@@ -29,14 +29,14 @@ clone git github.com/RackSec/srslog 6eb773f331e46fbba8eecb8e794e635e75fc04de

 clone git github.com/imdario/mergo 0.2.1

 #get libnetwork packages

-clone git github.com/docker/libnetwork v0.7.0-dev.3

+clone git github.com/docker/libnetwork v0.7.0-dev.5

 clone git github.com/armon/go-metrics eb0af217e5e9747e41dd5303755356b62d28e3ec

 clone git github.com/hashicorp/go-msgpack 71c2886f5a673a35f909803f38ece5810165097b

 clone git github.com/hashicorp/memberlist 9a1e242e454d2443df330bdd51a436d5a9058fc4

 clone git github.com/hashicorp/serf 7151adcef72687bf95f451a2e0ba15cb19412bf2

 clone git github.com/docker/libkv c2aac5dbbaa5c872211edea7c0f32b3bd67e7410

 clone git github.com/vishvananda/netns 604eaf189ee867d8c147fafc28def2394e878d25

-clone git github.com/vishvananda/netlink bfd70f556483c008636b920dda142fdaa0d59ef9

+clone git github.com/vishvananda/netlink 631962935bff4f3d20ff32a72e8944f6d2836a26

 clone git github.com/BurntSushi/toml f706d00e3de6abe700c994cdd545a1a4915af060

 clone git github.com/samuel/go-zookeeper d0e0d8e11f318e000a8cc434616d69e329edc374

 clone git github.com/deckarep/golang-set ef32fa3046d9f249d399f98ebaf9be944430fd1d

@@ -1432,7 +1432,7 @@ func (s *DockerSuite) TestDockerNetworkInternalMode(c *check.C) {

 	c.Assert(waitRun("second"), check.IsNil)

 	out, _, err := dockerCmdWithError("exec", "first", "ping", "-W", "4", "-c", "1", "www.google.com")

 	c.Assert(err, check.NotNil)

-	c.Assert(out, checker.Contains, "100% packet loss")

+	c.Assert(out, checker.Contains, "ping: bad address")

 	_, _, err = dockerCmdWithError("exec", "second", "ping", "-c", "1", "first")

 	c.Assert(err, check.IsNil)

 }

@@ -1,5 +1,25 @@

 # Changelog

+## 0.7.0-dev.5 (2016-03-08)

+- Fixes https://github.com/docker/docker/issues/20847

+- Fixes https://github.com/docker/docker/issues/20997

+- Fixes issues unveiled by docker integ test over 0.7.0-dev.4

+

+## 0.7.0-dev.4 (2016-03-07)

+- Changed ownership of exposed ports and port-mapping options from Endpoint to Sandbox

+- Implement DNS RR in the Docker embedded DNS server

+- Fixes https://github.com/docker/libnetwork/issues/984 (multi container overlay veth leak)

+- Libnetwork to program container's interface MAC address

+- Fixed bug in iptables.Exists() logic

+- Fixes https://github.com/docker/docker/issues/20694

+- Source external DNS queries from container namespace

+- Added inbuilt nil IPAM driver

+- Windows drivers integration fixes

+- Extract hostname from (hostname.domainname). Related to https://github.com/docker/docker/issues/14282

+- Fixed race in sandbox statistics read

+- Fixes https://github.com/docker/libnetwork/issues/892 (docker start fails when ipv6.disable=1)

+- Fixed error message on bridge network creation conflict

+

 ## 0.7.0-dev.3 (2016-02-17)

 - Fixes https://github.com/docker/docker/issues/20350

 - Fixes https://github.com/docker/docker/issues/20145

@@ -90,7 +110,7 @@

 - DEPRECATE service discovery from default bridge network

 - Introduced new network UX

 - Support for multiple networks in bridge driver

-- Local persistance with boltdb

+- Local persistence with boltdb

 ## 0.4.0 (2015-07-24)

@@ -17,6 +17,7 @@

 			"mrjana",

 			"mavenugo",

                         "sanimej",

+                        "chenchun",

 		]

 [people]

@@ -37,6 +38,11 @@

 	Email = "lk4d4@docker.com"

 	GitHub = "LK4D4"

+	[people.chenchun]

+	Name = "Chun Chen"

+	Email = "ramichen@tencent.com"

+	GitHub = "chenchun"

+

 	[people.icecrime]

 	Name = "Arnaud Porterie"

