diff --git a/hack/vendor.sh b/hack/vendor.sh index f7987227b0..d50757edaa 100755 --- a/hack/vendor.sh +++ b/hack/vendor.sh @@ -55,7 +55,7 @@ clone hg code.google.com/p/go.net 84a4013f96e0 clone hg code.google.com/p/gosqlite 74691fb6f837 #get libnetwork packages -clone git github.com/docker/libnetwork 2da2dc055de5a474c8540871ad88a48213b0994f +clone git github.com/docker/libnetwork 4ded6fe3641b71863cc5985652930ce40efc3af4 clone git github.com/vishvananda/netns 008d17ae001344769b031375bdb38a86219154c6 clone git github.com/vishvananda/netlink 8eb64238879fed52fd51c5b30ad20b928fb4c36c diff --git a/vendor/src/github.com/docker/libnetwork/drivers/bridge/bridge.go b/vendor/src/github.com/docker/libnetwork/drivers/bridge/bridge.go index b1cfe74492..09c7397b2d 100644 --- a/vendor/src/github.com/docker/libnetwork/drivers/bridge/bridge.go +++ b/vendor/src/github.com/docker/libnetwork/drivers/bridge/bridge.go @@ -3,9 +3,11 @@ package bridge import ( "errors" "net" + "os/exec" "strings" "sync" + "github.com/Sirupsen/logrus" "github.com/docker/libnetwork/driverapi" "github.com/docker/libnetwork/ipallocator" "github.com/docker/libnetwork/netlabel" @@ -102,6 +104,12 @@ func newDriver() driverapi.Driver { // Init registers a new instance of bridge driver func Init(dc driverapi.DriverCallback) error { + // try to modprobe bridge first + // see gh#12177 + if out, err := exec.Command("modprobe", "-va", "bridge", "nf_nat", "br_netfilter").Output(); err != nil { + logrus.Warnf("Running modprobe bridge nf_nat failed with message: %s, error: %v", out, err) + } + return dc.RegisterDriver(networkType, newDriver()) } @@ -287,6 +295,11 @@ func (d *driver) CreateNetwork(id types.UUID, option map[string]interface{}) err // Even if a bridge exists try to setup IPv4. bridgeSetup.queueStep(setupBridgeIPv4) + enableIPv6Forwarding := false + if d.config != nil && d.config.EnableIPForwarding && config.FixedCIDRv6 != nil { + enableIPv6Forwarding = true + } + // Conditionally queue setup steps depending on configuration values. for _, step := range []struct { Condition bool @@ -310,6 +323,9 @@ func (d *driver) CreateNetwork(id types.UUID, option map[string]interface{}) err // specified subnet. {config.FixedCIDRv6 != nil, setupFixedCIDRv6}, + // Enable IPv6 Forwarding + {enableIPv6Forwarding, setupIPv6Forwarding}, + // Setup Loopback Adresses Routing {!config.EnableUserlandProxy, setupLoopbackAdressesRouting}, diff --git a/vendor/src/github.com/docker/libnetwork/drivers/bridge/setup_fixedcidrv6.go b/vendor/src/github.com/docker/libnetwork/drivers/bridge/setup_fixedcidrv6.go index ade465a1cb..25280ad651 100644 --- a/vendor/src/github.com/docker/libnetwork/drivers/bridge/setup_fixedcidrv6.go +++ b/vendor/src/github.com/docker/libnetwork/drivers/bridge/setup_fixedcidrv6.go @@ -1,7 +1,10 @@ package bridge import ( + "os" + log "github.com/Sirupsen/logrus" + "github.com/vishvananda/netlink" ) func setupFixedCIDRv6(config *NetworkConfiguration, i *bridgeInterface) error { @@ -10,5 +13,15 @@ func setupFixedCIDRv6(config *NetworkConfiguration, i *bridgeInterface) error { return &FixedCIDRv6Error{Net: config.FixedCIDRv6, Err: err} } + // Setting route to global IPv6 subnet + log.Debugf("Adding route to IPv6 network %s via device %s", config.FixedCIDRv6.String(), config.BridgeName) + err := netlink.RouteAdd(&netlink.Route{ + Scope: netlink.SCOPE_UNIVERSE, + LinkIndex: i.Link.Attrs().Index, + Dst: config.FixedCIDRv6, + }) + if err != nil && !os.IsExist(err) { + log.Errorf("Could not add route to IPv6 network %s via device %s", config.FixedCIDRv6.String(), config.BridgeName) + } return