Merge pull request #14966 from mrjana/vendor18

Vendoring libnetwork
2015-07-24 17:58:23 -07:00 · 2015-07-24 17:58:23 -07:00 · 5bdd4d0ec4
--- a/hack/vendor.sh
+++ b/hack/vendor.sh
@ -21,7 +21,7 @@ clone git golang.org/x/net 3cffabab72adf04f8e3b01c5baf775361837b5fe https://gith
 clone hg code.google.com/p/gosqlite 74691fb6f837

 #get libnetwork packages
-clone git github.com/docker/libnetwork 2a5cb84758b5115d99d8f82c84845417c6c345a3
+clone git github.com/docker/libnetwork f1c5671f1ee2133055144e566cd8b3a0ae4f0433
 clone git github.com/armon/go-metrics eb0af217e5e9747e41dd5303755356b62d28e3ec
 clone git github.com/hashicorp/go-msgpack 71c2886f5a673a35f909803f38ece5810165097b
 clone git github.com/hashicorp/memberlist 9a1e242e454d2443df330bdd51a436d5a9058fc4
--- a/vendor/src/github.com/docker/libnetwork/README.md
+++ b/vendor/src/github.com/docker/libnetwork/README.md
@ -18,7 +18,10 @@ There are many networking solutions available to suit a broad range of use-cases

 ```go
        // Create a new controller instance
-        controller := libnetwork.New()
+        controller, err := libnetwork.New()
+        if err != nil {
+                return
+        }

        // Select and configure the network driver
        networkType := "bridge"
--- a/vendor/src/github.com/docker/libnetwork/client/network.go
+++ b/vendor/src/github.com/docker/libnetwork/client/network.go
@ -223,7 +223,7 @@ func networkUsage(chain string) string {
 	help := "Commands:\n"

 	for _, cmd := range networkCommands {
-		help += fmt.Sprintf("    %-25.25s%s\n", cmd.name, cmd.description)
+		help += fmt.Sprintf("  %-25.25s%s\n", cmd.name, cmd.description)
 	}

 	help += fmt.Sprintf("\nRun '%s network COMMAND --help' for more information on a command.", chain)
--- a/vendor/src/github.com/docker/libnetwork/drivers/bridge/bridge.go
+++ b/vendor/src/github.com/docker/libnetwork/drivers/bridge/bridge.go
@ -3,10 +3,13 @@ package bridge
 import (
 	"errors"
 	"fmt"
+	"io/ioutil"
 	"net"
 	"os/exec"
+	"path/filepath"
 	"strconv"
 	"sync"
+	"syscall"

 	"github.com/Sirupsen/logrus"
 	"github.com/docker/libnetwork/driverapi"
@ -660,6 +663,10 @@ func (d *driver) CreateNetwork(id types.UUID, option map[string]interface{}) err
 		// Setup IPTables.
 		{config.EnableIPTables, network.setupIPTables},

+		//We want to track firewalld configuration so that
+		//if it is started/reloaded, the rules can be applied correctly
+		{config.EnableIPTables, network.setupFirewalld},
+
 		// Setup DefaultGatewayIPv4
 		{config.DefaultGatewayIPv4 != nil, setupGatewayIPv4},

@ -772,6 +779,37 @@ func addToBridge(ifaceName, bridgeName string) error {
 	return ioctlAddToBridge(iface, master)
 }

+func setHairpinMode(link netlink.Link, enable bool) error {
+	err := netlink.LinkSetHairpin(link, enable)
+	if err != nil && err != syscall.EINVAL {
+		// If error is not EINVAL something else went wrong, bail out right away
+		return fmt.Errorf("unable to set hairpin mode on %s via netlink: %v",
+			link.Attrs().Name, err)
+	}
+
+	// Hairpin mode successfully set up
+	if err == nil {
+		return nil
+	}
+
+	// The netlink method failed with EINVAL which is probably because of an older
+	// kernel. Try one more time via the sysfs method.
