@@ -1,7 +1,9 @@

 package swarm

 import (

+	"errors"

 	"fmt"

+	"strings"

 	"golang.org/x/net/context"

@@ -21,7 +23,9 @@ const (

 type initOptions struct {

 	swarmOptions

-	listenAddr      NodeAddrOption

+	listenAddr NodeAddrOption

+	// Not a NodeAddrOption because it has no default port.

+	advertiseAddr   string

 	forceNewCluster bool

 }

@@ -40,7 +44,8 @@ func newInitCommand(dockerCli *client.DockerCli) *cobra.Command {

 	}

 	flags := cmd.Flags()

-	flags.Var(&opts.listenAddr, "listen-addr", "Listen address")

+	flags.Var(&opts.listenAddr, flagListenAddr, "Listen address (format: <ip|hostname|interface>[:port])")

+	flags.StringVar(&opts.advertiseAddr, flagAdvertiseAddr, "", "Advertised address (format: <ip|hostname|interface>[:port])")

 	flags.BoolVar(&opts.forceNewCluster, "force-new-cluster", false, "Force create a new cluster from current state.")

 	addSwarmFlags(flags, &opts.swarmOptions)

 	return cmd

@@ -52,12 +57,16 @@ func runInit(dockerCli *client.DockerCli, flags *pflag.FlagSet, opts initOptions

 	req := swarm.InitRequest{

 		ListenAddr:      opts.listenAddr.String(),

+		AdvertiseAddr:   opts.advertiseAddr,

 		ForceNewCluster: opts.forceNewCluster,

 		Spec:            opts.swarmOptions.ToSpec(),

 	}

 	nodeID, err := client.SwarmInit(ctx, req)

 	if err != nil {

+		if strings.Contains(err.Error(), "could not choose an IP address to advertise") || strings.Contains(err.Error(), "could not find the system's IP address") {

+			return errors.New(err.Error() + " - specify one with --advertise-addr")

+		}

 		return err

 	}

@@ -14,7 +14,9 @@ import (

 type joinOptions struct {

 	remote     string

 	listenAddr NodeAddrOption

-	token      string

+	// Not a NodeAddrOption because it has no default port.

+	advertiseAddr string

+	token         string

 }

 func newJoinCommand(dockerCli *client.DockerCli) *cobra.Command {

@@ -33,7 +35,8 @@ func newJoinCommand(dockerCli *client.DockerCli) *cobra.Command {

 	}

 	flags := cmd.Flags()

-	flags.Var(&opts.listenAddr, flagListenAddr, "Listen address")

+	flags.Var(&opts.listenAddr, flagListenAddr, "Listen address (format: <ip|hostname|interface>[:port])")

+	flags.StringVar(&opts.advertiseAddr, flagAdvertiseAddr, "", "Advertised address (format: <ip|hostname|interface>[:port])")

 	flags.StringVar(&opts.token, flagToken, "", "Token for entry into the swarm")

 	return cmd

 }

@@ -43,9 +46,10 @@ func runJoin(dockerCli *client.DockerCli, opts joinOptions) error {

 	ctx := context.Background()

 	req := swarm.JoinRequest{

-		JoinToken:   opts.token,

-		ListenAddr:  opts.listenAddr.String(),

-		RemoteAddrs: []string{opts.remote},

+		JoinToken:     opts.token,

+		ListenAddr:    opts.listenAddr.String(),

+		AdvertiseAddr: opts.advertiseAddr,

+		RemoteAddrs:   []string{opts.remote},

 	}

 	err := client.SwarmJoin(ctx, req)

 	if err != nil {

@@ -18,6 +18,7 @@ const (

 	flagCertExpiry          = "cert-expiry"

 	flagDispatcherHeartbeat = "dispatcher-heartbeat"

 	flagListenAddr          = "listen-addr"

+	flagAdvertiseAddr       = "advertise-addr"

 	flagToken               = "token"

 	flagTaskHistoryLimit    = "task-history-limit"

 	flagExternalCA          = "external-ca"

@@ -86,6 +86,7 @@ func runInfo(dockerCli *client.DockerCli) error {

 			fmt.Fprintf(dockerCli.Out(), " Managers: %d\n", info.Swarm.Managers)

 			fmt.Fprintf(dockerCli.Out(), " Nodes: %d\n", info.Swarm.Nodes)

