Commit graph

3345 commits

Author SHA1 Message Date
Sebastiaan van Stijn
7cda3fb7b5
libnetwork: inline populateSpecial NetworkWalker
It was only used in a single place, and it was defined far away from
where it was used.

Move the code inline, so that it's clear at a glance what it's doing.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-09-26 19:41:50 +02:00
Sebastiaan van Stijn
ca1307c56e
libnetwork: Controller: remove mutex for "store"
The store field is only mutated by Controller.initStores(), which is
only called inside the cosntructor (libnetwork.New), so there should be
no need to protect the field with a mutex in non-exported functions.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-09-26 19:34:12 +02:00
Sebastiaan van Stijn
a8ea752a93
libnetwork: Controller.cleanupLocalEndpoints: return errors
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-09-26 19:28:18 +02:00
Sebastiaan van Stijn
2e60051c92
libnetwork: Controller.sandboxCleanup: return errors
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-09-26 19:28:18 +02:00
Sebastiaan van Stijn
642cf261a8
libnetwork: Controller.NetworkByID: remove redundant error-handling
Controller.getNetworkFromStore() already returns a ErrNoSuchNetwork if
no network was found, so we don't need to convert the existing error.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-09-26 19:22:52 +02:00
Sebastiaan van Stijn
d7a31cfb2d
libnetwork: Sandbox.resolveName: slightly simplify locking
Simplify the lock/unlock cycle, and make the "lookupAlias" branch
more similar to the non-lookupAlias variant.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-09-21 16:23:36 +02:00
Sebastiaan van Stijn
f549aaa205
libnetwork: Sandbox.resolveName: add fast-path for alias lookups
Skip faster when we're looking for aliases. Also check for the list
of aliases to be empty, not just `nil` (although in practice it should
be equivalent).

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-09-21 16:23:35 +02:00
Sebastiaan van Stijn
9249b34be8
libnetwork: Sandbox.resolveName: rename vars for clarity
- use `nameOrAlias` for the name (or alias) to resolve
- use `lookupAlias` to indicate what the intent is; this function
  is either looking up aliases or "regular" names. Ideally we would
  split the function, but let's keep that for a future exercise.
- name the `ipv6Miss` output variable. The "ipv6 miss" logic is rather
  confusing, and should probably be revisited, but let's start with
  giving the variable a name to make it more apparent what it is.
- use `nw` for networks, which is the more common local name

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-09-21 16:23:35 +02:00
Sebastiaan van Stijn
4401ccac22
libnetwork: Sandbox: remove some intermediate vars
- remove some intermediate vars, or move them closer to where they're used.
- ResolveService: use strings.SplitN to limit number of elements. This
  code is only used to validate the input, results are not used.
- ResolveService: return early instead of breaking the loop. This makes
  it clearer from the code that were not returning anything (nil, nil).
- Controller.sandboxCleanup(): rename a var, and slight refactor of
  error-handling.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-09-21 16:23:35 +02:00
Sebastiaan van Stijn
4ff252456b
libnetwork: rewrite Network.isClusterEligible to return agent
This function was used to check if the network is a multi-host, swarm-scoped
network. Part of this check involved a check whether the cluster-agent was
present.

In all places where this function was used, the next step after checking if
the network was "cluster eligible", was to get the agent, and (again) check
if it was not nil.

This patch rewrites the isClusterEligible utility into a clusterAgent utility,
which both checks if the network is cluster-eligible, and returns the agent
(if set). For convenience, an "ok" bool is added, which callers can use to
return early (although just checking for nilness would likely have been
sufficient).

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-09-21 10:19:21 +02:00
Sebastiaan van Stijn
6203e3660d
libnetwork: Endpoint: return early if no agent was found
This removes redundant nil-checks in Endpoint.deleteServiceInfoFromCluster
and Endpoint.addServiceInfoToCluster.

These functions return early if the network is not ["cluster eligible"][1],
and the function used for that (`Network.isClusterEligible`) requires the
[agent to not be `nil`][2].

This check moved around a few times ([3][3], [4][4]), but was originally
added in [libnetwork 1570][5] which, among others, tried to avoid a nil-pointer
exception reported in [moby 28712][6], which accessed the `Controller.agent`
[without locking][7]. That issue was addressed by adding locks, adding a
`Controller.getAgent` accessor, and updating deleteServiceInfoFromCluster
to use a local var. It also sprinkled this `nil` check to be on the safe
side, but as `Network.isClusterEligible` already checks for the agent
to not be `nil`, this should not be redundant.

[1]: 5b53ddfcdd/libnetwork/agent.go (L529-L534)
[2]: 5b53ddfcdd/libnetwork/agent.go (L688-L696)
[3]: f2307265c7
[4]: 6426d1e66f
[5]: 8dcf9960aa
[6]: https://github.com/moby/moby/issues/28712
[7]: 75fd88ba89/vendor/github.com/docker/libnetwork/agent.go (L452)

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-09-21 10:19:21 +02:00
Sebastiaan van Stijn
6eeef51c6a
libnetwork: Controller.agentSetup: use structured logs
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-09-21 10:19:15 +02:00
Sebastiaan van Stijn
8b95ea4a35
libnetwork: Controller.agentSetup: remove redundant condition
The function returns at the start if there agent is non-nil.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-09-21 10:15:06 +02:00
Sebastiaan van Stijn
1ed5d91555
Merge pull request #46365 from thaJeztah/libnetwork_endpoint_nits
libnetwork: Endpoint: fixing some nits
2023-09-20 22:01:28 +02:00
Sebastiaan van Stijn
313a090c0e
libnetwork/osl: add some TODOs
These came up during review of a refactor, and need further investigating.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-09-20 12:45:45 +02:00
Sebastiaan van Stijn
9d3b1f9419
libnetwork/osl: make constructing Interfaces more atomic
It's still not "great", but implement a `newInterface()` constructor
to create a new Interface instance, instead of creating a partial
instance and applying "options" after the fact.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-09-20 12:45:40 +02:00
Sebastiaan van Stijn
47f9e70385
libnetwork/osl: Namespace.Restore: conditionally fetch IPs
We're only using the results if the interface doesn't have an address
yet, so skip this step if we don't use it.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-09-20 12:38:27 +02:00
Sebastiaan van Stijn
ee5a91e663
libnetwork/osl: Namespace.Restore: flatten nested conditions
Flatten some nested "if"-statements, and improve error.

Errors returned by this function are not handled, and only logged, so
make them more informative if debugging is needed.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-09-20 12:38:27 +02:00
Sebastiaan van Stijn
299bd58c5a
libnetwork/osl: Namespace.Restore: rename vars for readability
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-09-20 12:38:27 +02:00
Sebastiaan van Stijn
7b96663082
libnetwork/osl: Namespace: inline setGateway and setGatewayIPv6
They were not consistently used, and the locations where they were
used were already "setters", so we may as well inline the code.