 	Email = "arnaud@docker.com"

@@ -163,7 +163,7 @@ func (s *sequence) toByteArray() ([]byte, error) {

 func (s *sequence) fromByteArray(data []byte) error {

 	l := len(data)

 	if l%12 != 0 {

-		return fmt.Errorf("cannot deserialize byte sequence of lenght %d (%v)", l, data)

+		return fmt.Errorf("cannot deserialize byte sequence of length %d (%v)", l, data)

 	}

 	p := s

@@ -170,7 +170,7 @@ func New(cfgOptions ...config.Option) (NetworkController, error) {

 	if c.cfg != nil && c.cfg.Cluster.Watcher != nil {

 		if err := c.initDiscovery(c.cfg.Cluster.Watcher); err != nil {

-			// Failing to initalize discovery is a bad situation to be in.

+			// Failing to initialize discovery is a bad situation to be in.

 			// But it cannot fail creating the Controller

 			log.Errorf("Failed to Initialize Discovery : %v", err)

 		}

@@ -31,7 +31,7 @@ type DataStore interface {

 	DeleteObjectAtomic(kvObject KVObject) error

 	// DeleteTree deletes a record

 	DeleteTree(kvObject KVObject) error

-	// Watchable returns whether the store is watchable are not

+	// Watchable returns whether the store is watchable or not

 	Watchable() bool

 	// Watch for changes on a KVObject

 	Watch(kvObject KVObject, stopCh <-chan struct{}) (<-chan KVObject, error)

@@ -3,7 +3,6 @@ package libnetwork

 import (

 	"fmt"

-	"github.com/docker/libnetwork/netlabel"

 	"github.com/docker/libnetwork/types"

 )

@@ -28,15 +27,15 @@ var procGwNetwork = make(chan (bool), 1)

    - its deleted when an endpoint with GW joins the container

 */

-func (sb *sandbox) setupDefaultGW(srcEp *endpoint) error {

-	var createOptions []EndpointOption

-	c := srcEp.getNetwork().getController()

+func (sb *sandbox) setupDefaultGW() error {

 	// check if the conitainer already has a GW endpoint

 	if ep := sb.getEndpointInGWNetwork(); ep != nil {

 		return nil

 	}

+	c := sb.controller

+

 	// Look for default gw network. In case of error (includes not found),

 	// retry and create it if needed in a serialized execution.

 	n, err := c.NetworkByName(libnGWNetwork)

@@ -46,19 +45,7 @@ func (sb *sandbox) setupDefaultGW(srcEp *endpoint) error {

 		}

 	}

-	if opt, ok := srcEp.generic[netlabel.PortMap]; ok {

-		if pb, ok := opt.([]types.PortBinding); ok {

-			createOptions = append(createOptions, CreateOptionPortMapping(pb))

-		}

-	}

-

-	if opt, ok := srcEp.generic[netlabel.ExposedPorts]; ok {

-		if exp, ok := opt.([]types.TransportPort); ok {

-			createOptions = append(createOptions, CreateOptionExposedPorts(exp))

-		}

-	}

-

-	createOptions = append(createOptions, CreateOptionAnonymous())

+	createOptions := []EndpointOption{CreateOptionAnonymous()}

 	eplen := gwEPlen

 	if len(sb.containerID) < gwEPlen {

@@ -74,9 +61,13 @@ func (sb *sandbox) setupDefaultGW(srcEp *endpoint) error {

 	if err := epLocal.sbJoin(sb); err != nil {

 		return fmt.Errorf("container %s: endpoint join on GW Network failed: %v", sb.containerID, err)

 	}

+

 	return nil

 }

+// If present, removes the endpoint connecting the sandbox to the default gw network.

+// Unless it is the endpoint designated to provide the external connectivity.

+// If the sandbox is being deleted, removes the endpoint unconditionally.

 func (sb *sandbox) clearDefaultGW() error {

 	var ep *endpoint

@@ -84,6 +75,10 @@ func (sb *sandbox) clearDefaultGW() error {

 		return nil

 	}

+	if ep == sb.getGatewayEndpoint() && !sb.inDelete {

+		return nil

+	}

+

 	if err := ep.sbLeave(sb, false); err != nil {

 		return fmt.Errorf("container %s: endpoint leaving GW Network failed: %v", sb.containerID, err)

