libnetwork: return concrete-typed *Sandbox

Basically every exported method which takes a libnetwork.Sandbox
argument asserts that the value's concrete type is *sandbox. Passing any
other implementation of the interface is a runtime error! This interface
is a footgun, and clearly not necessary. Export and use the concrete
type instead.

Signed-off-by: Cory Snider <csnider@mirantis.com>

builder/builder-next/executor_unix.go

@@ -84,7 +84,7 @@ func (p *bridgeProvider) New() (network.Namespace, error) {
 
 type lnInterface struct {
 	ep  libnetwork.Endpoint
-	sbx libnetwork.Sandbox
+	sbx *libnetwork.Sandbox
 	sync.Once
 	err      error
 	ready    chan struct{}

daemon/container_operations.go

@@ -602,9 +602,9 @@ func (daemon *Daemon) allocateNetwork(container *container.Container) (retErr er
 	return nil
 }
 
-func (daemon *Daemon) getNetworkSandbox(container *container.Container) libnetwork.Sandbox {
-	var sb libnetwork.Sandbox
-	daemon.netController.WalkSandboxes(func(s libnetwork.Sandbox) bool {
+func (daemon *Daemon) getNetworkSandbox(container *container.Container) *libnetwork.Sandbox {
+	var sb *libnetwork.Sandbox
+	daemon.netController.WalkSandboxes(func(s *libnetwork.Sandbox) bool {
 		if s.ContainerID() == container.ID {
 			sb = s
 			return true
@@ -882,7 +882,7 @@ func (daemon *Daemon) ForceEndpointDelete(name string, networkName string) error
 func (daemon *Daemon) disconnectFromNetwork(container *container.Container, n libnetwork.Network, force bool) error {
 	var (
 		ep   libnetwork.Endpoint
-		sbox libnetwork.Sandbox
+		sbox *libnetwork.Sandbox
 	)
 
 	s := func(current libnetwork.Endpoint) bool {
@@ -1164,7 +1164,7 @@ func getNetworkID(name string, endpointSettings *networktypes.EndpointSettings)
 }
 
 // updateSandboxNetworkSettings updates the sandbox ID and Key.
-func updateSandboxNetworkSettings(c *container.Container, sb libnetwork.Sandbox) error {
+func updateSandboxNetworkSettings(c *container.Container, sb *libnetwork.Sandbox) error {
 	c.NetworkSettings.SandboxID = sb.ID()
 	c.NetworkSettings.SandboxKey = sb.Key()
 	return nil

daemon/network.go

@@ -782,7 +782,7 @@ func (daemon *Daemon) clearAttachableNetworks() {
 }
 
 // buildCreateEndpointOptions builds endpoint options from a given network.
-func buildCreateEndpointOptions(c *container.Container, n libnetwork.Network, epConfig *network.EndpointSettings, sb libnetwork.Sandbox, daemonDNS []string) ([]libnetwork.EndpointOption, error) {
+func buildCreateEndpointOptions(c *container.Container, n libnetwork.Network, epConfig *network.EndpointSettings, sb *libnetwork.Sandbox, daemonDNS []string) ([]libnetwork.EndpointOption, error) {
 	var (
 		bindings      = make(nat.PortMap)
 		pbList        []networktypes.PortBinding
@@ -954,7 +954,7 @@ func buildCreateEndpointOptions(c *container.Container, n libnetwork.Network, ep
 }
 
 // getPortMapInfo retrieves the current port-mapping programmed for the given sandbox
-func getPortMapInfo(sb libnetwork.Sandbox) nat.PortMap {
+func getPortMapInfo(sb *libnetwork.Sandbox) nat.PortMap {
 	pm := nat.PortMap{}
 	if sb == nil {
 		return pm

daemon/rename.go

@@ -16,7 +16,7 @@ import (
 func (daemon *Daemon) ContainerRename(oldName, newName string) error {
 	var (
 		sid string
-		sb  libnetwork.Sandbox
+		sb  *libnetwork.Sandbox
 	)
 
 	if oldName == "" || newName == "" {

libnetwork/agent.go

@@ -595,7 +595,7 @@ func (ep *endpoint) deleteDriverInfoFromCluster() error {
 	return nil
 }
 
-func (ep *endpoint) addServiceInfoToCluster(sb *sandbox) error {
+func (ep *endpoint) addServiceInfoToCluster(sb *Sandbox) error {
 	if ep.isAnonymous() && len(ep.myAliases) == 0 || ep.Iface() == nil || ep.Iface().Address() == nil {
 		return nil
 	}
@@ -605,8 +605,8 @@ func (ep *endpoint) addServiceInfoToCluster(sb *sandbox) error {
 		return nil
 	}
 
-	sb.Service.Lock()
-	defer sb.Service.Unlock()
+	sb.service.Lock()
+	defer sb.service.Unlock()
 	logrus.Debugf("addServiceInfoToCluster START for %s %s", ep.svcName, ep.ID())
 
 	// Check that the endpoint is still present on the sandbox before adding it to the service discovery.
@@ -677,7 +677,7 @@ func (ep *endpoint) addServiceInfoToCluster(sb *sandbox) error {
 	return nil
 }
 
-func (ep *endpoint) deleteServiceInfoFromCluster(sb *sandbox, fullRemove bool, method string) error {
+func (ep *endpoint) deleteServiceInfoFromCluster(sb *Sandbox, fullRemove bool, method string) error {
 	if ep.isAnonymous() && len(ep.myAliases) == 0 {
 		return nil
 	}
@@ -687,8 +687,8 @@ func (ep *endpoint) deleteServiceInfoFromCluster(sb *sandbox, fullRemove bool, m
 		return nil
 	}
 
-	sb.Service.Lock()
-	defer sb.Service.Unlock()
+	sb.service.Lock()
+	defer sb.service.Unlock()
 	logrus.Debugf("deleteServiceInfoFromCluster from %s START for %s %s", method, ep.svcName, ep.ID())
 
 	// Avoid a race w/ with a container that aborts preemptively.  This would

libnetwork/controller.go

@@ -78,9 +78,9 @@ type NetworkWalker func(nw Network) bool
 
 // SandboxWalker is a client provided function which will be used to walk the Sandboxes.
 // When the function returns true, the walk will stop.
-type SandboxWalker func(sb Sandbox) bool
+type SandboxWalker func(sb *Sandbox) bool
 
-type sandboxTable map[string]*sandbox
+type sandboxTable map[string]*Sandbox
 
 // Controller manages networks.
 type Controller struct {
@@ -96,7 +96,7 @@ type Controller struct {
 	nmap             map[string]*netWatch
 	serviceBindings  map[serviceKey]*service
 	defOsSbox        osl.Sandbox
-	ingressSandbox   *sandbox
+	ingressSandbox   *Sandbox
 	sboxOnce         sync.Once
 	agent            *agent
 	networkLocker    *locker.Locker
@@ -922,12 +922,12 @@ func (c *Controller) NetworkByID(id string) (Network, error) {
 }
 
 // NewSandbox creates a new sandbox for containerID.
-func (c *Controller) NewSandbox(containerID string, options ...SandboxOption) (Sandbox, error) {
+func (c *Controller) NewSandbox(containerID string, options ...SandboxOption) (*Sandbox, error) {
 	if containerID == "" {
 		return nil, types.BadRequestErrorf("invalid container ID")
 	}
 
-	var sb *sandbox
+	var sb *Sandbox
 	c.mu.Lock()
 	for _, s := range c.sandboxes {
 		if s.containerID == containerID {
@@ -956,7 +956,7 @@ func (c *Controller) NewSandbox(containerID string, options ...SandboxOption) (S
 
 	// Create sandbox and process options first. Key generation depends on an option
 	if sb == nil {
-		sb = &sandbox{
+		sb = &Sandbox{
 			id:                 sandboxID,
 			containerID:        containerID,
 			endpoints:          []*endpoint{},
@@ -1053,11 +1053,11 @@ func (c *Controller) NewSandbox(containerID string, options ...SandboxOption) (S
 }
 