 		}

+		fmt.Fprintf(dockerCli.Out(), " Node Address: %s\n", info.Swarm.NodeAddr)

 	}

 	if len(info.Runtimes) > 0 {

@@ -274,9 +274,11 @@ func (cli *DaemonCli) start() (err error) {

 	name, _ := os.Hostname()

 	c, err := cluster.New(cluster.Config{

-		Root:    cli.Config.Root,

-		Name:    name,

-		Backend: d,

+		Root:                   cli.Config.Root,

+		Name:                   name,

+		Backend:                d,

+		NetworkSubnetsProvider: d,

+		DefaultAdvertiseAddr:   cli.Config.SwarmDefaultAdvertiseAddr,

 	})

 	if err != nil {

 		logrus.Fatalf("Error creating cluster component: %v", err)

@@ -1839,11 +1839,17 @@ _docker_swarm_init() {

 			fi

 			return

 			;;

+		--advertise-addr)

+			if [[ $cur == *: ]] ; then

+				COMPREPLY=( $( compgen -W "2377" -- "${cur##*:}" ) )

+			fi

+			return

+			;;

 	esac

 	case "$cur" in

 		-*)

-			COMPREPLY=( $( compgen -W "--force-new-cluster --help --listen-addr" -- "$cur" ) )

+			COMPREPLY=( $( compgen -W "--advertise-addr --force-new-cluster --help --listen-addr" -- "$cur" ) )

 			;;

 	esac

 }

@@ -1873,11 +1879,17 @@ _docker_swarm_join() {

 			fi

 			return

 			;;

+		--advertise-addr)

+			if [[ $cur == *: ]] ; then

+				COMPREPLY=( $( compgen -W "2377" -- "${cur##*:}" ) )

+			fi

+			return

+			;;

 	esac

 	case "$cur" in

 		-*)

-			COMPREPLY=( $( compgen -W "--help --listen-addr --token" -- "$cur" ) )

+			COMPREPLY=( $( compgen -W "--adveritse-addr --help --listen-addr --token" -- "$cur" ) )

 			;;

 		*:)

 			COMPREPLY=( $( compgen -W "2377" -- "${cur##*:}" ) )

@@ -1203,6 +1203,7 @@ __docker_swarm_subcommand() {

         (init)

             _arguments $(__docker_arguments) \

                 $opts_help \

+                "($help)--advertise-addr[Advertised address]:ip\:port: " \

                 "($help)*--external-ca=[Specifications of one or more certificate signing endpoints]:endpoint: " \

                 "($help)--force-new-cluster[Force create a new cluster from current state]" \

                 "($help)--listen-addr=[Listen address]:ip\:port: " && ret=0

@@ -1215,6 +1216,7 @@ __docker_swarm_subcommand() {

         (join)

             _arguments $(__docker_arguments) \

                 $opts_help \

+                "($help)--advertise-addr[Advertised address]:ip\:port: " \

                 "($help)--listen-addr=[Listen address]:ip\:port: " \

                 "($help)--token=[Token for entry into the swarm]:secret: " \

                 "($help -):host\:port: " && ret=0

@@ -4,6 +4,7 @@ import (

 	"encoding/json"

 	"fmt"

 	"io/ioutil"

+	"net"

 	"os"

 	"path/filepath"

 	"strings"

@@ -73,14 +74,35 @@ var defaultSpec = types.Spec{

 }

 type state struct {

+	// LocalAddr is this machine's local IP or hostname, if specified.

+	LocalAddr string

+	// RemoteAddr is the address that was given to "swarm join. It is used

+	// to find LocalAddr if necessary.

+	RemoteAddr string

+	// ListenAddr is the address we bind to, including a port.

 	ListenAddr string

+	// AdvertiseAddr is the address other nodes should connect to,

+	// including a port.

+	AdvertiseAddr string

+}

+

+// NetworkSubnetsProvider exposes functions for retrieving the subnets

+// of networks managed by Docker, so they can be filtered.

