vendor: github.com/docker/libnetwork 64b7a4574d1426139437d20e81c0b6d391130ec8

Update libnetwork to make `docker run -p 80:80` functional again on environments
with kernel boot parameter `ipv6.disable=1`.

full diff: b3507428be...64b7a4574d

- fix port forwarding with ipv6.disable=1
    - fixes moby/moby/42288 Docker 20.10.6: all containers stopped and cannot start if ipv6 is disabled on host
    - fixes docker/libnetwork/2629 Network issue with IPv6 following update to version 20.10.6
    - fixesdocker/for-linux/1233 Since 20.10.6 it's not possible to run docker on a machine with disabled IPv6 interfaces
- vendor: github.com/ishidawataru/sctp f2269e66cdee387bd321445d5d300893449805be
- Enforce order of lock acquisitions on network/controller, fixes #2632
    - fixes docker/libnetwork/2632 Name resolution stuck due to deadlock between different network struct methods
    - fixes moby/moby/42032 Docker deamon get's stuck, can't serve DNS requests

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This commit is contained in:
Sebastiaan van Stijn 2021-05-25 11:29:14 +02:00
parent e02bc91dcb
commit e4109b3b6b
No known key found for this signature in database
GPG key ID: 76698F39D527CE8C
5 changed files with 49 additions and 14 deletions

View file

@ -3,7 +3,7 @@
# LIBNETWORK_COMMIT is used to build the docker-userland-proxy binary. When
# updating the binary version, consider updating github.com/docker/libnetwork
# in vendor.conf accordingly
: "${LIBNETWORK_COMMIT:=b3507428be5b458cb0e2b4086b13531fb0706e46}"
: "${LIBNETWORK_COMMIT:=64b7a4574d1426139437d20e81c0b6d391130ec8}"
install_proxy() {
case "$1" in

View file

@ -47,7 +47,7 @@ github.com/grpc-ecosystem/go-grpc-middleware 3c51f7f332123e8be5a157c0802a
# libnetwork
# When updating, also update LIBNETWORK_COMMIT in hack/dockerfile/install/proxy.installer accordingly
github.com/docker/libnetwork b3507428be5b458cb0e2b4086b13531fb0706e46
github.com/docker/libnetwork 64b7a4574d1426139437d20e81c0b6d391130ec8
github.com/docker/go-events e31b211e4f1cd09aa76fe4ac244571fab96ae47f
github.com/armon/go-radix e39d623f12e8e41c7b5529e9a9dd67a1e2261f80
github.com/armon/go-metrics eb0af217e5e9747e41dd5303755356b62d28e3ec

View file

@ -5,6 +5,7 @@ import (
"errors"
"fmt"
"net"
"sync"
"github.com/docker/libnetwork/types"
"github.com/ishidawataru/sctp"
@ -50,6 +51,13 @@ func (n *bridgeNetwork) allocatePortsInternal(bindings []types.PortBinding, cont
bs = append(bs, bIPv4)
}
// skip adding implicit v6 addr, when the kernel was booted with `ipv6.disable=1`
// https://github.com/moby/moby/issues/42288
isV6Binding := c.HostIP != nil && c.HostIP.To4() == nil
if !isV6Binding && !IsV6Listenable() {
continue
}
// Allocate IPv6 Port mappings
// If the container has no IPv6 address, allow proxying host IPv6 traffic to it
// by setting up the binding with the IPv4 interface if the userland proxy is enabled
@ -211,3 +219,26 @@ func (n *bridgeNetwork) releasePort(bnd types.PortBinding) error {
return portmapper.Unmap(host)
}
var (
v6ListenableCached bool
v6ListenableOnce sync.Once
)
// IsV6Listenable returns true when `[::1]:0` is listenable.
// IsV6Listenable returns false mostly when the kernel was booted with `ipv6.disable=1` option.
func IsV6Listenable() bool {
v6ListenableOnce.Do(func() {
ln, err := net.Listen("tcp6", "[::1]:0")
if err != nil {
// When the kernel was booted with `ipv6.disable=1`,
// we get err "listen tcp6 [::1]:0: socket: address family not supported by protocol"
// https://github.com/moby/moby/issues/42288
logrus.Debugf("port_mapping: v6Listenable=false (%v)", err)
} else {
v6ListenableCached = true
ln.Close()
}
})
return v6ListenableCached
}

