFilterRule() {
+	c.Lock()
+	arrangeUserFilterRule()
+	c.Unlock()
+	iptables.OnReloaded(func() {
+		c.Lock()
+		arrangeUserFilterRule()
+		c.Unlock()
+	})
+}
+
 // This chain allow users to configure firewall policies in a way that persists
 // docker operations/restarts. Docker will not delete or modify any pre-existing
 // rules from the DOCKER-USER filter chain.
diff --git a/vendor/github.com/docker/libnetwork/firewall_others.go b/vendor/github.com/docker/libnetwork/firewall_others.go
index c41b3e049f..901f568fed 100644
--- a/vendor/github.com/docker/libnetwork/firewall_others.go
+++ b/vendor/github.com/docker/libnetwork/firewall_others.go
@@ -2,5 +2,5 @@
 
 package libnetwork
 
-func arrangeUserFilterRule() {
+func (c *controller) arrangeUserFilterRule() {
 }