Process only misses on IP belonging to network

If a miss notification arrives on a network's miss go routine currently
it is unconditionally processed. This is unnecessary and can be bad if
there are too many misses. This is especially true for hostmode. Fix
this by filtering out misses that doesn't belong to any of the network's
subnets.

Signed-off-by: Jana Radhakrishnan <mrjana@docker.com>

libnetwork/drivers/overlay/ov_network.go

@@ -545,6 +545,12 @@ func (n *network) watchMiss(nlSock *nl.NetlinkSocket) {
 			if neigh.IP.To4() == nil {
 				continue
 			}
+
+			// Not any of the network's subnets. Ignore.
+			if !n.contains(neigh.IP) {
+				continue
+			}
+
 			logrus.Debugf("miss notification for dest IP, %v", neigh.IP.String())
 
 			if neigh.State&(netlink.NUD_STALE|netlink.NUD_INCOMPLETE) == 0 {
@@ -825,6 +831,18 @@ func (n *network) obtainVxlanID(s *subnet) error {
 	}
 }
 
+// contains return true if the passed ip belongs to one the network's
+// subnets
+func (n *network) contains(ip net.IP) bool {
+	for _, s := range n.subnets {
+		if s.subnetIP.Contains(ip) {
+			return true
+		}
+	}
+
+	return false
+}
+
 // getSubnetforIP returns the subnet to which the given IP belongs
 func (n *network) getSubnetforIP(ip *net.IPNet) *subnet {
 	for _, s := range n.subnets {