From c59e93a67bcac27897da5480af67942c361f5ab2 Mon Sep 17 00:00:00 2001 From: Albin Kerouanton Date: Fri, 2 Feb 2024 10:01:17 +0100 Subject: [PATCH] Revert "daemon: automatically set network EnableIPv6 if needed" This reverts commit 5d5eeac31058f1e51765ca5dd3b086b6c5126eb4. Signed-off-by: Albin Kerouanton --- api/types/network/ipam.go | 27 +++++---------------------- api/types/network/ipam_test.go | 8 +++++++- daemon/network.go | 6 +----- 3 files changed, 13 insertions(+), 28 deletions(-) diff --git a/api/types/network/ipam.go b/api/types/network/ipam.go index 17f370ef7e..ace145d7e3 100644 --- a/api/types/network/ipam.go +++ b/api/types/network/ipam.go @@ -30,30 +30,9 @@ const ( ip6 ipFamily = "IPv6" ) -// HasIPv6Subnets checks whether there's any IPv6 subnets in the ipam parameter. It ignores any invalid Subnet and nil -// ipam. -func HasIPv6Subnets(ipam *IPAM) bool { - if ipam == nil { - return false - } - - for _, cfg := range ipam.Config { - subnet, err := netip.ParsePrefix(cfg.Subnet) - if err != nil { - continue - } - - if subnet.Addr().Is6() { - return true - } - } - - return false -} - // ValidateIPAM checks whether the network's IPAM passed as argument is valid. It returns a joinError of the list of // errors found. -func ValidateIPAM(ipam *IPAM) error { +func ValidateIPAM(ipam *IPAM, enableIPv6 bool) error { if ipam == nil { return nil } @@ -74,6 +53,10 @@ func ValidateIPAM(ipam *IPAM) error { errs = append(errs, fmt.Errorf("invalid subnet %s: it should be %s", subnet, subnet.Masked())) } + if !enableIPv6 && subnetFamily == ip6 { + errs = append(errs, fmt.Errorf("invalid subnet %s: IPv6 has not been enabled for this network", subnet)) + } + if ipRangeErrs := validateIPRange(cfg.IPRange, subnet, subnetFamily); len(ipRangeErrs) > 0 { errs = append(errs, ipRangeErrs...) } diff --git a/api/types/network/ipam_test.go b/api/types/network/ipam_test.go index 67d6151242..5b5b48480c 100644 --- a/api/types/network/ipam_test.go +++ b/api/types/network/ipam_test.go @@ -30,6 +30,12 @@ func TestNetworkWithInvalidIPAM(t *testing.T) { "invalid auxiliary address DefaultGatewayIPv4: parent subnet is an IPv4 block", }, }, + { + name: "IPv6 subnet is discarded when IPv6 is disabled", + ipam: IPAM{Config: []IPAMConfig{{Subnet: "2001:db8::/32"}}}, + ipv6: false, + expectedErrors: []string{"invalid subnet 2001:db8::/32: IPv6 has not been enabled for this network"}, + }, { name: "Invalid data - Subnet", ipam: IPAM{Config: []IPAMConfig{{Subnet: "foobar"}}}, @@ -122,7 +128,7 @@ func TestNetworkWithInvalidIPAM(t *testing.T) { t.Run(tc.name, func(t *testing.T) { t.Parallel() - errs := ValidateIPAM(&tc.ipam) + errs := ValidateIPAM(&tc.ipam, tc.ipv6) if tc.expectedErrors == nil { assert.NilError(t, errs) return diff --git a/daemon/network.go b/daemon/network.go index fa58df1aed..d2d9dd27fc 100644 --- a/daemon/network.go +++ b/daemon/network.go @@ -305,10 +305,6 @@ func (daemon *Daemon) createNetwork(cfg *config.Config, create types.NetworkCrea return nil, errdefs.Forbidden(errors.New(`This node is not a swarm manager. Use "docker swarm init" or "docker swarm join" to connect this node to swarm and try again.`)) } - if network.HasIPv6Subnets(create.IPAM) { - create.EnableIPv6 = true - } - networkOptions := make(map[string]string) for k, v := range create.Options { networkOptions[k] = v @@ -335,7 +331,7 @@ func (daemon *Daemon) createNetwork(cfg *config.Config, create types.NetworkCrea nwOptions = append(nwOptions, libnetwork.NetworkOptionConfigOnly()) } - if err := network.ValidateIPAM(create.IPAM); err != nil { + if err := network.ValidateIPAM(create.IPAM, create.EnableIPv6); err != nil { return nil, errdefs.InvalidParameter(err) }