0ct0pu5/moby
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Resolve "bridge fdb show" hang issue

Browse source 
The output of "bridge fdb show" command invoked under a network
namespace is unpredicable. Sometime it returns empty, and sometime
non-stop rolling output. This perhaps is a bug in kernel
and/or iproute2 implementation. To work around, display fdb  for
 each bridge.

Signed-off-by: Su Wang <su.wang@docker.com>
This commit is contained in:
Su Wang 2019-09-26 21:04:49 +00:00
parent 141b53c77a
commit ff27bb0db4
2 changed files with 13 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
libnetwork/support/Dockerfile
View file

@ -11,6 +11,7 @@ RUN apk add --no-cache \
iproute2 \
ipvsadm \
conntrack-tools \
jq \
bash
WORKDIR /bin

13
libnetwork/support/support.sh
View file

@ -18,6 +18,7 @@ IPTABLES="${IPTABLES:-iptables}"
IPVSADM="${IPVSADM:-ipvsadm}"
IP="${IP:-ip}"
SSDBIN="${SSDBIN:-ssd}"
JQ="${JQ:-jq}"
networks=0
containers=0
@ -53,6 +54,7 @@ type -P ${BRIDGE} > /dev/null || echo "This tool requires bridge"
type -P ${IPTABLES} > /dev/null || echo "This tool requires iptables"
type -P ${IPVSADM} > /dev/null || echo "This tool requires ipvsadm"
type -P ${IP} > /dev/null || echo "This tool requires ip"
type -P ${JQ} > /dev/null || echo "This tool requires jq"
if ${DOCKER} network inspect --help | grep -q -- --verbose; then
NETINSPECT_VERBOSE_SUPPORT="--verbose"
@ -89,7 +91,16 @@ for networkID in $(${DOCKER} network ls --no-trunc --filter driver=overlay -q) "
echo_and_run ${NSENTER} --net=${i} ${IP} -o -4 address show
echo_and_run ${NSENTER} --net=${i} ${IP} -4 route show
echo_and_run ${NSENTER} --net=${i} ${IP} -4 neigh show
echo_and_run ${NSENTER} --net=${i} ${BRIDGE} fdb show
bridges=$(${NSENTER} --net=${i} ${IP} -j link show type bridge | ${JQ} -r '.[].ifname')
# break string to array
bridges=(${bridges})
for b in "${bridges[@]}"
do
if [ -z ${b} ] || [ ${b} == "null" ]; then
continue
fi
echo_and_run ${NSENTER} --net=${i} ${BRIDGE} fdb show br ${b}
done
echo_and_run ${NSENTER} --net=${i} ${IPTABLES} -w1 -n -v -L -t filter | grep -v '^$'
echo_and_run ${NSENTER} --net=${i} ${IPTABLES} -w1 -n -v -L -t nat | grep -v '^$'
echo_and_run ${NSENTER} --net=${i} ${IPTABLES} -w1 -n -v -L -t mangle | grep -v '^$'