diff --git a/components/engine/vendor.conf b/components/engine/vendor.conf index bf9769c8b8..8a7faa139e 100644 --- a/components/engine/vendor.conf +++ b/components/engine/vendor.conf @@ -24,7 +24,7 @@ github.com/RackSec/srslog 456df3a81436d29ba874f3590eeeee25d666f8a5 github.com/imdario/mergo 0.2.1 #get libnetwork packages -github.com/docker/libnetwork 4610dd67c7b9828bb4719d8aa2ac53a7f1f739d2 +github.com/docker/libnetwork b6cb1eee1e7fc27ee05f0eb830d3e60e67a88565 github.com/docker/go-events 18b43f1bc85d9cdd42c05a6cd2d444c7a200a894 github.com/armon/go-radix e39d623f12e8e41c7b5529e9a9dd67a1e2261f80 github.com/armon/go-metrics eb0af217e5e9747e41dd5303755356b62d28e3ec diff --git a/components/engine/vendor/github.com/docker/libnetwork/controller.go b/components/engine/vendor/github.com/docker/libnetwork/controller.go index a62d4fb980..c3d25ee720 100644 --- a/components/engine/vendor/github.com/docker/libnetwork/controller.go +++ b/components/engine/vendor/github.com/docker/libnetwork/controller.go @@ -682,6 +682,10 @@ func (c *controller) NewNetwork(networkType, name string, id string, options ... return nil, err } + if network.ingress && cap.DataScope != datastore.GlobalScope { + return nil, types.ForbiddenErrorf("Ingress network can only be global scope network") + } + if cap.DataScope == datastore.GlobalScope && !c.isDistributedControl() && !network.dynamic { if c.isManager() { // For non-distributed controlled environment, globalscoped non-dynamic networks are redirected to Manager @@ -1161,15 +1165,29 @@ func (c *controller) clearIngress(clusterLeave bool) { c.ingressSandbox = nil c.Unlock() + var n *network if ingressSandbox != nil { + for _, ep := range ingressSandbox.getConnectedEndpoints() { + if nw := ep.getNetwork(); nw.ingress { + n = nw + break + } + } if err := ingressSandbox.Delete(); err != nil { logrus.Warnf("Could not delete ingress sandbox while leaving: %v", err) } } - n, err := c.NetworkByName("ingress") - if err != nil && clusterLeave { - logrus.Warnf("Could not find ingress network while leaving: %v", err) + if n == nil { + for _, nw := range c.Networks() { + if nw.Info().Ingress() { + n = nw.(*network) + break + } + } + } + if n == nil && clusterLeave { + logrus.Warnf("Could not find ingress network while leaving") } if n != nil { diff --git a/components/engine/vendor/github.com/docker/libnetwork/drivers/bridge/bridge.go b/components/engine/vendor/github.com/docker/libnetwork/drivers/bridge/bridge.go index 13446f82ea..742816cdd7 100644 --- a/components/engine/vendor/github.com/docker/libnetwork/drivers/bridge/bridge.go +++ b/components/engine/vendor/github.com/docker/libnetwork/drivers/bridge/bridge.go @@ -28,11 +28,11 @@ import ( ) const ( - networkType = "bridge" - vethPrefix = "veth" - vethLen = 7 - containerVethPrefix = "eth" - maxAllocatePortAttempts = 10 + networkType = "bridge" + vethPrefix = "veth" + vethLen = 7 + defaultContainerVethPrefix = "eth" + maxAllocatePortAttempts = 10 ) const ( @@ -55,14 +55,15 @@ type configuration struct { // networkConfiguration for network specific configuration type networkConfiguration struct { - ID string - BridgeName string - EnableIPv6 bool - EnableIPMasquerade bool - EnableICC bool - Mtu int - DefaultBindingIP net.IP - DefaultBridge bool + ID string + BridgeName string + EnableIPv6 bool + EnableIPMasquerade bool + EnableICC bool + Mtu int + DefaultBindingIP net.IP + DefaultBridge bool + ContainerIfacePrefix string // Internal fields set after ipam data parsing AddressIPv4 *net.IPNet AddressIPv6 *net.IPNet @@ -239,6 +240,8 @@ func (c *networkConfiguration) fromLabels(labels map[string]string) error { if c.DefaultBindingIP = net.ParseIP(value); c.DefaultBindingIP == nil { return parseErr(label, value, "nil ip") } + case netlabel.ContainerIfacePrefix: + c.ContainerIfacePrefix = value } } @@ -1221,6 +1224,10 @@ func (d *driver) Join(nid, eid string, sboxKey string, jinfo driverapi.JoinInfo, } iNames := jinfo.InterfaceName() + containerVethPrefix := defaultContainerVethPrefix + if network.config.ContainerIfacePrefix != "" { + containerVethPrefix = network.config.ContainerIfacePrefix + } err = iNames.SetNames(endpoint.srcName, containerVethPrefix) if err != nil { return err diff --git a/components/engine/vendor/github.com/docker/libnetwork/drivers/bridge/bridge_store.go b/components/engine/vendor/github.com/docker/libnetwork/drivers/bridge/bridge_store.go index 2ed60c7510..c7c83d8369 100644 --- a/components/engine/vendor/github.com/docker/libnetwork/drivers/bridge/bridge_store.go +++ b/components/engine/vendor/github.com/docker/libnetwork/drivers/bridge/bridge_store.go @@ -143,6 +143,7 @@ func (ncfg *networkConfiguration) MarshalJSON() ([]byte, error) { nMap["DefaultBindingIP"] = ncfg.DefaultBindingIP.String() nMap["DefaultGatewayIPv4"] = ncfg.DefaultGatewayIPv4.String() nMap["DefaultGatewayIPv6"] = ncfg.DefaultGatewayIPv6.String() + nMap["ContainerIfacePrefix"] = ncfg.ContainerIfacePrefix nMap["BridgeIfaceCreator"] = ncfg.BridgeIfaceCreator if ncfg.AddressIPv4 != nil { @@ -178,6 +179,10 @@ func (ncfg *networkConfiguration) UnmarshalJSON(b []byte) error { } } + if v, ok := nMap["ContainerIfacePrefix"]; ok { + ncfg.ContainerIfacePrefix = v.