 	}

@@ -98,7 +93,7 @@ func (sb *sandbox) needDefaultGW() bool {

 	for _, ep := range sb.getConnectedEndpoints() {

 		if ep.endpointInGWNetwork() {

-			continue

+			return false

 		}

 		if ep.getNetwork().Type() == "null" || ep.getNetwork().Type() == "host" {

 			continue

@@ -165,3 +160,16 @@ func (c *controller) defaultGwNetwork() (Network, error) {

 	}

 	return n, err

 }

+

+// Returns the endpoint which is providing external connectivity to the sandbox

+func (sb *sandbox) getGatewayEndpoint() *endpoint {

+	for _, ep := range sb.getConnectedEndpoints() {

+		if ep.getNetwork().Type() == "null" || ep.getNetwork().Type() == "host" {

+			continue

+		}

+		if len(ep.Gateway()) != 0 {

+			return ep

+		}

+	}

+	return nil

+}

@@ -16,7 +16,7 @@ type DiscoveryType int

 const (

 	// NodeDiscovery represents Node join/leave events provided by discovery

 	NodeDiscovery = iota + 1

-	// DatastoreConfig represents a add/remove datastore event

+	// DatastoreConfig represents an add/remove datastore event

 	DatastoreConfig

 )

@@ -42,6 +42,14 @@ type Driver interface {

 	// Leave method is invoked when a Sandbox detaches from an endpoint.

 	Leave(nid, eid string) error

+	// ProgramExternalConnectivity invokes the driver method which does the necessary

+	// programming to allow the external connectivity dictated by the passed options

+	ProgramExternalConnectivity(nid, eid string, options map[string]interface{}) error

+

+	// RevokeExternalConnectivity aks the driver to remove any external connectivity

+	// programming that was done so far

+	RevokeExternalConnectivity(nid, eid string) error

+

 	// Type returns the the type of this driver, the network type this driver manages

 	Type() string

 }

@@ -88,8 +96,8 @@ type JoinInfo interface {

 	// SetGatewayIPv6 sets the default IPv6 gateway when a container joins the endpoint.

 	SetGatewayIPv6(net.IP) error

-	// AddStaticRoute adds a routes to the sandbox.

-	// It may be used in addtion to or instead of a default gateway (as above).

+	// AddStaticRoute adds a route to the sandbox.

+	// It may be used in addition to or instead of a default gateway (as above).

 	AddStaticRoute(destination *net.IPNet, routeType int, nextHop net.IP) error

 	// DisableGatewayService tells libnetwork not to provide Default GW for the container

@@ -64,7 +64,7 @@ func (i *IPAMData) UnmarshalJSON(data []byte) error {

 	return nil

 }

-// Validate checks wheter the IPAMData structure contains congruent data

+// Validate checks whether the IPAMData structure contains congruent data

 func (i *IPAMData) Validate() error {

 	var isV6 bool

 	if i.Pool == nil {

@@ -93,7 +93,7 @@ func (i *IPAMData) Validate() error {

 	return nil

 }

-// IsV6 returns wheter this is an IPv6 IPAMData structure

+// IsV6 returns whether this is an IPv6 IPAMData structure

 func (i *IPAMData) IsV6() bool {

 	return nil == i.Pool.IP.To4()

 }

@@ -9,6 +9,7 @@ import (

 	"github.com/docker/libnetwork/netlabel"

 	builtinIpam "github.com/docker/libnetwork/ipams/builtin"

+	nullIpam "github.com/docker/libnetwork/ipams/null"

 	remoteIpam "github.com/docker/libnetwork/ipams/remote"

 )

@@ -73,6 +74,7 @@ func initIpams(ic ipamapi.Callback, lDs, gDs interface{}) error {

 	for _, fn := range [](func(ipamapi.Callback, interface{}, interface{}) error){

 		builtinIpam.Init,

 		remoteIpam.Init,

+		nullIpam.Init,

 	} {

 		if err := fn(ic, lDs, gDs); err != nil {

 			return err

@@ -74,9 +74,7 @@ type networkConfiguration struct {

 // endpointConfiguration represents the user specified configuration for the sandbox endpoint

 type endpointConfiguration struct {

-	MacAddress   net.HardwareAddr

-	PortBindings []types.PortBinding

-	ExposedPorts []types.TransportPort

+	MacAddress net.HardwareAddr

 }

 // containerConfiguration represents the user specified configuration for a container

@@ -85,6 +83,12 @@ type containerConfiguration struct {

 	ChildEndpoints  []string

 }

+// cnnectivityConfiguration represents the user specified configuration regarding the external connectivity

