We use cookies to ensure you get the best experience on our website
Inicio Explorar Axuda
Rexistro Iniciar sesión
0ct0pu5
/
moby
1
0
Fork 0
Ficheiros Incidencias 0 Pull Requests 0 Wiki
Explorar o código

Deallocate port before trying to delete iptables chain

Fixes #7954
Signed-off-by: Alexandr Morozov <lk4d4math@gmail.com>
Alexandr Morozov %!s(int64=10) %!d(string=hai) anos
pai
f1095b801e
achega
2e7cf6b0ce
Modificáronse 2 ficheiros con 31 adicións e 6 borrados
Unificar vista Mostrar estatísticas de Diff
  1. 2 6
      daemon/networkdriver/portmapper/mapper.go
  2. 29 0
      integration-cli/docker_cli_run_test.go

+ 2 - 6
daemon/networkdriver/portmapper/mapper.go
Ver ficheiro 

@@ -4,11 +4,11 @@ import (
 
 	"errors"
 
 	"errors"
 
 	"fmt"
 
 	"fmt"
 
 	"net"
 
 	"net"
 
-	"strings"
 
 	"sync"
 
 	"sync"
 
 
 
 	"github.com/docker/docker/daemon/networkdriver/portallocator"
 
 	"github.com/docker/docker/daemon/networkdriver/portallocator"
 
 	"github.com/docker/docker/pkg/iptables"
 
 	"github.com/docker/docker/pkg/iptables"
 
+	"github.com/docker/docker/pkg/log"
 
 )
 
 )
 
 
 
 type mapping struct {
 
 type mapping struct {
 
@@ -127,10 +127,7 @@ func Unmap(host net.Addr) error {
 
 	containerIP, containerPort := getIPAndPort(data.container)
 
 	containerIP, containerPort := getIPAndPort(data.container)
 
 	hostIP, hostPort := getIPAndPort(data.host)
 
 	hostIP, hostPort := getIPAndPort(data.host)
 
 	if err := forward(iptables.Delete, data.proto, hostIP, hostPort, containerIP.String(), containerPort); err != nil {
 
 	if err := forward(iptables.Delete, data.proto, hostIP, hostPort, containerIP.String(), containerPort); err != nil {
 
-		// skip "no chain" errors because we can safely release port in this case
 
-		if !strings.Contains(err.Error(), "No chain/target/match by that name") {
 
-			return err
 
-		}
 
+		log.Errorf("Error on iptables delete: %s", err)
 
 	}
 
 	}
 
 
 
 	switch a := host.(type) {
 
 	switch a := host.(type) {
 
@@ -139,7 +136,6 @@ func Unmap(host net.Addr) error {
 
 	case *net.UDPAddr:
 
 	case *net.UDPAddr:
 
 		return portallocator.ReleasePort(a.IP, "udp", a.Port)
 
 		return portallocator.ReleasePort(a.IP, "udp", a.Port)
 
 	}
 
 	}
 
-
 
 	return nil
 
 	return nil
 
 }
 
 }

+ 29 - 0
integration-cli/docker_cli_run_test.go
Ver ficheiro 

@@ -1846,3 +1846,32 @@ func TestRunNetworkNotInitializedNoneMode(t *testing.T) {
 
 	deleteAllContainers()
 
 	deleteAllContainers()
 
 	logDone("run - network must not be initialized in 'none' mode")
 
 	logDone("run - network must not be initialized in 'none' mode")
 
 }
 
 }
 
+
 
+func TestRunDeallocatePortOnMissingIptablesRule(t *testing.T) {
 
+	cmd := exec.Command(dockerBinary, "run", "-d", "-p", "23:23", "busybox", "top")
 
+	out, _, err := runCommandWithOutput(cmd)
 
+	if err != nil {
 
+		t.Fatal(err)
 
+	}
 
+	id := strings.TrimSpace(out)
 
+	ip, err := inspectField(id, "NetworkSettings.IPAddress")
 
+	if err != nil {
 
+		t.Fatal(err)
 
+	}
 
+	iptCmd := exec.Command("iptables", "-D", "FORWARD", "-d", fmt.Sprintf("%s/32", ip),
 
+		"!", "-i", "docker0", "-o", "docker0", "-p", "tcp", "-m", "tcp", "--dport", "23", "-j", "ACCEPT")
 
+	out, _, err = runCommandWithOutput(iptCmd)
 
+	if err != nil {
 
+		t.Fatal(err, out)
 
+	}
 
+	if err := deleteContainer(id); err != nil {
 
+		t.Fatal(err)
 
+	}
 
+	cmd = exec.Command(dockerBinary, "run", "-d", "-p", "23:23", "busybox", "top")
 
+	out, _, err = runCommandWithOutput(cmd)
 
+	if err != nil {
 
+		t.Fatal(err, out)
 
+	}
 
+	deleteAllContainers()
 
+	logDone("run - port should be deallocated even on iptables error")
 
+}

Contact | Legal | Takedown | Status
Self-hosted public services - About
NibbleSpot by 0ct0pu5