This way we won't vendor test related functions in docker anymore.
It also moves netns related functions to a new ns package to be able to
call the ns init function in tests. I think this also helps with the
overall package isolation.
Signed-off-by: David Calavera <david.calavera@gmail.com>
Make sure to always explicitly set namespace for all
kernel bound network operations irrespective of whether
the operation is performed in init namespace or a user
defined namespace. This already happens for user defined
netns. But doesn't happen for initial netns that libnetwork
runs in.
Signed-off-by: Jana Radhakrishnan <mrjana@docker.com>
- NetworkRange() function on which ipallocatore relies
to compute the subnet limits has a bug in computing the upper limit IP
- in case container subnet is specified (fixedCIDR), bridge driver to
reserve bridge and gateway addresses only if they belong to the container
subnet
- Make ipallocator more robust in using converting the passed network
to a canonical one before using it as a key in its public APIs
Signed-off-by: Alessandro Boch <aboch@docker.com>
Currently GenerateIfaceName is defined in bridge.go
and it specifically tries to only generate an interface
name only with `veth` prefix. Make it generic so that it
can accept a prefix and length of random bytes. Also
move it to netutils since it is useful to generate various
kinds of interface names using it.
Signed-off-by: Jana Radhakrishnan <mrjana@docker.com>
This is need to decouple types from netutils which has linux
dependencies. This way the client code which needs network types
can just pull in types package which makes client code platform
agnostic.
Signed-off-by: Jana Radhakrishnan <mrjana@docker.com>
Refactored the driver api so that is aligns well with the design
of endpoint lifecycle becoming decoupled from the container lifecycle.
Introduced go interfaces to obtain address information during CreateEndpoint.
Go interfaces are also used to get data from driver during join.
This sort of deisgn hides the libnetwork specific type details from drivers.
Another adjustment is to provide a list of interfaces during CreateEndpoint. The
goal of this is many-fold:
* To indicate to the driver that IP address has been assigned by some other
entity (like a user wanting to use their own static IP for an endpoint/container)
and asking the driver to honor this. Driver may reject this configuration
and return an error but it may not try to allocate an IP address and override
the passed one.
* To indicate to the driver that IP address has already been allocated once
for this endpoint by an instance of the same driver in some docker host
in the cluster and this is merely a notification about that endpoint and the
allocated resources.
* In case the list of interfaces is empty the driver is required to allocate and
assign IP addresses for this endpoint.
Signed-off-by: Jana Radhakrishnan <mrjana@docker.com>
The libnetwork test does not need to run inside a namespace
when inside a container. This results in unpredictable behavior
when the sandbox code unlocks the go routine from the OS thread
while the test code still wants it locked in the OS thread. This
will result in unreachable interfaces when the go routine
migrates to a different OS thread.
Fixed by passing a special test flag which is only set to true
when the test is run inside a container.
Signed-off-by: Jana Radhakrishnan <mrjana@docker.com>
using a len(net.IP) to check for ipv4 or ipv6 is a bad idea.
And that was exactly done in NetworkOverlaps() function with the
assumption that any ipv4 net.IP will be of 4 bytes. Golang Net package
makes no such assumptions.
This assumption actually broke a particular use-case where the
NetworkOverlaps fails to identify a genuine overlap and that causes
datapath issues.
With this fix, we explicitely check for v4 or v6
Signed-off-by: Madhu Venugopal <madhu@docker.com>
- libnetwork cares for list of exposed ports, driver cares
for list of port bindings. At endpoint creation:
- list of exposed ports will be passed as libnetwork otion
- list of port mapping will be passed as driver option
Signed-off-by: Alessandro Boch <aboch@docker.com>
- Modified Mac address generation to match current standard
- Moved GenerateRandomName from libcontainer and removed the dependancy.
- Reduced entropy loop to 3 attempts.
Signed-off-by: Brent Salisbury <brent.salisbury@docker.com>