View file

@ -1409,21 +1409,21 @@ func (n *network) addSvcRecords(eID, name, serviceID string, epIP, epIPv6 net.IP
if n.ingress {
return
}
logrus.Debugf("%s (%.7s).addSvcRecords(%s, %s, %s, %t) %s sid:%s", eID, n.ID(), name, epIP, epIPv6, ipMapUpdate, method, serviceID)
networkID := n.ID()
logrus.Debugf("%s (%.7s).addSvcRecords(%s, %s, %s, %t) %s sid:%s", eID, networkID, name, epIP, epIPv6, ipMapUpdate, method, serviceID)
c := n.getController()
c.Lock()
defer c.Unlock()
sr, ok := c.svcRecords[n.ID()]
sr, ok := c.svcRecords[networkID]
if !ok {
sr = svcInfo{
svcMap: setmatrix.NewSetMatrix(),
svcIPv6Map: setmatrix.NewSetMatrix(),
ipMap: setmatrix.NewSetMatrix(),
}
c.svcRecords[n.ID()] = sr
c.svcRecords[networkID] = sr
}
if ipMapUpdate {
@ -1445,14 +1445,14 @@ func (n *network) deleteSvcRecords(eID, name, serviceID string, epIP net.IP, epI
if n.ingress {
return
}
logrus.Debugf("%s (%.7s).deleteSvcRecords(%s, %s, %s, %t) %s sid:%s ", eID, n.ID(), name, epIP, epIPv6, ipMapUpdate, method, serviceID)
networkID := n.ID()
logrus.Debugf("%s (%.7s).deleteSvcRecords(%s, %s, %s, %t) %s sid:%s ", eID, networkID, name, epIP, epIPv6, ipMapUpdate, method, serviceID)
c := n.getController()
c.Lock()
defer c.Unlock()
sr, ok := c.svcRecords[n.ID()]
sr, ok := c.svcRecords[networkID]
if !ok {
return
}
@ -1972,9 +1972,10 @@ func (n *network) ResolveName(req string, ipType int) ([]net.IP, bool) {
var ipv6Miss bool
c := n.getController()
networkID := n.ID()
c.Lock()
defer c.Unlock()
sr, ok := c.svcRecords[n.ID()]
sr, ok := c.svcRecords[networkID]
if !ok {
return nil, false
@ -2012,10 +2013,11 @@ func (n *network) ResolveName(req string, ipType int) ([]net.IP, bool) {
}
func (n *network) HandleQueryResp(name string, ip net.IP) {
networkID := n.ID()
c := n.getController()
c.Lock()
defer c.Unlock()
sr, ok := c.svcRecords[n.ID()]
sr, ok := c.svcRecords[networkID]
if !ok {
return
@ -2031,10 +2033,11 @@ func (n *network) HandleQueryResp(name string, ip net.IP) {
}
func (n *network) ResolveIP(ip string) string {
networkID := n.ID()
c := n.getController()
c.Lock()
defer c.Unlock()
sr, ok := c.svcRecords[n.ID()]
sr, ok := c.svcRecords[networkID]
if !ok {
return ""
@ -2085,9 +2088,10 @@ func (n *network) ResolveService(name string) ([]*net.SRV, []net.IP) {
proto := parts[1]
svcName := strings.Join(parts[2:], ".")
networkID := n.ID()
c.Lock()
defer c.Unlock()
sr, ok := c.svcRecords[n.ID()]
sr, ok := c.svcRecords[networkID]
if !ok {
return nil, nil

View file

@ -43,7 +43,7 @@ golang.org/x/net ab34263943818b32f575efc978a3
golang.org/x/sys ed371f2e16b4b305ee99df548828de367527b76b
golang.org/x/sync cd5d95a43a6e21273425c7ae415d3df9ea832eeb
github.com/pkg/errors 614d223910a179a466c1767a985424175c39b465 # v0.9.1
github.com/ishidawataru/sctp 6e2cb1366111dcf547c13531e3a263a067715847
github.com/ishidawataru/sctp f2269e66cdee387bd321445d5d300893449805be
go.opencensus.io 9c377598961b706d1542bd2d84d538b5094d596e # v0.22.0
gotest.tools/v3 bb0d8a963040ea5048dcef1a14d8f8b58a33d4b3 # v3.0.2