Also updating Namespace.Restore to keep the lock slightly longer,
instead of locking/unlocking for each property individually, although
we should consider to keep the long for the duration of the whole
function to make it more atomic.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-09-20 12:38:26 +02:00
Sebastiaan van Stijn
bd17d27658
libnetwork/osl: Namespace: make error-handling more idiomatic
Check for non-nil errors (and return early) instead of the reverse.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-09-20 12:38:26 +02:00
Sebastiaan van Stijn
0b4a70ca2c
libnetwork/osl: Namespace: programRoute, removeRoute rm path arg
Remove the argument, because it was not used.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-09-20 12:38:26 +02:00
Sebastiaan van Stijn
542fe0da40
libnetwork/osl: Namespace: make mutex private
Make the mutex internal to the Namespace; locking/unlocking should not
be done externally, and this makes it easier to see where it's used.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-09-20 12:38:26 +02:00
Sebastiaan van Stijn
338fc49060
libnetwork/osl: implement Namespace.RemoveInterface
Interface.Remove() was directly accessing Namespace "internals", such
as locking/unlocking. Move the code from Interface.Remove() into the
Namespace instead.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-09-20 12:34:47 +02:00
Sebastiaan van Stijn
7cfb81ba04
Merge pull request #46342 from thaJeztah/libnetwork_nwAgent_ip
libnetwork: nwAgent.bindAddr: change to net.IP
2023-09-20 10:27:06 +02:00
Sebastiaan van Stijn
3350f815c7
Merge pull request #46480 from thaJeztah/remove_remote_endpoints
libnetwork: remove some dead code around netWatch
2023-09-19 14:00:12 +02:00
Albin Kerouanton
e19e541e2c
libnet: add comment to ipamType
Signed-off-by: Albin Kerouanton <albinker@gmail.com>
2023-09-18 18:26:56 +02:00
Albin Kerouanton
3092b261e2
daemon: move most of validateEndpointSettings into api/t/net
Signed-off-by: Albin Kerouanton <albinker@gmail.com>
2023-09-18 18:26:56 +02:00
Sebastiaan van Stijn
35e9d688ba
libnetwork: remove netWatch.remoteEps, as it's unused
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-09-14 15:58:48 +02:00
Sebastiaan van Stijn
8ae5dc4aae
libnetwork: Network.updateSvcRecord: remove unused localEps arg
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-09-14 15:58:48 +02:00
Sebastiaan van Stijn
37b2ea9a8d
libnetwork: Controller.processEndpointCreate, Delete: remove nmap arg
It was used to pass the controller's own field; let's just use the
field directly instead.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-09-14 15:58:44 +02:00
Sebastiaan van Stijn
9c84994830
libnetwork/portmapper: remove unused PortMapper.checkIP
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-09-13 18:54:11 +02:00
Sebastiaan van Stijn
f5d6af13d0
libnetwork/portmapper: un-export PortMapper.Allocator
It was only accessed through methods on PortMapper, and in tests.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-09-13 18:38:53 +02:00
Sebastiaan van Stijn
863909a749
libnetwork/portmapper: New(): remove unused argument
None of the code using this function was setting the value, so let's
simplify and remove the argument.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-09-13 18:12:53 +02:00
Sebastiaan van Stijn
0a8bd82a37
Merge pull request #46446 from rhansen/host_ipv4
Fix host_ipv4 bridge option when IPv6 and ip6tables are enabled
2023-09-13 18:08:03 +02:00
Sebastiaan van Stijn
76915b16e7
Merge pull request #46347 from thaJeztah/libnetwork_early_returns
libnetwork: Network: add some early returns
2023-09-13 12:36:34 +02:00
Sebastiaan van Stijn
3b04fd10e8
Merge pull request #46251 from akerouanton/libnet-forbid-duplicated-network-names
libnet: Make sure network names are unique
2023-09-12 16:53:14 +02:00
Albin Kerouanton
78479b1915
libnet: Make sure network names are unique
Fixes #18864, #20648, #33561, #40901.

[This GH comment][1] makes clear network name uniqueness has never been
enforced due to the eventually consistent nature of Classic Swarm
datastores:

> there is no guaranteed way to check for duplicates across a cluster of
> docker hosts.

And this is further confirmed by other comments made by @mrjana in that
same issue, eg. [this one][2]:

> we want to adopt a schema which can pave the way in the future for a
> completely decentralized cluster of docker hosts (if scalability is
> needed).

This decentralized model is what Classic Swarm was trying to be. It's
been superseded since then by Docker Swarm, which has a centralized
control plane.

To circumvent this drawback, the `NetworkCreate` endpoint accepts a
`CheckDuplicate` flag. However it's not perfectly reliable as it won't
catch concurrent requests.

Due to this design decision, API clients like Compose have to implement
workarounds to make sure names are really unique (eg.
docker/compose#9585). And the daemon itself has seen a string of issues
due to that decision, including some that aren't fixed to this day (for
instance moby/moby#40901):

> The problem is, that if you specify a network for a container using
> the ID, it will add that network to the container but it will then
> change it to reference the network by using the name.

To summarize, this "feature" is broken, has no practical use and is a
source of pain for Docker users and API consumers. So let's just remove
it for _all_ API versions.

[1]: https://github.com/moby/moby/issues/18864#issuecomment-167201414
[2]: https://github.com/moby/moby/issues/18864#issuecomment-167202589

Signed-off-by: Albin Kerouanton <albinker@gmail.com>
2023-09-12 10:40:13 +02:00
Richard Hansen
12e27dfd8f Fix host_ipv4 bridge option when IPv6 and ip6tables are enabled
Before this commit, setting the `com.docker.network.host_ipv4` bridge
option when `enable_ipv6` is true and the experimental `ip6tables`
option is enabled would cause Docker to fail to create the network:

> failed to create network `test-network`: Error response from daemon:
> Failed to Setup IP tables: Unable to enable NAT rule: (iptables
> failed: `ip6tables --wait -t nat -I POSTROUTING -s fd01::/64 ! -o
> br-test -j SNAT --to-source 192.168.0.2`: ip6tables
> v1.8.7 (nf_tables): Bad IP address "192.168.0.2"
>
> Try `ip6tables -h` or `ip6tables --help` for more information.
>  (exit status 2))

Fix this error by passing nil -- not the `host_ipv4` address -- when
creating the IPv6 rules.

Signed-off-by: Richard Hansen <rhansen@rhansen.org>
2023-09-10 04:03:07 -04:00
Sebastiaan van Stijn
cd204f1118
libnetwork/osl: Namespace.DeleteNeighbor: remove intermediate vars
- store linkIndex in a local variable so that it can be reused
- remove / rename some intermediate vars that shadowed existing declaration

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-09-08 23:46:14 +02:00
Sebastiaan van Stijn
4215a1542b
libnetwork/osl: Namespace.DeleteNeighbor: remove osDelete argument
This argument was originally added in libnetwork:
03f440667f

At the time, this argument was conditional, but currently it's always set
to "true", so let's remove it.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-09-08 23:46:14 +02:00
Sebastiaan van Stijn
bc77104fed
libnetwork/osl: Namespace.DeleteNeighbor: don't warn on non-existing neighbor
The code ignores these errors, but will unconditionally print a warning;

> If the kernel deletion fails for the neighbor entry still remote it
> from the namespace cache. Otherwise if the neighbor moves back to the
> same host again, kernel update can fail.

Let's reduce noise if the neighbor wasn't found, to prevent logs like:

    Aug 16 13:26:35 master1.local dockerd[4019880]: time="2023-08-16T13:26:35.186662370+02:00" level=warning msg="error while deleting neighbor entry" error="no such file or directory"
    Aug 16 13:26:35 master1.local dockerd[4019880]: time="2023-08-16T13:26:35.366585939+02:00" level=warning msg="error while deleting neighbor entry" error="no such file or directory"
    Aug 16 13:26:42 master1.local dockerd[4019880]: time="2023-08-16T13:26:42.366658513+02:00" level=warning msg="error while deleting neighbor entry" error="no such file or directory"

While changing this code, also slightly rephrase the code-comment, and
fix a typo ("remote -> remove").

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>

libnetwork/osl: Namespace.DeleteNeighbor: rephrase code-comment

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-09-08 23:46:11 +02:00
Sebastiaan van Stijn
417328e44e
libnetwork/osl: remove dead code
The test-file had a duplicate definition for ErrNotImplemented, which
caused an error in this package, and was not used otherwise, so we can
remove this file.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-09-04 10:37:25 +02:00
Sebastiaan van Stijn
8c6a46f643
libnetwork: Endpoint.AddStaticRoute don't create StaticRoute if unused
This function either had to create a new StaticRoute, or add the destination
to the list of routes. Skip creating a StaticRoute struct if we're not
gonna use it.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-08-29 19:51:41 +02:00
Sebastiaan van Stijn
1dcb11f81d
libnetwork: Endpoint.InterfaceName: remove redundant nil check
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-08-29 19:50:55 +02:00
Sebastiaan van Stijn
a49b71b481
Merge pull request #46311 from thaJeztah/libnetwork_register
libnetwork: fix missing imports, code comment, and minor comment change (dupwords)
2023-08-29 18:34:20 +02:00
Sebastiaan van Stijn
be90e5e1d4
libnetwork: Controller.addServiceBinding: fix duplicate word in comment
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-08-29 16:55:46 +02:00
Sebastiaan van Stijn
77c2613d3a
libnetwork: fix some missing imports on macOS and FreeBSD
This was introduced in 1980deffae, which
changed the implementation, but forgot to update imports in these.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-08-29 16:55:44 +02:00
Cory Snider
a0a8d9d057 libnetwork: notify another driver registerer
There is no meaningful distinction between driverapi.Registerer and
drvregistry.DriverNotifyFunc. They are both used to register a network
driver with an interested party. They have the same function signature.
The only difference is that the latter could be satisfied by an
anonymous closure. However, in practice the only implementation of
drvregistry.DriverNotifyFunc is the
(*libnetwork.Controller).RegisterDriver method. This same method also
makes the libnetwork.Controller type satisfy the Registerer interface,
therefore the DriverNotifyFunc type is redundant. Change
drvregistry.Networks to notify a Registerer and drop the
DriverNotifyFunc type.

