Browse code
vendor: github.com/docker/libnetwork 64b7a4574d1426139437d20e81c0b6d391130ec8
Update libnetwork to make `docker run -p 80:80` functional again on environments
with kernel boot parameter `ipv6.disable=1`.
full diff: https://github.com/docker/libnetwork/compare/b3507428be5b458cb0e2b4086b13531fb0706e46...64b7a4574d1426139437d20e81c0b6d391130ec8
- fix port forwarding with ipv6.disable=1
- fixes moby/moby/42288 Docker 20.10.6: all containers stopped and cannot start if ipv6 is disabled on host
- fixes docker/libnetwork/2629 Network issue with IPv6 following update to version 20.10.6
- fixesdocker/for-linux/1233 Since 20.10.6 it's not possible to run docker on a machine with disabled IPv6 interfaces
- vendor: github.com/ishidawataru/sctp f2269e66cdee387bd321445d5d300893449805be
- Enforce order of lock acquisitions on network/controller, fixes #2632
- fixes docker/libnetwork/2632 Name resolution stuck due to deadlock between different network struct methods
- fixes moby/moby/42032 Docker deamon get's stuck, can't serve DNS requests
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit e4109b3b6bb3b6ebd6ba42cac03dfba5ffc6caf4)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Sebastiaan van Stijn authored on 2021/05/25 18:29:14Showing 5 changed files
- hack/dockerfile/install/proxy.installer
- vendor.conf
- vendor/github.com/docker/libnetwork/drivers/bridge/port_mapping.go
- vendor/github.com/docker/libnetwork/network.go
- vendor/github.com/docker/libnetwork/vendor.conf
| ... | ... |
@@ -3,7 +3,7 @@ |
| 3 | 3 |
# LIBNETWORK_COMMIT is used to build the docker-userland-proxy binary. When |
| 4 | 4 |
# updating the binary version, consider updating github.com/docker/libnetwork |
| 5 | 5 |
# in vendor.conf accordingly |
| 6 |
-: "${LIBNETWORK_COMMIT:=b3507428be5b458cb0e2b4086b13531fb0706e46}"
|
|
| 6 |
+: "${LIBNETWORK_COMMIT:=64b7a4574d1426139437d20e81c0b6d391130ec8}"
|
|
| 7 | 7 |
|
| 8 | 8 |
install_proxy() {
|
| 9 | 9 |
case "$1" in |
| ... | ... |
@@ -47,7 +47,7 @@ github.com/grpc-ecosystem/go-grpc-middleware 3c51f7f332123e8be5a157c0802a |
| 47 | 47 |
# libnetwork |
| 48 | 48 |
|
| 49 | 49 |
# When updating, also update LIBNETWORK_COMMIT in hack/dockerfile/install/proxy.installer accordingly |
| 50 |
-github.com/docker/libnetwork b3507428be5b458cb0e2b4086b13531fb0706e46 |
|
| 50 |
+github.com/docker/libnetwork 64b7a4574d1426139437d20e81c0b6d391130ec8 |
|
| 51 | 51 |
github.com/docker/go-events e31b211e4f1cd09aa76fe4ac244571fab96ae47f |
| 52 | 52 |
github.com/armon/go-radix e39d623f12e8e41c7b5529e9a9dd67a1e2261f80 |
| 53 | 53 |
github.com/armon/go-metrics eb0af217e5e9747e41dd5303755356b62d28e3ec |
| ... | ... |
@@ -5,6 +5,7 @@ import ( |
| 5 | 5 |
"errors" |
| 6 | 6 |
"fmt" |
| 7 | 7 |
"net" |
| 8 |
+ "sync" |
|
| 8 | 9 |
|
| 9 | 10 |
"github.com/docker/libnetwork/types" |
| 10 | 11 |
"github.com/ishidawataru/sctp" |
| ... | ... |
@@ -50,6 +51,13 @@ func (n *bridgeNetwork) allocatePortsInternal(bindings []types.PortBinding, cont |
| 50 | 50 |
bs = append(bs, bIPv4) |
| 51 | 51 |
} |
| 52 | 52 |
|
| 53 |
+ // skip adding implicit v6 addr, when the kernel was booted with `ipv6.disable=1` |
|
| 54 |