+type NetworkSubnetsProvider interface {

+	V4Subnets() []net.IPNet

+	V6Subnets() []net.IPNet

 }

 // Config provides values for Cluster.

 type Config struct {

-	Root    string

-	Name    string

-	Backend executorpkg.Backend

+	Root                   string

+	Name                   string

+	Backend                executorpkg.Backend

+	NetworkSubnetsProvider NetworkSubnetsProvider

+

+	// DefaultAdvertiseAddr is the default host/IP or network interface to use

+	// if no AdvertiseAddr value is specified.

+	DefaultAdvertiseAddr string

 }

 // Cluster provides capabilities to participate in a cluster as a worker or a

@@ -88,13 +110,17 @@ type Config struct {

 type Cluster struct {

 	sync.RWMutex

 	*node

-	root        string

-	config      Config

-	configEvent chan struct{} // todo: make this array and goroutine safe

-	listenAddr  string

-	stop        bool

-	err         error

-	cancelDelay func()

+	root            string

+	config          Config

+	configEvent     chan struct{} // todo: make this array and goroutine safe

+	localAddr       string

+	actualLocalAddr string // after resolution, not persisted

+	remoteAddr      string

+	listenAddr      string

+	advertiseAddr   string

+	stop            bool

+	err             error

+	cancelDelay     func()

 }

 type node struct {

@@ -126,7 +152,7 @@ func New(config Config) (*Cluster, error) {

 		return nil, err

 	}

-	n, err := c.startNewNode(false, st.ListenAddr, "", "")

+	n, err := c.startNewNode(false, st.LocalAddr, st.RemoteAddr, st.ListenAddr, st.AdvertiseAddr, "", "")

 	if err != nil {

 		return nil, err

 	}

@@ -162,7 +188,12 @@ func (c *Cluster) loadState() (*state, error) {

 }

 func (c *Cluster) saveState() error {

-	dt, err := json.Marshal(state{ListenAddr: c.listenAddr})

+	dt, err := json.Marshal(state{

+		LocalAddr:     c.localAddr,

+		RemoteAddr:    c.remoteAddr,

+		ListenAddr:    c.listenAddr,

+		AdvertiseAddr: c.advertiseAddr,

+	})

 	if err != nil {

 		return err

 	}

@@ -195,7 +226,7 @@ func (c *Cluster) reconnectOnFailure(n *node) {

 			return

 		}

 		var err error

-		n, err = c.startNewNode(false, c.listenAddr, c.getRemoteAddress(), "")

+		n, err = c.startNewNode(false, c.localAddr, c.getRemoteAddress(), c.listenAddr, c.advertiseAddr, c.getRemoteAddress(), "")

 		if err != nil {

 			c.err = err

 			close(n.done)

@@ -204,24 +235,55 @@ func (c *Cluster) reconnectOnFailure(n *node) {

 	}

 }

-func (c *Cluster) startNewNode(forceNewCluster bool, listenAddr, joinAddr, joinToken string) (*node, error) {

+func (c *Cluster) startNewNode(forceNewCluster bool, localAddr, remoteAddr, listenAddr, advertiseAddr, joinAddr, joinToken string) (*node, error) {

 	if err := c.config.Backend.IsSwarmCompatible(); err != nil {

 		return nil, err

 	}

+

+	actualLocalAddr := localAddr

+	if actualLocalAddr == "" {

+		// If localAddr was not specified, resolve it automatically

+		// based on the route to joinAddr. localAddr can only be left

+		// empty on "join".

+		listenHost, _, err := net.SplitHostPort(listenAddr)

+		if err != nil {

+			return nil, fmt.Errorf("could not parse listen address: %v", err)

+		}

+

+		listenAddrIP := net.ParseIP(listenHost)

+		if listenAddrIP == nil || !listenAddrIP.IsUnspecified() {

+			actualLocalAddr = listenHost

+		} else {

+			if remoteAddr == "" {

+				// Should never happen except using swarms created by

+				// old versions that didn't save remoteAddr.

