@@ -8,6 +8,14 @@ ciargs = -e CIRCLECI -e "COVERALLS_TOKEN=$$COVERALLS_TOKEN" -e "INSIDECONTAINER=

 cidocker = docker run ${dockerargs} ${ciargs} $$EXTRA_ARGS ${container_env} ${build_image}

 CROSS_PLATFORMS = linux/amd64 linux/386 linux/arm windows/amd64

 export PATH := $(CURDIR)/bin:$(PATH)

+hostOS = ${shell go env GOHOSTOS}

+ifeq (${hostOS}, solaris)

+	gnufind=gfind

+	gnutail=gtail

+else

+	gnufind=find

+	gnutail=tail

+endif

 all: ${build_image}.created build check integration-tests clean

@@ -62,7 +70,40 @@ check-format:

 run-tests:

 	@echo "Running tests... "

 	@echo "mode: count" > coverage.coverprofile

-	@for dir in $$(find . -maxdepth 10 -not -path './.git*' -not -path '*/_*' -type d); do \

+	@for dir in $$( ${gnufind} . -maxdepth 10 -not -path './.git*' -not -path '*/_*' -type d); do \

+	    if [ ${hostOS} == solaris ]; then \

+	        case "$$dir" in \

+		    "./cmd/dnet" ) \

+		    ;& \

+		    "./cmd/ovrouter" ) \

+		    ;& \

+		    "./ns" ) \

+		    ;& \

+		    "./iptables" ) \

+		    ;& \

+		    "./ipvs" ) \

+		    ;& \

+		    "./drivers/bridge" ) \

+		    ;& \

+		    "./drivers/host" ) \

+		    ;& \

+		    "./drivers/ipvlan" ) \

+		    ;& \

+		    "./drivers/macvlan" ) \

+		    ;& \

+		    "./drivers/overlay" ) \

+		    ;& \

+		    "./drivers/remote" ) \

+		    ;& \

+		    "./drivers/windows" ) \

+			echo "Skipping $$dir on solaris host... "; \

+			continue; \

+			;; \

+		    * )\

+			echo "Entering $$dir ... "; \

+			;; \

+	        esac; \

+	    fi; \

 	    if ls $$dir/*.go &> /dev/null; then \

 		pushd . &> /dev/null ; \

 		cd $$dir ; \

@@ -71,7 +112,7 @@ run-tests:

 		if [ $$ret -ne 0 ]; then exit $$ret; fi ;\

 		popd &> /dev/null; \

 		if [ -f $$dir/profile.tmp ]; then \

-			cat $$dir/profile.tmp | tail -n +2 >> coverage.coverprofile ; \

+			cat $$dir/profile.tmp | ${gnutail} -n +2 >> coverage.coverprofile ; \

 				rm $$dir/profile.tmp ; \

 	    fi ; \

 	fi ; \

new file mode 100644

@@ -0,0 +1,18 @@

+package api

+

+import (

+	"github.com/docker/libnetwork/drivers/bridge"

+	"github.com/docker/libnetwork/netlabel"

+)

+

+func GetOpsMap(bridgeName, defaultMTU string) map[string]string {

+	if defaultMTU == "" {

+		return map[string]string{

+			bridge.BridgeName: bridgeName,

+		}

+	}

+	return map[string]string{

+		bridge.BridgeName:  bridgeName,

+		netlabel.DriverMTU: defaultMTU,

+	}

+}

new file mode 100644

@@ -0,0 +1,18 @@

+package api

+

+import (

+	"github.com/docker/libnetwork/drivers/solaris/bridge"

+	"github.com/docker/libnetwork/netlabel"

+)

+

+func GetOpsMap(bridgeName, defaultMTU string) map[string]string {

+	if defaultMTU == "" {

+		return map[string]string{

+			bridge.BridgeName: bridgeName,

+		}

+	}

+	return map[string]string{

+		bridge.BridgeName:  bridgeName,

+		netlabel.DriverMTU: defaultMTU,

+	}

+}

@@ -15,7 +15,6 @@ import (

 	"github.com/docker/docker/pkg/reexec"

