From ff27bb0db45b2ca091812cfcf32ab570f308a956 Mon Sep 17 00:00:00 2001 From: Su Wang Date: Thu, 26 Sep 2019 21:04:49 +0000 Subject: [PATCH] Resolve "bridge fdb show" hang issue The output of "bridge fdb show" command invoked under a network namespace is unpredicable. Sometime it returns empty, and sometime non-stop rolling output. This perhaps is a bug in kernel and/or iproute2 implementation. To work around, display fdb for each bridge. Signed-off-by: Su Wang --- libnetwork/support/Dockerfile | 1 + libnetwork/support/support.sh | 13 ++++++++++++- 2 files changed, 13 insertions(+), 1 deletion(-) diff --git a/libnetwork/support/Dockerfile b/libnetwork/support/Dockerfile index fbf59ec067..e70d529edb 100644 --- a/libnetwork/support/Dockerfile +++ b/libnetwork/support/Dockerfile @@ -11,6 +11,7 @@ RUN apk add --no-cache \ iproute2 \ ipvsadm \ conntrack-tools \ + jq \ bash WORKDIR /bin diff --git a/libnetwork/support/support.sh b/libnetwork/support/support.sh index 4dec5afb28..9aa90aff77 100755 --- a/libnetwork/support/support.sh +++ b/libnetwork/support/support.sh @@ -18,6 +18,7 @@ IPTABLES="${IPTABLES:-iptables}" IPVSADM="${IPVSADM:-ipvsadm}" IP="${IP:-ip}" SSDBIN="${SSDBIN:-ssd}" +JQ="${JQ:-jq}" networks=0 containers=0 @@ -53,6 +54,7 @@ type -P ${BRIDGE} > /dev/null || echo "This tool requires bridge" type -P ${IPTABLES} > /dev/null || echo "This tool requires iptables" type -P ${IPVSADM} > /dev/null || echo "This tool requires ipvsadm" type -P ${IP} > /dev/null || echo "This tool requires ip" +type -P ${JQ} > /dev/null || echo "This tool requires jq" if ${DOCKER} network inspect --help | grep -q -- --verbose; then NETINSPECT_VERBOSE_SUPPORT="--verbose" @@ -89,7 +91,16 @@ for networkID in $(${DOCKER} network ls --no-trunc --filter driver=overlay -q) " echo_and_run ${NSENTER} --net=${i} ${IP} -o -4 address show echo_and_run ${NSENTER} --net=${i} ${IP} -4 route show echo_and_run ${NSENTER} --net=${i} ${IP} -4 neigh show - echo_and_run ${NSENTER} --net=${i} ${BRIDGE} fdb show + bridges=$(${NSENTER} --net=${i} ${IP} -j link show type bridge | ${JQ} -r '.[].ifname') + # break string to array + bridges=(${bridges}) + for b in "${bridges[@]}" + do + if [ -z ${b} ] || [ ${b} == "null" ]; then + continue + fi + echo_and_run ${NSENTER} --net=${i} ${BRIDGE} fdb show br ${b} + done echo_and_run ${NSENTER} --net=${i} ${IPTABLES} -w1 -n -v -L -t filter | grep -v '^$' echo_and_run ${NSENTER} --net=${i} ${IPTABLES} -w1 -n -v -L -t nat | grep -v '^$' echo_and_run ${NSENTER} --net=${i} ${IPTABLES} -w1 -n -v -L -t mangle | grep -v '^$'