+	path := filepath.Join("/sys/class/net", link.Attrs().Name, "brport/hairpin_mode")
+
+	var val []byte
+	if enable {
+		val = []byte{'1', '\n'}
+	} else {
+		val = []byte{'0', '\n'}
+	}
+
+	if err := ioutil.WriteFile(path, val, 0644); err != nil {
+		return fmt.Errorf("unable to set hairpin mode on %s via sysfs: %v", link.Attrs().Name, err)
+	}
+
+	return nil
+}
+
 func (d *driver) CreateEndpoint(nid, eid types.UUID, epInfo driverapi.EndpointInfo, epOptions map[string]interface{}) error {
 	var (
 		ipv6Addr *net.IPNet
@ -902,14 +940,15 @@ func (d *driver) CreateEndpoint(nid, eid types.UUID, epInfo driverapi.EndpointIn
 	}

 	if !config.EnableUserlandProxy {
-		err = netlink.LinkSetHairpin(host, true)
+		err = setHairpinMode(host, true)
 		if err != nil {
 			return err
 		}
 	}

 	// v4 address for the sandbox side pipe interface
-	ip4, err := ipAllocator.RequestIP(n.bridge.bridgeIPv4, nil)
+	sub := types.GetIPNetCanonical(n.bridge.bridgeIPv4)
+	ip4, err := ipAllocator.RequestIP(sub, nil)
 	if err != nil {
 		return err
 	}
@ -1035,7 +1074,8 @@ func (d *driver) DeleteEndpoint(nid, eid types.UUID) error {
 	n.releasePorts(ep)

 	// Release the v4 address allocated to this endpoint's sandbox interface
-	err = ipAllocator.ReleaseIP(n.bridge.bridgeIPv4, ep.addr.IP)
+	sub := types.GetIPNetCanonical(n.bridge.bridgeIPv4)
+	err = ipAllocator.ReleaseIP(sub, ep.addr.IP)
 	if err != nil {
 		return err
 	}
--- a/vendor/src/github.com/docker/libnetwork/drivers/bridge/link.go
+++ b/vendor/src/github.com/docker/libnetwork/drivers/bridge/link.go
@ -32,7 +32,12 @@ func newLink(parentIP, childIP string, ports []types.TransportPort, bridge strin

 func (l *link) Enable() error {
 	// -A == iptables append flag
-	return linkContainers("-A", l.parentIP, l.childIP, l.ports, l.bridge, false)
+	linkFunction := func() error {
+		return linkContainers("-A", l.parentIP, l.childIP, l.ports, l.bridge, false)
+	}
+
+	iptables.OnReloaded(func() { linkFunction() })
+	return linkFunction()
 }

 func (l *link) Disable() {
--- a/vendor/src/github.com/docker/libnetwork/drivers/bridge/setup_firewalld.go
+++ b/vendor/src/github.com/docker/libnetwork/drivers/bridge/setup_firewalld.go
@ -0,0 +1,15 @@
+package bridge
+
+import "github.com/docker/libnetwork/iptables"
+
+func (n *bridgeNetwork) setupFirewalld(config *networkConfiguration, i *bridgeInterface) error {
+	// Sanity check.
+	if config.EnableIPTables == false {
+		return IPTableCfgError(config.BridgeName)
+	}
+
+	iptables.OnReloaded(func() { n.setupIPTables(config, i) })
+	iptables.OnReloaded(n.portMapper.ReMapAll)
+
+	return nil
+}
--- a/vendor/src/github.com/docker/libnetwork/drivers/bridge/setup_ip_tables.go
+++ b/vendor/src/github.com/docker/libnetwork/drivers/bridge/setup_ip_tables.go
@ -149,7 +149,7 @@ func setIcc(bridgeIface string, iccEnable, insert bool) error {
 			iptables.Raw(append([]string{"-D", chain}, dropArgs...)...)

 			if !iptables.Exists(table, chain, acceptArgs...) {
-				if output, err := iptables.Raw(append([]string{"-A", chain}, acceptArgs...)...); err != nil {
+				if output, err := iptables.Raw(append([]string{"-I", chain}, acceptArgs...)...); err != nil {
 					return fmt.Errorf("Unable to allow intercontainer communication: %s", err.Error())
 				} else if len(output) != 0 {
 					return fmt.Errorf("Error enabling intercontainer communication: %s", output)
--- a/vendor/src/github.com/docker/libnetwork/drivers/bridge/setup_ipv4.go
+++ b/vendor/src/github.com/docker/libnetwork/drivers/bridge/setup_ipv4.go
@ -8,6 +8,7 @@ import (

 	log "github.com/Sirupsen/logrus"
 	"github.com/docker/libnetwork/netutils"
+	"github.com/docker/libnetwork/types"
 	"github.com/vishvananda/netlink"
 )

@ -75,7 +76,8 @@ func setupBridgeIPv4(config *networkConfiguration, i *bridgeInterface) error {
 }

 func allocateBridgeIP(config *networkConfiguration, i *bridgeInterface) error {
-	ipAllocator.RequestIP(i.bridgeIPv4, i.bridgeIPv4.IP)
+	sub := types.GetIPNetCanonical(i.bridgeIPv4)
+	ipAllocator.RequestIP(sub, i.bridgeIPv4.IP)
 	return nil
 }

@ -109,7 +111,10 @@ func setupGatewayIPv4(config *networkConfiguration, i *bridgeInterface) error {
 	if !i.bridgeIPv4.Contains(config.DefaultGatewayIPv4) {
 		return &ErrInvalidGateway{}
 	}
-	if _, err := ipAllocator.RequestIP(i.bridgeIPv4, config.DefaultGatewayIPv4); err != nil {
+
+	// Pass the real network subnet to ip allocator (no host bits set)
+	sub := types.GetIPNetCanonical(i.bridgeIPv4)
+	if _, err := ipAllocator.RequestIP(sub, config.DefaultGatewayIPv4); err != nil {
 		return err
 	}

--- a/vendor/src/github.com/docker/libnetwork/drivers/overlay/peerdb.go
+++ b/vendor/src/github.com/docker/libnetwork/drivers/overlay/peerdb.go
@ -190,9 +190,13 @@ func (d *driver) peerDbUpdateSandbox(nid types.UUID) {
 			continue
 		}

+		// Go captures variables by reference. The pEntry could be
+		// pointing to the same memory location for every iteration. Make
+		// a copy of pEntry before capturing it in the following closure.
