@@ -4,7 +4,7 @@ import (

 	"github.com/dotcloud/docker/engine"

 	"github.com/dotcloud/docker/api"

-	"github.com/dotcloud/docker/networkdriver/lxc"

+	"github.com/dotcloud/docker/runtime/networkdriver/lxc"

 	"github.com/dotcloud/docker/server"

 )

@@ -4,7 +4,7 @@ import (

 	"net"

 	"github.com/dotcloud/docker/engine"

-	"github.com/dotcloud/docker/networkdriver"

+	"github.com/dotcloud/docker/runtime/networkdriver"

 )

 const (

deleted file mode 100644

@@ -1,159 +0,0 @@

-package ipallocator

-

-import (

-	"encoding/binary"

-	"errors"

-	"github.com/dotcloud/docker/networkdriver"

-	"github.com/dotcloud/docker/pkg/collections"

-	"net"

-	"sync"

-)

-

-type networkSet map[string]*collections.OrderedIntSet

-

-var (

-	ErrNoAvailableIPs     = errors.New("no available ip addresses on network")

-	ErrIPAlreadyAllocated = errors.New("ip already allocated")

-)

-

-var (

-	lock         = sync.Mutex{}

-	allocatedIPs = networkSet{}

-	availableIPS = networkSet{}

-)

-

-// RequestIP requests an available ip from the given network.  It

-// will return the next available ip if the ip provided is nil.  If the

-// ip provided is not nil it will validate that the provided ip is available

-// for use or return an error

-func RequestIP(address *net.IPNet, ip *net.IP) (*net.IP, error) {

-	lock.Lock()

-	defer lock.Unlock()

-

-	checkAddress(address)

-

-	if ip == nil {

-		next, err := getNextIp(address)

-		if err != nil {

-			return nil, err

-		}

-		return next, nil

-	}

-

-	if err := registerIP(address, ip); err != nil {

-		return nil, err

-	}

-	return ip, nil

-}

-

-// ReleaseIP adds the provided ip back into the pool of

-// available ips to be returned for use.

-func ReleaseIP(address *net.IPNet, ip *net.IP) error {

-	lock.Lock()

-	defer lock.Unlock()

-

-	checkAddress(address)

-

-	var (

-		existing  = allocatedIPs[address.String()]

-		available = availableIPS[address.String()]

-		pos       = getPosition(address, ip)

-	)

-

-	existing.Remove(int(pos))

-	available.Push(int(pos))

-

-	return nil

-}

-

-// convert the ip into the position in the subnet.  Only

-// position are saved in the set

-func getPosition(address *net.IPNet, ip *net.IP) int32 {

-	var (

-		first, _ = networkdriver.NetworkRange(address)

-		base     = ipToInt(&first)

-		i        = ipToInt(ip)

-	)

-	return i - base

-}

-

-// return an available ip if one is currently available.  If not,

-// return the next available ip for the nextwork

-func getNextIp(address *net.IPNet) (*net.IP, error) {

-	var (

-		ownIP     = ipToInt(&address.IP)

-		available = availableIPS[address.String()]

-		allocated = allocatedIPs[address.String()]

-		first, _  = networkdriver.NetworkRange(address)

-		base      = ipToInt(&first)

-		size      = int(networkdriver.NetworkSize(address.Mask))

-		max       = int32(size - 2) // size -1 for the broadcast address, -1 for the gateway address

-		pos       = int32(available.Pop())

-	)

-

-	// We pop and push the position not the ip

-	if pos != 0 {

-		ip := intToIP(int32(base + pos))

-		allocated.Push(int(pos))

-

-		return ip, nil

-	}

-

-	var (

-		firstNetIP = address.IP.To4().Mask(address.Mask)

-		firstAsInt = ipToInt(&firstNetIP) + 1

-	)

-

-	pos = int32(allocated.PullBack())

-	for i := int32(0); i < max; i++ {

-		pos = pos%max + 1

-		next := int32(base + pos)

-

-		if next == ownIP || next == firstAsInt {

-			continue

-		}

-

-		if !allocated.Exists(int(pos)) {

-			ip := intToIP(next)

-			allocated.Push(int(pos))