 // Sandboxes returns the list of Sandbox(s) managed by this controller.
-func (c *Controller) Sandboxes() []Sandbox {
+func (c *Controller) Sandboxes() []*Sandbox {
 	c.mu.Lock()
 	defer c.mu.Unlock()
 
-	list := make([]Sandbox, 0, len(c.sandboxes))
+	list := make([]*Sandbox, 0, len(c.sandboxes))
 	for _, s := range c.sandboxes {
 		// Hide stub sandboxes from libnetwork users
 		if s.isStub {
@@ -1081,7 +1081,7 @@ func (c *Controller) WalkSandboxes(walker SandboxWalker) {
 
 // SandboxByID returns the Sandbox which has the passed id.
 // If not found, a [types.NotFoundError] is returned.
-func (c *Controller) SandboxByID(id string) (Sandbox, error) {
+func (c *Controller) SandboxByID(id string) (*Sandbox, error) {
 	if id == "" {
 		return nil, ErrInvalidID(id)
 	}
@@ -1096,7 +1096,7 @@ func (c *Controller) SandboxByID(id string) (Sandbox, error) {
 
 // SandboxDestroy destroys a sandbox given a container ID.
 func (c *Controller) SandboxDestroy(id string) error {
-	var sb *sandbox
+	var sb *Sandbox
 	c.mu.Lock()
 	for _, s := range c.sandboxes {
 		if s.containerID == id {
@@ -1115,8 +1115,8 @@ func (c *Controller) SandboxDestroy(id string) error {
 }
 
 // SandboxContainerWalker returns a Sandbox Walker function which looks for an existing Sandbox with the passed containerID
-func SandboxContainerWalker(out *Sandbox, containerID string) SandboxWalker {
-	return func(sb Sandbox) bool {
+func SandboxContainerWalker(out **Sandbox, containerID string) SandboxWalker {
+	return func(sb *Sandbox) bool {
 		if sb.ContainerID() == containerID {
 			*out = sb
 			return true
@@ -1126,8 +1126,8 @@ func SandboxContainerWalker(out *Sandbox, containerID string) SandboxWalker {
 }
 
 // SandboxKeyWalker returns a Sandbox Walker function which looks for an existing Sandbox with the passed key
-func SandboxKeyWalker(out *Sandbox, key string) SandboxWalker {
-	return func(sb Sandbox) bool {
+func SandboxKeyWalker(out **Sandbox, key string) SandboxWalker {
+	return func(sb *Sandbox) bool {
 		if sb.Key() == key {
 			*out = sb
 			return true

libnetwork/default_gateway.go

@@ -29,7 +29,7 @@ var procGwNetwork = make(chan (bool), 1)
    - its deleted when an endpoint with GW joins the container
 */
 
-func (sb *sandbox) setupDefaultGW() error {
+func (sb *Sandbox) setupDefaultGW() error {
 	// check if the container already has a GW endpoint
 	if ep := sb.getEndpointInGWNetwork(); ep != nil {
 		return nil
@@ -94,7 +94,7 @@ func (sb *sandbox) setupDefaultGW() error {
 }
 
 // If present, detach and remove the endpoint connecting the sandbox to the default gw network.
-func (sb *sandbox) clearDefaultGW() error {
+func (sb *Sandbox) clearDefaultGW() error {
 	var ep *endpoint
 
 	if ep = sb.getEndpointInGWNetwork(); ep == nil {
@@ -113,7 +113,7 @@ func (sb *sandbox) clearDefaultGW() error {
 // on the endpoints to which it is connected. It does not account
 // for the default gateway network endpoint.
 
-func (sb *sandbox) needDefaultGW() bool {
+func (sb *Sandbox) needDefaultGW() bool {
 	var needGW bool
 
 	for _, ep := range sb.getConnectedEndpoints() {
@@ -145,7 +145,7 @@ func (sb *sandbox) needDefaultGW() bool {
 	return needGW
 }
 
-func (sb *sandbox) getEndpointInGWNetwork() *endpoint {
+func (sb *Sandbox) getEndpointInGWNetwork() *endpoint {
 	for _, ep := range sb.getConnectedEndpoints() {
 		if ep.getNetwork().name == libnGWNetwork && strings.HasPrefix(ep.Name(), "gateway_") {
 			return ep
@@ -175,7 +175,7 @@ func (c *Controller) defaultGwNetwork() (Network, error) {
 }
 
 // Returns the endpoint which is providing external connectivity to the sandbox
-func (sb *sandbox) getGatewayEndpoint() *endpoint {
+func (sb *Sandbox) getGatewayEndpoint() *endpoint {
 	for _, ep := range sb.getConnectedEndpoints() {
 		if ep.getNetwork().Type() == "null" || ep.getNetwork().Type() == "host" {
 			continue

libnetwork/endpoint.go

@@ -27,10 +27,10 @@ type Endpoint interface {
 
 	// Join joins the sandbox to the endpoint and populates into the sandbox
 	// the network resources allocated for the endpoint.
-	Join(sandbox Sandbox, options ...EndpointOption) error
+	Join(sandbox *Sandbox, options ...EndpointOption) error
 
 	// Leave detaches the network resources populated in the sandbox.
-	Leave(sandbox Sandbox, options ...EndpointOption) error
+	Leave(sandbox *Sandbox, options ...EndpointOption) error
 
 	// Return certain operational data belonging to this endpoint
 	Info() EndpointInfo
@@ -416,14 +416,9 @@ func (ep *endpoint) getNetworkFromStore() (*network, error) {
 	return ep.network.getController().getNetworkFromStore(ep.network.id)
 }
 
-func (ep *endpoint) Join(sbox Sandbox, options ...EndpointOption) error {
-	if sbox == nil {
-		return types.BadRequestErrorf("endpoint cannot be joined by nil container")
-	}
-
-	sb, ok := sbox.(*sandbox)
-	if !ok {
-		return types.BadRequestErrorf("not a valid Sandbox interface")
+func (ep *endpoint) Join(sb *Sandbox, options ...EndpointOption) error {
+	if sb == nil || sb.ID() == "" || sb.Key() == "" {
+		return types.BadRequestErrorf("invalid Sandbox passed to endpoint join: %v", sb)
 	}
 
 	sb.joinLeaveStart()
@@ -432,7 +427,7 @@ func (ep *endpoint) Join(sbox Sandbox, options ...EndpointOption) error {
 	return ep.sbJoin(sb, options...)
 }
 
-func (ep *endpoint) sbJoin(sb *sandbox, options ...EndpointOption) (err error) {
+func (ep *endpoint) sbJoin(sb *Sandbox, options ...EndpointOption) (err error) {
 	n, err := ep.getNetworkFromStore()
 	if err != nil {
 		return fmt.Errorf("failed to get network from store during join: %v", err)
@@ -681,14 +676,9 @@ func (ep *endpoint) hasInterface(iName string) bool {
 	return ep.iface != nil && ep.iface.srcName == iName
 }
 
-func (ep *endpoint) Leave(sbox Sandbox, options ...EndpointOption) error {
-	if sbox == nil || sbox.ID() == "" || sbox.Key() == "" {
-		return types.BadRequestErrorf("invalid Sandbox passed to endpoint leave: %v", sbox)
-	}
-
-	sb, ok := sbox.(*sandbox)
-	if !ok {
-		return types.BadRequestErrorf("not a valid Sandbox interface")
+func (ep *endpoint) Leave(sb *Sandbox, options ...EndpointOption) error {
+	if sb == nil || sb.ID() == "" || sb.Key() == "" {
+		return types.BadRequestErrorf("invalid Sandbox passed to endpoint leave: %v", sb)
 	}
 
 	sb.joinLeaveStart()
@@ -697,7 +687,7 @@ func (ep *endpoint) Leave(sbox Sandbox, options ...EndpointOption) error {
 	return ep.sbLeave(sb, false, options...)
 }
 