+ // https://github.com/moby/moby/issues/42288 |
|
| 55 |
+ isV6Binding := c.HostIP != nil && c.HostIP.To4() == nil |
|
| 56 |
+ if !isV6Binding && !IsV6Listenable() {
|
|
| 57 |
+ continue |
|
| 58 |
+ } |
|
| 59 |
+ |
|
| 53 | 60 |
// Allocate IPv6 Port mappings |
| 54 | 61 |
// If the container has no IPv6 address, allow proxying host IPv6 traffic to it |
| 55 | 62 |
// by setting up the binding with the IPv4 interface if the userland proxy is enabled |
| ... | ... |
@@ -211,3 +219,26 @@ func (n *bridgeNetwork) releasePort(bnd types.PortBinding) error {
|
| 211 | 211 |
|
| 212 | 212 |
return portmapper.Unmap(host) |
| 213 | 213 |
} |
| 214 |
+ |
|
| 215 |
+var ( |
|
| 216 |
+ v6ListenableCached bool |
|
| 217 |
+ v6ListenableOnce sync.Once |
|
| 218 |
+) |
|
| 219 |
+ |
|
| 220 |
+// IsV6Listenable returns true when `[::1]:0` is listenable. |
|
| 221 |
+// IsV6Listenable returns false mostly when the kernel was booted with `ipv6.disable=1` option. |
|
| 222 |
+func IsV6Listenable() bool {
|
|
| 223 |
+ v6ListenableOnce.Do(func() {
|
|
| 224 |
+ ln, err := net.Listen("tcp6", "[::1]:0")
|
|
| 225 |
+ if err != nil {
|
|
| 226 |
+ // When the kernel was booted with `ipv6.disable=1`, |
|
| 227 |
+ // we get err "listen tcp6 [::1]:0: socket: address family not supported by protocol" |
|
| 228 |
+ // https://github.com/moby/moby/issues/42288 |
|
| 229 |
+ logrus.Debugf("port_mapping: v6Listenable=false (%v)", err)
|
|
| 230 |
+ } else {
|
|
| 231 |
+ v6ListenableCached = true |
|
| 232 |
+ ln.Close() |
|
| 233 |
+ } |
|
| 234 |
+ }) |
|
| 235 |
+ return v6ListenableCached |
|
| 236 |
+} |
| ... | ... |
@@ -1409,21 +1409,21 @@ func (n *network) addSvcRecords(eID, name, serviceID string, epIP, epIPv6 net.IP |
| 1409 | 1409 |
if n.ingress {
|
| 1410 | 1410 |
return |
| 1411 | 1411 |
} |
| 1412 |
- |
|
| 1413 |
- logrus.Debugf("%s (%.7s).addSvcRecords(%s, %s, %s, %t) %s sid:%s", eID, n.ID(), name, epIP, epIPv6, ipMapUpdate, method, serviceID)
|
|
| 1412 |
+ networkID := n.ID() |
|
| 1413 |
+ logrus.Debugf("%s (%.7s).addSvcRecords(%s, %s, %s, %t) %s sid:%s", eID, networkID, name, epIP, epIPv6, ipMapUpdate, method, serviceID)
|
|
| 1414 | 1414 |
|
| 1415 | 1415 |
c := n.getController() |
| 1416 | 1416 |
c.Lock() |
| 1417 | 1417 |
defer c.Unlock() |
| 1418 | 1418 |
|
| 1419 |
- sr, ok := c.svcRecords[n.ID()] |
|
| 1419 |
+ sr, ok := c.svcRecords[networkID] |
|
| 1420 | 1420 |
if !ok {
|
| 1421 | 1421 |
sr = svcInfo{
|
| 1422 | 1422 |
svcMap: setmatrix.NewSetMatrix(), |
| 1423 | 1423 |
svcIPv6Map: setmatrix.NewSetMatrix(), |
| 1424 | 1424 |
ipMap: setmatrix.NewSetMatrix(), |
| 1425 | 1425 |
} |
| 1426 |
- c.svcRecords[n.ID()] = sr |
|
| 1426 |
+ c.svcRecords[networkID] = sr |
|
| 1427 | 1427 |
} |
| 1428 | 1428 |
|
| 1429 | 1429 |
if ipMapUpdate {
|
| ... | ... |
@@ -1445,14 +1445,14 @@ func (n *network) deleteSvcRecords(eID, name, serviceID string, epIP net.IP, epI |
| 1445 | 1445 |
if n.ingress {
|
| 1446 | 1446 |
return |
| 1447 | 1447 |
} |
| 1448 |
- |
|
| 1449 |
- logrus.Debugf("%s (%.7s).deleteSvcRecords(%s, %s, %s, %t) %s sid:%s ", eID, n.ID(), name, epIP, epIPv6, ipMapUpdate, method, serviceID)
|
|