+		entry := pEntry
 		op := func() {
-			if err := d.peerAdd(nid, pEntry.eid, pKey.peerIP,
-				pKey.peerMac, pEntry.vtep,
+			if err := d.peerAdd(nid, entry.eid, pKey.peerIP,
+				pKey.peerMac, entry.vtep,
 				false); err != nil {
 				fmt.Printf("peerdbupdate in sandbox failed for ip %s and mac %s: %v",
 					pKey.peerIP, pKey.peerMac, err)
--- a/vendor/src/github.com/docker/libnetwork/portmapper/mapper.go
+++ b/vendor/src/github.com/docker/libnetwork/portmapper/mapper.go
@ -179,6 +179,18 @@ func (pm *PortMapper) Unmap(host net.Addr) error {
 	return nil
 }

+//ReMapAll will re-apply all port mappings
+func (pm *PortMapper) ReMapAll() {
+	logrus.Debugln("Re-applying all port mappings.")
+	for _, data := range pm.currentMappings {
+		containerIP, containerPort := getIPAndPort(data.container)
+		hostIP, hostPort := getIPAndPort(data.host)
+		if err := pm.forward(iptables.Append, data.proto, hostIP, hostPort, containerIP.String(), containerPort); err != nil {
+			logrus.Errorf("Error on iptables add: %s", err)
+		}
+	}
+}
+
 func getKey(a net.Addr) string {
 	switch t := a.(type) {
 	case *net.TCPAddr:
--- a/vendor/src/github.com/docker/libnetwork/sandbox/interface_freebsd.go
+++ b/vendor/src/github.com/docker/libnetwork/sandbox/interface_freebsd.go
@ -0,0 +1,4 @@
+package sandbox
+
+// IfaceOption is a function option type to set interface options
+type IfaceOption func()
--- a/vendor/src/github.com/docker/libnetwork/sandbox/namespace_unsupported.go
+++ b/vendor/src/github.com/docker/libnetwork/sandbox/namespace_unsupported.go
@ -1,4 +1,4 @@
-// +build !linux,!windows
+// +build !linux,!windows,!freebsd

 package sandbox

--- a/vendor/src/github.com/docker/libnetwork/sandbox/neigh_freebsd.go
+++ b/vendor/src/github.com/docker/libnetwork/sandbox/neigh_freebsd.go
@ -0,0 +1,4 @@
+package sandbox
+
+// NeighOption is a function option type to set neighbor options
+type NeighOption func()
--- a/vendor/src/github.com/docker/libnetwork/sandbox/route_linux.go
+++ b/vendor/src/github.com/docker/libnetwork/sandbox/route_linux.go
@ -177,7 +177,6 @@ func (n *networkNamespace) AddStaticRoute(r *types.StaticRoute) error {
 }

 func (n *networkNamespace) RemoveStaticRoute(r *types.StaticRoute) error {
-	n.Lock()

 	err := removeRoute(n.nsPath(), r.Destination, r.NextHop)
 	if err == nil {
--- a/vendor/src/github.com/docker/libnetwork/sandbox/sandbox_freebsd.go
+++ b/vendor/src/github.com/docker/libnetwork/sandbox/sandbox_freebsd.go
@ -0,0 +1,23 @@
+package sandbox
+
+// GenerateKey generates a sandbox key based on the passed
+// container id.
+func GenerateKey(containerID string) string {
+	maxLen := 12
+	if len(containerID) < maxLen {
+		maxLen = len(containerID)
+	}
+
+	return containerID[:maxLen]
+}
+
+// NewSandbox provides a new sandbox instance created in an os specific way
+// provided a key which uniquely identifies the sandbox
+func NewSandbox(key string, osCreate bool) (Sandbox, error) {
+	return nil, nil
+}
+
+// GC triggers garbage collection of namespace path right away
+// and waits for it.
+func GC() {
+}
--- a/vendor/src/github.com/docker/libnetwork/sandbox/sandbox_unsupported.go
+++ b/vendor/src/github.com/docker/libnetwork/sandbox/sandbox_unsupported.go
@ -1,4 +1,4 @@
-// +build !linux,!windows
+// +build !linux,!windows,!freebsd

 package sandbox

--- a/vendor/src/github.com/docker/libnetwork/types/types.go
+++ b/vendor/src/github.com/docker/libnetwork/types/types.go
@ -173,6 +173,16 @@ func GetIPNetCopy(from *net.IPNet) *net.IPNet {
 	return &net.IPNet{IP: GetIPCopy(from.IP), Mask: bm}
 }

+// GetIPNetCanonical returns the canonical form for the passed network
+func GetIPNetCanonical(nw *net.IPNet) *net.IPNet {
+	if nw == nil {
+		return nil
+	}
+	c := GetIPNetCopy(nw)
+	c.IP = c.IP.Mask(nw.Mask)
+	return c
+}
+
 // CompareIPNet returns equal if the two IP Networks are equal
 func CompareIPNet(a, b *net.IPNet) bool {
 	if a == b {