+type connectivityConfiguration struct {

+	PortBindings []types.PortBinding

+	ExposedPorts []types.TransportPort

+}

+

 type bridgeEndpoint struct {

 	id              string

 	srcName         string

@@ -93,6 +97,7 @@ type bridgeEndpoint struct {

 	macAddress      net.HardwareAddr

 	config          *endpointConfiguration // User specified parameters

 	containerConfig *containerConfiguration

+	extConnConfig   *connectivityConfiguration

 	portMapping     []types.PortBinding // Operation port bindings

 }

@@ -183,7 +188,7 @@ func (c *networkConfiguration) Conflicts(o *networkConfiguration) error {

 		return fmt.Errorf("same configuration")

 	}

-	// Also empty, becasue only one network with empty name is allowed

+	// Also empty, because only one network with empty name is allowed

 	if c.BridgeName == o.BridgeName {

 		return fmt.Errorf("networks have same bridge name")

 	}

@@ -450,7 +455,7 @@ func parseNetworkGenericOptions(data interface{}) (*networkConfiguration, error)

 func (c *networkConfiguration) processIPAM(id string, ipamV4Data, ipamV6Data []driverapi.IPAMData) error {

 	if len(ipamV4Data) > 1 || len(ipamV6Data) > 1 {

-		return types.ForbiddenErrorf("bridge driver doesnt support multiple subnets")

+		return types.ForbiddenErrorf("bridge driver doesn't support multiple subnets")

 	}

 	if len(ipamV4Data) == 0 {

@@ -543,6 +548,9 @@ func (d *driver) getNetworks() []*bridgeNetwork {

 // Create a new network using bridge plugin

 func (d *driver) CreateNetwork(id string, option map[string]interface{}, ipV4Data, ipV6Data []driverapi.IPAMData) error {

+	if len(ipV4Data) == 0 || ipV4Data[0].Pool.String() == "0.0.0.0/0" {

+		return types.BadRequestErrorf("ipv4 pool is empty")

+	}

 	// Sanity checks

 	d.Lock()

 	if _, ok := d.networks[id]; ok {

@@ -581,7 +589,7 @@ func (d *driver) createNetwork(config *networkConfiguration) error {

 		nw.Unlock()

 		if err := nwConfig.Conflicts(config); err != nil {

 			return types.ForbiddenErrorf("cannot create network %s (%s): conflicts with network %s (%s): %s",

-				nwConfig.BridgeName, config.ID, nw.id, nw.config.BridgeName, err.Error())

+				config.ID, config.BridgeName, nwConfig.ID, nwConfig.BridgeName, err.Error())

 		}

 	}

@@ -948,28 +956,19 @@ func (d *driver) CreateEndpoint(nid, eid string, ifInfo driverapi.InterfaceInfo,

 		}

 	}

-	// Create the sandbox side pipe interface

+	// Store the sandbox side pipe interface parameters

 	endpoint.srcName = containerIfName

 	endpoint.macAddress = ifInfo.MacAddress()

 	endpoint.addr = ifInfo.Address()

 	endpoint.addrv6 = ifInfo.AddressIPv6()

-	// Down the interface before configuring mac address.

-	if err = netlink.LinkSetDown(sbox); err != nil {

-		return fmt.Errorf("could not set link down for container interface %s: %v", containerIfName, err)

-	}

-

-	// Set the sbox's MAC. If specified, use the one configured by user, otherwise generate one based on IP.

+	// Set the sbox's MAC if not provided. If specified, use the one configured by user, otherwise generate one based on IP.

 	if endpoint.macAddress == nil {

 		endpoint.macAddress = electMacAddress(epConfig, endpoint.addr.IP)

-		if err := ifInfo.SetMacAddress(endpoint.macAddress); err != nil {

+		if err = ifInfo.SetMacAddress(endpoint.macAddress); err != nil {

 			return err

 		}

 	}

-	err = netlink.LinkSetHardwareAddr(sbox, endpoint.macAddress)

-	if err != nil {

-		return fmt.Errorf("could not set mac address for container interface %s: %v", containerIfName, err)

-	}

 	// Up the host interface after finishing all netlink configuration

 	if err = netlink.LinkSetUp(host); err != nil {

@@ -996,17 +995,11 @@ func (d *driver) CreateEndpoint(nid, eid string, ifInfo driverapi.InterfaceInfo,