-			return ip, nil

-		}

-	}

-	return nil, ErrNoAvailableIPs

-}

-

-func registerIP(address *net.IPNet, ip *net.IP) error {

-	var (

-		existing  = allocatedIPs[address.String()]

-		available = availableIPS[address.String()]

-		pos       = getPosition(address, ip)

-	)

-

-	if existing.Exists(int(pos)) {

-		return ErrIPAlreadyAllocated

-	}

-	available.Remove(int(pos))

-

-	return nil

-}

-

-// Converts a 4 bytes IP into a 32 bit integer

-func ipToInt(ip *net.IP) int32 {

-	return int32(binary.BigEndian.Uint32(ip.To4()))

-}

-

-// Converts 32 bit integer into a 4 bytes IP address

-func intToIP(n int32) *net.IP {

-	b := make([]byte, 4)

-	binary.BigEndian.PutUint32(b, uint32(n))

-	ip := net.IP(b)

-	return &ip

-}

-

-func checkAddress(address *net.IPNet) {

-	key := address.String()

-	if _, exists := allocatedIPs[key]; !exists {

-		allocatedIPs[key] = collections.NewOrderedIntSet()

-		availableIPS[key] = collections.NewOrderedIntSet()

-	}

-}

deleted file mode 100644

@@ -1,241 +0,0 @@

-package ipallocator

-

-import (

-	"fmt"

-	"net"

-	"testing"

-)

-

-func reset() {

-	allocatedIPs = networkSet{}

-	availableIPS = networkSet{}

-}

-

-func TestRequestNewIps(t *testing.T) {

-	defer reset()

-	network := &net.IPNet{

-		IP:   []byte{192, 168, 0, 1},

-		Mask: []byte{255, 255, 255, 0},

-	}

-

-	for i := 2; i < 10; i++ {

-		ip, err := RequestIP(network, nil)

-		if err != nil {

-			t.Fatal(err)

-		}

-

-		if expected := fmt.Sprintf("192.168.0.%d", i); ip.String() != expected {

-			t.Fatalf("Expected ip %s got %s", expected, ip.String())

-		}

-	}

-}

-

-func TestReleaseIp(t *testing.T) {

-	defer reset()

-	network := &net.IPNet{

-		IP:   []byte{192, 168, 0, 1},

-		Mask: []byte{255, 255, 255, 0},

-	}

-

-	ip, err := RequestIP(network, nil)

-	if err != nil {

-		t.Fatal(err)

-	}

-

-	if err := ReleaseIP(network, ip); err != nil {

-		t.Fatal(err)

-	}

-}

-

-func TestGetReleasedIp(t *testing.T) {

-	defer reset()

-	network := &net.IPNet{

-		IP:   []byte{192, 168, 0, 1},

-		Mask: []byte{255, 255, 255, 0},

-	}

-

-	ip, err := RequestIP(network, nil)

-	if err != nil {

-		t.Fatal(err)

-	}

-

-	value := ip.String()

-	if err := ReleaseIP(network, ip); err != nil {

-		t.Fatal(err)

-	}

-

-	ip, err = RequestIP(network, nil)

-	if err != nil {

-		t.Fatal(err)

-	}

-

-	if ip.String() != value {

-		t.Fatalf("Expected to receive same ip %s got %s", value, ip.String())

-	}

-}

-

-func TestRequesetSpecificIp(t *testing.T) {

-	defer reset()

-	network := &net.IPNet{

-		IP:   []byte{192, 168, 0, 1},

-		Mask: []byte{255, 255, 255, 0},

-	}

-

-	ip := net.ParseIP("192.168.1.5")

-

-	if _, err := RequestIP(network, &ip); err != nil {

-		t.Fatal(err)

-	}

-}

-

-func TestConversion(t *testing.T) {

-	ip := net.ParseIP("127.0.0.1")

-	i := ipToInt(&ip)

-	if i == 0 {

-		t.Fatal("converted to zero")

-	}

-	conv := intToIP(i)

-	if !ip.Equal(*conv) {

-		t.Error(conv.String())

-	}

-}

-

-func TestIPAllocator(t *testing.T) {

-	expectedIPs := []net.IP{

-		0: net.IPv4(127, 0, 0, 2),

-		1: net.IPv4(127, 0, 0, 3),

-		2: net.IPv4(127, 0, 0, 4),

-		3: net.IPv4(127, 0, 0, 5),

-		4: net.IPv4(127, 0, 0, 6),

-	}

-

-	gwIP, n, _ := net.ParseCIDR("127.0.0.1/29")

-	network := &net.IPNet{IP: gwIP, Mask: n.Mask}

-	// Pool after initialisation (f = free, u = used)

-	// 2(f) - 3(f) - 4(f) - 5(f) - 6(f)

-	//  ↑

-

-	// Check that we get 5 IPs, from 127.0.0.2–127.0.0.6, in that

-	// order.