Signed-off-by: Cory Snider <csnider@mirantis.com>
2023-08-29 10:32:18 -04:00
Sebastiaan van Stijn
bea39a49bc
Merge pull request #46344 from thaJeztah/libnetwork_drivers_remote_cleanup_tests
libnetwork/drivers/remote: tests: cleanup dead code, and return concrete types
2023-08-29 11:34:00 +02:00
Sebastiaan van Stijn
bb7b7522b1
Merge pull request #46343 from thaJeztah/libnetwork_drivers_bridge_cleanup_tests
libnetwork/drivers/bridge: tests: remove some dead-code and return concrete type
2023-08-29 11:33:32 +02:00
Sebastiaan van Stijn
32e79c464a
libnetwork: Network: return early where possible
Add a fast-patch to some functions, to prevent locking/unlocking,
or other operations that would not be needed;

- Network.addDriverInfoToCluster
- Network.deleteDriverInfoFromCluster
- Network.addServiceInfoToCluster
- Network.deleteServiceInfoFromCluster
- Network.addDriverWatches

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-08-27 20:47:18 +02:00
Sebastiaan van Stijn
5512c7e838
libnetwork: Network.Services: remove some intermediate vars
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-08-27 20:40:31 +02:00
Sebastiaan van Stijn
d6b8298cfd
libnetwork: Network.Services: return early and don't lock in a loop
- return early when failing to fetch the driver
- store network-ID and controller in a variable to prevent repeatedly
  locking/unlocking. We don't expect the network's ID to change
  during this operation.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-08-27 20:40:31 +02:00
Sebastiaan van Stijn
8b21609654
libnetwork: remove Endpoint.Interface
This method is not part of any interface, and identical to Endpoint.Iface,
but one returns an Interface-type (driverapi.InterfaceInfo) and the other
returns a concrete type (EndpointInterface).

Interface-matching should generally happen on the receiver side, and this
function was only used in a single location, and passed as argument to
Driver.CreateEndpoint, which already matches the interface by accepting
a driverapi.InterfaceInfo.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-08-27 20:24:32 +02:00
Sebastiaan van Stijn
f8181b8875
libnetwork: Endpoint.Iface, Endpoint.Interface remove redundant "if"
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-08-27 20:24:32 +02:00
Sebastiaan van Stijn
6a61bacafe
libnetwork/drivers/remote: rollbackEndpoint.Interface: return concrete type
Interface-matching should generally happen on the receiver side, and this
function was only used in a single location, and passed as argument to
Driver.CreateEndpoint, which already matches the interface by accepting
a driverapi.InterfaceInfo.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-08-27 20:18:31 +02:00
Sebastiaan van Stijn
dc061d2ed3
libnetwork/drivers/remote: driver.DeleteNetwork: remove var that collided
Remove the var, because `delete` is a builtin.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-08-27 20:18:30 +02:00
Sebastiaan van Stijn
40b1389917
libnetwork/drivers/remote: remove unused testEndpoint.Interface
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-08-27 20:18:30 +02:00
Sebastiaan van Stijn
15435f7293
libnetwork/drivers/bridge: testEndpoint.Interface: return concrete type
Interface-matching should generally happen on the receiver side, and this
function was only used in a single location, and passed as argument to
Driver.CreateEndpoint, which already matches the interface by accepting
a driverapi.InterfaceInfo.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-08-27 20:13:27 +02:00
Sebastiaan van Stijn
9afb688f5f
libnetwork/drivers/bridge: getIPv4Data: remove unused argument
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-08-27 20:13:27 +02:00
Sebastiaan van Stijn
639449f84e
libnetwork: nwAgent.bindAddr: change to net.IP
Store the IP-address as a net.IP instead of a string.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-08-27 20:08:42 +02:00
Sebastiaan van Stijn
b75e831567
libnetwork: resolveAddr: add GoDoc
Describe the behavior of this function, as it was not documented.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-08-27 20:08:39 +02:00
Sebastiaan van Stijn
498da44aab
remove some remaining pre-go1.17 build-tags
commit ab35df454d removed most of the pre-go1.17
build-tags, but for some reason, "go fix" doesn't remove these, so removing
the remaining ones manually

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-08-24 17:51:07 +02:00
Sebastiaan van Stijn
79f5aac2d0
Merge pull request #46314 from thaJeztah/libnetwork_endpointinfo_godoc
libnetwork: add godoc to Endpoint
2023-08-24 17:33:11 +02:00
Sebastiaan van Stijn
713066accc
Merge pull request #46304 from thaJeztah/libnetwork_add_del_checkfirewalld
libnetwork/iptables: (Add|Del)InterfaceFirewalld: check firewalld status
2023-08-24 17:06:39 +02:00
Sebastiaan van Stijn
210abfaef6
libnetwork: add godoc to Endpoint
Copying relevant documentation from the EndpointInfo interface. We should
remove this interface, and the related Info() function, but it's currently
acting as a "gate" to prevent accessing the Endpoint's accessors without
making sure it's fully hydrated.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-08-24 16:36:33 +02:00
Sebastiaan van Stijn
53a6661684
Merge pull request #46305 from thaJeztah/libnetwork_remove_sandbox_interface
libnetwork/osl: remove Sandbox and Info interfaces
2023-08-24 16:23:32 +02:00
Enrico Weigelt, metux IT consult
bd2c553870 Fix some broken executable flags
Some non-executable files had executable mode flag.

Signed-off-by: Enrico Weigelt, metux IT consult <info@metux.net>
2023-08-24 12:23:59 +02:00
Sebastiaan van Stijn
b92cf68add
libnetwork/osl: remove Sandbox and Info interfaces
It only has a single implementation.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-08-23 23:29:09 +02:00
Sebastiaan van Stijn
c881360e88
libnetwork/osl: remove Interface.Master() as it's unused
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-08-23 20:13:15 +02:00
Sebastiaan van Stijn
b9bf407929
libnetwork/osl: remove Interface Interface
There's only one implementation; let's use that.
Also fixing a linting issue;

    libnetwork/osl/interface_linux.go:91:2: S1001: should use copy(to, from) instead of a loop (gosimple)
        for i, iface := range n.iFaces {
        ^

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-08-23 20:13:15 +02:00
Sebastiaan van Stijn
8631e69cdf
libnetwork/osl: remove Sandbox.InterfaceOptions() etc.
InterfaceOptions() returned an IfaceOptionSetter interface, which contained
"methods" that returned functional options. Such a construct could have made
sense if the functional options returned would (e.g.) be pre-propagated with
information from the Sandbox (network namespace), but none of that was the case.

There was only one implementation of IfaceOptionSetter (networkNamespace),
which happened to be the same as the only implementation of Sandbox, so remove
the interface as well, to help networkNamespace with its multi-personality
disorder.

This patch:

- removes Sandbox.Bridge() and makes it a regular function (WithIsBridge)
- removes Sandbox.Master() and makes it a regular function (WithMaster)
- removes Sandbox.MacAddress() and makes it a regular function (WithMACAddress)
- removes Sandbox.Address() and makes it a regular function (WithIPv4Address)
- removes Sandbox.AddressIPv6() and makes it a regular function (WithIPv6Address)
- removes Sandbox.LinkLocalAddresses() and makes it a regular function (WithLinkLocalAddresses)
- removes Sandbox.Routes() and makes it a regular function (WithRoutes)
- removes Sandbox.InterfaceOptions().
- removes the IfaceOptionSetter interface.