 		}

 		endpoint.addrv6 = &net.IPNet{IP: ip6, Mask: network.Mask}

-		if err := ifInfo.SetIPAddress(endpoint.addrv6); err != nil {

+		if err = ifInfo.SetIPAddress(endpoint.addrv6); err != nil {

 			return err

 		}

 	}

-	// Program any required port mapping and store them in the endpoint

-	endpoint.portMapping, err = n.allocatePorts(epConfig, endpoint, config.DefaultBindingIP, d.config.EnableUserlandProxy)

-	if err != nil {

-		return err

-	}

-

 	return nil

 }

@@ -1061,9 +1054,6 @@ func (d *driver) DeleteEndpoint(nid, eid string) error {

 		}

 	}()

-	// Remove port mappings. Do not stop endpoint delete on unmap failure

-	n.releasePorts(ep)

-

 	// Try removal of link. Discard error: it is a best effort.

 	// Also make sure defer does not see this error either.

 	if link, err := netlink.LinkByName(ep.srcName); err == nil {

@@ -1104,10 +1094,10 @@ func (d *driver) EndpointOperInfo(nid, eid string) (map[string]interface{}, erro

 	m := make(map[string]interface{})

-	if ep.config.ExposedPorts != nil {

+	if ep.extConnConfig != nil && ep.extConnConfig.ExposedPorts != nil {

 		// Return a copy of the config data

-		epc := make([]types.TransportPort, 0, len(ep.config.ExposedPorts))

-		for _, tp := range ep.config.ExposedPorts {

+		epc := make([]types.TransportPort, 0, len(ep.extConnConfig.ExposedPorts))

+		for _, tp := range ep.extConnConfig.ExposedPorts {

 			epc = append(epc, tp.GetCopy())

 		}

 		m[netlabel.ExposedPorts] = epc

@@ -1147,6 +1137,11 @@ func (d *driver) Join(nid, eid string, sboxKey string, jinfo driverapi.JoinInfo,

 		return EndpointNotFoundError(eid)

 	}

+	endpoint.containerConfig, err = parseContainerOptions(options)

+	if err != nil {

+		return err

+	}

+

 	iNames := jinfo.InterfaceName()

 	err = iNames.SetNames(endpoint.srcName, containerVethPrefix)

 	if err != nil {

@@ -1163,10 +1158,6 @@ func (d *driver) Join(nid, eid string, sboxKey string, jinfo driverapi.JoinInfo,

 		return err

 	}

-	if !network.config.EnableICC {

-		return d.link(network, endpoint, options, true)

-	}

-

 	return nil

 }

@@ -1189,32 +1180,87 @@ func (d *driver) Leave(nid, eid string) error {

 	}

 	if !network.config.EnableICC {

-		return d.link(network, endpoint, nil, false)

+		if err = d.link(network, endpoint, false); err != nil {

+			return err

+		}

 	}

 	return nil

 }

-func (d *driver) link(network *bridgeNetwork, endpoint *bridgeEndpoint, options map[string]interface{}, enable bool) error {

-	var (

-		cc  *containerConfiguration

-		err error

-	)

+func (d *driver) ProgramExternalConnectivity(nid, eid string, options map[string]interface{}) error {

+	defer osl.InitOSContext()()

-	if enable {

-		cc, err = parseContainerOptions(options)

-		if err != nil {

-			return err

-		}

-	} else {

-		cc = endpoint.containerConfig

+	network, err := d.getNetwork(nid)

+	if err != nil {

+		return err

 	}

+	endpoint, err := network.getEndpoint(eid)

+	if err != nil {

+		return err

+	}

+

+	if endpoint == nil {

+		return EndpointNotFoundError(eid)

+	}

+

+	endpoint.extConnConfig, err = parseConnectivityOptions(options)

+	if err != nil {

+		return err

+	}

+

+	// Program any required port mapping and store them in the endpoint

+	endpoint.portMapping, err = network.allocatePorts(endpoint, network.config.DefaultBindingIP, d.config.EnableUserlandProxy)

+	if err != nil {

+		return err

+	}

+

+	if !network.config.EnableICC {

+		return d.link(network, endpoint, true)

+	}

+

+	return nil

+}

+

+func (d *driver) RevokeExternalConnectivity(nid, eid string) error {

+	defer osl.InitOSContext()()

+

+	network, err := d.getNetwork(nid)

