Merge pull request #42205 from thaJeztah/20.10_backport_bump_libnetwork

[20.10 backport] vendor: docker/libnetwork b3507428be5b458cb0e2b4086b13531fb0706e46
This commit is contained in:
Tibor Vass 2021-04-01 02:37:21 -07:00 committed by GitHub
commit cdd71c6736
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
5 changed files with 46 additions and 19 deletions

View file

@ -3,7 +3,7 @@
# LIBNETWORK_COMMIT is used to build the docker-userland-proxy binary. When
# updating the binary version, consider updating github.com/docker/libnetwork
# in vendor.conf accordingly
: "${LIBNETWORK_COMMIT:=fa125a3512ee0f6187721c88582bf8c4378bd4d7}"
: "${LIBNETWORK_COMMIT:=b3507428be5b458cb0e2b4086b13531fb0706e46}"
install_proxy() {
case "$1" in

View file

@ -20,13 +20,13 @@ func (s *DockerSuite) TestPortList(c *testing.T) {
out, _ = dockerCmd(c, "port", firstID, "80")
err := assertPortList(c, out, []string{"0.0.0.0:9876"})
err := assertPortList(c, out, []string{"0.0.0.0:9876", "[::]:9876"})
// Port list is not correct
assert.NilError(c, err)
out, _ = dockerCmd(c, "port", firstID)
err = assertPortList(c, out, []string{"80/tcp -> 0.0.0.0:9876"})
err = assertPortList(c, out, []string{"80/tcp -> 0.0.0.0:9876", "80/tcp -> [::]:9876"})
// Port list is not correct
assert.NilError(c, err)
@ -42,7 +42,7 @@ func (s *DockerSuite) TestPortList(c *testing.T) {
out, _ = dockerCmd(c, "port", ID, "80")
err = assertPortList(c, out, []string{"0.0.0.0:9876"})
err = assertPortList(c, out, []string{"0.0.0.0:9876", "[::]:9876"})
// Port list is not correct
assert.NilError(c, err)
@ -50,8 +50,11 @@ func (s *DockerSuite) TestPortList(c *testing.T) {
err = assertPortList(c, out, []string{
"80/tcp -> 0.0.0.0:9876",
"80/tcp -> [::]:9876",
"81/tcp -> 0.0.0.0:9877",
"81/tcp -> [::]:9877",
"82/tcp -> 0.0.0.0:9878",
"82/tcp -> [::]:9878",
})
// Port list is not correct
assert.NilError(c, err)
@ -69,7 +72,7 @@ func (s *DockerSuite) TestPortList(c *testing.T) {
out, _ = dockerCmd(c, "port", ID, "80")
err = assertPortList(c, out, []string{"0.0.0.0:9876", "0.0.0.0:9999"})
err = assertPortList(c, out, []string{"0.0.0.0:9876", "[::]:9876", "0.0.0.0:9999", "[::]:9999"})
// Port list is not correct
assert.NilError(c, err)
@ -78,8 +81,12 @@ func (s *DockerSuite) TestPortList(c *testing.T) {
err = assertPortList(c, out, []string{
"80/tcp -> 0.0.0.0:9876",
"80/tcp -> 0.0.0.0:9999",
"80/tcp -> [::]:9876",
"80/tcp -> [::]:9999",
"81/tcp -> 0.0.0.0:9877",
"81/tcp -> [::]:9877",
"82/tcp -> 0.0.0.0:9878",
"82/tcp -> [::]:9878",
})
// Port list is not correct
assert.NilError(c, err)
@ -94,7 +101,10 @@ func (s *DockerSuite) TestPortList(c *testing.T) {
out, _ = dockerCmd(c, "port", IDs[i])
err = assertPortList(c, out, []string{fmt.Sprintf("80/tcp -> 0.0.0.0:%d", 9090+i)})
err = assertPortList(c, out, []string{
fmt.Sprintf("80/tcp -> 0.0.0.0:%d", 9090+i),
fmt.Sprintf("80/tcp -> [::]:%d", 9090+i),
})
// Port list is not correct
assert.NilError(c, err)
}
@ -127,9 +137,13 @@ func (s *DockerSuite) TestPortList(c *testing.T) {
err = assertPortList(c, out, []string{
"80/tcp -> 0.0.0.0:9800",
"80/tcp -> [::]:9800",
"81/tcp -> 0.0.0.0:9801",
"81/tcp -> [::]:9801",
"82/tcp -> 0.0.0.0:9802",
"82/tcp -> [::]:9802",
"83/tcp -> 0.0.0.0:9803",
"83/tcp -> [::]:9803",
})
// Port list is not correct
assert.NilError(c, err)
@ -161,7 +175,7 @@ func assertPortList(c *testing.T, out string, expected []string) error {
// of the CLI used an incorrect output format for mappings on IPv6 addresses
// for example, "80/tcp -> :::80" instead of "80/tcp -> [::]:80".
oldFormat := func(mapping string) string {
old := strings.Replace(mapping, "-> [", "-> ", 1)
old := strings.Replace(mapping, "[", "", 1)
old = strings.Replace(old, "]:", ":", 1)
return old
}
@ -305,7 +319,7 @@ func (s *DockerSuite) TestPortHostBinding(c *testing.T) {
out, _ = dockerCmd(c, "port", firstID, "80")
err := assertPortList(c, out, []string{"0.0.0.0:9876"})
err := assertPortList(c, out, []string{"0.0.0.0:9876", "[::]:9876"})
// Port list is not correct
assert.NilError(c, err)