-func (ep *endpoint) sbLeave(sb *sandbox, force bool, options ...EndpointOption) error {
+func (ep *endpoint) sbLeave(sb *Sandbox, force bool, options ...EndpointOption) error {
 	n, err := ep.getNetworkFromStore()
 	if err != nil {
 		return fmt.Errorf("failed to get network from store during leave: %v", err)
@@ -829,7 +819,7 @@ func (ep *endpoint) Delete(force bool) error {
 	}
 
 	if sb != nil {
-		if e := ep.sbLeave(sb.(*sandbox), force); e != nil {
+		if e := ep.sbLeave(sb, force); e != nil {
 			logrus.Warnf("failed to leave sandbox for endpoint %s : %v", name, e)
 		}
 	}
@@ -892,7 +882,7 @@ func (ep *endpoint) deleteEndpoint(force bool) error {
 	return nil
 }
 
-func (ep *endpoint) getSandbox() (*sandbox, bool) {
+func (ep *endpoint) getSandbox() (*Sandbox, bool) {
 	c := ep.network.getController()
 	ep.Lock()
 	sid := ep.sandboxID

libnetwork/endpoint_info.go

@@ -30,7 +30,7 @@ type EndpointInfo interface {
 	StaticRoutes() []*types.StaticRoute
 
 	// Sandbox returns the attached sandbox if there, nil otherwise.
-	Sandbox() Sandbox
+	Sandbox() *Sandbox
 
 	// LoadBalancer returns whether the endpoint is the load balancer endpoint for the network.
 	LoadBalancer() bool
@@ -328,7 +328,7 @@ func (ep *endpoint) AddTableEntry(tableName, key string, value []byte) error {
 	return nil
 }
 
-func (ep *endpoint) Sandbox() Sandbox {
+func (ep *endpoint) Sandbox() *Sandbox {
 	cnt, ok := ep.getSandbox()
 	if !ok {
 		return nil

libnetwork/libnetwork_linux_test.go

@@ -282,7 +282,7 @@ func TestEndpointJoin(t *testing.T) {
 		t.Fatalf("Unexpected error type returned: %T", err)
 	}
 
-	fsbx := &fakeSandbox{}
+	fsbx := &libnetwork.Sandbox{}
 	if err = ep1.Join(fsbx); err == nil {
 		t.Fatalf("Expected to fail join with invalid Sandbox")
 	}
@@ -853,7 +853,7 @@ type parallelTester struct {
 func (pt parallelTester) Do(t *testing.T, thrNumber int) error {
 	var (
 		ep  libnetwork.Endpoint
-		sb  libnetwork.Sandbox
+		sb  *libnetwork.Sandbox
 		err error
 	)
 
@@ -944,7 +944,7 @@ func TestParallel(t *testing.T) {
 		t.Fatal(err)
 	}
 
-	sboxes := make([]libnetwork.Sandbox, numThreads)
+	sboxes := make([]*libnetwork.Sandbox, numThreads)
 	if sboxes[first-1], err = controller.NewSandbox(fmt.Sprintf("%drace", first), libnetwork.OptionUseDefaultSandbox()); err != nil {
 		t.Fatal(err)
 	}

libnetwork/libnetwork_test.go

@@ -6,7 +6,6 @@ package libnetwork_test
 import (
 	"errors"
 	"fmt"
-	"net"
 	"net/http"
 	"net/http/httptest"
 	"os"
@@ -830,68 +829,6 @@ func TestNetworkQuery(t *testing.T) {
 
 const containerID = "valid_c"
 
-type fakeSandbox struct{}
-
-func (f *fakeSandbox) ID() string {
-	return "fake sandbox"
-}
-
-func (f *fakeSandbox) ContainerID() string {
-	return ""
-}
-
-func (f *fakeSandbox) Key() string {
-	return "fake key"
-}
-
-func (f *fakeSandbox) Labels() map[string]interface{} {
-	return nil
-}
-
-func (f *fakeSandbox) Statistics() (map[string]*types.InterfaceStatistics, error) {
-	return nil, nil
-}
-
-func (f *fakeSandbox) Refresh(opts ...libnetwork.SandboxOption) error {
-	return nil
-}
-
-func (f *fakeSandbox) Delete() error {
-	return nil
-}
-
-func (f *fakeSandbox) Rename(name string) error {
-	return nil
-}
-
-func (f *fakeSandbox) SetKey(key string) error {
-	return nil
-}
-
-func (f *fakeSandbox) ResolveName(name string, ipType int) ([]net.IP, bool) {
-	return nil, false
-}
-
-func (f *fakeSandbox) ResolveIP(ip string) string {
-	return ""
-}
-
-func (f *fakeSandbox) ResolveService(name string) ([]*net.SRV, []net.IP) {
-	return nil, nil
-}
-
-func (f *fakeSandbox) Endpoints() []libnetwork.Endpoint {
-	return nil
-}
-
-func (f *fakeSandbox) EnableService() error {
-	return nil
-}
-
-func (f *fakeSandbox) DisableService() error {
-	return nil
-}
-
 func TestEndpointDeleteWithActiveContainer(t *testing.T) {
 	defer testutils.SetupTestOSContext(t)()
 	controller := newController(t)
@@ -1159,7 +1096,7 @@ func TestContainerInvalidLeave(t *testing.T) {
 		t.Fatalf("Unexpected error type returned: %T. Desc: %s", err, err.Error())
 	}
 
-	fsbx := &fakeSandbox{}
+	fsbx := &libnetwork.Sandbox{}
 	if err = ep.Leave(fsbx); err == nil {
 		t.Fatalf("Expected to fail leave with invalid Sandbox")
 	}

libnetwork/resolver_test.go

@@ -122,7 +122,7 @@ func TestDNSIPQuery(t *testing.T) {
 
 	w := new(tstwriter)
 	// the unit tests right now will focus on non-proxyed DNS requests
-	r := NewResolver(resolverIPSandbox, false, sb.(*sandbox))
+	r := NewResolver(resolverIPSandbox, false, sb)
 
 	// test name1's IP is resolved correctly with the default A type query
 	// Also make sure DNS lookups are case insensitive
@@ -266,7 +266,7 @@ func TestDNSProxyServFail(t *testing.T) {
 	t.Log("DNS Server can be reached")
 
 	w := new(tstwriter)
-	r := NewResolver(resolverIPSandbox, true, sb.(*sandbox))
+	r := NewResolver(resolverIPSandbox, true, sb)
 	q := new(dns.Msg)
 	q.SetQuestion("name1.", dns.TypeA)
 

libnetwork/sandbox.go

@@ -16,46 +16,12 @@ import (
 	"github.com/sirupsen/logrus"
 )
 
-// Sandbox provides the control over the network container entity. It is a one to one mapping with the container.
-type Sandbox interface {
-	// ID returns the ID of the sandbox
-	ID() string
-	// Key returns the sandbox's key
-	Key() string
-	// ContainerID returns the container id associated to this sandbox
-	ContainerID() string
-	// Labels returns the sandbox's labels
-	Labels() map[string]interface{}
-	// Statistics retrieves the interfaces' statistics for the sandbox
-	Statistics() (map[string]*types.InterfaceStatistics, error)
-	// Refresh leaves all the endpoints, resets and re-applies the options,
-	// re-joins all the endpoints without destroying the osl sandbox
-	Refresh(options ...SandboxOption) error
-	// SetKey updates the Sandbox Key
-	SetKey(key string) error
-	// Rename changes the name of all attached Endpoints
-	Rename(name string) error
-	// Delete destroys this container after detaching it from all connected endpoints.
-	Delete() error
-	// Endpoints returns all the endpoints connected to the sandbox
-	Endpoints() []Endpoint
-	// ResolveService returns all the backend details about the containers or hosts
-	// backing a service. Its purpose is to satisfy an SRV query
-	ResolveService(name string) ([]*net.SRV, []net.IP)
-	// EnableService  makes a managed container's service available by adding the
-	// endpoint to the service load balancer and service discovery
-	EnableService() error
-	// DisableService removes a managed container's endpoints from the load balancer
-	// and service discovery
-	DisableService() error
-}
-
 // SandboxOption is an option setter function type used to pass various options to
 // NewNetContainer method. The various setter functions of type SandboxOption are
 // provided by libnetwork, they look like ContainerOptionXXXX(...)
-type SandboxOption func(sb *sandbox)
+type SandboxOption func(sb *Sandbox)
 
