Merge pull request #41712 from tiborvass/fix-ipvalidation-portmapper

vendor libnetwork to fix mix up between IPv4 and IPv6

hack/dockerfile/install/proxy.installer

@@ -3,7 +3,7 @@
 # LIBNETWORK_COMMIT is used to build the docker-userland-proxy binary. When
 # updating the binary version, consider updating github.com/docker/libnetwork
 # in vendor.conf accordingly
-: "${LIBNETWORK_COMMIT:=6b51d028f4bbb9a4cc8d3eaba13baa9f848af546}"
+: "${LIBNETWORK_COMMIT:=a543cbc4871f904b0efe205708eb45d72e65fd8b}"
 
 install_proxy() {
 	case "$1" in

vendor.conf

@@ -47,7 +47,7 @@ github.com/grpc-ecosystem/go-grpc-middleware        3c51f7f332123e8be5a157c0802a
 # libnetwork
 
 # When updating, also update LIBNETWORK_COMMIT in hack/dockerfile/install/proxy.installer accordingly
-github.com/docker/libnetwork                        6b51d028f4bbb9a4cc8d3eaba13baa9f848af546 
+github.com/docker/libnetwork                        a543cbc4871f904b0efe205708eb45d72e65fd8b
 github.com/docker/go-events                         e31b211e4f1cd09aa76fe4ac244571fab96ae47f
 github.com/armon/go-radix                           e39d623f12e8e41c7b5529e9a9dd67a1e2261f80
 github.com/armon/go-metrics                         eb0af217e5e9747e41dd5303755356b62d28e3ec

vendor/github.com/docker/libnetwork/endpoint.go

@@ -1055,7 +1055,7 @@ func CreateOptionLoadBalancer() EndpointOption {
 
 // JoinOptionPriority function returns an option setter for priority option to
 // be passed to the endpoint.Join() method.
-func JoinOptionPriority(ep Endpoint, prio int) EndpointOption {
+func JoinOptionPriority(prio int) EndpointOption {
 	return func(ep *endpoint) {
 		// ep lock already acquired
 		c := ep.network.getController()

vendor/github.com/docker/libnetwork/portmapper/mapper.go

@@ -151,7 +151,7 @@ func (pm *PortMapper) MapRange(container net.Addr, hostIP net.IP, hostPortStart,
 	}
 
 	containerIP, containerPort := getIPAndPort(m.container)
-	if hostIP.To4() != nil || hostIP.To16() != nil {
+	if pm.checkIP(hostIP) {
 		if err := pm.AppendForwardingTableEntry(m.proto, hostIP, allocatedHostPort, containerIP.String(), containerPort); err != nil {
 			return nil, err
 		}
@@ -160,7 +160,7 @@ func (pm *PortMapper) MapRange(container net.Addr, hostIP net.IP, hostPortStart,
 	cleanup := func() error {
 		// need to undo the iptables rules before we return
 		m.userlandProxy.Stop()
-		if hostIP.To4() != nil || hostIP.To16() != nil {
+		if pm.checkIP(hostIP) {
 			pm.DeleteForwardingTableEntry(m.proto, hostIP, allocatedHostPort, containerIP.String(), containerPort)
 			if err := pm.Allocator.ReleasePort(hostIP, m.proto, allocatedHostPort); err != nil {
 				return err

vendor/github.com/docker/libnetwork/portmapper/mapper_linux.go

@@ -44,3 +44,11 @@ func (pm *PortMapper) forward(action iptables.Action, proto string, sourceIP net
 	}
 	return pm.chain.Forward(action, sourceIP, sourcePort, proto, containerIP, containerPort, pm.bridgeName)
 }
+
+// checkIP checks if IP is valid and matching to chain version
+func (pm *PortMapper) checkIP(ip net.IP) bool {
+	if pm.chain == nil || pm.chain.IPTable.Version == iptables.IPv4 {
+		return ip.To4() != nil
+	}
+	return ip.To16() != nil
+}

vendor/github.com/docker/libnetwork/portmapper/mapper_windows.go

@@ -29,3 +29,9 @@ func (pm *PortMapper) AppendForwardingTableEntry(proto string, sourceIP net.IP,
 func (pm *PortMapper) DeleteForwardingTableEntry(proto string, sourceIP net.IP, sourcePort int, containerIP string, containerPort int) error {
 	return nil
 }
+
+// checkIP checks if IP is valid and matching to chain version
+func (pm *PortMapper) checkIP(ip net.IP) bool {
+	// no IPv6 for port mapper on windows -> only IPv4 valid
+	return ip.To4() != nil
+}