+	if err != nil {

+		return err

+	}

+

+	endpoint, err := network.getEndpoint(eid)

+	if err != nil {

+		return err

+	}

+

+	if endpoint == nil {

+		return EndpointNotFoundError(eid)

+	}

+

+	err = network.releasePorts(endpoint)

+	if err != nil {

+		logrus.Warn(err)

+	}

+

+	return nil

+}

+

+func (d *driver) link(network *bridgeNetwork, endpoint *bridgeEndpoint, enable bool) error {

+	var err error

+

+	cc := endpoint.containerConfig

 	if cc == nil {

 		return nil

 	}

+	ec := endpoint.extConnConfig

+	if ec == nil {

+		return nil

+	}

-	if endpoint.config != nil && endpoint.config.ExposedPorts != nil {

+	if ec.ExposedPorts != nil {

 		for _, p := range cc.ParentEndpoints {

 			var parentEndpoint *bridgeEndpoint

 			parentEndpoint, err = network.getEndpoint(p)

@@ -1228,7 +1274,7 @@ func (d *driver) link(network *bridgeNetwork, endpoint *bridgeEndpoint, options

 			l := newLink(parentEndpoint.addr.IP.String(),

 				endpoint.addr.IP.String(),

-				endpoint.config.ExposedPorts, network.config.BridgeName)

+				ec.ExposedPorts, network.config.BridgeName)

 			if enable {

 				err = l.Enable()

 				if err != nil {

@@ -1255,13 +1301,13 @@ func (d *driver) link(network *bridgeNetwork, endpoint *bridgeEndpoint, options

 			err = InvalidEndpointIDError(c)

 			return err

 		}

-		if childEndpoint.config == nil || childEndpoint.config.ExposedPorts == nil {

+		if childEndpoint.extConnConfig == nil || childEndpoint.extConnConfig.ExposedPorts == nil {

 			continue

 		}

 		l := newLink(endpoint.addr.IP.String(),

 			childEndpoint.addr.IP.String(),

-			childEndpoint.config.ExposedPorts, network.config.BridgeName)

+			childEndpoint.extConnConfig.ExposedPorts, network.config.BridgeName)

 		if enable {

 			err = l.Enable()

 			if err != nil {

@@ -1277,10 +1323,6 @@ func (d *driver) link(network *bridgeNetwork, endpoint *bridgeEndpoint, options

 		}

 	}

-	if enable {

-		endpoint.containerConfig = cc

-	}

-

 	return nil

 }

@@ -1313,22 +1355,6 @@ func parseEndpointOptions(epOptions map[string]interface{}) (*endpointConfigurat

 		}

 	}

-	if opt, ok := epOptions[netlabel.PortMap]; ok {

-		if bs, ok := opt.([]types.PortBinding); ok {

-			ec.PortBindings = bs

-		} else {

-			return nil, &ErrInvalidEndpointConfig{}

-		}

-	}

-

-	if opt, ok := epOptions[netlabel.ExposedPorts]; ok {

-		if ports, ok := opt.([]types.TransportPort); ok {

-			ec.ExposedPorts = ports

-		} else {

-			return nil, &ErrInvalidEndpointConfig{}

-		}

-	}

-

 	return ec, nil

 }

@@ -1354,6 +1380,32 @@ func parseContainerOptions(cOptions map[string]interface{}) (*containerConfigura

 	}

 }

+func parseConnectivityOptions(cOptions map[string]interface{}) (*connectivityConfiguration, error) {

+	if cOptions == nil {

+		return nil, nil

+	}

+

+	cc := &connectivityConfiguration{}

+

+	if opt, ok := cOptions[netlabel.PortMap]; ok {

+		if pb, ok := opt.([]types.PortBinding); ok {

+			cc.PortBindings = pb

+		} else {

+			return nil, types.BadRequestErrorf("Invalid port mapping data in connectivity configuration: %v", opt)

+		}

+	}

+

+	if opt, ok := cOptions[netlabel.ExposedPorts]; ok {

+		if ports, ok := opt.([]types.TransportPort); ok {

+			cc.ExposedPorts = ports

+		} else {

+			return nil, types.BadRequestErrorf("Invalid exposed ports data in connectivity configuration: %v", opt)

+		}

+	}

+

+	return cc, nil

+}

+

 func electMacAddress(epConfig *endpointConfiguration, ip net.IP) net.HardwareAddr {

 	if epConfig != nil && epConfig.MacAddress != nil {

 		return epConfig.MacAddress

@@ -14,8 +14,8 @@ var (

 	defaultBindingIP = net.IPv4(0, 0, 0, 0)

