@@ -22,7 +22,7 @@ github.com/RackSec/srslog 456df3a81436d29ba874f3590eeeee25d666f8a5

 github.com/imdario/mergo 0.2.1

 #get libnetwork packages

-github.com/docker/libnetwork e8431956af5df6816e232d68376c012c2617edbd

+github.com/docker/libnetwork ca62711acec77034e0a670188628e26025e1482d

 github.com/docker/go-events 18b43f1bc85d9cdd42c05a6cd2d444c7a200a894

 github.com/armon/go-radix e39d623f12e8e41c7b5529e9a9dd67a1e2261f80

 github.com/armon/go-metrics eb0af217e5e9747e41dd5303755356b62d28e3ec

@@ -178,7 +178,14 @@ func GetNameservers(resolvConf []byte, kind int) []string {

 func GetNameserversAsCIDR(resolvConf []byte) []string {

 	nameservers := []string{}

 	for _, nameserver := range GetNameservers(resolvConf, types.IP) {

-		nameservers = append(nameservers, nameserver+"/32")

+		var address string

+		// If IPv6, strip zone if present

+		if strings.Contains(nameserver, ":") {

+			address = strings.Split(nameserver, "%")[0] + "/128"

+		} else {

+			address = nameserver + "/32"

+		}

+		nameservers = append(nameservers, address)

 	}

 	return nameservers

 }

@@ -72,8 +72,8 @@ const (

 )

 type extDNSEntry struct {

-	ipStr        string

-	hostLoopback bool

+	IPStr        string

+	HostLoopback bool

 }

 // resolver implements the Resolver interface

@@ -413,15 +413,15 @@ func (r *resolver) ServeDNS(w dns.ResponseWriter, query *dns.Msg) {

 	} else {

 		for i := 0; i < maxExtDNS; i++ {

 			extDNS := &r.extDNSList[i]

-			if extDNS.ipStr == "" {

+			if extDNS.IPStr == "" {

 				break

 			}

 			extConnect := func() {

-				addr := fmt.Sprintf("%s:%d", extDNS.ipStr, 53)

+				addr := fmt.Sprintf("%s:%d", extDNS.IPStr, 53)

 				extConn, err = net.DialTimeout(proto, addr, extIOTimeout)

 			}

-			if extDNS.hostLoopback {

+			if extDNS.HostLoopback {

 				extConnect()

 			} else {

 				execErr := r.backend.ExecFunc(extConnect)

@@ -435,7 +435,7 @@ func (r *resolver) ServeDNS(w dns.ResponseWriter, query *dns.Msg) {

 				continue

 			}

 			logrus.Debugf("Query %s[%d] from %s, forwarding to %s:%s", name, query.Question[0].Qtype,

-				extConn.LocalAddr().String(), proto, extDNS.ipStr)

+				extConn.LocalAddr().String(), proto, extDNS.IPStr)

 			// Timeout has to be set for every IO operation.

 			extConn.SetDeadline(time.Now().Add(extIOTimeout))

@@ -174,8 +174,8 @@ func (sb *sandbox) setExternalResolvers(content []byte, addrType int, checkLoopb

 			hostLoopback = dns.IsIPv4Localhost(ip)

 		}

 		sb.extDNS = append(sb.extDNS, extDNSEntry{

-			ipStr:        ip,

-			hostLoopback: hostLoopback,

+			IPStr:        ip,

+			HostLoopback: hostLoopback,

 		})

 	}

 }

@@ -27,7 +27,12 @@ type sbState struct {

 	dbExists   bool

 	Eps        []epState

 	EpPriority map[string]int

-	ExtDNS     []extDNSEntry

+	// external servers have to be persisted so that on restart of a live-restore

+	// enabled daemon we get the external servers for the running containers.

+	// We have two versions of ExtDNS to support upgrade & downgrade of the daemon

+	// between >=1.14 and <1.14 versions.

+	ExtDNS  []string

+	ExtDNS2 []extDNSEntry

 }

 func (sbs *sbState) Key() []string {

@@ -114,8 +119,16 @@ func (sbs *sbState) CopyTo(o datastore.KVObject) error {

 		dstSbs.Eps = append(dstSbs.Eps, eps)

 	}

+	if len(sbs.ExtDNS2) > 0 {

+		for _, dns := range sbs.ExtDNS2 {

+			dstSbs.ExtDNS2 = append(dstSbs.ExtDNS2, dns)

+			dstSbs.ExtDNS = append(dstSbs.ExtDNS, dns.IPStr)

+		}

+		return nil

+	}

 	for _, dns := range sbs.ExtDNS {

 		dstSbs.ExtDNS = append(dstSbs.ExtDNS, dns)

+		dstSbs.ExtDNS2 = append(dstSbs.ExtDNS2, extDNSEntry{IPStr: dns})

 	}

 	return nil

@@ -131,7 +144,11 @@ func (sb *sandbox) storeUpdate() error {

 		ID:         sb.id,

 		Cid:        sb.containerID,

 		EpPriority: sb.epPriority,

-		ExtDNS:     sb.extDNS,

+		ExtDNS2:    sb.extDNS,

+	}

+

+	for _, ext := range sb.extDNS {

+		sbs.ExtDNS = append(sbs.ExtDNS, ext.IPStr)

 	}

 retry:

@@ -205,7 +222,15 @@ func (c *controller) sandboxCleanup(activeSandboxes map[string]interface{}) {

 			dbIndex:            sbs.dbIndex,

 			isStub:             true,

 			dbExists:           true,

-			extDNS:             sbs.ExtDNS,

+		}

+		// If we are restoring from a older version extDNSEntry won't have the

+		// HostLoopback field

+		if len(sbs.ExtDNS2) > 0 {

+			sb.extDNS = sbs.ExtDNS2

+		} else {

+			for _, dns := range sbs.ExtDNS {

+				sb.extDNS = append(sb.extDNS, extDNSEntry{IPStr: dns})

+			}

 		}

 		msg := " for cleanup"

@@ -247,7 +247,7 @@ func (sb *sandbox) rmLBBackend(ip, vip net.IP, fwMark uint32, ingressPorts []*Po

 	if rmService {

 		s.SchedName = ipvs.RoundRobin

 		if err := i.DelService(s); err != nil {

-			logrus.Errorf("Failed to delete a new service for vip %s fwmark %d: %v", vip, fwMark, err)

+			logrus.Errorf("Failed to delete service for vip %s fwmark %d: %v", vip, fwMark, err)

 		}

 		var filteredPorts []*PortConfig

@@ -259,7 +259,7 @@ func (sb *sandbox) rmLBBackend(ip, vip net.IP, fwMark uint32, ingressPorts []*Po

 		}

 		if err := invokeFWMarker(sb.Key(), vip, fwMark, ingressPorts, eIP, true); err != nil {

-			logrus.Errorf("Failed to add firewall mark rule in sbox %s: %v", sb.Key(), err)

+			logrus.Errorf("Failed to delete firewall mark rule in sbox %s: %v", sb.Key(), err)

 		}

 	}

 }