Merge pull request #42205 from thaJeztah/20.10_backport_bump_libnetwork
[20.10 backport] vendor: docker/libnetwork b3507428be5b458cb0e2b4086b13531fb0706e46
This commit is contained in:
commit
cdd71c6736
5 changed files with 46 additions and 19 deletions
|
@ -3,7 +3,7 @@
|
|||
# LIBNETWORK_COMMIT is used to build the docker-userland-proxy binary. When
|
||||
# updating the binary version, consider updating github.com/docker/libnetwork
|
||||
# in vendor.conf accordingly
|
||||
: "${LIBNETWORK_COMMIT:=fa125a3512ee0f6187721c88582bf8c4378bd4d7}"
|
||||
: "${LIBNETWORK_COMMIT:=b3507428be5b458cb0e2b4086b13531fb0706e46}"
|
||||
|
||||
install_proxy() {
|
||||
case "$1" in
|
||||
|
|
|
@ -20,13 +20,13 @@ func (s *DockerSuite) TestPortList(c *testing.T) {
|
|||
|
||||
out, _ = dockerCmd(c, "port", firstID, "80")
|
||||
|
||||
err := assertPortList(c, out, []string{"0.0.0.0:9876"})
|
||||
err := assertPortList(c, out, []string{"0.0.0.0:9876", "[::]:9876"})
|
||||
// Port list is not correct
|
||||
assert.NilError(c, err)
|
||||
|
||||
out, _ = dockerCmd(c, "port", firstID)
|
||||
|
||||
err = assertPortList(c, out, []string{"80/tcp -> 0.0.0.0:9876"})
|
||||
err = assertPortList(c, out, []string{"80/tcp -> 0.0.0.0:9876", "80/tcp -> [::]:9876"})
|
||||
// Port list is not correct
|
||||
assert.NilError(c, err)
|
||||
|
||||
|
@ -42,7 +42,7 @@ func (s *DockerSuite) TestPortList(c *testing.T) {
|
|||
|
||||
out, _ = dockerCmd(c, "port", ID, "80")
|
||||
|
||||
err = assertPortList(c, out, []string{"0.0.0.0:9876"})
|
||||
err = assertPortList(c, out, []string{"0.0.0.0:9876", "[::]:9876"})
|
||||
// Port list is not correct
|
||||
assert.NilError(c, err)
|
||||
|
||||
|
@ -50,8 +50,11 @@ func (s *DockerSuite) TestPortList(c *testing.T) {
|
|||
|
||||
err = assertPortList(c, out, []string{
|
||||
"80/tcp -> 0.0.0.0:9876",
|
||||
"80/tcp -> [::]:9876",
|
||||
"81/tcp -> 0.0.0.0:9877",
|
||||
"81/tcp -> [::]:9877",
|
||||
"82/tcp -> 0.0.0.0:9878",
|
||||
"82/tcp -> [::]:9878",
|
||||
})
|
||||
// Port list is not correct
|
||||
assert.NilError(c, err)
|
||||
|
@ -69,7 +72,7 @@ func (s *DockerSuite) TestPortList(c *testing.T) {
|
|||
|
||||
out, _ = dockerCmd(c, "port", ID, "80")
|
||||
|
||||
err = assertPortList(c, out, []string{"0.0.0.0:9876", "0.0.0.0:9999"})
|
||||
err = assertPortList(c, out, []string{"0.0.0.0:9876", "[::]:9876", "0.0.0.0:9999", "[::]:9999"})
|
||||
// Port list is not correct
|
||||
assert.NilError(c, err)
|
||||
|
||||
|
@ -78,8 +81,12 @@ func (s *DockerSuite) TestPortList(c *testing.T) {
|
|||
err = assertPortList(c, out, []string{
|
||||
"80/tcp -> 0.0.0.0:9876",
|
||||
"80/tcp -> 0.0.0.0:9999",
|
||||
"80/tcp -> [::]:9876",
|
||||
"80/tcp -> [::]:9999",
|
||||
"81/tcp -> 0.0.0.0:9877",
|
||||
"81/tcp -> [::]:9877",
|
||||
"82/tcp -> 0.0.0.0:9878",
|
||||
"82/tcp -> [::]:9878",
|
||||
})
|
||||
// Port list is not correct
|
||||
assert.NilError(c, err)
|
||||
|
@ -94,7 +101,10 @@ func (s *DockerSuite) TestPortList(c *testing.T) {
|
|||
|
||||
out, _ = dockerCmd(c, "port", IDs[i])
|
||||
|
||||
err = assertPortList(c, out, []string{fmt.Sprintf("80/tcp -> 0.0.0.0:%d", 9090+i)})
|
||||
err = assertPortList(c, out, []string{
