Sometimes other programs can bind on ports from our range, so we just
skip this ports on allocation.
Fixes#9293
Probably fixes#8714
Signed-off-by: Alexander Morozov <lk4d4@docker.com>
Upstream-commit: a00a1a1fca020d21cb677439160e018bda5c3835
Component: engine
The argument ifaceName was removed in a much earlier commit.
Signed-off-by: Sami Wagiaalla <swagiaal@redhat.com>
Upstream-commit: a01f1e707eb682ec60d489a4171d2c82de79ee57
Component: engine
Fixed the following errors:
1. Request(0) causes a dead loop when the map is full and map.last == BEGIN.
2. When map.last is the only available port (or ip), Request(0) returns ErrAllPortsAllocated (or ErrNoAvailableIPs). Exception is when map.last == BEGIN.
Signed-off-by: shuai-z <zs.broccoli@gmail.com>
Upstream-commit: 4c978322979f00408c72b50931a8cdea2d5cdefc
Component: engine
Port number 49153(BeginPortRange) would be returned twice, causing dupli...
Upstream-commit: 0e6242122d9780709c057fc32e9970529c2e09fb
Component: engine
If we first request port 49153 (BeginPortRange) explicitly, and later some time request the next free port (of same ip/proto) by calling RequestPort() with port number 0, we will again get 49153 returned, even if it's currently in use. Because findPort() blindly retured BeginPortRange the first run, without checking if it has already been taken.
Signed-off-by: shuai-z <zs.broccoli@gmail.com>
Upstream-commit: 9451cf39eff037eccb04319c1e601d08495cab3c
Component: engine
When stdout/stderr is closed prematurely, the proxy's writes to stdout/stderr
(i.e. `log.Errorf/log.Printf`) will returns with EPIPE error, and go runtime
will terminate the proxy when stdout/stderr writes trigger 10 EPIPE errors.
instead of using stdout/stderr as the status handler, we pass an extra file to
the child process and write `0\n` or `1\nerror message` to it and close it
after. This allow the child process to handle stdout/stderr as normal.
Docker-DCO-1.1-Signed-off-by: Daniel, Dao Quang Minh <dqminh89@gmail.com> (github: dqminh)
Upstream-commit: 3b9d88210e763bebdfd7badb6ed3fd507d0f6513
Component: engine
Right now, MAC addresses are randomly generated by the kernel when
creating the veth interfaces.
This causes different issues related to ARP, such as #4581, #5737 and #8269.
This change adds support for consistent MAC addresses, guaranteeing that
an IP address will always end up with the same MAC address, no matter
what.
Since IP addresses are already guaranteed to be unique by the
IPAllocator, MAC addresses will inherit this property as well for free.
Consistent mac addresses is also a requirement for stable networking (#8297)
since re-using the same IP address on a different MAC address triggers the ARP
issue.
Finally, this change makes the MAC address accessible through docker
inspect, which fixes#4033.
Signed-off-by: Andrea Luzzardi <aluzzardi@gmail.com>
Upstream-commit: 88e21c6a75310da158bbee3a5fdc135697c93ba1
Component: engine
Since it is possible to request a specific IP, IPAllocator has to verify
that the request is within boundaries.
Signed-off-by: Andrea Luzzardi <aluzzardi@gmail.com>
Upstream-commit: a471eb4d9388dc44be0a9c81fa2f15061df636c5
Component: engine
There were a new areas in the brige driver that did not need to have log
output. Those were removed. Also set the engine's logging to false
when running the integration tests.
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
Upstream-commit: 8a9e827216eb5db4fcbe67c3c638f9e85f4de9bf
Component: engine
For the cases where --bip option is used it is sometimes best to disable
IP masquerading as the provided bridge IP range may be routable.
Signed-off-by: Eugene Yakubovich <eugene.yakubovich@coreos.com>
Upstream-commit: 4dc4d56db9797159e2e329845e0b94e3e0f780a0
Component: engine
This PR moves the userland proxies for TCP and UDP traffic out of the
main docker daemon's process ( from goroutines per proxy ) to be a
separate reexec of the docker binary. This reduces the cpu and memory
needed by the daemon and if the proxy processes crash for some reason
the daemon is unaffected. This also displays in the standard process
tree so that a user can clearly see if there is a userland proxy that is
bound to a certain ip and port.
```bash
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
5d349506feb6 busybox:buildroot-2014.02 "sh" 13 minutes ago Up 1 seconds 0.0.0.0:49153->81/tcp, 0.0.0.0:49154->90/tcp hungry_pike
root@1cbfdcedc5a7:/go/src/github.com/docker/docker# ps aux
USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
root 1 0.0 0.1 18168 3100 ? Ss 21:09 0:00 bash
root 8328 0.7 0.6 329072 13420 ? Sl 22:03 0:00 docker -d -s vfs
root 8373 1.0 0.5 196500 10548 ? Sl 22:03 0:00 userland-proxy -proto tcp -host-ip 0.0.0.0 -host-port 49153 -container-ip 10.0.0.2 -container-port 81
root 8382 1.0 0.5 270232 10576 ? Sl 22:03 0:00 userland-proxy -proto tcp -host-ip 0.0.0.0 -host-port 49154 -container-ip 10.0.0.2 -container-port 90
root 8385 1.2 0.0 3168 184 pts/0 Ss+ 22:03 0:00 sh
root 8408 0.0 0.1 15568 2112 ? R+ 22:03 0:00 ps aux
```
This also helps us to cleanly cleanup the proxy processes by stopping
these commands instead of trying to terminate a goroutine.
Signed-off-by: Michael Crosby <michael@docker.com>
Upstream-commit: b4e2f5ed962f8ef81dbc2cbb1ff2a06bb64f8211
Component: engine
functions to pkg/parsers/kernel, and parsing filters to
pkg/parsers/filter. Adjust imports and package references.
Docker-DCO-1.1-Signed-off-by: Erik Hollensbe <github@hollensbe.org> (github: erikh)
Upstream-commit: 4398108433121ce2ac9942e607da20fa1680871a
Component: engine
Defining err as named return parameter will make sure the variable gets
assigned before returning and thus avoid masking
Docker-DCO-1.1-Signed-off-by: Johannes 'fish' Ziemke <github@freigeist.org> (github: discordianfish)
Upstream-commit: 32bc8658793b278c793cb8755b94df3b210bea5d
Component: engine
Select masquerade by outgoing interface rather than by destination subne...
Upstream-commit: bcec0f30e8d7dbb9fcdd6a85fa4b8e4953ba66ff
Component: engine