Note that the IfaceOption signature was changes as well to allow returning
an error. This is not currently used, but will be used for some options
in the near future, so adding that in preparation.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-08-23 20:13:15 +02:00
Sebastiaan van Stijn
f3d29db6a2
libnetwork/osl: remove Sandbox.NeighborOptions() etc.
NeighborOptions() returned an NeighborOptionSetter interface, which
contained "methods" that returned functional options. Such a construct
could have made sense if the functional options returned would (e.g.)
be pre-propagated with information from the Sandbox (network namespace),
but none of that was the case.

There was only one implementation of NeighborOptionSetter (networkNamespace),
which happened to be the same as the only implementation of Sandbox, so
remove the interface as well, to help networkNamespace with its multi-personality
disorder.

This patch:

- removes Sandbox.LinkName() and makes it a regular function (WithLinkName)
- removes Sandbox.Family() and makes it a regular function (WithFamily)
- removes Sandbox.NeighborOptions().
- removes the NeighborOptionSetter interface

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-08-23 20:13:15 +02:00
Sebastiaan van Stijn
a365fb0e9d
libnetwork: move more osl.Sandbox related code to Linux-only files
osl.NewSandbox() always returns a nil interface on Windows (and other non-Linux
platforms). This means that any code that these fields are always nil, and
any code using these fields must be considered Linux-only.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-08-23 20:13:15 +02:00
Sebastiaan van Stijn
95abde479a
libnetwork: implement Controller.setupOSLSandbox
osl.NewSandbox() always returns a nil interface on Windows (and other non-Linux
platforms). This means that any code that these fields are always nil, and
any code using these fields must be considered Linux-only;

- libnetwork/Controller.defOsSbox
- libnetwork/Sandbox.osSbox

Ideally, these fields would live in Linux-only files, but they're referenced
in various platform-neutral parts of the code, so let's start with moving
the initialization code to Linux-only files.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-08-23 20:13:15 +02:00
Sebastiaan van Stijn
35456d2eb1
libnetwork/osl: add godoc to networkNamespace
Copying the descriptions from the Sandbox, Info, NeighborOptionSetter,
and IfaceOptionSetter interfaces that it implements.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-08-23 20:13:14 +02:00
Sebastiaan van Stijn
aecfa55c4c
libnetwork/iptables: (Add|Del)InterfaceFirewalld: check firewalld status
Check if firewalld is running before running the function, so that consumers
of the function don't have to check for the status.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-08-23 19:58:54 +02:00
Sebastiaan van Stijn
0e3b2ec267
Merge pull request #46245 from thaJeztah/firewalld_dont_fail_on_removal
libnetwork/iptables: ProgramChain: don't fail if interface not found
2023-08-23 19:58:18 +02:00
Sebastiaan van Stijn
53afd2ae9f
Merge pull request #46201 from thaJeztah/daemon_updateSandboxNetworkSettings_err
libnetwork: remove unused err-return, and minor refactor around Sandbox creating
2023-08-23 19:56:58 +02:00
Sebastiaan van Stijn
71f4916357
Merge pull request #46246 from thaJeztah/fix_TestFirewalldInit
libnetwork/iptables: fix TestFirewalldInit
2023-08-23 19:38:08 +02:00
Sebastiaan van Stijn
2eccf0e8d1
libnetwork: Controller.NewSandbox: don't generate ID if not used
Windows uses the container-iD as ID for sandboxes, so it's not needed to
generate an ID  when running on Windows.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-08-23 14:26:53 +02:00
Sebastiaan van Stijn
389b21a341
Merge pull request #46262 from thaJeztah/libnetwork_resolv_cleanups
libnetwork: resolve: assorted cleanups
2023-08-23 14:22:33 +02:00
Sebastiaan van Stijn
13c4eaea92
Merge pull request #46205 from thaJeztah/libnetwork_noexecroot
libnetwork: cleanup SetBasePath, un-export SetExternalKey and other cleanups
2023-08-23 14:21:30 +02:00
Sebastiaan van Stijn
8f0b62e4d9
Merge pull request #46226 from thaJeztah/conntrack_reduce_noise
libnetwork/iptables: reduce DeleteConntrackEntriesXX debug logs
2023-08-23 14:19:53 +02:00
Sebastiaan van Stijn
bb5813a93d
Merge pull request #46240 from thaJeztah/libnetwork_named_returns
libnetwork: Controller.NewNetwork, Controller.NewSandbox: use named error-return
2023-08-23 14:19:27 +02:00
Sebastiaan van Stijn
cec49ba976
Merge pull request #46247 from thaJeztah/libnetwork_unexport_ZoneSettings
libnetwork/iptables: un-export ZoneSettings, and slight refactor
2023-08-23 14:17:38 +02:00
Sebastiaan van Stijn
0e7186af95
Merge pull request #46278 from thaJeztah/libnetwork_remove_InterfaceInfo_interface
libnetwork: remove InterfaceInfo interface
2023-08-23 14:16:23 +02:00
Sebastiaan van Stijn
8c3b14ee85
Merge pull request #46264 from thaJeztah/libnetwork_sandbox_split_options
libnetwork: move all SandboxOptions to a separate file
2023-08-23 14:13:52 +02:00
Sebastiaan van Stijn
77539e7bc7
Merge pull request #46279 from thaJeztah/libnetwork_remove_sandbox_info
libnetwork/osl: remove Sandbox.Info()
2023-08-23 14:13:26 +02:00
Bjorn Neergaard
8383430946
Merge pull request #45759 from akerouanton/validate-ipam-config
Validate IPAM config before handing it over to libnetwork
2023-08-22 13:58:28 -06:00
Albin Kerouanton
3e8af0817a
ipam: Replace ChildSubnet with parent Subnet when its mask is bigger
Prior to moby/moby#44968, libnetwork would happily accept a ChildSubnet
with a bigger mask than its parent subnet. In such case, it was
producing IP addresses based on the parent subnet, and the child subnet
was not allocated from the address pool.

This commit automatically fixes invalid ChildSubnet for networks stored
in libnetwork's datastore.

Signed-off-by: Albin Kerouanton <albinker@gmail.com>
2023-08-22 17:12:06 +02:00
Sebastiaan van Stijn
331854a126
Merge pull request #46239 from thaJeztah/vars_collide
libnetwork:  rename vars that collided
2023-08-22 10:50:35 +02:00
Sebastiaan van Stijn
dff53a02ef
libnetwork: remove Controller.Sandboxes as it's no longer used
The Controller.Sandboxes method was used by some SandboxWalkers. Now
that those have been removed, there are no longer any consumers of this
method, so let's remove it for now.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-08-21 19:08:43 +02:00
Sebastiaan van Stijn
f44fbab3ec
libnetwork: remove Controller.WalkSandboxes and related code
This functionality has been replaced with Controller.GetSandbox, and is
no longer used anywhere.

This patch removes:

- the Controller.WalkSandboxes method
- the SandboxContainerWalker SandboxWalker
- the SandboxWalker type

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-08-21 15:06:28 +02:00
Sebastiaan van Stijn
6dba98cf38
libnetwork: implement Controller.GetSandbox(containerID)
Various parts of the code were using "walkers" to iterate over the
controller's sandboxes, and the only condition for all of them was
to find the sandbox for a given container-ID. Iterating over all
sandboxes was also sub-optimal, because on Windows, the ContainerID
is used as Sandbox-ID, which can be used to lookup the sandbox from
the "sandboxes" map on the controller.

This patch implements a GetSandbox method on the controller that
looks up the sandbox for a given container-ID, using the most optimal
approach (depending on the platform).

The new method can return errors for invalid (empty) container-IDs, and
a "not found" error to allow consumers to detect non-existing sandboxes,
or potentially invalid IDs.