-	for i := 0; i < 5; i++ {

-		ip, err := RequestIP(network, nil)

-		if err != nil {

-			t.Fatal(err)

-		}

-

-		assertIPEquals(t, &expectedIPs[i], ip)

-	}

-	// Before loop begin

-	// 2(f) - 3(f) - 4(f) - 5(f) - 6(f)

-	//  ↑

-

-	// After i = 0

-	// 2(u) - 3(f) - 4(f) - 5(f) - 6(f)

-	//         ↑

-

-	// After i = 1

-	// 2(u) - 3(u) - 4(f) - 5(f) - 6(f)

-	//                ↑

-

-	// After i = 2

-	// 2(u) - 3(u) - 4(u) - 5(f) - 6(f)

-	//                       ↑

-

-	// After i = 3

-	// 2(u) - 3(u) - 4(u) - 5(u) - 6(f)

-	//                              ↑

-

-	// After i = 4

-	// 2(u) - 3(u) - 4(u) - 5(u) - 6(u)

-	//  ↑

-

-	// Check that there are no more IPs

-	ip, err := RequestIP(network, nil)

-	if err == nil {

-		t.Fatalf("There shouldn't be any IP addresses at this point, got %s\n", ip)

-	}

-

-	// Release some IPs in non-sequential order

-	if err := ReleaseIP(network, &expectedIPs[3]); err != nil {

-		t.Fatal(err)

-	}

-	// 2(u) - 3(u) - 4(u) - 5(f) - 6(u)

-	//                       ↑

-

-	if err := ReleaseIP(network, &expectedIPs[2]); err != nil {

-		t.Fatal(err)

-	}

-	// 2(u) - 3(u) - 4(f) - 5(f) - 6(u)

-	//                       ↑

-

-	if err := ReleaseIP(network, &expectedIPs[4]); err != nil {

-		t.Fatal(err)

-	}

-	// 2(u) - 3(u) - 4(f) - 5(f) - 6(f)

-	//                       ↑

-

-	// Make sure that IPs are reused in sequential order, starting

-	// with the first released IP

-	newIPs := make([]*net.IP, 3)

-	for i := 0; i < 3; i++ {

-		ip, err := RequestIP(network, nil)

-		if err != nil {

-			t.Fatal(err)

-		}

-

-		newIPs[i] = ip

-	}

-	// Before loop begin

-	// 2(u) - 3(u) - 4(f) - 5(f) - 6(f)

-	//                       ↑

-

-	// After i = 0

-	// 2(u) - 3(u) - 4(f) - 5(u) - 6(f)

-	//                              ↑

-

-	// After i = 1

-	// 2(u) - 3(u) - 4(f) - 5(u) - 6(u)

-	//                ↑

-

-	// After i = 2

-	// 2(u) - 3(u) - 4(u) - 5(u) - 6(u)

-	//                       ↑

-

-	// Reordered these because the new set will always return the

-	// lowest ips first and not in the order that they were released

-	assertIPEquals(t, &expectedIPs[2], newIPs[0])

-	assertIPEquals(t, &expectedIPs[3], newIPs[1])

-	assertIPEquals(t, &expectedIPs[4], newIPs[2])

-

-	_, err = RequestIP(network, nil)

-	if err == nil {

-		t.Fatal("There shouldn't be any IP addresses at this point")

-	}

-}

-

-func TestAllocateFirstIP(t *testing.T) {

-	defer reset()

-	network := &net.IPNet{

-		IP:   []byte{192, 168, 0, 0},

-		Mask: []byte{255, 255, 255, 0},

-	}

-

-	firstIP := network.IP.To4().Mask(network.Mask)

-	first := ipToInt(&firstIP) + 1

-

-	ip, err := RequestIP(network, nil)

