@@ -26,7 +26,7 @@ clone git github.com/docker/engine-api v0.2.2

 clone git github.com/RackSec/srslog 6eb773f331e46fbba8eecb8e794e635e75fc04de

 #get libnetwork packages

-clone git github.com/docker/libnetwork v0.5.4

+clone git github.com/docker/libnetwork v0.5.5

 clone git github.com/armon/go-metrics eb0af217e5e9747e41dd5303755356b62d28e3ec

 clone git github.com/hashicorp/go-msgpack 71c2886f5a673a35f909803f38ece5810165097b

 clone git github.com/hashicorp/memberlist 9a1e242e454d2443df330bdd51a436d5a9058fc4

@@ -8,6 +8,8 @@ bin/

 integration-tmp/

 _obj

 _test

+.vagrant

+

 # Architecture specific extensions/prefixes

 *.[568vq]

@@ -1,5 +1,10 @@

 # Changelog

+## 0.5.5 (2016-01-14)

+- Allow network-scoped alias to be resolved for anonymous endpoint

+- Self repair corrupted IP database that could happen in 1.9.0 & 1.9.1

+- Skip IPTables cleanup if --iptables=false is set. Fixes docker/docker#19063

+

 ## 0.5.4 (2016-01-12)

 - Removed the isNodeAlive protection when user forces an endpoint delete

@@ -9,6 +9,7 @@ import (

 	"fmt"

 	"sync"

+	log "github.com/Sirupsen/logrus"

 	"github.com/docker/libnetwork/datastore"

 	"github.com/docker/libnetwork/types"

 )

@@ -243,6 +244,58 @@ func (h *Handle) IsSet(ordinal uint64) bool {

 	return err != nil

 }

+func (h *Handle) runConsistencyCheck() bool {

+	corrupted := false

+	for p, c := h.head, h.head.next; c != nil; c = c.next {

+		if c.count == 0 {

+			corrupted = true

+			p.next = c.next

+			continue // keep same p

+		}

+		p = c

+	}

+	return corrupted

+}

+

+// CheckConsistency checks if the bit sequence is in an inconsistent state and attempts to fix it.

+// It looks for a corruption signature that may happen in docker 1.9.0 and 1.9.1.

+func (h *Handle) CheckConsistency() error {

+	for {

+		h.Lock()

+		store := h.store

+		h.Unlock()

+

+		if store != nil {

+			if err := store.GetObject(datastore.Key(h.Key()...), h); err != nil && err != datastore.ErrKeyNotFound {

+				return err

+			}

+		}

+

+		h.Lock()

+		nh := h.getCopy()

+		h.Unlock()

+

+		if !nh.runConsistencyCheck() {

+			return nil

+		}

+

+		if err := nh.writeToStore(); err != nil {

+			if _, ok := err.(types.RetryError); !ok {

+				return fmt.Errorf("internal failure while fixing inconsistent bitsequence: %v", err)

+			}

+			continue

+		}

+

+		log.Infof("Fixed inconsistent bit sequence in datastore:\n%s\n%s", h, nh)

+

+		h.Lock()

+		h.head = nh.head

+		h.Unlock()

+

+		return nil

+	}

+}

+

 // set/reset the bit

 func (h *Handle) set(ordinal, start, end uint64, any bool, release bool) (uint64, error) {

 	var (

@@ -135,7 +135,7 @@ func Init(dc driverapi.DriverCallback, config map[string]interface{}) error {

 	if err := iptables.FirewalldInit(); err != nil {

 		logrus.Debugf("Fail to initialize firewalld: %v, using raw iptables instead", err)

 	}

-	removeIPChains()

+

 	d := newDriver()

 	if err := d.configure(config); err != nil {

 		return err

@@ -378,6 +378,7 @@ func (d *driver) configure(option map[string]interface{}) error {

 	}

 	if config.EnableIPTables {

+		removeIPChains()

 		natChain, filterChain, isolationChain, err = setupIPChains(config)

 		if err != nil {

 			return err

@@ -70,6 +70,9 @@ func NewAllocator(lcDs, glDs datastore.DataStore) (*Allocator, error) {

 		}

 	}

+	a.checkConsistency(localAddressSpace)

+	a.checkConsistency(globalAddressSpace)

+

 	return a, nil

 }

@@ -115,6 +118,25 @@ func (a *Allocator) updateBitMasks(aSpace *addrSpace) error {

 	return nil

 }

+// Checks for and fixes damaged bitmask. Meant to be called in constructor only.

+func (a *Allocator) checkConsistency(as string) {

+	// Retrieve this address space's configuration and bitmasks from the datastore

+	a.refresh(as)

+	aSpace, ok := a.addrSpaces[as]

+	if !ok {

+		return

+	}

+	a.updateBitMasks(aSpace)

+	for sk, pd := range aSpace.subnets {

+		if pd.Range != nil {

+			continue

+		}

+		if err := a.addresses[sk].CheckConsistency(); err != nil {

+			log.Warnf("Error while running consistency check for %s: %v", sk, err)

+		}

+	}

+}

+

 // GetDefaultAddressSpaces returns the local and global default address spaces

 func (a *Allocator) GetDefaultAddressSpaces() (string, string, error) {

 	return localAddressSpace, globalAddressSpace, nil

@@ -822,20 +822,20 @@ func (n *network) EndpointByID(id string) (Endpoint, error) {

 }

 func (n *network) updateSvcRecord(ep *endpoint, localEps []*endpoint, isAdd bool) {

-	if ep.isAnonymous() {

-		return

-	}

-

 	epName := ep.Name()

 	if iface := ep.Iface(); iface.Address() != nil {

 		myAliases := ep.MyAliases()

 		if isAdd {

-			n.addSvcRecords(epName, iface.Address().IP, true)

+			if !ep.isAnonymous() {

+				n.addSvcRecords(epName, iface.Address().IP, true)

+			}

 			for _, alias := range myAliases {

 				n.addSvcRecords(alias, iface.Address().IP, false)

 			}

 		} else {

-			n.deleteSvcRecords(epName, iface.Address().IP, true)

+			if !ep.isAnonymous() {

+				n.deleteSvcRecords(epName, iface.Address().IP, true)

+			}

 			for _, alias := range myAliases {

 				n.deleteSvcRecords(alias, iface.Address().IP, false)

 			}