-func (sb *sandbox) processOptions(options ...SandboxOption) {
+func (sb *Sandbox) processOptions(options ...SandboxOption) {
 	for _, opt := range options {
 		if opt != nil {
 			opt(sb)
@@ -63,7 +29,9 @@ func (sb *sandbox) processOptions(options ...SandboxOption) {
 	}
 }
 
-type sandbox struct {
+// Sandbox provides the control over the network container entity.
+// It is a one to one mapping with the container.
+type Sandbox struct {
 	id                 string
 	containerID        string
 	config             containerConfig
@@ -87,7 +55,7 @@ type sandbox struct {
 	mu                 sync.Mutex
 	// This mutex is used to serialize service related operation for an endpoint
 	// The lock is here because the endpoint is saved into the store so is not unique
-	Service sync.Mutex
+	service sync.Mutex
 }
 
 // These are the container configs used to customize container /etc/hosts file.
@@ -134,22 +102,26 @@ const (
 	resolverIPSandbox = "127.0.0.11"
 )
 
-func (sb *sandbox) ID() string {
+// ID returns the ID of the sandbox.
+func (sb *Sandbox) ID() string {
 	return sb.id
 }
 
-func (sb *sandbox) ContainerID() string {
+// ContainerID returns the container id associated to this sandbox.
+func (sb *Sandbox) ContainerID() string {
 	return sb.containerID
 }
 
-func (sb *sandbox) Key() string {
+// Key returns the sandbox's key.
+func (sb *Sandbox) Key() string {
 	if sb.config.useDefaultSandBox {
 		return osl.GenerateKey("default")
 	}
 	return osl.GenerateKey(sb.id)
 }
 
-func (sb *sandbox) Labels() map[string]interface{} {
+// Labels returns the sandbox's labels.
+func (sb *Sandbox) Labels() map[string]interface{} {
 	sb.mu.Lock()
 	defer sb.mu.Unlock()
 	opts := make(map[string]interface{}, len(sb.config.generic))
@@ -159,7 +131,8 @@ func (sb *sandbox) Labels() map[string]interface{} {
 	return opts
 }
 
-func (sb *sandbox) Statistics() (map[string]*types.InterfaceStatistics, error) {
+// Statistics retrieves the interfaces' statistics for the sandbox.
+func (sb *Sandbox) Statistics() (map[string]*types.InterfaceStatistics, error) {
 	m := make(map[string]*types.InterfaceStatistics)
 
 	sb.mu.Lock()
@@ -179,11 +152,12 @@ func (sb *sandbox) Statistics() (map[string]*types.InterfaceStatistics, error) {
 	return m, nil
 }
 
-func (sb *sandbox) Delete() error {
+// Delete destroys this container after detaching it from all connected endpoints.
+func (sb *Sandbox) Delete() error {
 	return sb.delete(false)
 }
 
-func (sb *sandbox) delete(force bool) error {
+func (sb *Sandbox) delete(force bool) error {
 	sb.mu.Lock()
 	if sb.inDelete {
 		sb.mu.Unlock()
@@ -263,7 +237,8 @@ func (sb *sandbox) delete(force bool) error {
 	return nil
 }
 
-func (sb *sandbox) Rename(name string) error {
+// Rename changes the name of all attached Endpoints.
+func (sb *Sandbox) Rename(name string) error {
 	var err error
 
 	for _, ep := range sb.getConnectedEndpoints() {
@@ -289,7 +264,9 @@ func (sb *sandbox) Rename(name string) error {
 	return err
 }
 
-func (sb *sandbox) Refresh(options ...SandboxOption) error {
+// Refresh leaves all the endpoints, resets and re-applies the options,
+// re-joins all the endpoints without destroying the osl sandbox
+func (sb *Sandbox) Refresh(options ...SandboxOption) error {
 	// Store connected endpoints
 	epList := sb.getConnectedEndpoints()
 
@@ -319,7 +296,7 @@ func (sb *sandbox) Refresh(options ...SandboxOption) error {
 	return nil
 }
 
-func (sb *sandbox) MarshalJSON() ([]byte, error) {
+func (sb *Sandbox) MarshalJSON() ([]byte, error) {
 	sb.mu.Lock()
 	defer sb.mu.Unlock()
 
@@ -327,7 +304,7 @@ func (sb *sandbox) MarshalJSON() ([]byte, error) {
 	return json.Marshal(sb.id)
 }
 
-func (sb *sandbox) UnmarshalJSON(b []byte) (err error) {
+func (sb *Sandbox) UnmarshalJSON(b []byte) (err error) {
 	sb.mu.Lock()
 	defer sb.mu.Unlock()
 
@@ -339,7 +316,8 @@ func (sb *sandbox) UnmarshalJSON(b []byte) (err error) {
 	return nil
 }
 
-func (sb *sandbox) Endpoints() []Endpoint {
+// Endpoints returns all the endpoints connected to the sandbox.
+func (sb *Sandbox) Endpoints() []Endpoint {
 	sb.mu.Lock()
 	defer sb.mu.Unlock()
 
@@ -350,7 +328,7 @@ func (sb *sandbox) Endpoints() []Endpoint {
 	return endpoints
 }
 
-func (sb *sandbox) getConnectedEndpoints() []*endpoint {
+func (sb *Sandbox) getConnectedEndpoints() []*endpoint {
 	sb.mu.Lock()
 	defer sb.mu.Unlock()
 
@@ -360,7 +338,7 @@ func (sb *sandbox) getConnectedEndpoints() []*endpoint {
 	return eps
 }
 
-func (sb *sandbox) addEndpoint(ep *endpoint) {
+func (sb *Sandbox) addEndpoint(ep *endpoint) {
 	sb.mu.Lock()
 	defer sb.mu.Unlock()
 
@@ -374,14 +352,14 @@ func (sb *sandbox) addEndpoint(ep *endpoint) {
 	sb.endpoints[i] = ep
 }
 
-func (sb *sandbox) removeEndpoint(ep *endpoint) {
+func (sb *Sandbox) removeEndpoint(ep *endpoint) {
 	sb.mu.Lock()
 	defer sb.mu.Unlock()
 
 	sb.removeEndpointRaw(ep)
 }
 
-func (sb *sandbox) removeEndpointRaw(ep *endpoint) {
+func (sb *Sandbox) removeEndpointRaw(ep *endpoint) {
 	for i, e := range sb.endpoints {
 		if e == ep {
 			sb.endpoints = append(sb.endpoints[:i], sb.endpoints[i+1:]...)
@@ -390,7 +368,7 @@ func (sb *sandbox) removeEndpointRaw(ep *endpoint) {
 	}
 }
 
-func (sb *sandbox) getEndpoint(id string) *endpoint {
+func (sb *Sandbox) getEndpoint(id string) *endpoint {
 	sb.mu.Lock()
 	defer sb.mu.Unlock()
 
@@ -403,7 +381,7 @@ func (sb *sandbox) getEndpoint(id string) *endpoint {
 	return nil
 }
 
-func (sb *sandbox) updateGateway(ep *endpoint) error {
+func (sb *Sandbox) updateGateway(ep *endpoint) error {
 	sb.mu.Lock()
 	osSbox := sb.osSbox
 	sb.mu.Unlock()
@@ -432,14 +410,14 @@ func (sb *sandbox) updateGateway(ep *endpoint) error {
 	return nil
 }
 