-	if err != nil {

-		t.Fatal(err)

-	}

-	allocated := ipToInt(ip)

-

-	if allocated == first {

-		t.Fatalf("allocated ip should not equal first ip: %d == %d", first, allocated)

-	}

-}

-

-func assertIPEquals(t *testing.T, ip1, ip2 *net.IP) {

-	if !ip1.Equal(*ip2) {

-		t.Fatalf("Expected IP %s, got %s", ip1, ip2)

-	}

-}

deleted file mode 100644

@@ -1,482 +0,0 @@

-package lxc

-

-import (

-	"fmt"

-	"github.com/dotcloud/docker/engine"

-	"github.com/dotcloud/docker/networkdriver"

-	"github.com/dotcloud/docker/networkdriver/ipallocator"

-	"github.com/dotcloud/docker/networkdriver/portallocator"

-	"github.com/dotcloud/docker/networkdriver/portmapper"

-	"github.com/dotcloud/docker/pkg/iptables"

-	"github.com/dotcloud/docker/pkg/netlink"

-	"github.com/dotcloud/docker/utils"

-	"io/ioutil"

-	"log"

-	"net"

-	"strings"

-	"syscall"

-	"unsafe"

-)

-

-const (

-	DefaultNetworkBridge = "docker0"

-	siocBRADDBR          = 0x89a0

-)

-

-// Network interface represents the networking stack of a container

-type networkInterface struct {

-	IP           net.IP

-	PortMappings []net.Addr // there are mappings to the host interfaces

-}

-

-var (

-	addrs = []string{

-		// Here we don't follow the convention of using the 1st IP of the range for the gateway.

-		// This is to use the same gateway IPs as the /24 ranges, which predate the /16 ranges.

-		// In theory this shouldn't matter - in practice there's bound to be a few scripts relying

-		// on the internal addressing or other stupid things like that.

-		// The shouldn't, but hey, let's not break them unless we really have to.

-		"172.17.42.1/16", // Don't use 172.16.0.0/16, it conflicts with EC2 DNS 172.16.0.23

-		"10.0.42.1/16",   // Don't even try using the entire /8, that's too intrusive

-		"10.1.42.1/16",

-		"10.42.42.1/16",

-		"172.16.42.1/24",

-		"172.16.43.1/24",

-		"172.16.44.1/24",

-		"10.0.42.1/24",

-		"10.0.43.1/24",

-		"192.168.42.1/24",

-		"192.168.43.1/24",

-		"192.168.44.1/24",

-	}

-

-	bridgeIface   string

-	bridgeNetwork *net.IPNet

-

-	defaultBindingIP  = net.ParseIP("0.0.0.0")

-	currentInterfaces = make(map[string]*networkInterface)

-)

-

-func InitDriver(job *engine.Job) engine.Status {

-	var (

-		network        *net.IPNet

-		enableIPTables = job.GetenvBool("EnableIptables")

-		icc            = job.GetenvBool("InterContainerCommunication")

-		ipForward      = job.GetenvBool("EnableIpForward")

-		bridgeIP       = job.Getenv("BridgeIP")

-	)

-

-	if defaultIP := job.Getenv("DefaultBindingIP"); defaultIP != "" {

-		defaultBindingIP = net.ParseIP(defaultIP)

-	}

-

-	bridgeIface = job.Getenv("BridgeIface")

-	if bridgeIface == "" {

-		bridgeIface = DefaultNetworkBridge

-	}

-

-	addr, err := networkdriver.GetIfaceAddr(bridgeIface)

-	if err != nil {

-		// If the iface is not found, try to create it

-		job.Logf("creating new bridge for %s", bridgeIface)

-		if err := createBridge(bridgeIP); err != nil {

-			job.Error(err)

-			return engine.StatusErr

-		}

-

-		job.Logf("getting iface addr")

-		addr, err = networkdriver.GetIfaceAddr(bridgeIface)

-		if err != nil {

-			job.Error(err)

-			return engine.StatusErr

-		}

-		network = addr.(*net.IPNet)

-	} else {

-		network = addr.(*net.IPNet)

-	}

-

-	// Configure iptables for link support

-	if enableIPTables {

-		if err := setupIPTables(addr, icc); err != nil {

-			job.Error(err)