+				remoteAddr = "8.8.8.8:53"

+			}

+			conn, err := net.Dial("udp", remoteAddr)

+			if err != nil {

+				return nil, fmt.Errorf("could not find local IP address: %v", err)

+			}

+			localHostPort := conn.LocalAddr().String()

+			actualLocalAddr, _, _ = net.SplitHostPort(localHostPort)

+			conn.Close()

+		}

+	}

+

 	c.node = nil

 	c.cancelDelay = nil

 	c.stop = false

 	n, err := swarmagent.NewNode(&swarmagent.NodeConfig{

-		Hostname:         c.config.Name,

-		ForceNewCluster:  forceNewCluster,

-		ListenControlAPI: filepath.Join(c.root, controlSocket),

-		ListenRemoteAPI:  listenAddr,

-		JoinAddr:         joinAddr,

-		StateDir:         c.root,

-		JoinToken:        joinToken,

-		Executor:         container.NewExecutor(c.config.Backend),

-		HeartbeatTick:    1,

-		ElectionTick:     3,

+		Hostname:           c.config.Name,

+		ForceNewCluster:    forceNewCluster,

+		ListenControlAPI:   filepath.Join(c.root, controlSocket),

+		ListenRemoteAPI:    listenAddr,

+		AdvertiseRemoteAPI: advertiseAddr,

+		JoinAddr:           joinAddr,

+		StateDir:           c.root,

+		JoinToken:          joinToken,

+		Executor:           container.NewExecutor(c.config.Backend),

+		HeartbeatTick:      1,

+		ElectionTick:       3,

 	})

 	if err != nil {

 		return nil, err

@@ -236,8 +298,13 @@ func (c *Cluster) startNewNode(forceNewCluster bool, listenAddr, joinAddr, joinT

 		reconnectDelay: initialReconnectDelay,

 	}

 	c.node = node

+	c.localAddr = localAddr

+	c.actualLocalAddr = actualLocalAddr // not saved

+	c.remoteAddr = remoteAddr

 	c.listenAddr = listenAddr

+	c.advertiseAddr = advertiseAddr

 	c.saveState()

+

 	c.config.Backend.SetClusterProvider(c)

 	go func() {

 		err := n.Err(ctx)

@@ -301,8 +368,49 @@ func (c *Cluster) Init(req types.InitRequest) (string, error) {

 		return "", err

 	}

+	listenHost, listenPort, err := resolveListenAddr(req.ListenAddr)

+	if err != nil {

+		c.Unlock()

+		return "", err

+	}

+

+	advertiseHost, advertisePort, err := c.resolveAdvertiseAddr(req.AdvertiseAddr, listenPort)

+	if err != nil {

+		c.Unlock()

+		return "", err

+	}

+

+	localAddr := listenHost

+

+	// If the advertise address is not one of the system's

+	// addresses, we also require a listen address.

+	listenAddrIP := net.ParseIP(listenHost)

+	if listenAddrIP != nil && listenAddrIP.IsUnspecified() {

+		advertiseIP := net.ParseIP(advertiseHost)

+		if advertiseIP == nil {

+			// not an IP

+			c.Unlock()

+			return "", errMustSpecifyListenAddr

+		}

+

+		systemIPs := listSystemIPs()

+

+		found := false

+		for _, systemIP := range systemIPs {

+			if systemIP.Equal(advertiseIP) {

+				found = true

+				break

+			}

+		}

+		if !found {

+			c.Unlock()

+			return "", errMustSpecifyListenAddr

+		}

+		localAddr = advertiseIP.String()

+	}

+

 	// todo: check current state existing

-	n, err := c.startNewNode(req.ForceNewCluster, req.ListenAddr, "", "")

+	n, err := c.startNewNode(req.ForceNewCluster, localAddr, "", net.JoinHostPort(listenHost, listenPort), net.JoinHostPort(advertiseHost, advertisePort), "", "")

 	if err != nil {

 		c.Unlock()

 		return "", err

@@ -339,8 +447,23 @@ func (c *Cluster) Join(req types.JoinRequest) error {

 		c.Unlock()

 		return err

 	}

+

+	listenHost, listenPort, err := resolveListenAddr(req.ListenAddr)

+	if err != nil {

+		c.Unlock()

+		return err

+	}

+

+	var advertiseAddr string

+	advertiseHost, advertisePort, err := c.resolveAdvertiseAddr(req.AdvertiseAddr, listenPort)

+	// For joining, we don't need to provide an advertise address,

+	// since the remote side can detect it.

