Browse code
[19.03] roll-back libnetwork iptables forward policy change
The patch made in docker/libnetwork#2450 caused a breaking change in the
networking behaviour, causing Kubernetes installations on Docker Desktop
(and possibly other setups) to fail.
Rolling back this change in the 19.03 branch while we investigate if there
are alternatives.
diff: https://github.com/docker/libnetwork/compare/45c710223c5fbf04dc3028b9a90b51892e36ca7f...96bcc0dae898308ed659c5095526788a602f4726
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Sebastiaan van Stijn authored on 2019/10/08 01:09:20Showing 3 changed files
- hack/dockerfile/install/proxy.installer
- vendor.conf
- vendor/github.com/docker/libnetwork/drivers/bridge/setup_ip_forwarding.go
| ... | ... |
@@ -3,7 +3,7 @@ |
| 3 | 3 |
# LIBNETWORK_COMMIT is used to build the docker-userland-proxy binary. When |
| 4 | 4 |
# updating the binary version, consider updating github.com/docker/libnetwork |
| 5 | 5 |
# in vendor.conf accordingly |
| 6 |
-LIBNETWORK_COMMIT=96bcc0dae898308ed659c5095526788a602f4726 |
|
| 6 |
+LIBNETWORK_COMMIT=45c710223c5fbf04dc3028b9a90b51892e36ca7f |
|
| 7 | 7 |
|
| 8 | 8 |
install_proxy() {
|
| 9 | 9 |
case "$1" in |
| ... | ... |
@@ -38,7 +38,7 @@ github.com/gofrs/flock 7f43ea2e6a643ad441fc12d0ecc0 |
| 38 | 38 |
# libnetwork |
| 39 | 39 |
|
| 40 | 40 |
# When updating, also update LIBNETWORK_COMMIT in hack/dockerfile/install/proxy.installer accordingly |
| 41 |
-github.com/docker/libnetwork 96bcc0dae898308ed659c5095526788a602f4726 |
|
| 41 |
+github.com/docker/libnetwork 45c710223c5fbf04dc3028b9a90b51892e36ca7f |
|
| 42 | 42 |
github.com/docker/go-events 9461782956ad83b30282bf90e31fa6a70c255ba9 |
| 43 | 43 |
github.com/armon/go-radix e39d623f12e8e41c7b5529e9a9dd67a1e2261f80 |
| 44 | 44 |
github.com/armon/go-metrics eb0af217e5e9747e41dd5303755356b62d28e3ec |
| ... | ... |
@@ -34,11 +34,11 @@ func setupIPForwarding(enableIPTables bool) error {
|
| 34 | 34 |
if err := configureIPForwarding(true); err != nil {
|
| 35 | 35 |
return fmt.Errorf("Enabling IP forwarding failed: %v", err)
|
| 36 | 36 |
} |
| 37 |
- } |
|
| 38 |
- |
|
| 39 |
- // Set the default policy on forward chain to drop only if the |
|
| 40 |
- // daemon option iptables is not set to false. |
|
| 41 |
- if enableIPTables {
|
|
| 37 |
+ // When enabling ip_forward set the default policy on forward chain to |
|
| 38 |
+ // drop only if the daemon option iptables is not set to false. |
|
| 39 |
+ if !enableIPTables {
|
|
| 40 |
+ return nil |
|
| 41 |
+ } |
|
| 42 | 42 |
if err := iptables.SetDefaultPolicy(iptables.Filter, "FORWARD", iptables.Drop); err != nil {
|
| 43 | 43 |
if err := configureIPForwarding(false); err != nil {
|
| 44 | 44 |
logrus.Errorf("Disabling IP forwarding failed, %v", err)
|