-			return engine.StatusErr

-		}

-	}

-

-	if ipForward {

-		// Enable IPv4 forwarding

-		if err := ioutil.WriteFile("/proc/sys/net/ipv4/ip_forward", []byte{'1', '\n'}, 0644); err != nil {

-			job.Logf("WARNING: unable to enable IPv4 forwarding: %s\n", err)

-		}

-	}

-

-	// We can always try removing the iptables

-	if err := iptables.RemoveExistingChain("DOCKER"); err != nil {

-		job.Error(err)

-		return engine.StatusErr

-	}

-

-	if enableIPTables {

-		chain, err := iptables.NewChain("DOCKER", bridgeIface)

-		if err != nil {

-			job.Error(err)

-			return engine.StatusErr

-		}

-		portmapper.SetIptablesChain(chain)

-	}

-

-	bridgeNetwork = network

-

-	// https://github.com/dotcloud/docker/issues/2768

-	job.Eng.Hack_SetGlobalVar("httpapi.bridgeIP", bridgeNetwork.IP)

-

-	for name, f := range map[string]engine.Handler{

-		"allocate_interface": Allocate,

-		"release_interface":  Release,

-		"allocate_port":      AllocatePort,

-		"link":               LinkContainers,

-	} {

-		if err := job.Eng.Register(name, f); err != nil {

-			job.Error(err)

-			return engine.StatusErr

-		}

-	}

-	return engine.StatusOK

-}

-

-func setupIPTables(addr net.Addr, icc bool) error {

-	// Enable NAT

-	natArgs := []string{"POSTROUTING", "-t", "nat", "-s", addr.String(), "!", "-d", addr.String(), "-j", "MASQUERADE"}

-

-	if !iptables.Exists(natArgs...) {

-		if output, err := iptables.Raw(append([]string{"-I"}, natArgs...)...); err != nil {

-			return fmt.Errorf("Unable to enable network bridge NAT: %s", err)

-		} else if len(output) != 0 {

-			return fmt.Errorf("Error iptables postrouting: %s", output)

-		}

-	}

-

-	var (

-		args       = []string{"FORWARD", "-i", bridgeIface, "-o", bridgeIface, "-j"}

-		acceptArgs = append(args, "ACCEPT")

-		dropArgs   = append(args, "DROP")

-	)

-

-	if !icc {

-		iptables.Raw(append([]string{"-D"}, acceptArgs...)...)

-

-		if !iptables.Exists(dropArgs...) {

-			utils.Debugf("Disable inter-container communication")

-			if output, err := iptables.Raw(append([]string{"-I"}, dropArgs...)...); err != nil {

-				return fmt.Errorf("Unable to prevent intercontainer communication: %s", err)

-			} else if len(output) != 0 {

-				return fmt.Errorf("Error disabling intercontainer communication: %s", output)

-			}

-		}

-	} else {

-		iptables.Raw(append([]string{"-D"}, dropArgs...)...)

-

-		if !iptables.Exists(acceptArgs...) {

-			utils.Debugf("Enable inter-container communication")

-			if output, err := iptables.Raw(append([]string{"-I"}, acceptArgs...)...); err != nil {

-				return fmt.Errorf("Unable to allow intercontainer communication: %s", err)

-			} else if len(output) != 0 {

-				return fmt.Errorf("Error enabling intercontainer communication: %s", output)

-			}

-		}

-	}

-

-	// Accept all non-intercontainer outgoing packets

-	outgoingArgs := []string{"FORWARD", "-i", bridgeIface, "!", "-o", bridgeIface, "-j", "ACCEPT"}

-	if !iptables.Exists(outgoingArgs...) {

-		if output, err := iptables.Raw(append([]string{"-I"}, outgoingArgs...)...); err != nil {

-			return fmt.Errorf("Unable to allow outgoing packets: %s", err)

-		} else if len(output) != 0 {

-			return fmt.Errorf("Error iptables allow outgoing: %s", output)

-		}

-	}

-

-	// Accept incoming packets for existing connections

-	existingArgs := []string{"FORWARD", "-o", bridgeIface, "-m", "conntrack", "--ctstate", "RELATED,ESTABLISHED", "-j", "ACCEPT"}

-

-	if !iptables.Exists(existingArgs...) {

-		if output, err := iptables.Raw(append([]string{"-I"}, existingArgs...)...); err != nil {

-			return fmt.Errorf("Unable to allow incoming packets: %s", err)

-		} else if len(output) != 0 {

-			return fmt.Errorf("Error iptables allow incoming: %s", output)

-		}

-	}

-	return nil

-}

-

-// CreateBridgeIface creates a network bridge interface on the host system with the name `ifaceName`,

-// and attempts to configure it with an address which doesn't conflict with any other interface on the host.