-func (sb *sandbox) HandleQueryResp(name string, ip net.IP) {
+func (sb *Sandbox) HandleQueryResp(name string, ip net.IP) {
 	for _, ep := range sb.getConnectedEndpoints() {
 		n := ep.getNetwork()
 		n.HandleQueryResp(name, ip)
 	}
 }
 
-func (sb *sandbox) ResolveIP(ip string) string {
+func (sb *Sandbox) ResolveIP(ip string) string {
 	var svc string
 	logrus.Debugf("IP To resolve %v", ip)
 
@@ -454,7 +432,7 @@ func (sb *sandbox) ResolveIP(ip string) string {
 	return svc
 }
 
-func (sb *sandbox) ExecFunc(f func()) error {
+func (sb *Sandbox) ExecFunc(f func()) error {
 	sb.mu.Lock()
 	osSbox := sb.osSbox
 	sb.mu.Unlock()
@@ -464,7 +442,9 @@ func (sb *sandbox) ExecFunc(f func()) error {
 	return fmt.Errorf("osl sandbox unavailable in ExecFunc for %v", sb.ContainerID())
 }
 
-func (sb *sandbox) ResolveService(name string) ([]*net.SRV, []net.IP) {
+// ResolveService returns all the backend details about the containers or hosts
+// backing a service. Its purpose is to satisfy an SRV query.
+func (sb *Sandbox) ResolveService(name string) ([]*net.SRV, []net.IP) {
 	srv := []*net.SRV{}
 	ip := []net.IP{}
 
@@ -521,7 +501,7 @@ func getLocalNwEndpoints(epList []*endpoint) []*endpoint {
 	return eps
 }
 
-func (sb *sandbox) ResolveName(name string, ipType int) ([]net.IP, bool) {
+func (sb *Sandbox) ResolveName(name string, ipType int) ([]net.IP, bool) {
 	// Embedded server owns the docker network domain. Resolution should work
 	// for both container_name and container_name.network_name
 	// We allow '.' in service name and network name. For a name a.b.c.d the
@@ -588,7 +568,7 @@ func (sb *sandbox) ResolveName(name string, ipType int) ([]net.IP, bool) {
 	return nil, false
 }
 
-func (sb *sandbox) resolveName(req string, networkName string, epList []*endpoint, alias bool, ipType int) ([]net.IP, bool) {
+func (sb *Sandbox) resolveName(req string, networkName string, epList []*endpoint, alias bool, ipType int) ([]net.IP, bool) {
 	var ipv6Miss bool
 
 	for _, ep := range epList {
@@ -635,7 +615,8 @@ func (sb *sandbox) resolveName(req string, networkName string, epList []*endpoin
 	return nil, ipv6Miss
 }
 
-func (sb *sandbox) SetKey(basePath string) error {
+// SetKey updates the Sandbox Key.
+func (sb *Sandbox) SetKey(basePath string) error {
 	start := time.Now()
 	defer func() {
 		logrus.Debugf("sandbox set key processing took %s for container %s", time.Since(start), sb.ContainerID())
@@ -691,7 +672,9 @@ func (sb *sandbox) SetKey(basePath string) error {
 	return nil
 }
 
-func (sb *sandbox) EnableService() (err error) {
+// EnableService makes a managed container's service available by adding the
+// endpoint to the service load balancer and service discovery.
+func (sb *Sandbox) EnableService() (err error) {
 	logrus.Debugf("EnableService %s START", sb.containerID)
 	defer func() {
 		if err != nil {
@@ -712,7 +695,9 @@ func (sb *sandbox) EnableService() (err error) {
 	return nil
 }
 
-func (sb *sandbox) DisableService() (err error) {
+// DisableService removes a managed container's endpoints from the load balancer
+// and service discovery.
+func (sb *Sandbox) DisableService() (err error) {
 	logrus.Debugf("DisableService %s START", sb.containerID)
 	failedEps := []string{}
 	defer func() {
@@ -768,7 +753,7 @@ func releaseOSSboxResources(osSbox osl.Sandbox, ep *endpoint) {
 	}
 }
 
-func (sb *sandbox) releaseOSSbox() {
+func (sb *Sandbox) releaseOSSbox() {
 	sb.mu.Lock()
 	osSbox := sb.osSbox
 	sb.osSbox = nil
@@ -787,7 +772,7 @@ func (sb *sandbox) releaseOSSbox() {
 	}
 }
 
-func (sb *sandbox) restoreOslSandbox() error {
+func (sb *Sandbox) restoreOslSandbox() error {
 	var routes []*types.StaticRoute
 
 	// restore osl sandbox
@@ -834,7 +819,7 @@ func (sb *sandbox) restoreOslSandbox() error {
 	return sb.osSbox.Restore(Ifaces, routes, gwep.joinInfo.gw, gwep.joinInfo.gw6)
 }
 
-func (sb *sandbox) populateNetworkResources(ep *endpoint) error {
+func (sb *Sandbox) populateNetworkResources(ep *endpoint) error {
 	sb.mu.Lock()
 	if sb.osSbox == nil {
 		sb.mu.Unlock()
@@ -922,7 +907,7 @@ func (sb *sandbox) populateNetworkResources(ep *endpoint) error {
 	return nil
 }
 
-func (sb *sandbox) clearNetworkResources(origEp *endpoint) error {
+func (sb *Sandbox) clearNetworkResources(origEp *endpoint) error {
 	ep := sb.getEndpoint(origEp.id)
 	if ep == nil {
 		return fmt.Errorf("could not find the sandbox endpoint data for endpoint %s",
@@ -999,7 +984,7 @@ func (sb *sandbox) clearNetworkResources(origEp *endpoint) error {
 
 // joinLeaveStart waits to ensure there are no joins or leaves in progress and
 // marks this join/leave in progress without race
-func (sb *sandbox) joinLeaveStart() {
+func (sb *Sandbox) joinLeaveStart() {
 	sb.mu.Lock()
 	defer sb.mu.Unlock()
 
@@ -1017,7 +1002,7 @@ func (sb *sandbox) joinLeaveStart() {
 
 // joinLeaveEnd marks the end of this join/leave operation and
 // signals the same without race to other join and leave waiters
-func (sb *sandbox) joinLeaveEnd() {
+func (sb *Sandbox) joinLeaveEnd() {
 	sb.mu.Lock()
 	defer sb.mu.Unlock()
 
