From 147b646e79e5220755c0b632cea870a37dc816af Mon Sep 17 00:00:00 2001 From: Alessandro Boch Date: Sat, 23 Jul 2016 21:23:17 -0700 Subject: [PATCH] On network creation, reset mangle rule - When creating a non encrypted overlay network, make sure no encryption related mangle rule from stale network is on the way. Signed-off-by: Alessandro Boch --- libnetwork/drivers/overlay/ov_network.go | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/libnetwork/drivers/overlay/ov_network.go b/libnetwork/drivers/overlay/ov_network.go index cc2f0879a0..d53d971cf6 100644 --- a/libnetwork/drivers/overlay/ov_network.go +++ b/libnetwork/drivers/overlay/ov_network.go @@ -140,6 +140,13 @@ func (d *driver) CreateNetwork(id string, option map[string]interface{}, nInfo d return fmt.Errorf("failed to update data store for network %v: %v", n.id, err) } + // Make sure no rule is on the way from any stale secure network + if !n.secure { + for _, vni := range vnis { + programMangle(vni, false) + } + } + if nInfo != nil { if err := nInfo.TableEventRegister(ovPeerTable); err != nil { return err