Browse code
Merge pull request #41783 from arkodg/bump-libnetwork-ipv6tables
- hack/dockerfile/install/proxy.installer
- vendor.conf
- vendor/github.com/docker/libnetwork/drivers/bridge/bridge.go
- vendor/github.com/docker/libnetwork/drivers/bridge/setup_ip_tables.go
- vendor/github.com/docker/libnetwork/iptables/iptables.go
| ... | ... |
@@ -3,7 +3,7 @@ |
| 3 | 3 |
# LIBNETWORK_COMMIT is used to build the docker-userland-proxy binary. When |
| 4 | 4 |
# updating the binary version, consider updating github.com/docker/libnetwork |
| 5 | 5 |
# in vendor.conf accordingly |
| 6 |
-: "${LIBNETWORK_COMMIT:=a543cbc4871f904b0efe205708eb45d72e65fd8b}"
|
|
| 6 |
+: "${LIBNETWORK_COMMIT:=5c6a95bfb20c61571a00f913c6b91959ede84e8d}"
|
|
| 7 | 7 |
|
| 8 | 8 |
install_proxy() {
|
| 9 | 9 |
case "$1" in |
| ... | ... |
@@ -47,7 +47,7 @@ github.com/grpc-ecosystem/go-grpc-middleware 3c51f7f332123e8be5a157c0802a |
| 47 | 47 |
# libnetwork |
| 48 | 48 |
|
| 49 | 49 |
# When updating, also update LIBNETWORK_COMMIT in hack/dockerfile/install/proxy.installer accordingly |
| 50 |
-github.com/docker/libnetwork a543cbc4871f904b0efe205708eb45d72e65fd8b |
|
| 50 |
+github.com/docker/libnetwork 5c6a95bfb20c61571a00f913c6b91959ede84e8d |
|
| 51 | 51 |
github.com/docker/go-events e31b211e4f1cd09aa76fe4ac244571fab96ae47f |
| 52 | 52 |
github.com/armon/go-radix e39d623f12e8e41c7b5529e9a9dd67a1e2261f80 |
| 53 | 53 |
github.com/armon/go-metrics eb0af217e5e9747e41dd5303755356b62d28e3ec |
| ... | ... |
@@ -779,13 +779,13 @@ func (d *driver) createNetwork(config *networkConfiguration) (err error) {
|
| 779 | 779 |
{d.config.EnableIPTables, network.setupIP4Tables},
|
| 780 | 780 |
|
| 781 | 781 |
// Setup IP6Tables. |
| 782 |
- {d.config.EnableIP6Tables, network.setupIP6Tables},
|
|
| 782 |
+ {config.EnableIPv6 && d.config.EnableIP6Tables, network.setupIP6Tables},
|
|
| 783 | 783 |
|
| 784 | 784 |
//We want to track firewalld configuration so that |
| 785 | 785 |
//if it is started/reloaded, the rules can be applied correctly |
| 786 | 786 |
{d.config.EnableIPTables, network.setupFirewalld},
|
| 787 | 787 |
// same for IPv6 |
| 788 |
- {d.config.EnableIP6Tables, network.setupFirewalld6},
|
|
| 788 |
+ {config.EnableIPv6 && d.config.EnableIP6Tables, network.setupFirewalld6},
|
|
| 789 | 789 |
|
| 790 | 790 |
// Setup DefaultGatewayIPv4 |
| 791 | 791 |
{config.DefaultGatewayIPv4 != nil, setupGatewayIPv4},
|
| ... | ... |
@@ -178,7 +178,11 @@ func (n *bridgeNetwork) setupIPTables(ipVersion iptables.IPVersion, maskedAddr * |
| 178 | 178 |
return iptable.ProgramChain(filterChain, config.BridgeName, hairpinMode, false) |
| 179 | 179 |
}) |
| 180 | 180 |
|
| 181 |
- n.portMapper.SetIptablesChain(natChain, n.getNetworkBridgeName()) |
|
| 181 |
+ if ipVersion == iptables.IPv4 {
|
|
| 182 |
+ n.portMapper.SetIptablesChain(natChain, n.getNetworkBridgeName()) |
|
| 183 |
+ } else {
|
|
| 184 |
+ n.portMapperV6.SetIptablesChain(natChain, n.getNetworkBridgeName()) |
|
| 185 |
+ } |
|
| 182 | 186 |
} |
| 183 | 187 |
|
| 184 | 188 |
d.Lock() |
| ... | ... |
@@ -533,8 +533,10 @@ func (iptable IPTable) raw(args ...string) ([]byte, error) {
|
| 533 | 533 |
} |
| 534 | 534 |
|
| 535 | 535 |
path := iptablesPath |
| 536 |
+ commandName := "iptables" |
|
| 536 | 537 |
if iptable.Version == IPv6 {
|
| 537 | 538 |
path = ip6tablesPath |
| 539 |
+ commandName = "ip6tables" |
|
| 538 | 540 |
} |
| 539 | 541 |
|
| 540 | 542 |
logrus.Debugf("%s, %v", path, args)
|
| ... | ... |
@@ -542,7 +544,7 @@ func (iptable IPTable) raw(args ...string) ([]byte, error) {
|
| 542 | 542 |
startTime := time.Now() |
| 543 | 543 |
output, err := exec.Command(path, args...).CombinedOutput() |
| 544 | 544 |
if err != nil {
|
| 545 |
- return nil, fmt.Errorf("iptables failed: iptables %v: %s (%s)", strings.Join(args, " "), output, err)
|
|
| 545 |
+ return nil, fmt.Errorf("iptables failed: %s %v: %s (%s)", commandName, strings.Join(args, " "), output, err)
|
|
| 546 | 546 |
} |
| 547 | 547 |
|
| 548 | 548 |
return filterOutput(startTime, output, args...), err |