@@ -1030,7 +1015,7 @@ func (sb *sandbox) joinLeaveEnd() {
 // OptionHostname function returns an option setter for hostname option to
 // be passed to NewSandbox method.
 func OptionHostname(name string) SandboxOption {
-	return func(sb *sandbox) {
+	return func(sb *Sandbox) {
 		sb.config.hostName = name
 	}
 }
@@ -1038,7 +1023,7 @@ func OptionHostname(name string) SandboxOption {
 // OptionDomainname function returns an option setter for domainname option to
 // be passed to NewSandbox method.
 func OptionDomainname(name string) SandboxOption {
-	return func(sb *sandbox) {
+	return func(sb *Sandbox) {
 		sb.config.domainName = name
 	}
 }
@@ -1046,7 +1031,7 @@ func OptionDomainname(name string) SandboxOption {
 // OptionHostsPath function returns an option setter for hostspath option to
 // be passed to NewSandbox method.
 func OptionHostsPath(path string) SandboxOption {
-	return func(sb *sandbox) {
+	return func(sb *Sandbox) {
 		sb.config.hostsPath = path
 	}
 }
@@ -1054,7 +1039,7 @@ func OptionHostsPath(path string) SandboxOption {
 // OptionOriginHostsPath function returns an option setter for origin hosts file path
 // to be passed to NewSandbox method.
 func OptionOriginHostsPath(path string) SandboxOption {
-	return func(sb *sandbox) {
+	return func(sb *Sandbox) {
 		sb.config.originHostsPath = path
 	}
 }
@@ -1062,7 +1047,7 @@ func OptionOriginHostsPath(path string) SandboxOption {
 // OptionExtraHost function returns an option setter for extra /etc/hosts options
 // which is a name and IP as strings.
 func OptionExtraHost(name string, IP string) SandboxOption {
-	return func(sb *sandbox) {
+	return func(sb *Sandbox) {
 		sb.config.extraHosts = append(sb.config.extraHosts, extraHost{name: name, IP: IP})
 	}
 }
@@ -1070,7 +1055,7 @@ func OptionExtraHost(name string, IP string) SandboxOption {
 // OptionParentUpdate function returns an option setter for parent container
 // which needs to update the IP address for the linked container.
 func OptionParentUpdate(cid string, name, ip string) SandboxOption {
-	return func(sb *sandbox) {
+	return func(sb *Sandbox) {
 		sb.config.parentUpdates = append(sb.config.parentUpdates, parentUpdate{cid: cid, name: name, ip: ip})
 	}
 }
@@ -1078,7 +1063,7 @@ func OptionParentUpdate(cid string, name, ip string) SandboxOption {
 // OptionResolvConfPath function returns an option setter for resolvconfpath option to
 // be passed to net container methods.
 func OptionResolvConfPath(path string) SandboxOption {
-	return func(sb *sandbox) {
+	return func(sb *Sandbox) {
 		sb.config.resolvConfPath = path
 	}
 }
@@ -1086,7 +1071,7 @@ func OptionResolvConfPath(path string) SandboxOption {
 // OptionOriginResolvConfPath function returns an option setter to set the path to the
 // origin resolv.conf file to be passed to net container methods.
 func OptionOriginResolvConfPath(path string) SandboxOption {
-	return func(sb *sandbox) {
+	return func(sb *Sandbox) {
 		sb.config.originResolvConfPath = path
 	}
 }
@@ -1094,7 +1079,7 @@ func OptionOriginResolvConfPath(path string) SandboxOption {
 // OptionDNS function returns an option setter for dns entry option to
 // be passed to container Create method.
 func OptionDNS(dns string) SandboxOption {
-	return func(sb *sandbox) {
+	return func(sb *Sandbox) {
 		sb.config.dnsList = append(sb.config.dnsList, dns)
 	}
 }
@@ -1102,7 +1087,7 @@ func OptionDNS(dns string) SandboxOption {
 // OptionDNSSearch function returns an option setter for dns search entry option to
 // be passed to container Create method.
 func OptionDNSSearch(search string) SandboxOption {
-	return func(sb *sandbox) {
+	return func(sb *Sandbox) {
 		sb.config.dnsSearchList = append(sb.config.dnsSearchList, search)
 	}
 }
@@ -1110,7 +1095,7 @@ func OptionDNSSearch(search string) SandboxOption {
 // OptionDNSOptions function returns an option setter for dns options entry option to
 // be passed to container Create method.
 func OptionDNSOptions(options string) SandboxOption {
-	return func(sb *sandbox) {
+	return func(sb *Sandbox) {
 		sb.config.dnsOptionsList = append(sb.config.dnsOptionsList, options)
 	}
 }
@@ -1118,7 +1103,7 @@ func OptionDNSOptions(options string) SandboxOption {
 // OptionUseDefaultSandbox function returns an option setter for using default sandbox
 // (host namespace) to be passed to container Create method.
 func OptionUseDefaultSandbox() SandboxOption {
-	return func(sb *sandbox) {
+	return func(sb *Sandbox) {
 		sb.config.useDefaultSandBox = true
 	}
 }
@@ -1126,7 +1111,7 @@ func OptionUseDefaultSandbox() SandboxOption {
 // OptionUseExternalKey function returns an option setter for using provided namespace
 // instead of creating one.
 func OptionUseExternalKey() SandboxOption {
-	return func(sb *sandbox) {
+	return func(sb *Sandbox) {
 		sb.config.useExternalKey = true
 	}
 }
@@ -1135,7 +1120,7 @@ func OptionUseExternalKey() SandboxOption {
 // that is not managed by libNetwork but can be used by the Drivers during the call to
 // net container creation method. Container Labels are a good example.
 func OptionGeneric(generic map[string]interface{}) SandboxOption {
-	return func(sb *sandbox) {
+	return func(sb *Sandbox) {
 		if sb.config.generic == nil {
 			sb.config.generic = make(map[string]interface{}, len(generic))
 		}
@@ -1148,7 +1133,7 @@ func OptionGeneric(generic map[string]interface{}) SandboxOption {
 // OptionExposedPorts function returns an option setter for the container exposed
 // ports option to be passed to container Create method.
 func OptionExposedPorts(exposedPorts []types.TransportPort) SandboxOption {
-	return func(sb *sandbox) {
+	return func(sb *Sandbox) {
 		if sb.config.generic == nil {
 			sb.config.generic = make(map[string]interface{})
 		}
@@ -1164,7 +1149,7 @@ func OptionExposedPorts(exposedPorts []types.TransportPort) SandboxOption {
 // OptionPortMapping function returns an option setter for the mapping
 // ports option to be passed to container Create method.
 func OptionPortMapping(portBindings []types.PortBinding) SandboxOption {
-	return func(sb *sandbox) {
+	return func(sb *Sandbox) {
 		if sb.config.generic == nil {
 			sb.config.generic = make(map[string]interface{})
 		}
@@ -1178,7 +1163,7 @@ func OptionPortMapping(portBindings []types.PortBinding) SandboxOption {
 // OptionIngress function returns an option setter for marking a
 // sandbox as the controller's ingress sandbox.
 func OptionIngress() SandboxOption {
-	return func(sb *sandbox) {
+	return func(sb *Sandbox) {
 		sb.ingress = true
 		sb.oslTypes = append(sb.oslTypes, osl.SandboxTypeIngress)
 	}
@@ -1187,7 +1172,7 @@ func OptionIngress() SandboxOption {
 // OptionLoadBalancer function returns an option setter for marking a
 // sandbox as a load balancer sandbox.
 func OptionLoadBalancer(nid string) SandboxOption {
-	return func(sb *sandbox) {
+	return func(sb *Sandbox) {
 		sb.loadBalancerNID = nid
 		sb.oslTypes = append(sb.oslTypes, osl.SandboxTypeLoadBalancer)
 	}
@@ -1258,6 +1243,6 @@ func (epi *endpoint) Less(epj *endpoint) bool {
 	return epi.network.Name() < epj.network.Name()
 }
 
-func (sb *sandbox) NdotsSet() bool {
+func (sb *Sandbox) NdotsSet() bool {
 	return sb.ndotsSet
 }

libnetwork/sandbox_dns_unix.go

@@ -24,7 +24,7 @@ const (
 	filePerm      = 0o644
 )
 
-func (sb *sandbox) startResolver(restore bool) {
+func (sb *Sandbox) startResolver(restore bool) {
 	sb.resolverOnce.Do(func() {
 		var err error
 		sb.resolver = NewResolver(resolverIPSandbox, true, sb)
@@ -58,7 +58,7 @@ func (sb *sandbox) startResolver(restore bool) {
 	})
 }
 
-func (sb *sandbox) setupResolutionFiles() error {
+func (sb *Sandbox) setupResolutionFiles() error {
 	if err := sb.buildHostsFile(); err != nil {
 		return err
 	}
@@ -70,7 +70,7 @@ func (sb *sandbox) setupResolutionFiles() error {
 	return sb.setupDNS()
 }
 
-func (sb *sandbox) buildHostsFile() error {
+func (sb *Sandbox) buildHostsFile() error {
 	if sb.config.hostsPath == "" {
 		sb.config.hostsPath = defaultPrefix + "/" + sb.id + "/hosts"
 	}
@@ -98,7 +98,7 @@ func (sb *sandbox) buildHostsFile() error {
 	return etchosts.Build(sb.config.hostsPath, "", sb.config.hostName, sb.config.domainName, extraContent)
 }
 
