зеркало из https://github.com/microsoft/docker.git
Deallocate port before trying to delete iptables chain
Fixes #7954 Signed-off-by: Alexandr Morozov <lk4d4math@gmail.com>
This commit is contained in:
Alexandr Morozov
Родитель
f1095b801e
Коммит
2e7cf6b0ce
|
|
@ -4,11 +4,11 @@ import (
|
|||
"errors"
|
||||
"fmt"
|
||||
"net"
|
||||
"strings"
|
||||
"sync"
|
||||
|
||||
"github.com/docker/docker/daemon/networkdriver/portallocator"
|
||||
"github.com/docker/docker/pkg/iptables"
|
||||
"github.com/docker/docker/pkg/log"
|
||||
)
|
||||
|
||||
type mapping struct {
|
||||
|
|
@ -127,10 +127,7 @@ func Unmap(host net.Addr) error {
|
|||
containerIP, containerPort := getIPAndPort(data.container)
|
||||
hostIP, hostPort := getIPAndPort(data.host)
|
||||
if err := forward(iptables.Delete, data.proto, hostIP, hostPort, containerIP.String(), containerPort); err != nil {
|
||||
// skip "no chain" errors because we can safely release port in this case
|
||||
if !strings.Contains(err.Error(), "No chain/target/match by that name") {
|
||||
return err
|
||||
}
|
||||
log.Errorf("Error on iptables delete: %s", err)
|
||||
}
|
||||
|
||||
switch a := host.(type) {
|
||||
|
|
@ -139,7 +136,6 @@ func Unmap(host net.Addr) error {
|
|||
case *net.UDPAddr:
|
||||
return portallocator.ReleasePort(a.IP, "udp", a.Port)
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -1846,3 +1846,32 @@ func TestRunNetworkNotInitializedNoneMode(t *testing.T) {
|
|||
deleteAllContainers()
|
||||
logDone("run - network must not be initialized in 'none' mode")
|
||||
}
|
||||
|
||||
func TestRunDeallocatePortOnMissingIptablesRule(t *testing.T) {
|
||||
cmd := exec.Command(dockerBinary, "run", "-d", "-p", "23:23", "busybox", "top")
|
||||
out, _, err := runCommandWithOutput(cmd)
|
||||
if err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
id := strings.TrimSpace(out)
|
||||
ip, err := inspectField(id, "NetworkSettings.IPAddress")
|
||||
if err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
iptCmd := exec.Command("iptables", "-D", "FORWARD", "-d", fmt.Sprintf("%s/32", ip),
|
||||
"!", "-i", "docker0", "-o", "docker0", "-p", "tcp", "-m", "tcp", "--dport", "23", "-j", "ACCEPT")
|
||||
out, _, err = runCommandWithOutput(iptCmd)
|
||||
if err != nil {
|
||||
t.Fatal(err, out)
|
||||
}
|
||||
if err := deleteContainer(id); err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
cmd = exec.Command(dockerBinary, "run", "-d", "-p", "23:23", "busybox", "top")
|
||||
out, _, err = runCommandWithOutput(cmd)
|
||||
if err != nil {
|
||||
t.Fatal(err, out)
|
||||
}
|
||||
deleteAllContainers()
|
||||
logDone("run - port should be deallocated even on iptables error")
|
||||
}
|
||||
|
|
|
|||
Загрузка…
Ссылка в новой задаче