From 651c53f020607c284549310c03a5d99c2b74e9cb Mon Sep 17 00:00:00 2001
From: Jana Radhakrishnan <mrjana@docker.com>
Date: Mon, 15 Aug 2016 17:53:35 -0700
Subject: [PATCH] Vendoring libnetwork @82fb373e3eaa4e

  - Fixes a SNAT issue in loadbalancer when multiple networks are involved
  - Fixes an issue with SRV query forwarding in DNS
  - Fixes a map race

Signed-off-by: Jana Radhakrishnan <mrjana@docker.com>
(cherry picked from commit 56c98226955d98a2ba6a99bffd3a9a80d691e4a7)
Signed-off-by: Tibor Vass <tibor@docker.com>
---
 hack/vendor.sh                                         |  2 +-
 vendor/src/github.com/docker/libnetwork/network.go     |  2 +-
 vendor/src/github.com/docker/libnetwork/resolver.go    |  3 +++
 vendor/src/github.com/docker/libnetwork/sandbox.go     |  8 ++++----
 .../src/github.com/docker/libnetwork/service_linux.go  | 10 ++++++++--
 5 files changed, 17 insertions(+), 8 deletions(-)

diff --git a/hack/vendor.sh b/hack/vendor.sh
index d18cd4e637..fcf71c97b2 100755
--- a/hack/vendor.sh
+++ b/hack/vendor.sh
@@ -65,7 +65,7 @@ clone git github.com/RackSec/srslog 259aed10dfa74ea2961eddd1d9847619f6e98837
 clone git github.com/imdario/mergo 0.2.1
 
 #get libnetwork packages
-clone git github.com/docker/libnetwork 24f64a6f9e9cade70e3904df291fb321584b1b4e
+clone git github.com/docker/libnetwork 82fb373e3eaa4e9bbb5b5ac148b0a3a71f80fca6
 clone git github.com/docker/go-events afb2b9f2c23f33ada1a22b03651775fdc65a5089
 clone git github.com/armon/go-radix e39d623f12e8e41c7b5529e9a9dd67a1e2261f80
 clone git github.com/armon/go-metrics eb0af217e5e9747e41dd5303755356b62d28e3ec
diff --git a/vendor/src/github.com/docker/libnetwork/network.go b/vendor/src/github.com/docker/libnetwork/network.go
index 5c83bef903..ffdc232486 100644
--- a/vendor/src/github.com/docker/libnetwork/network.go
+++ b/vendor/src/github.com/docker/libnetwork/network.go
@@ -1110,8 +1110,8 @@ func (n *network) getSvcRecords(ep *endpoint) []etchosts.Record {
 	epName := ep.Name()
 
 	n.ctrlr.Lock()
+	defer n.ctrlr.Unlock()
 	sr, _ := n.ctrlr.svcRecords[n.id]
-	n.ctrlr.Unlock()
 
 	for h, ip := range sr.svcMap {
 		if strings.Split(h, ".")[0] == epName {
diff --git a/vendor/src/github.com/docker/libnetwork/resolver.go b/vendor/src/github.com/docker/libnetwork/resolver.go
index 8ba3860b70..b9eb4f3ff2 100644
--- a/vendor/src/github.com/docker/libnetwork/resolver.go
+++ b/vendor/src/github.com/docker/libnetwork/resolver.go
@@ -255,6 +255,9 @@ func (r *resolver) handleSRVQuery(svc string, query *dns.Msg) (*dns.Msg, error)
 	if err != nil {
 		return nil, err
 	}
+	if len(srv) == 0 {
+		return nil, nil
+	}
 	if len(srv) != len(ip) {
 		return nil, fmt.Errorf("invalid reply for SRV query %s", svc)
 	}
diff --git a/vendor/src/github.com/docker/libnetwork/sandbox.go b/vendor/src/github.com/docker/libnetwork/sandbox.go
index 8a659b038c..52e9bb6783 100644
--- a/vendor/src/github.com/docker/libnetwork/sandbox.go
+++ b/vendor/src/github.com/docker/libnetwork/sandbox.go
@@ -444,16 +444,16 @@ func (sb *sandbox) ResolveService(name string) ([]*net.SRV, []net.IP, error) {
 
 	log.Debugf("Service name To resolve: %v", name)
 
+	// There are DNS implementaions that allow SRV queries for names not in
+	// the format defined by RFC 2782. Hence specific validations checks are
+	// not done
 	parts := strings.Split(name, ".")
 	if len(parts) < 3 {
-		return nil, nil, fmt.Errorf("invalid service name, %s", name)
+		return nil, nil, nil
 	}
 
 	portName := parts[0]
 	proto := parts[1]
-	if proto != "_tcp" && proto != "_udp" {
-		return nil, nil, fmt.Errorf("invalid protocol in service, %s", name)
-	}
 	svcName := strings.Join(parts[2:], ".")
 
 	for _, ep := range sb.getConnectedEndpoints() {
diff --git a/vendor/src/github.com/docker/libnetwork/service_linux.go b/vendor/src/github.com/docker/libnetwork/service_linux.go
index 337d325207..9dc27f5578 100644
--- a/vendor/src/github.com/docker/libnetwork/service_linux.go
+++ b/vendor/src/github.com/docker/libnetwork/service_linux.go
@@ -647,7 +647,7 @@ func invokeFWMarker(path string, vip net.IP, fwMark uint32, ingressPorts []*Port
 
 	cmd := &exec.Cmd{
 		Path:   reexec.Self(),
-		Args:   append([]string{"fwmarker"}, path, vip.String(), fmt.Sprintf("%d", fwMark), addDelOpt, ingressPortsFile, eIP.IP.String()),
+		Args:   append([]string{"fwmarker"}, path, vip.String(), fmt.Sprintf("%d", fwMark), addDelOpt, ingressPortsFile, eIP.String()),
 		Stdout: os.Stdout,
 		Stderr: os.Stderr,
 	}
@@ -719,7 +719,13 @@ func fwMarker() {
 	}
 
 	if addDelOpt == "-A" {
-		ruleParams := strings.Fields(fmt.Sprintf("-m ipvs --ipvs -j SNAT --to-source %s", os.Args[6]))
+		eIP, subnet, err := net.ParseCIDR(os.Args[6])
+		if err != nil {
+			logrus.Errorf("Failed to parse endpoint IP %s: %v", os.Args[6], err)
+			os.Exit(9)
+		}
+
+		ruleParams := strings.Fields(fmt.Sprintf("-m ipvs --ipvs -d %s -j SNAT --to-source %s", subnet, eIP))
 		if !iptables.Exists("nat", "POSTROUTING", ruleParams...) {
 			rule := append(strings.Fields("-t nat -A POSTROUTING"), ruleParams...)
 			rules = append(rules, rule)