This new method replaces the (non-exported) Daemon.getNetworkSandbox(),
which was only used internally, in favor of directly accessing the
controller's method.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-08-21 15:06:26 +02:00
Sebastiaan van Stijn
6c4153f348
libnetwork: parallelTester: move vars closer to where they're used
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-08-21 15:03:14 +02:00
Sebastiaan van Stijn
e690cdb6a3
libnetwork: remove redundant sandboxTable type
It was not exported so let's remove the abstraction to not make it look
like something more than it is.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-08-21 15:03:14 +02:00
Sebastiaan van Stijn
3c10db669e
libnetwork: remove unused SandboxKeyWalker
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-08-21 15:03:08 +02:00
Sebastiaan van Stijn
cc414a2012
libnetwork/osl: remove Sandbox.Info()
"Pay no attention to the implementation behind the curtain!"

There's only one implementation of the Sandbox interface, and only one implementation
of the Info interface, and they both happens to be implemented by the same type:
networkNamespace. Let's merge these interfaces.

And now that we know that there's one, and only one Info, we can drop the charade,
and relieve the Sandbox from its dual personality.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-08-20 19:26:39 +02:00
Sebastiaan van Stijn
3b9f4395cf
libnetwork: remove InterfaceInfo interface
Use the only implementation (EndpointInterface) instead.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-08-20 19:08:21 +02:00
Sebastiaan van Stijn
fc302d7b7b
Merge pull request #46146 from akerouanton/libnet-errors-into-http-status-code
api: Convert libnet's errors into HTTP status code
2023-08-18 17:21:03 +02:00
Sebastiaan van Stijn
06e540c271
libnetwork: move all SandboxOptions to a separate file
Just a minor reorganisation; move options together into a dedicated file.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-08-18 13:12:25 +02:00
Sebastiaan van Stijn
2afa4eba43
libnetwork: resolver: Resolver.dialExtDNS use joinHostPort and cleanup
Slightly refactor Resolver.dialExtDNS:

- use net.JoinHostPort to properly format IPv6 addresses
- define a const for the default port, and avoid int ->  string
  conversion if no custom port is defined
- slightly simplify logic if the HostLoopback is used (at the cost of
  duplicating one line); in that case we don't need to define the closure

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-08-18 13:06:42 +02:00
Sebastiaan van Stijn
3218e26a22
libnetwork: resolver: remove some intermediate variables
Use struct-literals where possible for slightly more readable code.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-08-18 13:06:42 +02:00
Sebastiaan van Stijn
986de11464
libnetwork: resolver: remove setCommonFlags, use createRespMsg
This function was added in 36fd9d02be
(libnetwork: ce6c6e8c35),
because there were multiple places where a DNS response was created,
which had to use the same options. However, new "common" options were
added since, and having it in a function separate from the other (also
common) options was just hiding logic, so let's remove it.

What the above probably _should_ have done was to create a common utility
to create a DNS response (as all other options are shared as well). This
was actually done in 0c22e1bd07 (libnetwork:
be3531759b),
which added a `createRespMsg` utility, but missed that it could be used
for both cases.

This patch:

- removes the setCommonFlags function
- uses createRespMsg instead to share common options

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-08-18 13:06:39 +02:00
Sebastiaan van Stijn
0c522c6bbf
libnetwork/datastore: remove deprecated scope consts
Removes the deprecated consts, which moved to a separate "scope" package
in commit 6ec03d6745, and are no longer used;

- datastore.LocalScope
- datastore.GlobalScope
- datastore.SwarmScope

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-08-17 22:42:15 +02:00
Albin Kerouanton
c22ec82477
libnet: Fix error capitalization
Signed-off-by: Albin Kerouanton <albinker@gmail.com>
2023-08-17 16:48:09 +02:00
Albin Kerouanton
bd0111c1f4
libnet: Replace NoServiceError with UnavailableError
UnavailableError is now compatible with errdefs.UnavailableError. These
errors will now return a 503 instead of a 500.

Signed-off-by: Albin Kerouanton <albinker@gmail.com>
2023-08-17 16:46:53 +02:00
Albin Kerouanton
42d34e40f9
libnet: Replace BadRequest with InvalidParameter
InvalidParameter is now compatible with errdefs.InvalidParameter. Thus,
these errors will now return a 400 status code instead of a 500.

Signed-off-by: Albin Kerouanton <albinker@gmail.com>
2023-08-17 16:45:04 +02:00
Sebastiaan van Stijn
c85a33d74b
libnetwork/iptables: un-export ZoneSettings, and slight refactor
- un-export ZoneSettings, because it's only used internally
- make conversion to a "interface" slice a method on the struct
- remove the getDockerZoneSettings() function, and move the type-definition
  close to where it's used, as it was only used in a single location

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-08-16 17:41:23 +02:00
Sebastiaan van Stijn
d979d2af45
libnetwork/iptables: fix TestFirewalldInit
This test didn't make a lot of sense, because `checkRunning()` depends on
the `connection` package-var being set, which is done by `firewalldInit()`,
so would never be true on its own.

Add a small utility that opens its own D-Bus connection to verify if
firewalld is running, and otherwise skips the tests (preserving any
error in the process).

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-08-16 17:28:07 +02:00
Sebastiaan van Stijn
513063bcf9
libnetwork/iptables: ProgramChain: don't fail if interface not found
DelInterfaceFirewalld returns an error if the interface to delete was
not found. Let's ignore cases where we were successfully able to get
the list of interfaces in the zone, but the interface was not part of
the zone.

This patch changes the error for these cases to an errdefs.ErrNotFound,
and updates IPTable.ProgramChain to ignore those errors.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-08-16 17:25:10 +02:00
Sebastiaan van Stijn
56b62640a2
libnetwork: Controller.NewSandbox: use named error-return
It's used in various defers, but was using `err` as name, which can be
confusing, and increases the risk of accidentally shadowing the error.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-08-16 13:25:10 +02:00
Sebastiaan van Stijn
cbe692ffd1
libnetwork: Controller.NewNetwork: use named error-return
It's used in various defers, but was using `err` as name, which can be
confusing, and increases the risk of accidentally shadowing the error.

This patch:

- introduces a `retErr` output variable, to be used in defer statements.
- explicitly changes some `err` uses to locally-scoped variables.
- moves some variable definitions closer to where they're used (where possible).

While working on this change, there was one point in the code where
error handling was ambiguous. I added a note for that, in case this
was not a bug:

> This code was previously assigning the error to the global "err"
> variable (before it was renamed to "retErr"), but in case of a
> "MaskableError" did not *return* the error:
> b325dcbff6/libnetwork/controller.go (L566-L573)
>
> Depending on code paths further down, that meant that this error
> was either overwritten by other errors (and thus not handled in
> defer statements) or handled (if no other code was overwriting it.
>
> I suspect this was a bug (but possible without effect), but it could
> have been intentional. This logic is confusing at least, and even
> more so combined with the handling in defer statements that check for
> both the "err" return AND "skipCfgEpCount":
> b325dcbff6/libnetwork/controller.go (L586-L602)
>
> To save future visitors some time to dig up history:
>
> - config-only networks were added in 25082206df
> - the special error-handling and "skipCfgEpcoung" was added in ddd22a8198
> - and updated in 87b082f365 to don't use string-matching

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-08-16 13:25:10 +02:00
Sebastiaan van Stijn
e2f9d6c4c3
libnetwork: rename vars that collided with builtins
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-08-16 12:34:25 +02:00
Sebastiaan van Stijn
e8f0f5a4ce
libnetwork: rename agent type to reduce collisions
There were quite some places where the type collided with variables
named `agent`. Let's rename the type.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-08-16 12:12:39 +02:00
Sebastiaan van Stijn
0503cf2510
libnetwork/drivers/bridge: setupIPChains(): name output variables
This function has _four_ output variables of the same type, and several
defer statements that checked the error returned (but using the `err`
variable).

This patch names the return variables to make it clearer what's being
returned, and renames the error-return to `retErr` to make it clearer
where we're dealing with the returned error (and not any local err), to
prevent accidentally shadowing.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-08-16 00:26:35 +02:00
Bjorn Neergaard
a443c2b18d
Merge pull request #46197 from thaJeztah/bridge_nowindows
libnetwork/drivers/bridge: rename some linux-only files
2023-08-15 16:11:38 -06:00
Sebastiaan van Stijn
ea2d686468
libnetwork/iptables: DeleteConntrackEntries: remove "totals" returns
There's nothing handling these results, and they're logged as debug-logs,
so we may as well remove the returned variables.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-08-14 16:53:36 +02:00
Sebastiaan van Stijn
f1240393d9
libnetwork/iptables: reduce DeleteConntrackEntriesXX debug logs
Both functions were generating debug logs if there was nothing to log.
The function already produces logs if things failed while deleting entries,
so these logs would only be printed if there was nothing to delete, so can
safely be discarded.