| 1448 |
+ networkID := n.ID() |
|
| 1449 |
+ logrus.Debugf("%s (%.7s).deleteSvcRecords(%s, %s, %s, %t) %s sid:%s ", eID, networkID, name, epIP, epIPv6, ipMapUpdate, method, serviceID)
|
|
| 1450 | 1450 |
|
| 1451 | 1451 |
c := n.getController() |
| 1452 | 1452 |
c.Lock() |
| 1453 | 1453 |
defer c.Unlock() |
| 1454 | 1454 |
|
| 1455 |
- sr, ok := c.svcRecords[n.ID()] |
|
| 1455 |
+ sr, ok := c.svcRecords[networkID] |
|
| 1456 | 1456 |
if !ok {
|
| 1457 | 1457 |
return |
| 1458 | 1458 |
} |
| ... | ... |
@@ -1972,9 +1972,10 @@ func (n *network) ResolveName(req string, ipType int) ([]net.IP, bool) {
|
| 1972 | 1972 |
var ipv6Miss bool |
| 1973 | 1973 |
|
| 1974 | 1974 |
c := n.getController() |
| 1975 |
+ networkID := n.ID() |
|
| 1975 | 1976 |
c.Lock() |
| 1976 | 1977 |
defer c.Unlock() |
| 1977 |
- sr, ok := c.svcRecords[n.ID()] |
|
| 1978 |
+ sr, ok := c.svcRecords[networkID] |
|
| 1978 | 1979 |
|
| 1979 | 1980 |
if !ok {
|
| 1980 | 1981 |
return nil, false |
| ... | ... |
@@ -2012,10 +2013,11 @@ func (n *network) ResolveName(req string, ipType int) ([]net.IP, bool) {
|
| 2012 | 2012 |
} |
| 2013 | 2013 |
|
| 2014 | 2014 |
func (n *network) HandleQueryResp(name string, ip net.IP) {
|
| 2015 |
+ networkID := n.ID() |
|
| 2015 | 2016 |
c := n.getController() |
| 2016 | 2017 |
c.Lock() |
| 2017 | 2018 |
defer c.Unlock() |
| 2018 |
- sr, ok := c.svcRecords[n.ID()] |
|
| 2019 |
+ sr, ok := c.svcRecords[networkID] |
|
| 2019 | 2020 |
|
| 2020 | 2021 |
if !ok {
|
| 2021 | 2022 |
return |
| ... | ... |
@@ -2031,10 +2033,11 @@ func (n *network) HandleQueryResp(name string, ip net.IP) {
|
| 2031 | 2031 |
} |
| 2032 | 2032 |
|
| 2033 | 2033 |
func (n *network) ResolveIP(ip string) string {
|
| 2034 |
+ networkID := n.ID() |
|
| 2034 | 2035 |
c := n.getController() |
| 2035 | 2036 |
c.Lock() |
| 2036 | 2037 |
defer c.Unlock() |
| 2037 |
- sr, ok := c.svcRecords[n.ID()] |
|
| 2038 |
+ sr, ok := c.svcRecords[networkID] |
|
| 2038 | 2039 |
|
| 2039 | 2040 |
if !ok {
|
| 2040 | 2041 |
return "" |
| ... | ... |
@@ -2085,9 +2088,10 @@ func (n *network) ResolveService(name string) ([]*net.SRV, []net.IP) {
|
| 2085 | 2085 |
proto := parts[1] |
| 2086 | 2086 |
svcName := strings.Join(parts[2:], ".") |
| 2087 | 2087 |
|
| 2088 |
+ networkID := n.ID() |
|
| 2088 | 2089 |
c.Lock() |
| 2089 | 2090 |
defer c.Unlock() |
| 2090 |
- sr, ok := c.svcRecords[n.ID()] |
|
| 2091 |
+ sr, ok := c.svcRecords[networkID] |
|
| 2091 | 2092 |
|
| 2092 | 2093 |
if !ok {
|
| 2093 | 2094 |
return nil, nil |
| ... | ... |
@@ -43,7 +43,7 @@ golang.org/x/net ab34263943818b32f575efc978a3 |
| 43 | 43 |
golang.org/x/sys ed371f2e16b4b305ee99df548828de367527b76b |
| 44 | 44 |
golang.org/x/sync cd5d95a43a6e21273425c7ae415d3df9ea832eeb |
| 45 | 45 |
github.com/pkg/errors 614d223910a179a466c1767a985424175c39b465 # v0.9.1 |
| 46 |
-github.com/ishidawataru/sctp 6e2cb1366111dcf547c13531e3a263a067715847 |
|
| 46 |
+github.com/ishidawataru/sctp f2269e66cdee387bd321445d5d300893449805be |
|
| 47 | 47 |
go.opencensus.io 9c377598961b706d1542bd2d84d538b5094d596e # v0.22.0 |
| 48 | 48 |
|
| 49 | 49 |
gotest.tools/v3 bb0d8a963040ea5048dcef1a14d8f8b58a33d4b3 # v3.0.2 |