|
||||
fmt.Sprintf("80/tcp -> 0.0.0.0:%d", 9090+i),
|
||||
fmt.Sprintf("80/tcp -> [::]:%d", 9090+i),
|
||||
})
|
||||
// Port list is not correct
|
||||
assert.NilError(c, err)
|
||||
}
|
||||
|
@ -127,9 +137,13 @@ func (s *DockerSuite) TestPortList(c *testing.T) {
|
|||
|
||||
err = assertPortList(c, out, []string{
|
||||
"80/tcp -> 0.0.0.0:9800",
|
||||
"80/tcp -> [::]:9800",
|
||||
"81/tcp -> 0.0.0.0:9801",
|
||||
"81/tcp -> [::]:9801",
|
||||
"82/tcp -> 0.0.0.0:9802",
|
||||
"82/tcp -> [::]:9802",
|
||||
"83/tcp -> 0.0.0.0:9803",
|
||||
"83/tcp -> [::]:9803",
|
||||
})
|
||||
// Port list is not correct
|
||||
assert.NilError(c, err)
|
||||
|
@ -161,7 +175,7 @@ func assertPortList(c *testing.T, out string, expected []string) error {
|
|||
// of the CLI used an incorrect output format for mappings on IPv6 addresses
|
||||
// for example, "80/tcp -> :::80" instead of "80/tcp -> [::]:80".
|
||||
oldFormat := func(mapping string) string {
|
||||
old := strings.Replace(mapping, "-> [", "-> ", 1)
|
||||
old := strings.Replace(mapping, "[", "", 1)
|
||||
old = strings.Replace(old, "]:", ":", 1)
|
||||
return old
|
||||
}
|
||||
|
@ -305,7 +319,7 @@ func (s *DockerSuite) TestPortHostBinding(c *testing.T) {
|
|||
|
||||
out, _ = dockerCmd(c, "port", firstID, "80")
|
||||
|
||||
err := assertPortList(c, out, []string{"0.0.0.0:9876"})
|
||||
err := assertPortList(c, out, []string{"0.0.0.0:9876", "[::]:9876"})
|
||||
// Port list is not correct
|
||||
assert.NilError(c, err)
|
||||
|
||||
|
|
|
@ -47,7 +47,7 @@ github.com/grpc-ecosystem/go-grpc-middleware 3c51f7f332123e8be5a157c0802a
|
|||
# libnetwork
|
||||
|
||||
# When updating, also update LIBNETWORK_COMMIT in hack/dockerfile/install/proxy.installer accordingly
|
||||
github.com/docker/libnetwork fa125a3512ee0f6187721c88582bf8c4378bd4d7
|
||||
github.com/docker/libnetwork b3507428be5b458cb0e2b4086b13531fb0706e46
|
||||
github.com/docker/go-events e31b211e4f1cd09aa76fe4ac244571fab96ae47f
|
||||
github.com/armon/go-radix e39d623f12e8e41c7b5529e9a9dd67a1e2261f80
|
||||
github.com/armon/go-metrics eb0af217e5e9747e41dd5303755356b62d28e3ec
|
||||
|
|
25
vendor/github.com/docker/libnetwork/drivers/bridge/port_mapping.go
generated
vendored
25
vendor/github.com/docker/libnetwork/drivers/bridge/port_mapping.go
generated
vendored
|
@ -49,8 +49,16 @@ func (n *bridgeNetwork) allocatePortsInternal(bindings []types.PortBinding, cont
|
|||
}
|
||||
bs = append(bs, bIPv4)
|
||||
}
|
||||
|
||||
// Allocate IPv6 Port mappings
|
||||
if ok := n.validatePortBindingIPv6(&bIPv6, containerIPv6, defHostIP); ok {
|
||||
// If the container has no IPv6 address, allow proxying host IPv6 traffic to it
|
||||
// by setting up the binding with the IPv4 interface if the userland proxy is enabled
|
||||
// This change was added to keep backward compatibility
|
||||
containerIP := containerIPv6
|
||||
if ulPxyEnabled && (containerIPv6 == nil) {
|
||||
containerIP = containerIPv4
|
||||
}
|
||||
if ok := n.validatePortBindingIPv6(&bIPv6, containerIP, defHostIP); ok {
|
||||
if err := n.allocatePort(&bIPv6, ulPxyEnabled); err != nil {
|
||||
// On allocation failure, release previously allocated ports. On cleanup error, just log a warning message