-// If it can't find an address which doesn't conflict, it will return an error.

-func createBridge(bridgeIP string) error {

-	nameservers := []string{}

-	resolvConf, _ := utils.GetResolvConf()

-	// we don't check for an error here, because we don't really care

-	// if we can't read /etc/resolv.conf. So instead we skip the append

-	// if resolvConf is nil. It either doesn't exist, or we can't read it

-	// for some reason.

-	if resolvConf != nil {

-		nameservers = append(nameservers, utils.GetNameserversAsCIDR(resolvConf)...)

-	}

-

-	var ifaceAddr string

-	if len(bridgeIP) != 0 {

-		_, _, err := net.ParseCIDR(bridgeIP)

-		if err != nil {

-			return err

-		}

-		ifaceAddr = bridgeIP

-	} else {

-		for _, addr := range addrs {

-			_, dockerNetwork, err := net.ParseCIDR(addr)

-			if err != nil {

-				return err

-			}

-			if err := networkdriver.CheckNameserverOverlaps(nameservers, dockerNetwork); err == nil {

-				if err := networkdriver.CheckRouteOverlaps(dockerNetwork); err == nil {

-					ifaceAddr = addr

-					break

-				} else {

-					utils.Debugf("%s %s", addr, err)

-				}

-			}

-		}

-	}

-

-	if ifaceAddr == "" {

-		return fmt.Errorf("Could not find a free IP address range for interface '%s'. Please configure its address manually and run 'docker -b %s'", bridgeIface, bridgeIface)

-	}

-	utils.Debugf("Creating bridge %s with network %s", bridgeIface, ifaceAddr)

-

-	if err := createBridgeIface(bridgeIface); err != nil {

-		return err

-	}

-

-	iface, err := net.InterfaceByName(bridgeIface)

-	if err != nil {

-		return err

-	}

-

-	ipAddr, ipNet, err := net.ParseCIDR(ifaceAddr)

-	if err != nil {

-		return err

-	}

-

-	if netlink.NetworkLinkAddIp(iface, ipAddr, ipNet); err != nil {

-		return fmt.Errorf("Unable to add private network: %s", err)

-	}

-	if err := netlink.NetworkLinkUp(iface); err != nil {

-		return fmt.Errorf("Unable to start network bridge: %s", err)

-	}

-	return nil

-}

-

-// Create the actual bridge device.  This is more backward-compatible than

-// netlink.NetworkLinkAdd and works on RHEL 6.

-func createBridgeIface(name string) error {

-	s, err := syscall.Socket(syscall.AF_INET6, syscall.SOCK_STREAM, syscall.IPPROTO_IP)

-	if err != nil {

-		utils.Debugf("Bridge socket creation failed IPv6 probably not enabled: %v", err)

-		s, err = syscall.Socket(syscall.AF_INET, syscall.SOCK_STREAM, syscall.IPPROTO_IP)

-		if err != nil {

-			return fmt.Errorf("Error creating bridge creation socket: %s", err)

-		}

-	}

-	defer syscall.Close(s)

-

-	nameBytePtr, err := syscall.BytePtrFromString(name)

-	if err != nil {

-		return fmt.Errorf("Error converting bridge name %s to byte array: %s", name, err)

-	}

-

-	if _, _, err := syscall.Syscall(syscall.SYS_IOCTL, uintptr(s), siocBRADDBR, uintptr(unsafe.Pointer(nameBytePtr))); err != 0 {

-		return fmt.Errorf("Error creating bridge: %s", err)

-	}

-	return nil

-}

-

-// Allocate a network interface

-func Allocate(job *engine.Job) engine.Status {

-	var (

-		ip          *net.IP

-		err         error

-		id          = job.Args[0]

-		requestedIP = net.ParseIP(job.Getenv("RequestedIP"))

-	)