View file

@ -47,7 +47,7 @@ github.com/grpc-ecosystem/go-grpc-middleware 3c51f7f332123e8be5a157c0802a
# libnetwork
# When updating, also update LIBNETWORK_COMMIT in hack/dockerfile/install/proxy.installer accordingly
github.com/docker/libnetwork fa125a3512ee0f6187721c88582bf8c4378bd4d7
github.com/docker/libnetwork b3507428be5b458cb0e2b4086b13531fb0706e46
github.com/docker/go-events e31b211e4f1cd09aa76fe4ac244571fab96ae47f
github.com/armon/go-radix e39d623f12e8e41c7b5529e9a9dd67a1e2261f80
github.com/armon/go-metrics eb0af217e5e9747e41dd5303755356b62d28e3ec

View file

@ -49,8 +49,16 @@ func (n *bridgeNetwork) allocatePortsInternal(bindings []types.PortBinding, cont
}
bs = append(bs, bIPv4)
}
// Allocate IPv6 Port mappings
if ok := n.validatePortBindingIPv6(&bIPv6, containerIPv6, defHostIP); ok {
// If the container has no IPv6 address, allow proxying host IPv6 traffic to it
// by setting up the binding with the IPv4 interface if the userland proxy is enabled
// This change was added to keep backward compatibility
containerIP := containerIPv6
if ulPxyEnabled && (containerIPv6 == nil) {
containerIP = containerIPv4
}
if ok := n.validatePortBindingIPv6(&bIPv6, containerIP, defHostIP); ok {
if err := n.allocatePort(&bIPv6, ulPxyEnabled); err != nil {
// On allocation failure, release previously allocated ports. On cleanup error, just log a warning message
if cuErr := n.releasePortsInternal(bs); cuErr != nil {
@ -67,7 +75,7 @@ func (n *bridgeNetwork) allocatePortsInternal(bindings []types.PortBinding, cont
// validatePortBindingIPv4 validates the port binding, populates the missing Host IP field and returns true
// if this is a valid IPv4 binding, else returns false
func (n *bridgeNetwork) validatePortBindingIPv4(bnd *types.PortBinding, containerIPv4, defHostIP net.IP) bool {
//Return early if there is a valid Host IP, but its not a IPv6 address
//Return early if there is a valid Host IP, but its not a IPv4 address
if len(bnd.HostIP) > 0 && bnd.HostIP.To4() == nil {
return false
}
@ -85,10 +93,10 @@ func (n *bridgeNetwork) validatePortBindingIPv4(bnd *types.PortBinding, containe
}
// validatePortBindingIPv6 validates the port binding, populates the missing Host IP field and returns true
// if this is a valid IP6v binding, else returns false
func (n *bridgeNetwork) validatePortBindingIPv6(bnd *types.PortBinding, containerIPv6, defHostIP net.IP) bool {
// Return early if there is no IPv6 container endpoint
if containerIPv6 == nil {
// if this is a valid IPv6 binding, else returns false
func (n *bridgeNetwork) validatePortBindingIPv6(bnd *types.PortBinding, containerIP, defHostIP net.IP) bool {
// Return early if there is no container endpoint
if containerIP == nil {
return false
}
// Return early if there is a valid Host IP, which is a IPv4 address
@ -108,9 +116,8 @@ func (n *bridgeNetwork) validatePortBindingIPv6(bnd *types.PortBinding, containe
return false
}
}
bnd.IP = containerIPv6
bnd.IP = containerIP
return true
}
func (n *bridgeNetwork) allocatePort(bnd *types.PortBinding, ulPxyEnabled bool) error {
@ -132,7 +139,7 @@ func (n *bridgeNetwork) allocatePort(bnd *types.PortBinding, ulPxyEnabled bool)
portmapper := n.portMapper
if bnd.IP.To4() == nil {
if bnd.HostIP.To4() == nil {
portmapper = n.portMapperV6
}

View file

@ -512,8 +512,14 @@ func filterOutput(start time.Time, output []byte, args ...string) []byte {
// Raw calls 'iptables' system command, passing supplied arguments.
func (iptable IPTable) Raw(args ...string) ([]byte, error) {
if firewalldRunning {
// select correct IP version for firewalld
ipv := Iptables
if iptable.Version == IPv6 {
ipv = IP6Tables
}
startTime := time.Now()
output, err := Passthrough(Iptables, args...)
output, err := Passthrough(ipv, args...)
if err == nil || !strings.Contains(err.Error(), "was not provided by any .service files") {
return filterOutput(startTime, output, args...), err
}