+	if err == nil {

+		advertiseAddr = net.JoinHostPort(advertiseHost, advertisePort)

+	}

+

 	// todo: check current state existing

-	n, err := c.startNewNode(false, req.ListenAddr, req.RemoteAddrs[0], req.JoinToken)

+	n, err := c.startNewNode(false, "", req.RemoteAddrs[0], net.JoinHostPort(listenHost, listenPort), advertiseAddr, req.RemoteAddrs[0], req.JoinToken)

 	if err != nil {

 		c.Unlock()

 		return err

@@ -530,15 +653,22 @@ func (c *Cluster) IsAgent() bool {

 	return c.node != nil && c.ready

 }

-// GetListenAddress returns the listening address for current manager's

-// consensus and dispatcher APIs.

-func (c *Cluster) GetListenAddress() string {

+// GetLocalAddress returns the local address.

+func (c *Cluster) GetLocalAddress() string {

 	c.RLock()

 	defer c.RUnlock()

-	if c.isActiveManager() {

-		return c.listenAddr

+	return c.actualLocalAddr

+}

+

+// GetAdvertiseAddress returns the remotely reachable address of this node.

+func (c *Cluster) GetAdvertiseAddress() string {

+	c.RLock()

+	defer c.RUnlock()

+	if c.advertiseAddr != "" {

+		advertiseHost, _, _ := net.SplitHostPort(c.advertiseAddr)

+		return advertiseHost

 	}

-	return ""

+	return c.actualLocalAddr

 }

 // GetRemoteAddress returns a known advertise address of a remote manager if

@@ -572,7 +702,10 @@ func (c *Cluster) ListenClusterEvents() <-chan struct{} {

 // Info returns information about the current cluster state.

 func (c *Cluster) Info() types.Info {

-	var info types.Info

+	info := types.Info{

+		NodeAddr: c.GetAdvertiseAddress(),

+	}

+

 	c.RLock()

 	defer c.RUnlock()

new file mode 100644

@@ -0,0 +1,250 @@

+package cluster

+

+import (

+	"errors"

+	"fmt"

+	"net"

+)

+

+var (

+	errNoSuchInterface       = errors.New("no such interface")

+	errMultipleIPs           = errors.New("could not choose an IP address to advertise since this system has multiple addresses")

+	errNoIP                  = errors.New("could not find the system's IP address")

+	errMustSpecifyListenAddr = errors.New("must specify a listening address because the address to advertise is not recognized as a system address")

+)

+

+func resolveListenAddr(specifiedAddr string) (string, string, error) {

+	specifiedHost, specifiedPort, err := net.SplitHostPort(specifiedAddr)

+	if err != nil {

+		return "", "", fmt.Errorf("could not parse listen address %s", specifiedAddr)

+	}

+

+	// Does the host component match any of the interface names on the

+	// system? If so, use the address from that interface.

+	interfaceAddr, err := resolveInterfaceAddr(specifiedHost)

+	if err == nil {

+		return interfaceAddr.String(), specifiedPort, nil

+	}

+	if err != errNoSuchInterface {

+		return "", "", err

+	}

+

+	return specifiedHost, specifiedPort, nil

+}

+

+func (c *Cluster) resolveAdvertiseAddr(advertiseAddr, listenAddrPort string) (string, string, error) {

+	// Approach:

+	// - If an advertise address is specified, use that. Resolve the

+	//   interface's address if an interface was specified in

+	//   advertiseAddr. Fill in the port from listenAddrPort if necessary.

+	// - If DefaultAdvertiseAddr is not empty, use that with the port from

+	//   listenAddrPort. Resolve the interface's address from

+	//   if an interface name was specified in DefaultAdvertiseAddr.

+	// - Otherwise, try to autodetect the system's address. Use the port in

+	//   listenAddrPort with this address if autodetection succeeds.

+

+	if advertiseAddr != "" {

+		advertiseHost, advertisePort, err := net.SplitHostPort(advertiseAddr)

+		if err != nil {

+			// Not a host:port specification

+			advertiseHost = advertiseAddr

+			advertisePort = listenAddrPort

+		}

+

+		// Does the host component match any of the interface names on the

+		// system? If so, use the address from that interface.