nil } diff --git a/vendor/src/github.com/docker/libnetwork/drivers/bridge/setup_ipv6.go b/vendor/src/github.com/docker/libnetwork/drivers/bridge/setup_ipv6.go index 264e5b2a23..2f2348cc5a 100644 --- a/vendor/src/github.com/docker/libnetwork/drivers/bridge/setup_ipv6.go +++ b/vendor/src/github.com/docker/libnetwork/drivers/bridge/setup_ipv6.go @@ -5,12 +5,16 @@ import ( "io/ioutil" "net" + "github.com/Sirupsen/logrus" "github.com/vishvananda/netlink" ) var bridgeIPv6 *net.IPNet -const bridgeIPv6Str = "fe80::1/64" +const ( + bridgeIPv6Str = "fe80::1/64" + ipv6ForwardConfPerm = 0644 +) func init() { // We allow ourselves to panic in this special case because we indicate a @@ -25,7 +29,7 @@ func init() { func setupBridgeIPv6(config *NetworkConfiguration, i *bridgeInterface) error { // Enable IPv6 on the bridge procFile := "/proc/sys/net/ipv6/conf/" + config.BridgeName + "/disable_ipv6" - if err := ioutil.WriteFile(procFile, []byte{'0', '\n'}, 0644); err != nil { + if err := ioutil.WriteFile(procFile, []byte{'0', '\n'}, ipv6ForwardConfPerm); err != nil { return fmt.Errorf("Unable to enable IPv6 addresses on bridge: %v", err) } @@ -64,3 +68,14 @@ func setupGatewayIPv6(config *NetworkConfiguration, i *bridgeInterface) error { return nil } + +func setupIPv6Forwarding(config *NetworkConfiguration, i *bridgeInterface) error { + // Enable IPv6 forwarding + if err := ioutil.WriteFile("/proc/sys/net/ipv6/conf/default/forwarding", []byte{'1', '\n'}, ipv6ForwardConfPerm); err != nil { + logrus.Warnf("Unable to enable IPv6 default forwarding: %v", err) + } + if err := ioutil.WriteFile("/proc/sys/net/ipv6/conf/all/forwarding", []byte{'1', '\n'}, ipv6ForwardConfPerm); err != nil { + logrus.Warnf("Unable to enable IPv6 all forwarding: %v", err) + } + return nil +} diff --git a/vendor/src/github.com/docker/libnetwork/network.go b/vendor/src/github.com/docker/libnetwork/network.go index 36938a5458..ab13f91f90 100644 --- a/vendor/src/github.com/docker/libnetwork/network.go +++ b/vendor/src/github.com/docker/libnetwork/network.go @@ -60,14 +60,23 @@ type network struct { } func (n *network) Name() string { + n.Lock() + defer n.Unlock() + return n.name } func (n *network) ID() string { + n.Lock() + defer n.Unlock() + return string(n.id) } func (n *network) Type() string { + n.Lock() + defer n.Unlock() + if n.driver == nil { return "" } diff --git a/vendor/src/github.com/docker/libnetwork/sandbox/namespace_linux.go b/vendor/src/github.com/docker/libnetwork/sandbox/namespace_linux.go index 3912bebc68..16553694d6 100644 --- a/vendor/src/github.com/docker/libnetwork/sandbox/namespace_linux.go +++ b/vendor/src/github.com/docker/libnetwork/sandbox/namespace_linux.go @@ -51,7 +51,11 @@ func createBasePath() { } func removeUnusedPaths() { - for range time.Tick(gpmCleanupPeriod) { + gpmLock.Lock() + period := gpmCleanupPeriod + gpmLock.Unlock() + + for range time.Tick(period) { gpmLock.Lock() pathList := make([]string, 0, len(garbagePathMap)) for path := range garbagePathMap { diff --git a/vendor/src/github.com/docker/libnetwork/sandbox/sandbox_linux_test.go b/vendor/src/github.com/docker/libnetwork/sandbox/sandbox_linux_test.go index 7fda707720..91ec6e6c8a 100644 --- a/vendor/src/github.com/docker/libnetwork/sandbox/sandbox_linux_test.go +++ b/vendor/src/github.com/docker/libnetwork/sandbox/sandbox_linux_test.go @@ -33,7 +33,9 @@ func newKey(t *testing.T) (string, error) { } // Set the rpmCleanupPeriod to be low to make the test run quicker + gpmLock.Lock() gpmCleanupPeriod = 2 * time.Second + gpmLock.Unlock() return name, nil }