-func (sb *sandbox) updateHostsFile(ifaceIPs []string) error {
+func (sb *Sandbox) updateHostsFile(ifaceIPs []string) error {
 	if len(ifaceIPs) == 0 {
 		return nil
 	}
@@ -128,27 +128,27 @@ func (sb *sandbox) updateHostsFile(ifaceIPs []string) error {
 	return nil
 }
 
-func (sb *sandbox) addHostsEntries(recs []etchosts.Record) {
+func (sb *Sandbox) addHostsEntries(recs []etchosts.Record) {
 	if err := etchosts.Add(sb.config.hostsPath, recs); err != nil {
 		logrus.Warnf("Failed adding service host entries to the running container: %v", err)
 	}
 }
 
-func (sb *sandbox) deleteHostsEntries(recs []etchosts.Record) {
+func (sb *Sandbox) deleteHostsEntries(recs []etchosts.Record) {
 	if err := etchosts.Delete(sb.config.hostsPath, recs); err != nil {
 		logrus.Warnf("Failed deleting service host entries to the running container: %v", err)
 	}
 }
 
-func (sb *sandbox) updateParentHosts() error {
-	var pSb Sandbox
+func (sb *Sandbox) updateParentHosts() error {
+	var pSb *Sandbox
 
 	for _, update := range sb.config.parentUpdates {
 		sb.controller.WalkSandboxes(SandboxContainerWalker(&pSb, update.cid))
 		if pSb == nil {
 			continue
 		}
-		if err := etchosts.Update(pSb.(*sandbox).config.hostsPath, update.ip, update.name); err != nil {
+		if err := etchosts.Update(pSb.config.hostsPath, update.ip, update.name); err != nil {
 			return err
 		}
 	}
@@ -156,7 +156,7 @@ func (sb *sandbox) updateParentHosts() error {
 	return nil
 }
 
-func (sb *sandbox) restorePath() {
+func (sb *Sandbox) restorePath() {
 	if sb.config.resolvConfPath == "" {
 		sb.config.resolvConfPath = defaultPrefix + "/" + sb.id + "/resolv.conf"
 	}
@@ -166,7 +166,7 @@ func (sb *sandbox) restorePath() {
 	}
 }
 
-func (sb *sandbox) setExternalResolvers(content []byte, addrType int, checkLoopback bool) {
+func (sb *Sandbox) setExternalResolvers(content []byte, addrType int, checkLoopback bool) {
 	servers := resolvconf.GetNameservers(content, addrType)
 	for _, ip := range servers {
 		hostLoopback := false
@@ -192,7 +192,7 @@ func isIPv4Loopback(ipAddress string) bool {
 	return false
 }
 
-func (sb *sandbox) setupDNS() error {
+func (sb *Sandbox) setupDNS() error {
 	if sb.config.resolvConfPath == "" {
 		sb.config.resolvConfPath = defaultPrefix + "/" + sb.id + "/resolv.conf"
 	}
@@ -286,7 +286,7 @@ func (sb *sandbox) setupDNS() error {
 	return nil
 }
 
-func (sb *sandbox) updateDNS(ipv6Enabled bool) error {
+func (sb *Sandbox) updateDNS(ipv6Enabled bool) error {
 	var (
 		currHash string
 		hashFile = sb.config.resolvConfHashFile
@@ -358,7 +358,7 @@ func (sb *sandbox) updateDNS(ipv6Enabled bool) error {
 // resolv.conf by doing the following
 // - Add only the embedded server's IP to container's resolv.conf
 // - If the embedded server needs any resolv.conf options add it to the current list
-func (sb *sandbox) rebuildDNS() error {
+func (sb *Sandbox) rebuildDNS() error {
 	currRC, err := os.ReadFile(sb.config.resolvConfPath)
 	if err != nil {
 		return err

libnetwork/sandbox_dns_windows.go

@@ -9,30 +9,30 @@ import (
 
 // Stub implementations for DNS related functions
 
-func (sb *sandbox) startResolver(bool) {}
+func (sb *Sandbox) startResolver(bool) {}
 
-func (sb *sandbox) setupResolutionFiles() error {
+func (sb *Sandbox) setupResolutionFiles() error {
 	return nil
 }
 
-func (sb *sandbox) restorePath() {}
+func (sb *Sandbox) restorePath() {}
 
-func (sb *sandbox) updateHostsFile(ifaceIP []string) error {
+func (sb *Sandbox) updateHostsFile(ifaceIP []string) error {
 	return nil
 }
 
-func (sb *sandbox) addHostsEntries(recs []etchosts.Record) {}
+func (sb *Sandbox) addHostsEntries(recs []etchosts.Record) {}
 
-func (sb *sandbox) deleteHostsEntries(recs []etchosts.Record) {}
+func (sb *Sandbox) deleteHostsEntries(recs []etchosts.Record) {}
 
-func (sb *sandbox) updateDNS(ipv6Enabled bool) error {
+func (sb *Sandbox) updateDNS(ipv6Enabled bool) error {
 	return nil
 }
 
-func (sb *sandbox) setupDNS() error {
+func (sb *Sandbox) setupDNS() error {
 	return nil
 }
 
-func (sb *sandbox) rebuildDNS() error {
+func (sb *Sandbox) rebuildDNS() error {
 	return nil
 }

libnetwork/sandbox_externalkey_unix.go

@@ -178,7 +178,7 @@ func (c *Controller) processExternalKey(conn net.Conn) error {
 		return err
 	}
 
-	var sandbox Sandbox
+	var sandbox *Sandbox
 	search := SandboxContainerWalker(&sandbox, s.ContainerID)
 	c.WalkSandboxes(search)
 	if sandbox == nil {

libnetwork/sandbox_store.go

@@ -55,12 +55,11 @@ func (sbs *sbState) SetValue(value []byte) error {
 }
 
 func (sbs *sbState) Index() uint64 {
-	sbi, err := sbs.c.SandboxByID(sbs.ID)
+	sb, err := sbs.c.SandboxByID(sbs.ID)
 	if err != nil {
 		return sbs.dbIndex
 	}
 
-	sb := sbi.(*sandbox)
 	maxIndex := sb.dbIndex
 	if sbs.dbIndex > maxIndex {
 		maxIndex = sbs.dbIndex
@@ -73,12 +72,11 @@ func (sbs *sbState) SetIndex(index uint64) {
 	sbs.dbIndex = index
 	sbs.dbExists = true
 
-	sbi, err := sbs.c.SandboxByID(sbs.ID)
+	sb, err := sbs.c.SandboxByID(sbs.ID)
 	if err != nil {
 		return
 	}
 
-	sb := sbi.(*sandbox)
 	sb.dbIndex = index
 	sb.dbExists = true
 }
@@ -88,12 +86,11 @@ func (sbs *sbState) Exists() bool {
 		return sbs.dbExists
 	}
 
-	sbi, err := sbs.c.SandboxByID(sbs.ID)
+	sb, err := sbs.c.SandboxByID(sbs.ID)
 	if err != nil {
 		return false
 	}
 
-	sb := sbi.(*sandbox)
 	return sb.dbExists
 }
 
@@ -135,7 +132,7 @@ func (sbs *sbState) DataScope() string {
 	return datastore.LocalScope
 }
 
-func (sb *sandbox) storeUpdate() error {
+func (sb *Sandbox) storeUpdate() error {
 	sbs := &sbState{
 		c:          sb.controller,
 		ID:         sb.id,
@@ -177,7 +174,7 @@ retry:
 	return err
 }
 
-func (sb *sandbox) storeDelete() error {
+func (sb *Sandbox) storeDelete() error {
 	sbs := &sbState{
 		c:        sb.controller,
 		ID:       sb.id,
@@ -210,7 +207,7 @@ func (c *Controller) sandboxCleanup(activeSandboxes map[string]interface{}) {
 	for _, kvo := range kvol {
 		sbs := kvo.(*sbState)
 