 )

-func (n *bridgeNetwork) allocatePorts(epConfig *endpointConfiguration, ep *bridgeEndpoint, reqDefBindIP net.IP, ulPxyEnabled bool) ([]types.PortBinding, error) {

-	if epConfig == nil || epConfig.PortBindings == nil {

+func (n *bridgeNetwork) allocatePorts(ep *bridgeEndpoint, reqDefBindIP net.IP, ulPxyEnabled bool) ([]types.PortBinding, error) {

+	if ep.extConnConfig == nil || ep.extConnConfig.PortBindings == nil {

 		return nil, nil

 	}

@@ -24,7 +24,7 @@ func (n *bridgeNetwork) allocatePorts(epConfig *endpointConfiguration, ep *bridg

 		defHostIP = reqDefBindIP

 	}

-	return n.allocatePortsInternal(epConfig.PortBindings, ep.addr.IP, defHostIP, ulPxyEnabled)

+	return n.allocatePortsInternal(ep.extConnConfig.PortBindings, ep.addr.IP, defHostIP, ulPxyEnabled)

 }

 func (n *bridgeNetwork) allocatePortsInternal(bindings []types.PortBinding, containerIP, defHostIP net.IP, ulPxyEnabled bool) ([]types.PortBinding, error) {

@@ -63,6 +63,14 @@ func (d *driver) Leave(nid, eid string) error {

 	return nil

 }

+func (d *driver) ProgramExternalConnectivity(nid, eid string, options map[string]interface{}) error {

+	return nil

+}

+

+func (d *driver) RevokeExternalConnectivity(nid, eid string) error {

+	return nil

+}

+

 func (d *driver) Type() string {

 	return networkType

 }

@@ -63,6 +63,14 @@ func (d *driver) Leave(nid, eid string) error {

 	return nil

 }

+func (d *driver) ProgramExternalConnectivity(nid, eid string, options map[string]interface{}) error {

+	return nil

+}

+

+func (d *driver) RevokeExternalConnectivity(nid, eid string) error {

+	return nil

+}

+

 func (d *driver) Type() string {

 	return networkType

 }

@@ -78,7 +78,7 @@ func setFilters(cname, brName string, remove bool) error {

 		opt = "-D"

 	}

-	// Everytime we set filters for a new subnet make sure to move the global overlay hook to the top of the both the OUTPUT and forward chains

+	// Every time we set filters for a new subnet make sure to move the global overlay hook to the top of the both the OUTPUT and forward chains

 	if !remove {

 		for _, chain := range []string{"OUTPUT", "FORWARD"} {

 			exists := iptables.Exists(iptables.Filter, chain, "-j", globalChain)

@@ -54,7 +54,7 @@ func (d *driver) Join(nid, eid string, sboxKey string, jinfo driverapi.JoinInfo,

 		return err

 	}

-	ep.ifName = overlayIfName

+	ep.ifName = containerIfName

 	// Set the container interface and its peer MTU to 1450 to allow

 	// for 50 bytes vxlan encap (inner eth header(14) + outer IP(20) +

@@ -63,6 +63,9 @@ func (d *driver) CreateNetwork(id string, option map[string]interface{}, ipV4Dat

 	if id == "" {

 		return fmt.Errorf("invalid network id")

 	}

+	if len(ipV4Data) == 0 || ipV4Data[0].Pool.String() == "0.0.0.0/0" {

+		return types.BadRequestErrorf("ipv4 pool is empty")

+	}

 	// Since we perform lazy configuration make sure we try

 	// configuring the driver when we enter CreateNetwork

@@ -111,6 +114,14 @@ func (d *driver) DeleteNetwork(nid string) error {

 	return n.releaseVxlanID()

 }

+func (d *driver) ProgramExternalConnectivity(nid, eid string, options map[string]interface{}) error {

+	return nil

+}

+

+func (d *driver) RevokeExternalConnectivity(nid, eid string) error {

+	return nil

+}

+

 func (n *network) incEndpointCount() {

 	n.Lock()

 	defer n.Unlock()

@@ -153,6 +153,29 @@ type LeaveResponse struct {

 	Response

 }

+// ProgramExternalConnectivityRequest describes the API for programming the external connectivity for the given endpoint.

