- runs to completion without error
- demonstrates info available when using bridge network driver
Closes#837
Signed-off-by: Gabe Rosenhouse <grosenhouse@pivotal.io>
ChainExists should not treat non-nil output as
error because there is always going to be some
output while dumping iptable rules.
Signed-off-by: Jana Radhakrishnan <mrjana@docker.com>
We check for existence of all filter rules in
overlay driver before creating it. We should
also do this for chain creation, because even though
we cleanup network chains when the last container
stops, there is a possibility of a stale network
chain in case of ungraceful restart.
Also cleaned up stale bridges if any exist due to
ungraceful shutdown of daemon.
Signed-off-by: Jana Radhakrishnan <mrjana@docker.com>
Currently we are cleaning up vxlan interfaces by name
before trying to setup an interface with the same name.
But this doesn't work for properly cleaning up vxlan
interfaces with the same vni, if the interface has a
a different name than the one expected. The fix is to
delete the interface based on vni.
Signed-off-by: Jana Radhakrishnan <mrjana@docker.com>
- So that a DHCP based plugin can express it needs
the endpoint MAC address when requested for an IP address.
- In such case libnetwork will allocate one if not already
provided by user
Signed-off-by: Alessandro Boch <aboch@docker.com>
Add support for overlay networking in older kernels.
Following were done to achieve this:
+ Create the vxlan network in host namespace.
+ This may create conflicts with other private
networks so check for conflicts and fail a
join if there is any conflict.
+ Add iptable based filtering to only allow
subnet bridges in the same network to forward
traffic while different network bridges will
not be able to forward b/w each other. Also
block traffic to overlay network originating
from the host itself.
Signed-off-by: Jana Radhakrishnan <mrjana@docker.com>
- Test random de-allocation of allocated addresses
which is closer to real use case
- Test db reconstruction after read from datastore
Signed-off-by: Alessandro Boch <aboch@docker.com>
If we use peerMap as value, then we copy its mutex on
`pMap = d.peerDb.mp[nid]` and lock entirely different mutexes every
time.
Signed-off-by: Alexander Morozov <lk4d4@docker.com>
- On Sandbox deletion, during Leave of each
connected endpoint, avoid the default gw
check, which may create an unnecessary
connection to the default gateway network.
Signed-off-by: Alessandro Boch <aboch@docker.com>
this updates the MAINTAINERS file to the new format,
so that it can be parsed and collected in the docker/opensource
repository.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Sometimes, the vxlan kernel code may generate miss
notifications for vxlan bound packets when serf is
not initliazed. In such cases we should not try
doing a query as it will create a panic. We should
error out which will generate a log message.
Signed-off-by: Jana Radhakrishnan <mrjana@docker.com>