+		interfaceAddr, err := resolveInterfaceAddr(advertiseHost)

+		if err == nil {

+			return interfaceAddr.String(), advertisePort, nil

+		}

+		if err != errNoSuchInterface {

+			return "", "", err

+		}

+

+		return advertiseHost, advertisePort, nil

+	}

+

+	if c.config.DefaultAdvertiseAddr != "" {

+		// Does the default advertise address component match any of the

+		// interface names on the system? If so, use the address from

+		// that interface.

+		interfaceAddr, err := resolveInterfaceAddr(c.config.DefaultAdvertiseAddr)

+		if err == nil {

+			return interfaceAddr.String(), listenAddrPort, nil

+		}

+		if err != errNoSuchInterface {

+			return "", "", err

+		}

+

+		return c.config.DefaultAdvertiseAddr, listenAddrPort, nil

+	}

+

+	systemAddr, err := c.resolveSystemAddr()

+	if err != nil {

+		return "", "", err

+	}

+	return systemAddr.String(), listenAddrPort, nil

+}

+

+func resolveInterfaceAddr(specifiedInterface string) (net.IP, error) {

+	// Use a specific interface's IP address.

+	intf, err := net.InterfaceByName(specifiedInterface)

+	if err != nil {

+		return nil, errNoSuchInterface

+	}

+

+	addrs, err := intf.Addrs()

+	if err != nil {

+		return nil, err

+	}

+

+	var interfaceAddr4, interfaceAddr6 net.IP

+

+	for _, addr := range addrs {

+		ipAddr, ok := addr.(*net.IPNet)

+

+		if ok {

+			if ipAddr.IP.To4() != nil {

+				// IPv4

+				if interfaceAddr4 != nil {

+					return nil, fmt.Errorf("interface %s has more than one IPv4 address", specifiedInterface)

+				}

+				interfaceAddr4 = ipAddr.IP

+			} else {

+				// IPv6

+				if interfaceAddr6 != nil {

+					return nil, fmt.Errorf("interface %s has more than one IPv6 address", specifiedInterface)

+				}

+				interfaceAddr6 = ipAddr.IP

+			}

+		}

+	}

+

+	if interfaceAddr4 == nil && interfaceAddr6 == nil {

+		return nil, fmt.Errorf("interface %s has no usable IPv4 or IPv6 address", specifiedInterface)

+	}

+

+	// In the case that there's exactly one IPv4 address

+	// and exactly one IPv6 address, favor IPv4 over IPv6.

+	if interfaceAddr4 != nil {

+		return interfaceAddr4, nil

+	}

+	return interfaceAddr6, nil

+}

+

+func (c *Cluster) resolveSystemAddr() (net.IP, error) {

+	// Use the system's only IP address, or fail if there are

+	// multiple addresses to choose from.

+	interfaces, err := net.Interfaces()

+	if err != nil {

+		return nil, err

+	}

+

+	var systemAddr net.IP

+

+	// List Docker-managed subnets

+	v4Subnets := c.config.NetworkSubnetsProvider.V4Subnets()

+	v6Subnets := c.config.NetworkSubnetsProvider.V6Subnets()

+

+ifaceLoop:

+	for _, intf := range interfaces {

+		// Skip inactive interfaces and loopback interfaces

+		if (intf.Flags&net.FlagUp == 0) || (intf.Flags&net.FlagLoopback) != 0 {

+			continue

+		}

+

+		addrs, err := intf.Addrs()

+		if err != nil {

+			continue

+		}

+

+		var interfaceAddr4, interfaceAddr6 net.IP

+

+		for _, addr := range addrs {

+			ipAddr, ok := addr.(*net.IPNet)

+

+			// Skip loopback and link-local addresses

+			if !ok || !ipAddr.IP.IsGlobalUnicast() {

+				continue

+			}

+

+			if ipAddr.IP.To4() != nil {

+				// IPv4

+

+				// Ignore addresses in subnets that are managed by Docker.

+				for _, subnet := range v4Subnets {

+					if subnet.Contains(ipAddr.IP) {

+						continue ifaceLoop

+					}

+				}

+

+				if interfaceAddr4 != nil {

+					return nil, errMultipleIPs

+				}

+

+				interfaceAddr4 = ipAddr.IP

+			} else {

+				// IPv6

+

+				// Ignore addresses in subnets that are managed by Docker.

