Rather than re-execing docker as the proxy, create a new command docker-proxy
that is much smaller to save memory in the case where there are a lot of
procies being created. Also allows the proxy to be replaced, for example
in Docker for Mac we have a proxy that proxies to osx instead of locally.
This is the vendoring pull for https://github.com/docker/docker/pull/23312
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
This way we won't vendor test related functions in docker anymore.
It also moves netns related functions to a new ns package to be able to
call the ns init function in tests. I think this also helps with the
overall package isolation.
Signed-off-by: David Calavera <david.calavera@gmail.com>
for the bridge driver.
Moves two config options, namely EnableIPTables and EnableUserlandProxy
from networks to the driver.
Closes#242
Signed-off-by: Mohammad Banikazemi <MBanikazemi@gmail.com>
It is needed in cases when mapped port is already bound, or another
application bind mapped port. All this will be undetected because we use
iptables and not net.Listen.
Signed-off-by: Alexander Morozov <lk4d4@docker.com>
DESCRIPTION:
As part of bringing libnetwork bridge driver features
in parity with docker/daemon/network/driver/bridge
features (Issue #46), this commit addresses the
bridge.RequestPort() API.
Currenlty docker/api/server.go needs an hold of port
allocator in order to reserve a transport port which
will be used by the http server on the host machine,
so that portallocator does not give out that port when
queried by portmapper as part of network driver operations.
ISSUE:
Current implementation in docker is server.go directly
access portmapper and then portallocator from bridge pkg
calling bridge.RequestPort(). This also forces that function
to trigger portmapper initialization (in case bridge init()
was not executed yet), while portmapper life cycle should
only be controlled by bridge network driver.
We cannot mantain this behavior with libnetwrok as this
violates the modularization of networking code which
libnetwork is bringing in.
FIX:
Make portallocator a singleton, now both docker core and
portmapper code can initialize it and get the only one instance
(Change in docker core code will happen when docker code
will migrate to use libnetwork), given it is being used for
host specific needs.
NOTE:
Long term fix is having multiple portallocator instances (so
no more singleton) each capable to be in sync with OS regarding
current port allocation.
When this change comes, no change whould be required on portallocator'
clients side, changes will be confined to portallocator package.
Signed-off-by: Alessandro Boch <aboch@docker.com>
- Update: portmapper, portallocator, ipallocator
- Remove stale godep dependencies
- Update pkg/iptables and others godep to latest
- Update bridge code and test after above changes
- Merge with latest changes in libnetwork
The code is updated up to docker/master commit SHA 86d66d6273
Signed-off-by: Alessandro Boch <aboch@docker.com>
- As they provide network translation functionalities,
they should be part of libnetwork
- In driver/bridge/setup_ip_tables.go remove depenency
on docker/daemon/networkdriver
Signed-off-by: Alessandro Boch <aboch@docker.com>
Justin Cormack