 	"github.com/docker/libnetwork"

 	"github.com/docker/libnetwork/datastore"

-	"github.com/docker/libnetwork/drivers/bridge"

 	"github.com/docker/libnetwork/netlabel"

 	"github.com/docker/libnetwork/options"

 	"github.com/docker/libnetwork/testutils"

@@ -225,9 +224,7 @@ func TestCreateDeleteNetwork(t *testing.T) {

 		t.Fatalf("Expected StatusBadRequest status code, got: %v", errRsp)

 	}

-	dops := map[string]string{

-		bridge.BridgeName: "abc",

-	}

+	dops := GetOpsMap("abc", "")

 	nops := map[string]string{

 		netlabel.EnableIPv6: "true",

 	}

@@ -273,9 +270,7 @@ func TestGetNetworksAndEndpoints(t *testing.T) {

 	}

 	defer c.Stop()

-	ops := map[string]string{

-		bridge.BridgeName: "api_test_nw",

-	}

+	ops := GetOpsMap("api_test_nw", "")

 	nc := networkCreate{Name: "sh", NetworkType: bridgeNetType, DriverOpts: ops}

 	body, err := json.Marshal(nc)

 	if err != nil {

@@ -544,7 +539,7 @@ func TestProcGetServices(t *testing.T) {

 		t.Fatal(err)

 	}

-	netName2 := "work-dev"

+	netName2 := "workdev"

 	netOption = options.Generic{

 		netlabel.GenericData: options.Generic{

 			"BridgeName": netName2,

@@ -1811,10 +1806,7 @@ func TestEndToEnd(t *testing.T) {

 	handleRequest := NewHTTPHandler(c)

-	dops := map[string]string{

-		bridge.BridgeName:  "cdef",

-		netlabel.DriverMTU: "1460",

-	}

+	dops := GetOpsMap("cdef", "1460")

 	nops := map[string]string{

 		netlabel.EnableIPv6: "true",

 	}

new file mode 100644

@@ -0,0 +1,1254 @@

+// +build solaris

+

+package bridge

+

+import (

+	"bufio"

+	"errors"

+	"fmt"

+	"net"

+	"os"

+	"os/exec"

+	"strconv"

+	"strings"

+	"sync"

+

+	"github.com/Sirupsen/logrus"

+	"github.com/docker/libnetwork/datastore"

+	"github.com/docker/libnetwork/discoverapi"

+	"github.com/docker/libnetwork/driverapi"

+	"github.com/docker/libnetwork/iptables"

+	"github.com/docker/libnetwork/netlabel"

+	"github.com/docker/libnetwork/netutils"

+	"github.com/docker/libnetwork/options"

+	"github.com/docker/libnetwork/portmapper"

+	"github.com/docker/libnetwork/types"

+)

+

+const (

+	networkType = "bridge"

+

+	// DefaultBridgeName is the default name for the bridge interface managed

+	// by the driver when unspecified by the caller.

+	DefaultBridgeName = "docker0"

+

+	// BridgeName label for bridge driver

+	BridgeName = "com.docker.network.bridge.name"

+

+	// EnableIPMasquerade label for bridge driver

+	EnableIPMasquerade = "com.docker.network.bridge.enable_ip_masquerade"

+

+	// EnableICC label

+	EnableICC = "com.docker.network.bridge.enable_icc"

+

+	// DefaultBindingIP label

+	DefaultBindingIP = "com.docker.network.bridge.host_binding_ipv4"

+

+	// DefaultBridge label

+	DefaultBridge = "com.docker.network.bridge.default_bridge"

+

+	// DefaultGatewayV4AuxKey represents the default-gateway configured by the user

+	DefaultGatewayV4AuxKey = "DefaultGatewayIPv4"

+

+	// DefaultGatewayV6AuxKey represents the ipv6 default-gateway configured by the user

+	DefaultGatewayV6AuxKey = "DefaultGatewayIPv6"

+)

+

+// configuration info for the "bridge" driver.

+type configuration struct {

+	EnableIPForwarding  bool

+	EnableIPTables      bool

+	EnableUserlandProxy bool

+}

+

+// networkConfiguration for network specific configuration

+type networkConfiguration struct {

+	ID                 string

+	BridgeName         string

+	BridgeNameInternal string

+	EnableIPv6         bool

+	EnableIPMasquerade bool

+	EnableICC          bool

+	Mtu                int

+	DefaultBindingIntf string

+	DefaultBindingIP   net.IP

+	DefaultBridge      bool

+	// Internal fields set after ipam data parsing

+	AddressIPv4        *net.IPNet

+	AddressIPv6        *net.IPNet

+	DefaultGatewayIPv4 net.IP

+	DefaultGatewayIPv6 net.IP

+	dbIndex            uint64

+	dbExists           bool

+	Internal           bool

+}

+

+// endpointConfiguration represents the user specified configuration for the sandbox endpoint

+type endpointConfiguration struct {

+	MacAddress   net.HardwareAddr

+	PortBindings []types.PortBinding

+	ExposedPorts []types.TransportPort

+}

+

+// containerConfiguration represents the user specified configuration for a container

+type containerConfiguration struct {

+	ParentEndpoints []string

+	ChildEndpoints  []string

+}

+

+// cnnectivityConfiguration represents the user specified configuration regarding the external connectivity

+type connectivityConfiguration struct {

+	PortBindings []types.PortBinding

+	ExposedPorts []types.TransportPort

+}

+

+type bridgeEndpoint struct {

+	id              string

+	nid             string

+	srcName         string

+	addr            *net.IPNet

+	addrv6          *net.IPNet

+	macAddress      net.HardwareAddr

+	config          *endpointConfiguration // User specified parameters

+	containerConfig *containerConfiguration

+	extConnConfig   *connectivityConfiguration

+	portMapping     []types.PortBinding // Operation port bindings

+	dbIndex         uint64

+	dbExists        bool

+}

+

+type bridgeInterface struct {

+	bridgeIPv4  *net.IPNet

+	bridgeIPv6  *net.IPNet

+	gatewayIPv4 net.IP

+	gatewayIPv6 net.IP

+}

+

+type bridgeNetwork struct {

+	id         string

+	bridge     *bridgeInterface

+	config     *networkConfiguration

+	endpoints  map[string]*bridgeEndpoint // key: endpoint id

+	portMapper *portmapper.PortMapper

+	driver     *driver // The network's driver

+	sync.Mutex

+}

+

+type driver struct {

+	config         *configuration

+	network        *bridgeNetwork

+	natChain       *iptables.ChainInfo

+	filterChain    *iptables.ChainInfo

+	isolationChain *iptables.ChainInfo

+	networks       map[string]*bridgeNetwork

+	store          datastore.DataStore

+	sync.Mutex

+	defrouteIP net.IP

+}

+

+// New constructs a new bridge driver

+func newDriver() *driver {

+	return &driver{networks: map[string]*bridgeNetwork{}}

+}

+

+// Init registers a new instance of bridge driver

+func Init(dc driverapi.DriverCallback, config map[string]interface{}) error {

+	d := newDriver()

+	if err := d.configure(config); err != nil {

+		return err

+	}

+

+	c := driverapi.Capability{

+		DataScope: datastore.LocalScope,

+	}

+	return dc.RegisterDriver(networkType, d, c)

+}

+

+func (d *driver) NetworkAllocate(id string, option map[string]string, ipV4Data, ipV6Data []driverapi.IPAMData) (map[string]string, error) {

+	return nil, types.NotImplementedErrorf("not implemented")

+}

+

+func (d *driver) NetworkFree(id string) error {

+	return types.NotImplementedErrorf("not implemented")

+}

+

+func (d *driver) EventNotify(etype driverapi.EventType, nid, tableName, key string, value []byte) {

+}

+

+func (d *driver) CreateNetwork(id string, option map[string]interface{}, nInfo driverapi.NetworkInfo, ipV4Data, ipV6Data []driverapi.IPAMData) error {

+	if len(ipV4Data) == 0 || ipV4Data[0].Pool.String() == "0.0.0.0/0" {

+		return types.BadRequestErrorf("ipv4 pool is empty")

+	}

+	// Sanity checks

+	d.Lock()

+	if _, ok := d.networks[id]; ok {

+		d.Unlock()

+		return types.ForbiddenErrorf("network %s exists", id)

+	}

+	d.Unlock()

+

+	// Parse and validate the config. It should not conflict with existing networks' config

+	config, err := parseNetworkOptions(d, id, option)

+	if err != nil {

+		return err

+	}

+

+	err = config.processIPAM(id, ipV4Data, ipV6Data)

+	if err != nil {

+		return err

+	}

+

+	if err = d.createNetwork(config); err != nil {

+		return err

+	}

+

+	return d.storeUpdate(config)

+}

+

+func newInterface(config *networkConfiguration) *bridgeInterface {

+	i := &bridgeInterface{}

+

+	i.bridgeIPv4 = config.AddressIPv4

+	i.gatewayIPv4 = config.AddressIPv4.IP

+	if config.BridgeName == "" {

+		config.BridgeName = DefaultBridgeName

+	}

+	return i

+}

+

+// This function prunes the pf.conf for the firewall

+// that enable the service successfully.

+func fixPFConf() error {

+	conf := "/etc/firewall/pf.conf"

+	f, err := os.Open("/etc/firewall/pf.conf")

+	if err != nil {

+		return fmt.Errorf("cannot open %s: %v", conf, err)

+	}

+	defer f.Close()

+

+	// Look for line beginning with "REMOVE THIS LINE"

+	modify := false

+	lines := []string{}

+	scanner := bufio.NewScanner(f)

+	for scanner.Scan() {

+		l := scanner.Text()

+		if strings.Contains(l, "REMOVE THIS LINE") {

+			modify = true

+			continue

+		}

+		lines = append(lines, fmt.Sprintf("%s\n", l))

+	}

+	if err = scanner.Err(); err != nil {

+		return fmt.Errorf("cannot open %s: %v", conf, err)

+	}

+

+	// No changes needed to fix pf.conf

+	if !modify {

+		return nil

+	}

+

+	// Write back the file removing the line found above

+	tmpname := "/etc/firewall/pf.conf.tmp." + strconv.Itoa(os.Getpid())

+	tmp, err := os.OpenFile(tmpname,

+		os.O_CREATE|os.O_TRUNC|os.O_WRONLY|os.O_APPEND, 0644)

+	if err != nil {

+		return fmt.Errorf("cannot open %s: %v", tmpname, err)

+	}

+	defer tmp.Close()

+	for _, l := range lines {

+		_, err = tmp.WriteString(l)

+		if err != nil {

+			return fmt.Errorf("cannot write to %s: %v",

+				tmpname, err)

+		}

+	}

+	if err = tmp.Sync(); err != nil {

+		return fmt.Errorf("cannot sync %s: %v", tmpname, err)

+	}

+	if err = os.Rename(tmpname, conf); err != nil {

+		return fmt.Errorf("cannot rename %s to %s: %v",

+			tmpname, conf, err)

+	}

+	return nil

+}

+

+func (d *driver) initFirewall() error {

+	out, err := exec.Command("/usr/bin/svcs", "-Ho", "state",

+		"firewall").Output()

+	if err != nil {

+		return fmt.Errorf("cannot check firewall state: %v", err)

+	}

+	state := strings.TrimSpace(string(out))

+	if state != "online" {

+		if state != "disabled" {

+			return fmt.Errorf("firewall service is in %s state. "+

+				"please enable service manually.", state)

+		}

+		if err = fixPFConf(); err != nil {

+			return fmt.Errorf("cannot verify pf.conf: %v", err)

+		}

+		err = exec.Command("/usr/sbin/svcadm", "enable", "-ts",

+			"firewall").Run()

+		if err != nil {

+			return fmt.Errorf("cannot enable firewall service: %v", err)

+		}

+	}

+	out, err = exec.Command("/usr/sbin/pfctl", "-sr").Output()

+	if err != nil {

+		return fmt.Errorf("failed to list firewall rules: %v", err)

+	}

+	if strings.Contains(string(out), "anchor \"_auto/docker/*\" all") {

+		return nil

+	}

+	pfctlCmd := "(/usr/sbin/pfctl -sr; " +

+		"/usr/bin/echo \"anchor \\\"_auto/docker/*\\\"\") |" +

+		"/usr/sbin/pfctl -f -"

+	err = exec.Command("/usr/bin/bash", "-c", pfctlCmd).Run()

+	if err != nil {

+		return fmt.Errorf("failed to add docker firewall rules: %v", err)

+	}

+	return nil

+}

+

+func (d *driver) initRouting() error {

+	err := exec.Command("/usr/sbin/ipadm", "set-prop", "-t",

+		"-p", "forwarding=on", "ipv4").Run()

+	if err != nil {

+		return fmt.Errorf("cannot switch-on IP forwarding: %v", err)

+	}

+	routeCmd := "/usr/sbin/ipadm show-addr -p -o addr " +

+		"`/usr/sbin/route get default | /usr/bin/grep interface | " +

+		"/usr/bin/awk '{print $2}'`"

+	out, err := exec.Command("/usr/bin/bash", "-c", routeCmd).Output()

+	if err != nil {

+		return fmt.Errorf("cannot get default route: %v", err)

+	}

+	defroute := strings.SplitN(string(out), "/", 2)

+	d.defrouteIP = net.ParseIP(defroute[0])

+	if d.defrouteIP == nil {

+		return &ErrNoIPAddr{}

+	}

+	return nil

+}

+

+func (d *driver) configure(option map[string]interface{}) error {

+	var err error

+

+	if err = d.initFirewall(); err != nil {

+		return fmt.Errorf("failed to configure firewall: %v", err)

+	}

+	if err = d.initRouting(); err != nil {

+		return fmt.Errorf("failed to configure routing: %v", err)

+	}

+	if err = d.initStore(option); err != nil {

+		return fmt.Errorf("failed to initialize datastore: %v", err)

+	}

+

+	return nil

+}

+

+func (d *driver) getNetwork(id string) (*bridgeNetwork, error) {

+	d.Lock()

+	defer d.Unlock()

+

+	if id == "" {

+		return nil, types.BadRequestErrorf("invalid network id: %s", id)

+	}

+

+	if nw, ok := d.networks[id]; ok {

+		return nw, nil

+	}

+

+	return nil, types.NotFoundErrorf("network not found: %s", id)

+}

+

+// Return a slice of networks over which caller can iterate safely

+func (d *driver) getNetworks() []*bridgeNetwork {

+	d.Lock()

+	defer d.Unlock()

+

+	ls := make([]*bridgeNetwork, 0, len(d.networks))

+	for _, nw := range d.networks {

+		ls = append(ls, nw)

+	}

+	return ls

+}

+

+func bridgeSetup(config *networkConfiguration) error {

+	var err error

+	var bindingIntf string

+

+	bridgeName := config.BridgeName

+	gwName := fmt.Sprintf("%s_gw0", bridgeName)

+	gwIP := config.AddressIPv4.String()

+

+	if config.DefaultBindingIP == nil {

+		// Default to net0 if bindingIP is not provided.

+		bindingIntf = "net0"

+	} else {

+		ipadmCmd := "/usr/sbin/ipadm show-addr -p -o addrobj,addr |" +

+			"/usr/bin/grep " + config.DefaultBindingIP.String()

+		out, err := exec.Command("/usr/bin/bash", "-c", ipadmCmd).Output()

+		if err != nil {

+			logrus.Warnf("cannot find binding interface")

+			return err

+		}

+		bindingIntf = strings.SplitN(string(out), "/", 2)[0]

+		if bindingIntf == "" {

+			logrus.Warnf("cannot parse binding interface %s", string(out))

+			return &ErrNoIPAddr{}

+		}

+	}

+	config.DefaultBindingIntf = bindingIntf

+

+	err = exec.Command("/usr/sbin/dladm", "create-etherstub",

+		"-t", config.BridgeNameInternal).Run()

+	if err != nil {

+		logrus.Warnf("cannot create etherstub %s: %+v", config.BridgeNameInternal, err)

+		return err

+	}

+	err = exec.Command("/usr/sbin/dladm", "create-vnic",

+		"-t", "-l", config.BridgeNameInternal, gwName).Run()

+	if err != nil {

+		logrus.Warnf("cannot create vnic %s", gwName)

+		return err

+	}

+	err = exec.Command("/usr/sbin/ifconfig", gwName,

+		"plumb", gwIP, "up").Run()

+	if err != nil {

+		logrus.Warnf("cannot create gateway interface %s on %s",

+			gwIP, gwName)

+		return err

+	}

+

+	tableName := "bridge_nw_subnets"

+	pfAnchor := fmt.Sprintf("_auto/docker/%s", tableName)

+	err = exec.Command("/usr/sbin/pfctl", "-a", pfAnchor, "-t", tableName, "-T", "add", gwIP).Run()

+	if err != nil {

+		logrus.Warnf("cannot add bridge network '%s' to PF table", bridgeName)

+	}

+

+	pfCmd := fmt.Sprintf(

+		"/usr/bin/echo \"pass out on %s from %s:network to any nat-to (%s)\n"+

+			"block in quick from { <%s>, ! %s } to %s\" |"+

+			"/usr/sbin/pfctl -a _auto/docker/%s -f -",

+		bindingIntf, gwName, bindingIntf,

+		tableName, gwIP, gwIP,

+		bridgeName)

+	err = exec.Command("/usr/bin/bash", "-c", pfCmd).Run()

+	if err != nil {

+		logrus.Warnf("cannot add pf rule using: %s", pfCmd)

+		return err

+	}

+

+	return nil

+}

+

+func bridgeCleanup(config *networkConfiguration, logErr bool) {

+	var err error

+

+	bridgeName := config.BridgeName

+	tableName := "bridge_nw_subnets"

+	gwName := fmt.Sprintf("%s_gw0", bridgeName)

+	gwIP := config.AddressIPv4.String()

+	pfAnchor := fmt.Sprintf("_auto/docker/%s", bridgeName)

+	tableAnchor := fmt.Sprintf("_auto/docker/%s", tableName)

+

+	err = exec.Command("/usr/sbin/pfctl", "-a", pfAnchor, "-F", "all").Run()

+	if err != nil && logErr {

+		logrus.Warnf("cannot flush firewall rules")

+	}

+	err = exec.Command("/usr/sbin/ifconfig", gwName, "unplumb").Run()

+	if err != nil && logErr {

+		logrus.Warnf("cannot remove gateway interface")

+	}

+	err = exec.Command("/usr/sbin/dladm", "delete-vnic",

+		"-t", gwName).Run()

+	if err != nil && logErr {

+		logrus.Warnf("cannot delete vnic")

+	}

+	err = exec.Command("/usr/sbin/dladm", "delete-etherstub",

+		"-t", config.BridgeNameInternal).Run()

+	if err != nil && logErr {

+		logrus.Warnf("cannot delete etherstub")

+	}

+	err = exec.Command("/usr/sbin/pfctl", "-a", tableAnchor, "-t", tableName, "-T", "delete", gwIP).Run()

+	if err != nil && logErr {

+		logrus.Warnf("cannot remove bridge network '%s' from PF table", bridgeName)

+	}

+}

+

+func (d *driver) createNetwork(config *networkConfiguration) error {

+	var err error

+

+	logrus.Infof("Creating bridge network: %s %s %s", config.ID,

+		config.BridgeName, config.AddressIPv4)

+

+	networkList := d.getNetworks()

+	for i, nw := range networkList {

+		nw.Lock()

+		nwConfig := nw.config

+		nw.Unlock()

+		if err := nwConfig.Conflicts(config); err != nil {

+			if config.DefaultBridge {

+				// We encountered and identified a stale default network

+				// We must delete it as libnetwork is the source of thruth

+				// The default network being created must be the only one

+				// This can happen only from docker 1.12 on ward

+				logrus.Infof("Removing stale default bridge network %s (%s)", nwConfig.ID, nwConfig.BridgeName)

+				if err := d.DeleteNetwork(nwConfig.ID); err != nil {

+					logrus.Warnf("Failed to remove stale default network: %s (%s): %v. Will remove from store.", nwConfig.ID, nwConfig.BridgeName, err)

+					d.storeDelete(nwConfig)

+				}

+				networkList = append(networkList[:i], networkList[i+1:]...)

+			} else {

+				return types.ForbiddenErrorf(

+					"cannot create network %s (%s): "+

+						"conflicts with network %s (%s): %s",

+					nwConfig.BridgeName, config.ID, nw.id,

+					nw.config.BridgeName, err.Error())

+			}

+		}

+	}

+	if config.DefaultBindingIP == nil ||

+		config.DefaultBindingIP.IsUnspecified() {

+		config.DefaultBindingIP = d.defrouteIP

+	}

+

+	// Create and set network handler in driver

+	network := &bridgeNetwork{

+		id:         config.ID,

+		endpoints:  make(map[string]*bridgeEndpoint),

+		config:     config,

+		portMapper: portmapper.New(""),

+		driver:     d,

+	}

+

+	d.Lock()

+	d.networks[config.ID] = network

+	d.Unlock()

+

+	// On failure make sure to reset driver network handler to nil

+	defer func() {

+		if err != nil {

+			d.Lock()

+			delete(d.networks, config.ID)

+			d.Unlock()

+		}

+	}()

+

+	// Create or retrieve the bridge L3 interface

+	bridgeIface := newInterface(config)

+	network.bridge = bridgeIface

+

+	// Verify the network configuration does not conflict with previously installed

+	// networks. This step is needed now because driver might have now set the bridge

+	// name on this config struct. And because we need to check for possible address

+	// conflicts, so we need to check against operational networks.

+	if err = config.conflictsWithNetworks(config.ID, networkList); err != nil {

+		return err

+	}

+

+	// We only attempt to create the bridge when the requested device name is

+	// the default one.

+	if config.BridgeName != DefaultBridgeName && config.DefaultBridge {

+		return NonDefaultBridgeExistError(config.BridgeName)

+	}

+

+	bridgeCleanup(config, false)

+	err = bridgeSetup(config)

+	if err != nil {

+		return err

+	}

+	return nil

+}

+

+func (d *driver) DeleteNetwork(nid string) error {

+	var err error

+	// Get network handler and remove it from driver

+	d.Lock()

+	n, ok := d.networks[nid]

+	d.Unlock()

+

+	if !ok {

+		return types.InternalMaskableErrorf("network %s does not exist", nid)

+	}

+	d.Lock()

+	delete(d.networks, nid)

+	d.Unlock()

+

+	// On failure set network handler back in driver, but

+	// only if is not already taken over by some other thread

+	defer func() {

+		if err != nil {

+			d.Lock()