|
||||
if cuErr := n.releasePortsInternal(bs); cuErr != nil {
|
||||
|
@ -67,7 +75,7 @@ func (n *bridgeNetwork) allocatePortsInternal(bindings []types.PortBinding, cont
|
|||
// validatePortBindingIPv4 validates the port binding, populates the missing Host IP field and returns true
|
||||
// if this is a valid IPv4 binding, else returns false
|
||||
func (n *bridgeNetwork) validatePortBindingIPv4(bnd *types.PortBinding, containerIPv4, defHostIP net.IP) bool {
|
||||
//Return early if there is a valid Host IP, but its not a IPv6 address
|
||||
//Return early if there is a valid Host IP, but its not a IPv4 address
|
||||
if len(bnd.HostIP) > 0 && bnd.HostIP.To4() == nil {
|
||||
return false
|
||||
}
|
||||
|
@ -85,10 +93,10 @@ func (n *bridgeNetwork) validatePortBindingIPv4(bnd *types.PortBinding, containe
|
|||
}
|
||||
|
||||
// validatePortBindingIPv6 validates the port binding, populates the missing Host IP field and returns true
|
||||
// if this is a valid IP6v binding, else returns false
|
||||
func (n *bridgeNetwork) validatePortBindingIPv6(bnd *types.PortBinding, containerIPv6, defHostIP net.IP) bool {
|
||||
// Return early if there is no IPv6 container endpoint
|
||||
if containerIPv6 == nil {
|
||||
// if this is a valid IPv6 binding, else returns false
|
||||
func (n *bridgeNetwork) validatePortBindingIPv6(bnd *types.PortBinding, containerIP, defHostIP net.IP) bool {
|
||||
// Return early if there is no container endpoint
|
||||
if containerIP == nil {
|
||||
return false
|
||||
}
|
||||
// Return early if there is a valid Host IP, which is a IPv4 address
|
||||
|
@ -108,9 +116,8 @@ func (n *bridgeNetwork) validatePortBindingIPv6(bnd *types.PortBinding, containe
|
|||
return false
|
||||
}
|
||||
}
|
||||
bnd.IP = containerIPv6
|
||||
bnd.IP = containerIP
|
||||
return true
|
||||
|
||||
}
|
||||
|
||||
func (n *bridgeNetwork) allocatePort(bnd *types.PortBinding, ulPxyEnabled bool) error {
|
||||
|
@ -132,7 +139,7 @@ func (n *bridgeNetwork) allocatePort(bnd *types.PortBinding, ulPxyEnabled bool)
|
|||
|
||||
portmapper := n.portMapper
|
||||
|
||||
if bnd.IP.To4() == nil {
|
||||
if bnd.HostIP.To4() == nil {
|
||||
portmapper = n.portMapperV6
|
||||
}
|
||||
|
||||
|
|
8
vendor/github.com/docker/libnetwork/iptables/iptables.go
generated
vendored
8
vendor/github.com/docker/libnetwork/iptables/iptables.go
generated
vendored
|
@ -512,8 +512,14 @@ func filterOutput(start time.Time, output []byte, args ...string) []byte {
|
|||
// Raw calls 'iptables' system command, passing supplied arguments.
|
||||
func (iptable IPTable) Raw(args ...string) ([]byte, error) {
|
||||
if firewalldRunning {
|
||||
// select correct IP version for firewalld
|
||||
ipv := Iptables
|
||||
if iptable.Version == IPv6 {
|
||||
ipv = IP6Tables
|
||||
}
|
||||
|
||||
startTime := time.Now()
|
||||
output, err := Passthrough(Iptables, args...)
|
||||
output, err := Passthrough(ipv, args...)
|
||||
if err == nil || !strings.Contains(err.Error(), "was not provided by any .service files") {
|
||||
return filterOutput(startTime, output, args...), err
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue