Sometimes `ip route` will show mask-less IPs, so net.ParseCIDR will fail. If it does we check if we can net.ParseIP, and fail only if we can't.
Fixes#1214Fixes#362
Upstream-commit: 2e72882216ce13169a578614202830a5b084bfb4
Component: engine
API Changes
-----------
The port notation is extended to support "/udp" or "/tcp" at the *end*
of the specifier string (and defaults to tcp if "/tcp" or "/udp" are
missing)
`docker ps` now shows UDP ports as "frontend->backend/udp". Nothing
changes for TCP ports.
`docker inspect` now displays two sub-dictionaries: "Tcp" and "Udp",
under "PortMapping" in "NetworkSettings".
Theses changes stand true for the values returned by the HTTP API too.
This changeset will definitely break tools built upon the API (or upon
`docker inspect`). A less intrusive way to add UDP ports in `docker
inspect` would be to simply add "/udp" for UDP ports but it will still
break existing applications which tries to convert the whole field to an
integer. I believe that having two TCP/UDP sub-dictionaries is better
because it makes the whole thing more clear and more easy to parse right
away (i.e: you don't have to check the format of the string, split it
and convert the right part to an integer)
Code Changes
------------
Significant changes in network.go:
- A second PortAllocator is instantiated for the UDP range;
- PortMapper maintains separate mapping for TCP and UDP;
- The extPorts array in NetworkInterface is now an array of Nat objects
(so we can know on which protocol a given port was mapped when
NetworkInterface.Release() is called);
- TCP proxying on localhost has been moved away in network_proxy.go.
localhost proxy code rewrite in network_proxy.go:
We have to proxy the traffic between localhost:frontend-port and
container:backend-port because Netfilter doesn't work properly on the
loopback interface and DNAT iptable rules aren't applied there.
- Goroutines in the TCP proxying code are now explicitly stopped when
the proxy is stopped;
- UDP connection tracking using a map (more infos in [1]);
- Support for IPv6 (to be more accurate, the code is transparent to the
Go net package, so you can use, tcp/tcp4/tcp6/udp/udp4/udp6);
- Single Proxy interface for both UDP and TCP proxying;
- Full test suite.
[1] https://github.com/dotcloud/docker/issues/33#issuecomment-20010400
Upstream-commit: fac0d87d00ada08309ea3b82cae69beeef637c89
Component: engine
For structs protected by a single mutex, embed the mutex for more
concise usage.
Also use a sync.Mutex directly, rather than a pointer, to avoid the
need for initialization (because a Mutex's zero-value is valid and
ready to be used).
Upstream-commit: 1cf9c80e976fb60b4d5d489cd1c4c9959bcc4f7f
Component: engine
Not only is this a more common idiom, it'll make finding bugs easier,
and it'll make porting to Go 1.1 easier.
Go 1.1 will not require the final return or panic because it has a
notion of terminating statements.
Upstream-commit: 22f1cc955dbf25132e69d126f8db0e5498bffbd2
Component: engine
Instead of allocating all possible IPs in advance, generate them as
needed.
A loop will cycle through all possible IPs in sequential order,
allocating them as needed and marking them as in use. Once the loop
exhausts all IPs, it will wrap back to the beginning. IPs that are
already in use will be skipped. When an IP is released, it will be
cleared and be available for allocation again.
Two decisions went into this design:
1) Minimize memory footprint by only allocating IPs that are actually
in use
2) Minimize reuse of released IP addresses to avoid sending traffic to
the wrong containers
As a side effect, the functions for IP/Mask<->int conversion have been
rewritten to never be able to fail in order to reduce the amount of
error returns.
Fixes gh-231
Upstream-commit: 6f9a67a7c7cb717ad1a575df3e4c0fd2ec8bc651
Component: engine
example:
2013/03/22 21:42:55 Unable to setup port networking: Failed to create DOCKER chain
(which was possibly introduced by commit 3c6b8bb88)
Upstream-commit: 371225520fc86fa58fadd182730b958a0f7ef9ab
Component: engine