(string) + } + ncfg.DefaultBridge = nMap["DefaultBridge"].(bool) ncfg.DefaultBindingIP = net.ParseIP(nMap["DefaultBindingIP"].(string)) ncfg.DefaultGatewayIPv4 = net.ParseIP(nMap["DefaultGatewayIPv4"].(string)) diff --git a/components/engine/vendor/github.com/docker/libnetwork/netlabel/labels.go b/components/engine/vendor/github.com/docker/libnetwork/netlabel/labels.go index 49ba3081d3..1594556ec7 100644 --- a/components/engine/vendor/github.com/docker/libnetwork/netlabel/labels.go +++ b/components/engine/vendor/github.com/docker/libnetwork/netlabel/labels.go @@ -50,6 +50,9 @@ const ( // Internal constant represents that the network is internal which disables default gateway service Internal = Prefix + ".internal" + + // ContainerIfacePrefix can be used to override the interface prefix used inside the container + ContainerIfacePrefix = Prefix + ".container_iface_prefix" ) var ( diff --git a/components/engine/vendor/github.com/docker/libnetwork/network.go b/components/engine/vendor/github.com/docker/libnetwork/network.go index 2b9f422538..8077770018 100644 --- a/components/engine/vendor/github.com/docker/libnetwork/network.go +++ b/components/engine/vendor/github.com/docker/libnetwork/network.go @@ -66,6 +66,7 @@ type NetworkInfo interface { IPv6Enabled() bool Internal() bool Attachable() bool + Ingress() bool Labels() map[string]string Dynamic() bool Created() time.Time @@ -615,9 +616,9 @@ func NetworkOptionGeneric(generic map[string]interface{}) NetworkOption { // NetworkOptionIngress returns an option setter to indicate if a network is // an ingress network. -func NetworkOptionIngress() NetworkOption { +func NetworkOptionIngress(ingress bool) NetworkOption { return func(n *network) { - n.ingress = true + n.ingress = ingress } } @@ -1589,6 +1590,13 @@ func (n *network) Attachable() bool { return n.attachable } +func (n *network) Ingress() bool { + n.Lock() + defer n.Unlock() + + return n.ingress +} + func (n *network) Dynamic() bool { n.Lock() defer n.Unlock() diff --git a/components/engine/vendor/github.com/docker/libnetwork/osl/interface_linux.go b/components/engine/vendor/github.com/docker/libnetwork/osl/interface_linux.go index d76966200a..8e8a830ce9 100644 --- a/components/engine/vendor/github.com/docker/libnetwork/osl/interface_linux.go +++ b/components/engine/vendor/github.com/docker/libnetwork/osl/interface_linux.go @@ -241,8 +241,8 @@ func (n *networkNamespace) AddInterface(srcName, dstPrefix string, options ...If if n.isDefault { i.dstName = i.srcName } else { - i.dstName = fmt.Sprintf("%s%d", i.dstName, n.nextIfIndex) - n.nextIfIndex++ + i.dstName = fmt.Sprintf("%s%d", dstPrefix, n.nextIfIndex[dstPrefix]) + n.nextIfIndex[dstPrefix]++ } path := n.path diff --git a/components/engine/vendor/github.com/docker/libnetwork/osl/namespace_linux.go b/components/engine/vendor/github.com/docker/libnetwork/osl/namespace_linux.go index b714ccf9fa..478e3c48d8 100644 --- a/components/engine/vendor/github.com/docker/libnetwork/osl/namespace_linux.go +++ b/components/engine/vendor/github.com/docker/libnetwork/osl/namespace_linux.go @@ -48,7 +48,7 @@ type networkNamespace struct { gwv6 net.IP staticRoutes []*types.StaticRoute neighbors []*neigh - nextIfIndex int + nextIfIndex map[string]int isDefault bool nlHandle *netlink.Handle loV6Enabled bool @@ -203,7 +203,7 @@ func NewSandbox(key string, osCreate, isRestore bool) (Sandbox, error) { once.Do(createBasePath) } - n := &networkNamespace{path: key, isDefault: !osCreate} + n := &networkNamespace{path: key, isDefault: !osCreate, nextIfIndex: make(map[string]int)} sboxNs, err := netns.GetFromPath(n.path) if err != nil { @@ -256,7 +256,7 @@ func GetSandboxForExternalKey(basePath string, key string) (Sandbox, error) { if err := mountNetworkNamespace(basePath, key); err != nil { return nil, err } - n := &networkNamespace{path: key} + n := &networkNamespace{path: key, nextIfIndex: make(map[string]int)} sboxNs, err := netns.GetFromPath(n.path) if err != nil { @@ -495,8 +495,8 @@ func (n *networkNamespace) Restore(ifsopt map[string][]IfaceOption, routes []*ty } index++ n.Lock() - if index > n.nextIfIndex { - n.nextIfIndex = index + if index > n.nextIfIndex[dstPrefix] { + n.nextIfIndex[dstPrefix] = index } n.iFaces = append(n.iFaces, i) n.Unlock()