Before this change:

    DEBU[2023-08-14T12:33:23.082052638Z] Revoking external connectivity on endpoint sweet_swirles (1519f9376a3abe7a1c981600c25e8df6bbd0a3bc3a074f1c2b3bcbad0438443b)
    DEBU[2023-08-14T12:33:23.085782847Z] DeleteConntrackEntries purged ipv4:0, ipv6:0
    DEBU[2023-08-14T12:33:23.085793847Z] DeleteConntrackEntriesByPort for udp ports purged ipv4:0, ipv6:0

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-08-14 16:51:43 +02:00
Sebastiaan van Stijn
8376595621
libnetwork: un-export SetExternalKey
It's only called as part of the "libnetwork-setkey" re-exec, so un-exporting
it to make clear it's not for external use.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-08-12 15:29:20 +02:00
Sebastiaan van Stijn
91a3a95385
libnetwork/options: OptionExecRoot: skip osl.SetBasePath on non-Linux
The basepath is only used on Linux, so no need to call it on other
platforms. SetBasePath was already stubbed out on other platforms,
but "osl" was still imported in various places where it was not actually
used, so trying to reduce imports to get a better picture of what parts
are used (and not used).

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-08-12 15:29:20 +02:00
Sebastiaan van Stijn
48ea7ec970
libnetwork/osl: use filepath.Join() only when changing basedir
Use filepath.Join() only when the base-path is updated, instead of every
time it is accessed.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-08-12 15:29:20 +02:00
Sebastiaan van Stijn
8bf62010a4
libnetwork: merge linux-only test-files
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-08-12 01:27:38 +02:00
Sebastiaan van Stijn
c0562d4eed
libnetwork: rename unix-only testfiles
Some tests were implicitly skipped through the `getTestEnv()` utility,
which made it hard to discover they were not ran on Windows.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-08-12 01:27:38 +02:00
Sebastiaan van Stijn
8070f15966
libnetwork/drivers/bridge: rename some linux-only files
This makes it easier to spot if code is only used on Linux. Note that "all of"
the bridge driver is Linux-only.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-08-12 00:37:43 +02:00
Sebastiaan van Stijn
014fefee1d
libnetwork/drivers/bridge: minor formatting fixes
My IDE kept on re-formatting, so let's do so.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-08-12 00:37:43 +02:00
Sebastiaan van Stijn
d4e1c072e2
libnetwork: move resolverIPSandbox closer to where it's used
It's only used on non-Windows platforms, so let's move it there.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-08-11 15:00:30 +02:00
Sebastiaan van Stijn
f661bd8ee5
libnetwork: Resolved.SetupFunc() minor cleanup
Remove intermediate variables in favor of struct-literals.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-08-11 15:00:30 +02:00
Sebastiaan van Stijn
de4ba13400
libnetwork: move resolver tests that were skipped on Windows
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-08-11 15:00:30 +02:00
Sebastiaan van Stijn
1e4e9161c5
libnetwork: move TestDNSOptions to a non-windows file
It was only testing stub implementations on Windows that are not
used in production code.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-08-11 14:59:30 +02:00
Sebastiaan van Stijn
6598cba32f
Merge pull request #46174 from thaJeztah/libnetwork_osl_cleanups
libnetwork/osl: remove redundant locks, and assorted cleanups
2023-08-09 12:17:54 +02:00
Sebastiaan van Stijn
8a1ca49657
libnetwork/osl: nwIface: add godoc
Copy the godoc from the interface to the implementation.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-08-08 23:05:42 +02:00
Sebastiaan van Stijn
16785b9b7b
libnetwork/osl: move all networkNamespace methods together
These methods were sprinkled throughout the code; let's move
them together.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-08-08 23:04:19 +02:00
Sebastiaan van Stijn
5b0fa7aaca
libnetwork/osl: some minor nits
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-08-08 22:33:29 +02:00
Sebastiaan van Stijn
972d80b596
libnetwork/osl: clean up newInfo() a bit
Use struct-literals in some places to make it slightly more visible
what we're creating where.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-08-08 22:33:28 +02:00
Sebastiaan van Stijn
0da721ec38
libnetwork/osl: make newKey and newInfo a t.Helper()
Both were passed testing.T, but it was not used, so let's make use of it.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-08-08 22:33:28 +02:00
Sebastiaan van Stijn
d9442aab88
libnetwork/osl: nwIface: remove mutex altogether
The mutex is only used on reads, but there's nothing protecting writes,
and it looks like nothing is mutating fields after creation, so let's
remove this altogether.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-08-08 22:33:07 +02:00
Sebastiaan van Stijn
2afe18d2ce
libnetwork/osl: nwIface: unexport sync.Mutex
Don't make the mutex public. This also gives a better clue
if the mutex is used externally.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-08-08 22:32:26 +02:00
Sebastiaan van Stijn
8b989ac665
libnetwork/osl: let's not do this, etc.
No context in the commit that added it, but PR discussion shows that
the API was mostly exploratory, and it was 8 Years go, so let's not
head in that direction :) b646784859

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-08-08 22:15:13 +02:00
Sebastiaan van Stijn
3d0a7d819c
libnetwork: remove Network.Info() and remove NetworkInfo interface
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-08-08 22:05:32 +02:00
Sebastiaan van Stijn
74354043ff
remove uses of libnetwork/Network.Info()
Now that we removed the interface, there's no need to cast the Network
to a NetworkInfo interface, so we can remove uses of the `Info()` method.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-08-08 22:05:30 +02:00
Sebastiaan van Stijn
2b449e0e65
Merge pull request #46173 from akerouanton/remove-unused-ipam-errors
libnet/ipamapi: Remove unused errors
2023-08-08 21:56:08 +02:00
Albin Kerouanton
36a0946aa9
libnet/ipamapi: Remove unused errors
These errors aren't used in our repo and seem unused by the OSS
community (this was checked with Sourcegraph).

- ErrIpamInternalError has never been used
- ErrInvalidRequest is unused since moby/libnetwork@c85356efa
- ErrPoolNotFound has never been used
- ErrOverlapPool has never been used
- ErrNoAvailablePool has never been used

Signed-off-by: Albin Kerouanton <albinker@gmail.com>
2023-08-08 19:55:47 +02:00
Sebastiaan van Stijn
94dc10378d
libnetwork: network.requestPoolHelper: slightly optimize order of checks
Check the preferredPool first, as other checks could be doing more
(such as locking, or validating / parsing). Also adding a note, as
it's unclear why we're ignoring invalid pools here.

The "invalid" conditions was added in [libnetwork#1095][1], which
moved code to reduce os-specific dependencies in the ipam package,
but also introduced a types.IsIPNetValid() function, which considers
"0.0.0.0/0" invalid, and added it to the condition to return early.

Unfortunately review does not mention this change, so there's no
context why. Possibly this was done to prevent errors further down
the line (when checking for overlaps), but returning an error here
instead would likely have avoided that as well, so we can only guess.

To make this code slightly more transparent, this patch also inlines
the "types.IsIPNetValid" function, as it's not used anywhere else,
and inlining it makes it more visible.

[1]: 5ca79d6b87 (diff-bdcd879439d041827d334846f9aba01de6e3683ed8fdd01e63917dae6df23846)

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-08-08 15:57:24 +02:00
Sebastiaan van Stijn
67e2c1d482
libnetwork: network.requestPoolHelper: remove dead code
This code was only run if no preferred pool was specified, however,
since [libnetwork#1162][2], the function would already return early
if a preferred pools was set (and the overlap check to be skipped),
so this was now just dead code.

[2]: 9cc3385f44

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-08-08 15:57:24 +02:00
Sebastiaan van Stijn
ad68883c5a
libnetwork: network.requestPoolHelper: don't defer in a loop
This function intentionally holds a lock / lease on address-pools to
prevent trying the same pool repeatedly.