+				for _, subnet := range v6Subnets {

+					if subnet.Contains(ipAddr.IP) {

+						continue ifaceLoop

+					}

+				}

+

+				if interfaceAddr6 != nil {

+					return nil, errMultipleIPs

+				}

+

+				interfaceAddr6 = ipAddr.IP

+			}

+		}

+

+		// In the case that this interface has exactly one IPv4 address

+		// and exactly one IPv6 address, favor IPv4 over IPv6.

+		if interfaceAddr4 != nil {

+			if systemAddr != nil {

+				return nil, errMultipleIPs

+			}

+			systemAddr = interfaceAddr4

+		} else if interfaceAddr6 != nil {

+			if systemAddr != nil {

+				return nil, errMultipleIPs

+			}

+			systemAddr = interfaceAddr6

+		}

+	}

+

+	if systemAddr == nil {

+		return nil, errNoIP

+	}

+

+	return systemAddr, nil

+}

+

+func listSystemIPs() []net.IP {

+	interfaces, err := net.Interfaces()

+	if err != nil {

+		return nil

+	}

+

+	var systemAddrs []net.IP

+

+	for _, intf := range interfaces {

+		addrs, err := intf.Addrs()

+		if err != nil {

+			continue

+		}

+

+		for _, addr := range addrs {

+			ipAddr, ok := addr.(*net.IPNet)

+

+			if ok {

+				systemAddrs = append(systemAddrs, ipAddr.IP)

+			}

+		}

+	}

+

+	return systemAddrs

+}

@@ -127,6 +127,13 @@ type CommonConfig struct {

 	// Embedded structs that allow config

 	// deserialization without the full struct.

 	CommonTLSOptions

+

+	// SwarmDefaultAdvertiseAddr is the default host/IP or network interface

+	// to use if a wildcard address is specified in the ListenAddr value

+	// given to the /swarm/init endpoint and no advertise address is

+	// specified.

+	SwarmDefaultAdvertiseAddr string `json:"swarm-default-advertise-addr"`

+

 	LogConfig

 	bridgeConfig // bridgeConfig holds bridge network specific configuration.

 	registry.ServiceOptions

@@ -167,6 +174,8 @@ func (config *Config) InstallCommonFlags(cmd *flag.FlagSet, usageFn func(string)

 	cmd.IntVar(&maxConcurrentDownloads, []string{"-max-concurrent-downloads"}, defaultMaxConcurrentDownloads, usageFn("Set the max concurrent downloads for each pull"))

 	cmd.IntVar(&maxConcurrentUploads, []string{"-max-concurrent-uploads"}, defaultMaxConcurrentUploads, usageFn("Set the max concurrent uploads for each push"))

+	cmd.StringVar(&config.SwarmDefaultAdvertiseAddr, []string{"-swarm-default-advertise-addr"}, "", usageFn("Set default address or interface for swarm advertised address"))

+

 	config.MaxConcurrentDownloads = &maxConcurrentDownloads

 	config.MaxConcurrentUploads = &maxConcurrentUploads

 }

@@ -728,6 +728,42 @@ func (daemon *Daemon) Unmount(container *container.Container) error {

 	return nil

 }

+// V4Subnets returns the IPv4 subnets of networks that are managed by Docker.

+func (daemon *Daemon) V4Subnets() []net.IPNet {

+	var subnets []net.IPNet

+

+	managedNetworks := daemon.netController.Networks()

+

+	for _, managedNetwork := range managedNetworks {

+		v4Infos, _ := managedNetwork.Info().IpamInfo()

+		for _, v4Info := range v4Infos {

+			if v4Info.IPAMData.Pool != nil {

+				subnets = append(subnets, *v4Info.IPAMData.Pool)

+			}

+		}

+	}

+

+	return subnets

+}

+

+// V6Subnets returns the IPv6 subnets of networks that are managed by Docker.

+func (daemon *Daemon) V6Subnets() []net.IPNet {

+	var subnets []net.IPNet

+

+	managedNetworks := daemon.netController.Networks()

+

+	for _, managedNetwork := range managedNetworks {

+		_, v6Infos := managedNetwork.Info().IpamInfo()

+		for _, v6Info := range v6Infos {

+			if v6Info.IPAMData.Pool != nil {

+				subnets = append(subnets, *v6Info.IPAMData.Pool)

+			}

+		}

+	}

+

+	return subnets

+}

+

 func writeDistributionProgress(cancelFunc func(), outStream io.Writer, progressChan <-chan progress.Progress) {

 	progressOutput := streamformatter.NewJSONStreamFormatter().NewProgressOutput(outStream, false)

 	operationCancelled := false

@@ -3614,8 +3614,11 @@ Initialize a new Swarm

 JSON Parameters:

-- **ListenAddr** – Listen address used for inter-manager communication, as well as determining.