+			if _, ok := d.networks[nid]; !ok {

+				d.networks[nid] = n

+			}

+			d.Unlock()

+		}

+	}()

+

+	// Sanity check

+	if n == nil {

+		err = driverapi.ErrNoNetwork(nid)

+		return err

+	}

+

+	// Cannot remove network if endpoints are still present

+	if len(n.endpoints) != 0 {

+		err = ActiveEndpointsError(n.id)

+		return err

+	}

+	bridgeCleanup(n.config, true)

+	logrus.Infof("Deleting bridge network: %s", nid[:12])

+	return d.storeDelete(n.config)

+}

+

+func (d *driver) CreateEndpoint(nid, eid string, ifInfo driverapi.InterfaceInfo, epOptions map[string]interface{}) error {

+	if ifInfo == nil {

+		return errors.New("invalid interface passed")

+	}

+

+	// Get the network handler and make sure it exists

+	d.Lock()

+	n, ok := d.networks[nid]

+	d.Unlock()

+

+	if !ok {

+		return types.NotFoundErrorf("network %s does not exist", nid)

+	}

+	if n == nil {

+		return driverapi.ErrNoNetwork(nid)

+	}

+

+	// Sanity check

+	n.Lock()

+	if n.id != nid {

+		n.Unlock()

+		return InvalidNetworkIDError(nid)

+	}

+	n.Unlock()

+

+	// Check if endpoint id is good and retrieve correspondent endpoint

+	ep, err := n.getEndpoint(eid)

+	if err != nil {

+		return err

+	}

+

+	// Endpoint with that id exists either on desired or other sandbox

+	if ep != nil {

+		return driverapi.ErrEndpointExists(eid)

+	}

+

+	// Try to convert the options to endpoint configuration

+	epConfig, err := parseEndpointOptions(epOptions)

+	if err != nil {

+		return err

+	}

+

+	// Create and add the endpoint

+	n.Lock()

+	endpoint := &bridgeEndpoint{id: eid, config: epConfig}

+	n.endpoints[eid] = endpoint

+	n.Unlock()

+

+	// On failure make sure to remove the endpoint

+	defer func() {

+		if err != nil {

+			n.Lock()

+			delete(n.endpoints, eid)

+			n.Unlock()

+		}

+	}()

+

+	// Create the sandbox side pipe interface

+	if ifInfo.MacAddress() == nil {

+		// No MAC address assigned to interface. Generate a random MAC to assign

+		endpoint.macAddress = netutils.GenerateRandomMAC()

+		if err := ifInfo.SetMacAddress(endpoint.macAddress); err != nil {

+			logrus.Warnf("Unable to set mac address: %s to endpoint: %s",

+				endpoint.macAddress.String(), endpoint.id)

+			return err

+		}

+	} else {

+		endpoint.macAddress = ifInfo.MacAddress()

+	}

+	endpoint.addr = ifInfo.Address()

+	endpoint.addrv6 = ifInfo.AddressIPv6()

+	c := n.config

+

+	// Program any required port mapping and store them in the endpoint

+	endpoint.portMapping, err = n.allocatePorts(endpoint, c.DefaultBindingIntf, c.DefaultBindingIP, true)

+	if err != nil {

+		return err

+	}

+

+	return nil

+}

+

+func (d *driver) DeleteEndpoint(nid, eid string) error {

+	var err error

+

+	// Get the network handler and make sure it exists

+	d.Lock()

+	n, ok := d.networks[nid]

+	d.Unlock()

+

+	if !ok {

+		return types.InternalMaskableErrorf("network %s does not exist", nid)

+	}

+	if n == nil {

+		return driverapi.ErrNoNetwork(nid)

+	}

+

+	// Sanity Check

+	n.Lock()

+	if n.id != nid {

+		n.Unlock()

+		return InvalidNetworkIDError(nid)

+	}

+	n.Unlock()