Let's try to make this logic slightly more transparent, and prevent
defining defers in a loop. Releasing all the pools in a singe defer
also allows us to get the network-name once, which prevents locking
and unlocking the network for each iteration.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-08-08 15:57:24 +02:00
Sebastiaan van Stijn
32fcde6d9e
libnetwork: network.IpamConfig, network.IpamInfo: name output vars
Both functions have multiple output vars with generic types, which made
it hard to grasp what's what.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-08-08 15:57:24 +02:00
Sebastiaan van Stijn
df03357d19
libnetwork/ipam: move PoolID.FromString() to a PoolIDFromString() func
This makes it easier to consume, without first having to create an empty
PoolID.

Performance is the same:

    BenchmarkPoolIDFromString-10   6100345   196.5 ns/op  112 B/op   3 allocs/op
    BenchmarkPoolIDFromString-10   6252750   192.0 ns/op  112 B/op   3 allocs/op

Note that I opted not to change the return-type to a pointer, as that seems
to perform less;

    BenchmarkPoolIDFromString-10   6252750   192.0 ns/op  112 B/op   3 allocs/op
    BenchmarkPoolIDFromString-10   5288682   226.6 ns/op  192 B/op   4 allocs/op

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-08-08 15:57:24 +02:00
Sebastiaan van Stijn
808fed550d
libnetwork/ipam: PoolID.String(): don't use fmt.Sprintf
As this function may be called repeatedly to convert to/from a string,
it may be worth optimizing it a bit. Adding a minimal Benchmark for
it as well.

Before/after:

    BenchmarkPoolIDToString-10   2842830   424.3 ns/op   232 B/op  12 allocs/op
    BenchmarkPoolIDToString-10   7176738   166.8 ns/op   112 B/op   7 allocs/op

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-08-08 15:57:24 +02:00
Sebastiaan van Stijn
87fc8c772b
libnetwork/ipam: Allocator.RequestPool: name args, output vars
network.requestPoolHelper and Allocator.RequestPool have many args and
output vars with generic types. Add names for them to make it easier to
grasp what's what.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-08-08 15:57:20 +02:00
Sebastiaan van Stijn
6dbc9c1c53
libnetwork/ipam: Allocator.RequestPool: mark options arg as unused
The options are unused, other than for debug-logging, which made it look
as if they were actually consumed anywhere, but they aren't.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-08-08 15:56:24 +02:00
Sebastiaan van Stijn
7047964bd6
libnetwork/ipam: Allocator.RequestPool: make parseErr only handle errors
This makes it slightly more readable to see what's returned in each of
the code-paths. Also move validation of pool/subpool earlier in the
function.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-08-08 15:56:24 +02:00
Sebastiaan van Stijn
821ef5cbaf
libnetwork/ipams/null: use consts for fixed values
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-08-08 15:56:22 +02:00
Sebastiaan van Stijn
63d477b20e
Merge pull request #46039 from thaJeztah/cleanup_bridge
libnetwork/drivers/bridge: assorted cleanups
2023-08-08 14:06:50 +02:00
Sebastiaan van Stijn
f9cae2acbe
Merge pull request #46165 from akerouanton/remove-api-CheckDuplicate-warning
api: Remove duplicated check on CheckDuplicate
2023-08-08 13:42:17 +02:00
Sebastiaan van Stijn
4ab4330677
Merge pull request #46080 from thaJeztah/pkg_plugin_cleanup_STEP2
pkg/plugins: some cleaning up (step 2)
2023-08-08 12:28:16 +02:00
Sebastiaan van Stijn
2aa24519da
ibnetwork/drivers/bridge: newLink: validate before creating
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-08-08 11:50:40 +02:00
Sebastiaan van Stijn
5d722b35d9
libnetwork/drivers/bridge: bridgeNetwork.getEndpoint(): move lock
Don't lock if there's no need to.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-08-08 11:50:39 +02:00
Sebastiaan van Stijn
eba15fe905
libnetwork/drivers/bridge: driver.link: don't defer in a loop
Collect a list of all the links we successfully enabled (if any), and
use a single defer to disable them.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-08-08 11:50:39 +02:00
Sebastiaan van Stijn
76b736c242
libnetwork/drivers/bridge: driver.link: name return var for defer handling
Name the return variable to prevent accidental shadowing of the error,
which is used in defers.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-08-08 11:50:39 +02:00
Sebastiaan van Stijn
ea5f21ceac
libnetwork/drivers/bridge: don't convert IP to string and back again
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-08-08 11:50:39 +02:00
Sebastiaan van Stijn
8b6203b613
libnetwork/drivers/bridge: link.Enable: don't register reload on error
Only register a reload function if we actually managed to enable the link.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-08-08 11:50:34 +02:00
Sebastiaan van Stijn
0f4ba145ee
libnetwork/drivers/bridge: link.Enable, link.Disable use iptables.Action
The iptables package has types defined for these actions; use them directly
instead of creating a string only to convert it to a known value.

As the linkContainers() function is only used internally, and with fixed
values, we can also remove the validation, and InvalidIPTablesCfgError
error, which is now unused.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-08-08 11:47:31 +02:00
Albin Kerouanton
40adb4317b
api: Remove duplicated check on CheckDuplicate
Partially revert commit 94b880f.

The CheckDuplicate field has been introduced in commit 2ab94e1. At that
time, this check was done in the network router. It was then moved to
the daemon package in commit 3ca2982. However, commit 94b880f duplicated
the logic into the network router for no apparent reason. Finally,
commit ab18718 made sure a 409 would be returned instead of a 500.

As this logic is first done by the daemon, the error -> warning
conversion can't happen because CheckDuplicate has to be true for the
daemon package to return an error. If it's false, the daemon proceed
with the network creation, set the Warning field of its return value and
return no error.

Thus, the CheckDuplicate logic in the api is removed and
libnetwork.NetworkNameError now implements the ErrConflict interface.

Signed-off-by: Albin Kerouanton <albinker@gmail.com>
2023-08-08 10:00:02 +02:00
Sebastiaan van Stijn
481dde8b70
libnetwork: use plugin Content-Type headers v1.2
The MediaType was changed twice in;

- b3b7eb2723 ("application/vnd.docker.plugins.v1+json"   -> "application/vnd.docker.plugins.v1.1+json")
- 54587d861d ("application/vnd.docker.plugins.v1.1+json" -> "application/vnd.docker.plugins.v1.2+json")

But the (integration) tests were still using the old version, so let's
use the VersionMimeType const that's defined, and use the updated version.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-08-07 20:38:54 +02:00
Sebastiaan van Stijn
91cab53a3e
libnetwork: make OptionDNS, OptionDNSOptions, OptionDNSSearch take a slice
Outside of some tests, these options are the only code setting these fields,
so we can update them to set the value, instead of appending.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-08-02 16:14:15 +02:00
Sebastiaan van Stijn
a1202648ff
Merge pull request #46100 from thaJeztah/libnetwork_var_collide
libnetwork: rename vars that collided with builtin and type
2023-08-01 15:59:04 +02:00
Sebastiaan van Stijn
5e2a1195d7
swap logrus types for their containerd/logs aliases
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-08-01 13:02:55 +02:00
Sebastiaan van Stijn
39a13456c1
Merge pull request #46109 from thaJeztah/windows_remove_discoverapi
libnetwork/driver: remove discoverAPI from Windows and Windows overlay
2023-08-01 10:51:56 +02:00
Sebastiaan van Stijn
95bbbc0418
Merge pull request #46110 from thaJeztah/libnetwork_dead_code
libnetwork: remove some dead code, and un-export internal functions
2023-08-01 00:57:34 +02:00
Albin Kerouanton
e2d400bea9
libnet/d/bridge: Inline InvalidLinkIPAddrError
Signed-off-by: Albin Kerouanton <albinker@gmail.com>
2023-07-31 21:33:02 +02:00
Albin Kerouanton
6df4a00bb9
libnet/d/bridge: Remove pointless BadRequestError impl
IPv4AddrNoMatchError and IPv6AddrNoMatchError are currently implementing
BadRequestError. They are returned in two cases, and none are due to a
bad user request:

- When calling daemon's CreateNetwork route, if the bridge's IPv4
  address or none of the bridge's IPv6 addresses match what's requested.
  If that happens, there's a big issue somewhere in libnetwork or the
  kernel.
- When restoring a network, for the same reason. In that case, the
  on-disk state drifted from the interface state.