-		sb := &sandbox{
+		sb := &Sandbox{
 			id:                 sbs.ID,
 			controller:         sbs.c,
 			containerID:        sbs.Cid,

libnetwork/service_common_test.go

@@ -66,37 +66,37 @@ func TestDNSOptions(t *testing.T) {
 	sb, err := c.NewSandbox("cnt1", nil)
 	assert.NilError(t, err)
 
-	cleanup := func(s Sandbox) {
+	cleanup := func(s *Sandbox) {
 		if err := s.Delete(); err != nil {
 			t.Error(err)
 		}
 	}
 
 	defer cleanup(sb)
-	sb.(*sandbox).startResolver(false)
+	sb.startResolver(false)
 
-	err = sb.(*sandbox).setupDNS()
+	err = sb.setupDNS()
 	assert.NilError(t, err)
-	err = sb.(*sandbox).rebuildDNS()
+	err = sb.rebuildDNS()
 	assert.NilError(t, err)
-	currRC, err := resolvconf.GetSpecific(sb.(*sandbox).config.resolvConfPath)
+	currRC, err := resolvconf.GetSpecific(sb.config.resolvConfPath)
 	assert.NilError(t, err)
 	dnsOptionsList := resolvconf.GetOptions(currRC.Content)
 	assert.Check(t, is.Len(dnsOptionsList, 1))
 	assert.Check(t, is.Equal("ndots:0", dnsOptionsList[0]))
 
-	sb.(*sandbox).config.dnsOptionsList = []string{"ndots:5"}
-	err = sb.(*sandbox).setupDNS()
+	sb.config.dnsOptionsList = []string{"ndots:5"}
+	err = sb.setupDNS()
 	assert.NilError(t, err)
-	currRC, err = resolvconf.GetSpecific(sb.(*sandbox).config.resolvConfPath)
+	currRC, err = resolvconf.GetSpecific(sb.config.resolvConfPath)
 	assert.NilError(t, err)
 	dnsOptionsList = resolvconf.GetOptions(currRC.Content)
 	assert.Check(t, is.Len(dnsOptionsList, 1))
 	assert.Check(t, is.Equal("ndots:5", dnsOptionsList[0]))
 
-	err = sb.(*sandbox).rebuildDNS()
+	err = sb.rebuildDNS()
 	assert.NilError(t, err)
-	currRC, err = resolvconf.GetSpecific(sb.(*sandbox).config.resolvConfPath)
+	currRC, err = resolvconf.GetSpecific(sb.config.resolvConfPath)
 	assert.NilError(t, err)
 	dnsOptionsList = resolvconf.GetOptions(currRC.Content)
 	assert.Check(t, is.Len(dnsOptionsList, 1))
@@ -105,28 +105,28 @@ func TestDNSOptions(t *testing.T) {
 	sb2, err := c.NewSandbox("cnt2", nil)
 	assert.NilError(t, err)
 	defer cleanup(sb2)
-	sb2.(*sandbox).startResolver(false)
+	sb2.startResolver(false)
 
-	sb2.(*sandbox).config.dnsOptionsList = []string{"ndots:0"}
-	err = sb2.(*sandbox).setupDNS()
+	sb2.config.dnsOptionsList = []string{"ndots:0"}
+	err = sb2.setupDNS()
 	assert.NilError(t, err)
-	err = sb2.(*sandbox).rebuildDNS()
+	err = sb2.rebuildDNS()
 	assert.NilError(t, err)
-	currRC, err = resolvconf.GetSpecific(sb2.(*sandbox).config.resolvConfPath)
+	currRC, err = resolvconf.GetSpecific(sb2.config.resolvConfPath)
 	assert.NilError(t, err)
 	dnsOptionsList = resolvconf.GetOptions(currRC.Content)
 	assert.Check(t, is.Len(dnsOptionsList, 1))
 	assert.Check(t, is.Equal("ndots:0", dnsOptionsList[0]))
 
-	sb2.(*sandbox).config.dnsOptionsList = []string{"ndots:foobar"}
-	err = sb2.(*sandbox).setupDNS()
+	sb2.config.dnsOptionsList = []string{"ndots:foobar"}
+	err = sb2.setupDNS()
 	assert.NilError(t, err)
-	err = sb2.(*sandbox).rebuildDNS()
+	err = sb2.rebuildDNS()
 	assert.Error(t, err, "invalid number for ndots option: foobar")
 
-	sb2.(*sandbox).config.dnsOptionsList = []string{"ndots:-1"}
-	err = sb2.(*sandbox).setupDNS()
+	sb2.config.dnsOptionsList = []string{"ndots:-1"}
+	err = sb2.setupDNS()
 	assert.NilError(t, err)
-	err = sb2.(*sandbox).rebuildDNS()
+	err = sb2.rebuildDNS()
 	assert.Error(t, err, "invalid number for ndots option: -1")
 }

libnetwork/service_linux.go

@@ -21,7 +21,7 @@ import (
 
 // Populate all loadbalancers on the network that the passed endpoint
 // belongs to, into this sandbox.
-func (sb *sandbox) populateLoadBalancers(ep *endpoint) {
+func (sb *Sandbox) populateLoadBalancers(ep *endpoint) {
 	// This is an interface less endpoint. Nothing to do.
 	if ep.Iface() == nil {
 		return
@@ -37,7 +37,7 @@ func (sb *sandbox) populateLoadBalancers(ep *endpoint) {
 	}
 }
 
-func (n *network) findLBEndpointSandbox() (*endpoint, *sandbox, error) {
+func (n *network) findLBEndpointSandbox() (*endpoint, *Sandbox, error) {
 	// TODO: get endpoint from store?  See EndpointInfo()
 	var ep *endpoint
 	// Find this node's LB sandbox endpoint:  there should be exactly one
@@ -66,7 +66,7 @@ func (n *network) findLBEndpointSandbox() (*endpoint, *sandbox, error) {
 // Searches the OS sandbox for the name of the endpoint interface
 // within the sandbox.   This is required for adding/removing IP
 // aliases to the interface.
-func findIfaceDstName(sb *sandbox, ep *endpoint) string {
+func findIfaceDstName(sb *Sandbox, ep *endpoint) string {
 	srcName := ep.Iface().SrcName()
 	for _, i := range sb.osSbox.Info().Interfaces() {
 		if i.SrcName() == srcName {
@@ -532,7 +532,7 @@ func plumbProxy(iPort *PortConfig, isDelete bool) error {
 
 // configureFWMark configures the sandbox firewall to mark vip destined packets
 // with the firewall mark fwMark.
-func (sb *sandbox) configureFWMark(vip net.IP, fwMark uint32, ingressPorts []*PortConfig, eIP *net.IPNet, isDelete bool, lbMode string) error {
+func (sb *Sandbox) configureFWMark(vip net.IP, fwMark uint32, ingressPorts []*PortConfig, eIP *net.IPNet, isDelete bool, lbMode string) error {
 	// TODO IPv6 support
 	iptable := iptables.GetIptable(iptables.IPv4)
 
@@ -585,7 +585,7 @@ func (sb *sandbox) configureFWMark(vip net.IP, fwMark uint32, ingressPorts []*Po
 	return innerErr
 }
 
-func (sb *sandbox) addRedirectRules(eIP *net.IPNet, ingressPorts []*PortConfig) error {
+func (sb *Sandbox) addRedirectRules(eIP *net.IPNet, ingressPorts []*PortConfig) error {
 	// TODO IPv6 support
 	iptable := iptables.GetIptable(iptables.IPv4)
 	ipAddr := eIP.IP.String()

libnetwork/service_windows.go

@@ -161,7 +161,7 @@ func numEnabledBackends(lb *loadBalancer) int {
 	return nEnabled
 }
 
-func (sb *sandbox) populateLoadBalancers(ep *endpoint) {
+func (sb *Sandbox) populateLoadBalancers(ep *endpoint) {
 }
 
 func arrangeIngressFilterRule() {