* fixes#10001
* test for global subnets <= 80
* test for global subnets > 80
* test link local allocations
* test duplicated addresses
* test regression from bug #11427
Signed-off-by: Christian Simon <simon@swine.de>
This modifies iptables.Exists so that it must be called with an explicit
table and chain. This allows us (a) to generate an appropriate command
line for "iptables -C", which was not previously possible, and (b) it
allows us to limit our strings.Contains() search to just the table and
chain in question, preventing erroneous matches against unrelated rules.
Resolves#10781
Signed-off-by: Lars Kellogg-Stedman <lars@redhat.com>
Unless `file` is wrapped with buffered reader, `fmt.Fscanf` will read
just one byte and terminate with `EOF`.
Signed-off-by: Michal Minar <miminar@redhat.com>
Read `/proc/sys/net/ipv4/ip_local_port_range` kernel parameter to obtain
ephemeral port range that now sets the boundaries of port allocator
which finds free host ports for those exported by containers.
Signed-off-by: Michal Minar <miminar@redhat.com>
This fixes the daemon's failure to start when setting --ipv6=true for
the first time without deleting `docker0` bridge from a prior use with
only IPv4 addressing.
The addition of the IPv6 bridge address is factored out into a separate
initialization routine which is called even if the bridge exists but no
IPv6 addresses are found.
Docker-DCO-1.1-Signed-off-by: Phil Estes <estesp@linux.vnet.ibm.com> (github: estesp)
The assumption is not true if user specifies an IP address other than
the first IP, in that case the first IP address is never allocated to
any container.
Signed-off-by: Hu Tao <hutao@cn.fujitsu.com>
Sometimes other programs can bind on ports from our range, so we just
skip this ports on allocation.
Fixes#9293
Probably fixes#8714
Signed-off-by: Alexander Morozov <lk4d4@docker.com>
Fixed the following errors:
1. Request(0) causes a dead loop when the map is full and map.last == BEGIN.
2. When map.last is the only available port (or ip), Request(0) returns ErrAllPortsAllocated (or ErrNoAvailableIPs). Exception is when map.last == BEGIN.
Signed-off-by: shuai-z <zs.broccoli@gmail.com>
If we first request port 49153 (BeginPortRange) explicitly, and later some time request the next free port (of same ip/proto) by calling RequestPort() with port number 0, we will again get 49153 returned, even if it's currently in use. Because findPort() blindly retured BeginPortRange the first run, without checking if it has already been taken.
Signed-off-by: shuai-z <zs.broccoli@gmail.com>
When stdout/stderr is closed prematurely, the proxy's writes to stdout/stderr
(i.e. `log.Errorf/log.Printf`) will returns with EPIPE error, and go runtime
will terminate the proxy when stdout/stderr writes trigger 10 EPIPE errors.
instead of using stdout/stderr as the status handler, we pass an extra file to
the child process and write `0\n` or `1\nerror message` to it and close it
after. This allow the child process to handle stdout/stderr as normal.
Docker-DCO-1.1-Signed-off-by: Daniel, Dao Quang Minh <dqminh89@gmail.com> (github: dqminh)
Right now, MAC addresses are randomly generated by the kernel when
creating the veth interfaces.
This causes different issues related to ARP, such as #4581, #5737 and #8269.
This change adds support for consistent MAC addresses, guaranteeing that
an IP address will always end up with the same MAC address, no matter
what.
Since IP addresses are already guaranteed to be unique by the
IPAllocator, MAC addresses will inherit this property as well for free.
Consistent mac addresses is also a requirement for stable networking (#8297)
since re-using the same IP address on a different MAC address triggers the ARP
issue.
Finally, this change makes the MAC address accessible through docker
inspect, which fixes#4033.
Signed-off-by: Andrea Luzzardi <aluzzardi@gmail.com>
Since it is possible to request a specific IP, IPAllocator has to verify
that the request is within boundaries.
Signed-off-by: Andrea Luzzardi <aluzzardi@gmail.com>
Christian Simon
Vishnu Kannan
Jessie Frazelle
Michael Crosby
Alexander Morozov
Lars Kellogg-Stedman
Michal Minar
Sven Dowideit
Zen Lin(Zhinan Lin)
Erik Hollensbe
Phil Estes
Jonathan Rudenberg
Hu Tao
Malte Janduda
Ian Bishop
Porjo
Vincent Batts
Jessica Frazelle
Arnaud Porterie
Sami Wagiaalla
Tibor Vass
shuai-z
Srini Brahmaroutu
Erik Hollensbe
unclejack
Daniel, Dao Quang Minh
Andrea Luzzardi
Alexandr Morozov
unclejack