Signed-off-by: Albin Kerouanton <albinker@gmail.com>
2023-07-31 21:32:00 +02:00
Albin Kerouanton
7c13985fa1
libnet/d/bridge: Inline InvalidIPTablesCfgError
This error can only be reached because of an error in our code, so it's
not a "bad user request". As it's never type asserted, no need to keep
it around.

Signed-off-by: Albin Kerouanton <albinker@gmail.com>
2023-07-31 21:30:46 +02:00
Albin Kerouanton
d8f42ee21a
libnet/d/bridge: Inline IPTableCfgError
This error is only used in defensive checks whereas the precondition is
already checked by caller. If we reach it, we messed something else. So
it's definitely not a BadRequest. Also, it's not type asserted anywhere,
so just inline it.

Signed-off-by: Albin Kerouanton <albinker@gmail.com>
2023-07-31 21:30:20 +02:00
Sebastiaan van Stijn
a40d00c421
libnetwork: remove ErrDataStoreNotInitialized
If was not used as a sentinel error, so inline the error.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-07-31 21:00:33 +02:00
Sebastiaan van Stijn
66b379785e
libnetwork: remove unused InvalidContainerIDError
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-07-31 21:00:33 +02:00
Sebastiaan van Stijn
d8cd4f6421
libnetwork: remove unused UnknownEndpointError
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-07-31 21:00:33 +02:00
Sebastiaan van Stijn
fc5c16f491
libnetwork: remove unused NetworkTypeError
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-07-31 21:00:33 +02:00
Sebastiaan van Stijn
e9f1888560
libnetwork: remove unused ErrInvalidConfigFile
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-07-31 21:00:32 +02:00
Sebastiaan van Stijn
eadaaa7f79
libnetwork: remove unused ErrNoContainer
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-07-31 21:00:32 +02:00
Sebastiaan van Stijn
99ab11bb90
libnetwork: remove unused ErrInvalidJoin
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-07-31 21:00:32 +02:00
Sebastiaan van Stijn
9174eb00e2
libnetwork: remove unused ErrInvalidNetworkDriver
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-07-31 21:00:32 +02:00
Sebastiaan van Stijn
7c2665298a
libnetwork/types: move GetMinimalIP to overlay-driver and un-export
It was only used in drivers/overlay, and was not a function for any
"type" defined by libnetwork.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-07-31 21:00:32 +02:00
Sebastiaan van Stijn
d9b7a5f01a
libnetwork/types: remove ErrInvalidProtocolBinding
It was not used as a sentinel error, and didn't carry a specific type,
which made it a rather complex way to create an error.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-07-31 21:00:32 +02:00
Sebastiaan van Stijn
4445169cb5
libnetwork/types: remove PortBinding.Equal
It was only used in tests, so move it to a utility in the tests.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-07-31 21:00:26 +02:00
Sebastiaan van Stijn
4269712d06
libnetwork/types: remove unused UUID type
This type was added moved to the types package as part of a refactor
in 778e2a72b3
but the introduction of the sandbox API changed the existing API to
weak types (not using a plain string);
9a47be244a

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-07-31 20:57:48 +02:00
Sebastiaan van Stijn
c203171ef6
libnetwork/types: remove unused RetryError and TimeoutError
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-07-31 20:57:45 +02:00
Albin Kerouanton
6d37ab0a83
libnet/d/bridge: Change interface implemented by error types
- InvalidIPTablesCfgError: implement InternalError instead of
  BadRequestError. This error is returned when an invalid iptables
  action is passed as argument (ie. none of -A, -I, or -D).
- ErrInvalidDriverConfig: don't implement BadRequestError. This is
  returned when libnetwork controller initialization pass bad driver
  config -- there's no call from an HTTP route.

Signed-off-by: Albin Kerouanton <albinker@gmail.com>
2023-07-31 19:17:09 +02:00
Albin Kerouanton
03db2f8c3d
libnet/d/bridge: Remove unused error types
These error types are removed:

- ErrInvalidContainerConfig
- ErrInvalidPort
- ErrInvalidAddressBinding
- InvalidSandboxIDError
- IPv4AddrRangeError

Signed-off-by: Albin Kerouanton <albinker@gmail.com>
2023-07-31 19:17:09 +02:00
Sebastiaan van Stijn
5438356348
libnetwork: rename vars that collided with builtin and type
- cap is a builtin
- agent is a type defined in the package

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-07-29 22:28:03 +02:00
Sebastiaan van Stijn
a908460adb
Merge pull request #46043 from thaJeztah/cleanup_iptables_the_firewall_strikes_back
libnetwork/iptables: cleaning up: "there's more where that came from"
2023-07-29 22:12:48 +02:00
Sebastiaan van Stijn
be0f4a4737
libnetwork/driver: remove discoverAPI from Windows and Windows overlay
Follow-up to fca38bcd0a, which made the
Discover API optional for drivers to implement, but forgot to remove the
stubs from the Windows drivers, which didn't implement this API.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-07-29 00:33:32 +02:00
Sebastiaan van Stijn
6ec03d6745
libnetwork: move datastore Scope consts to libnetwork/scope
The "Capability" type defines DataScope and ConnectivityScope fields,
but their value was set from consts in the datastore package, which
required importing that package and its dependencies for the consts
only.

This patch:

- Moves the consts to a separate "scope" package
- Adds aliases for the consts in the datastore package.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-07-28 21:56:48 +02:00
Sebastiaan van Stijn
fca38bcd0a
libnetwork/driverapi: make discoverAPI an optional part of the interface
Most drivers do not implement this, so detect if a driver implements
the discoverAPI, and remove the implementation from drivers that do
not support it.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-07-28 17:16:00 +02:00
Sebastiaan van Stijn
0d76fc431a
libnetwork/remote: newDriver(): return concrete type
Interface matching will happen on the receiver side.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-07-28 12:52:38 +02:00
Sebastiaan van Stijn
ed9cd96bdb
Merge pull request #46083 from akerouanton/move-libnet-testutils
tests: Move libnetwork/testutils to internal/testutils/netnsutils
2023-07-27 20:35:42 +02:00
Albin Kerouanton
2870559b2c
Merge pull request #45649 from akerouanton/allow-all-ipv6-icc
libnet/d/bridge: Allow IPv6 ICC from any IP address
2023-07-27 19:41:55 +02:00
Albin Kerouanton
da9e44a620
libnet/d/bridge: Allow IPv6 ICC from any IP address
IPv6 ipt rules are exactly the same as IPv4 rules, although both
protocol don't use the same networking model. This has bad consequences,
for instance: 1. the current v6 rules disallow Neighbor
Solication/Advertisement ; 2. multicast addresses can't be used ; 3.
link-local addresses are blocked too.

To solve this, this commit changes the following rules:

```
-A DOCKER-ISOLATION-STAGE-1 ! -s fdf1:a844:380c:b247::/64 -o br-21502e5b2c6c -j DROP
-A DOCKER-ISOLATION-STAGE-1 ! -d fdf1:a844:380c:b247::/64 -i br-21502e5b2c6c -j DROP
```

into:

```
-A DOCKER-ISOLATION-STAGE-1 ! -s fdf1:a844:380c:b247::/64 ! -i br-21502e5b2c6c   -o br-21502e5b2c6c -j DROP
-A DOCKER-ISOLATION-STAGE-1 ! -d fdf1:a844:380c:b247::/64   -i br-21502e5b2c6c ! -o br-21502e5b2c6c -j DROP
```

These rules only limit the traffic ingressing/egressing the bridge, but
not traffic between veth on the same bridge.

Note that, the Kernel takes care of dropping invalid IPv6 packets, eg.
loopback spoofing, thus these rules don't need to be more specific.

Solve #45460.

Signed-off-by: Albin Kerouanton <albinker@gmail.com>
2023-07-27 10:56:08 +02:00