-

-	if requestedIP != nil {

-		ip, err = ipallocator.RequestIP(bridgeNetwork, &requestedIP)

-	} else {

-		ip, err = ipallocator.RequestIP(bridgeNetwork, nil)

-	}

-	if err != nil {

-		job.Error(err)

-		return engine.StatusErr

-	}

-

-	out := engine.Env{}

-	out.Set("IP", ip.String())

-	out.Set("Mask", bridgeNetwork.Mask.String())

-	out.Set("Gateway", bridgeNetwork.IP.String())

-	out.Set("Bridge", bridgeIface)

-

-	size, _ := bridgeNetwork.Mask.Size()

-	out.SetInt("IPPrefixLen", size)

-

-	currentInterfaces[id] = &networkInterface{

-		IP: *ip,

-	}

-

-	out.WriteTo(job.Stdout)

-

-	return engine.StatusOK

-}

-

-// release an interface for a select ip

-func Release(job *engine.Job) engine.Status {

-	var (

-		id                 = job.Args[0]

-		containerInterface = currentInterfaces[id]

-		ip                 net.IP

-		port               int

-		proto              string

-	)

-

-	if containerInterface == nil {

-		return job.Errorf("No network information to release for %s", id)

-	}

-

-	for _, nat := range containerInterface.PortMappings {

-		if err := portmapper.Unmap(nat); err != nil {

-			log.Printf("Unable to unmap port %s: %s", nat, err)

-		}

-

-		// this is host mappings

-		switch a := nat.(type) {

-		case *net.TCPAddr:

-			proto = "tcp"

-			ip = a.IP

-			port = a.Port

-		case *net.UDPAddr:

-			proto = "udp"

-			ip = a.IP

-			port = a.Port

-		}

-

-		if err := portallocator.ReleasePort(ip, proto, port); err != nil {

-			log.Printf("Unable to release port %s", nat)

-		}

-	}

-

-	if err := ipallocator.ReleaseIP(bridgeNetwork, &containerInterface.IP); err != nil {

-		log.Printf("Unable to release ip %s\n", err)

-	}

-	return engine.StatusOK

-}

-

-// Allocate an external port and map it to the interface

-func AllocatePort(job *engine.Job) engine.Status {

-	var (

-		err error

-

-		ip            = defaultBindingIP

-		id            = job.Args[0]

-		hostIP        = job.Getenv("HostIP")

-		hostPort      = job.GetenvInt("HostPort")

-		containerPort = job.GetenvInt("ContainerPort")

-		proto         = job.Getenv("Proto")

-		network       = currentInterfaces[id]

-	)

-

-	if hostIP != "" {

-		ip = net.ParseIP(hostIP)

-	}

-

-	// host ip, proto, and host port

-	hostPort, err = portallocator.RequestPort(ip, proto, hostPort)

-	if err != nil {

-		job.Error(err)

-		return engine.StatusErr

-	}

-

-	var (

-		container net.Addr

-		host      net.Addr

-	)

-

-	if proto == "tcp" {

-		host = &net.TCPAddr{IP: ip, Port: hostPort}

-		container = &net.TCPAddr{IP: network.IP, Port: containerPort}

-	} else {

-		host = &net.UDPAddr{IP: ip, Port: hostPort}

-		container = &net.UDPAddr{IP: network.IP, Port: containerPort}

-	}

-

-	if err := portmapper.Map(container, ip, hostPort); err != nil {

-		portallocator.ReleasePort(ip, proto, hostPort)

-

-		job.Error(err)

-		return engine.StatusErr

-	}

-	network.PortMappings = append(network.PortMappings, host)

-

-	out := engine.Env{}

-	out.Set("HostIP", ip.String())

-	out.SetInt("HostPort", hostPort)

-

-	if _, err := out.WriteTo(job.Stdout); err != nil {

-		job.Error(err)

-		return engine.StatusErr

-	}

-	return engine.StatusOK

-}

-

-func LinkContainers(job *engine.Job) engine.Status {

-	var (

-		action       = job.Args[0]

-		childIP      = job.Getenv("ChildIP")

-		parentIP     = job.Getenv("ParentIP")

-		ignoreErrors = job.GetenvBool("IgnoreErrors")

-		ports        = job.GetenvList("Ports")

-	)