-  the networking interface used for the VXLAN Tunnel Endpoint (VTEP).

+- **ListenAddr** – Listen address used for inter-manager communication, as well as determining

+  the networking interface used for the VXLAN Tunnel Endpoint (VTEP). This can either be an

+  address/port combination in the form `192.168.1.1:4567`, or an interface followed by a port

+  number, like `eth0:4567`. If the port number is omitted, the default swarm listening port is

+  used.

 - **ForceNewCluster** – Force creating a new Swarm even if already part of one.

 - **Spec** – Configuration settings of the new Swarm.

     - **Orchestration** – Configuration settings for the orchestration aspects of the Swarm.

@@ -3615,8 +3615,11 @@ Initialize a new Swarm

 JSON Parameters:

-- **ListenAddr** – Listen address used for inter-manager communication, as well as determining.

-  the networking interface used for the VXLAN Tunnel Endpoint (VTEP).

+- **ListenAddr** – Listen address used for inter-manager communication, as well as determining

+  the networking interface used for the VXLAN Tunnel Endpoint (VTEP). This can either be an

+  address/port combination in the form `192.168.1.1:4567`, or an interface followed by a port

+  number, like `eth0:4567`. If the port number is omitted, the default swarm listening port is

+  used.

 - **ForceNewCluster** – Force creating a new Swarm even if already part of one.

 - **Spec** – Configuration settings of the new Swarm.

     - **Orchestration** – Configuration settings for the orchestration aspects of the Swarm.

@@ -69,6 +69,7 @@ Options:

       -s, --storage-driver                   Storage driver to use

       --selinux-enabled                      Enable selinux support

       --storage-opt=[]                       Storage driver options

+      --swarm-default-advertise-addr         Set default address or interface for swarm advertised address

       --tls                                  Use TLS; implied by --tlsverify

       --tlscacert=~/.docker/ca.pem           Trust certs signed only by this CA

       --tlscert=~/.docker/cert.pem           Path to TLS certificate file

@@ -1042,6 +1043,7 @@ This is a full example of the allowed configuration options on Linux:

 	"tlscacert": "",

 	"tlscert": "",

 	"tlskey": "",

+	"swarm-default-advertise-addr": "",

 	"api-cors-header": "",

 	"selinux-enabled": false,

 	"userns-remap": "",

@@ -1112,6 +1114,7 @@ This is a full example of the allowed configuration options on Windows:

     "tlscacert": "",

     "tlscert": "",

     "tlskey": "",

+    "swarm-default-advertise-addr": "",

     "group": "",

     "default-ulimits": {},

     "bridge": "",

@@ -17,12 +17,13 @@ Usage:  docker swarm init [OPTIONS]

 Initialize a swarm

 Options:

+      --advertise-addr value            Advertised address (format: <ip|hostname|interface>[:port])

       --cert-expiry duration            Validity period for node certificates (default 2160h0m0s)

       --dispatcher-heartbeat duration   Dispatcher heartbeat period (default 5s)

       --external-ca value               Specifications of one or more certificate signing endpoints

       --force-new-cluster               Force create a new cluster from current state.

       --help                            Print usage

-      --listen-addr value               Listen address (default 0.0.0.0:2377)

+      --listen-addr value               Listen address (format: <ip|hostname|interface>[:port])

       --task-history-limit int          Task history retention limit (default 5)

 ```

@@ -31,7 +32,7 @@ in the newly created one node swarm cluster.

 ```bash

-$ docker swarm init --listen-addr 192.168.99.121:2377

+$ docker swarm init --advertise-addr 192.168.99.121

 Swarm initialized: current node (bvz81updecsj6wjz393c09vti) is now a manager.

 To add a worker to this swarm, run the following command:

@@ -70,11 +71,31 @@ The URL specifies the endpoint where signing requests should be submitted.