+type ProgramExternalConnectivityRequest struct {

+	NetworkID  string

+	EndpointID string

+	Options    map[string]interface{}

+}

+

+// ProgramExternalConnectivityResponse is the answer to ProgramExternalConnectivityRequest.

+type ProgramExternalConnectivityResponse struct {

+	Response

+}

+

+// RevokeExternalConnectivityRequest describes the API for revoking the external connectivity for the given endpoint.

+type RevokeExternalConnectivityRequest struct {

+	NetworkID  string

+	EndpointID string

+}

+

+// RevokeExternalConnectivityResponse is the answer to RevokeExternalConnectivityRequest.

+type RevokeExternalConnectivityResponse struct {

+	Response

+}

+

 // DiscoveryNotification represents a discovery notification

 type DiscoveryNotification struct {

 	DiscoveryType discoverapi.DiscoveryType

@@ -3,6 +3,7 @@ package remote

 import (

 	"fmt"

 	"net"

+	"strings"

 	log "github.com/Sirupsen/logrus"

 	"github.com/docker/docker/pkg/plugins"

@@ -13,6 +14,10 @@ import (

 	"github.com/docker/libnetwork/types"

 )

+const (

+	missingMethod = "404 page not found"

+)

+

 type driver struct {

 	endpoint    *plugins.Client

 	networkType string

@@ -247,6 +252,35 @@ func (d *driver) Leave(nid, eid string) error {

 	return d.call("Leave", leave, &api.LeaveResponse{})

 }

+// ProgramExternalConnectivity is invoked to program the rules to allow external connectivity for the endpoint.

+func (d *driver) ProgramExternalConnectivity(nid, eid string, options map[string]interface{}) error {

+	data := &api.ProgramExternalConnectivityRequest{

+		NetworkID:  nid,

+		EndpointID: eid,

+		Options:    options,

+	}

+	err := d.call("ProgramExternalConnectivity", data, &api.ProgramExternalConnectivityResponse{})

+	if err != nil && strings.Contains(err.Error(), missingMethod) {

+		// It is not mandatory yet to support this method

+		return nil

+	}

+	return err

+}

+

+// RevokeExternalConnectivity method is invoked to remove any external connectivity programming related to the endpoint.

+func (d *driver) RevokeExternalConnectivity(nid, eid string) error {

+	data := &api.RevokeExternalConnectivityRequest{

+		NetworkID:  nid,

+		EndpointID: eid,

+	}

+	err := d.call("RevokeExternalConnectivity", data, &api.RevokeExternalConnectivityResponse{})

+	if err != nil && strings.Contains(err.Error(), missingMethod) {

+		// It is not mandatory yet to support this method

+		return nil

+	}

+	return err

+}

+

 func (d *driver) Type() string {

 	return d.networkType

 }

@@ -36,11 +36,20 @@ type networkConfiguration struct {

 	RDID  string

 }

+// endpointConfiguration represents the user specified configuration for the sandbox endpoint

+type endpointConfiguration struct {

+	MacAddress   net.HardwareAddr

+	PortBindings []types.PortBinding

+	ExposedPorts []types.TransportPort

+}

+

 type hnsEndpoint struct {

-	id         string

-	profileID  string

-	macAddress net.HardwareAddr

-	addr       *net.IPNet

+	id          string

+	profileID   string

+	macAddress  net.HardwareAddr

+	config      *endpointConfiguration // User specified parameters

+	portMapping []types.PortBinding    // Operation port bindings

+	addr        *net.IPNet

 }

 type hnsNetwork struct {

@@ -58,7 +67,7 @@ type driver struct {

 }

 func isValidNetworkType(networkType string) bool {

-	if "L2Bridge" == networkType || "L2Tunnel" == networkType || "NAT" == networkType || "Transparent" == networkType {

+	if "l2bridge" == networkType || "l2tunnel" == networkType || "nat" == networkType || "transparent" == networkType {

 		return true

 	}

@@ -126,7 +135,7 @@ func (d *driver) parseNetworkOptions(id string, genericOptions map[string]string

 func (c *networkConfiguration) processIPAM(id string, ipamV4Data, ipamV6Data []driverapi.IPAMData) error {

 	if len(ipamV6Data) > 0 {

-		return types.ForbiddenErrorf("windowsshim driver doesnt support v6 subnets")

+		return types.ForbiddenErrorf("windowsshim driver doesn't support v6 subnets")