Fix#3224 - Port already in use error when running a container
Signed-off-by: Tzu-Jung Lee <roylee17@gmail.com>
Upstream-commit: 7d2e851d8e921bf8f07f54c8afb8262580b36e8d
Component: engine
e.g.:
```
docker -d -bip "10.10.0.1/16"
```
If set and valid, use provided in place of trial and error from pre-defined array in network.go.
Mutually exclusive of -b option.
Upstream-commit: a68d7f3d70ab1638fd5b63a3026b211cb4e7a65e
Component: engine
On RHEL 6, creation of a bridge device with netlink fails. Use the more
backward-compatible ioctl instead. This fixes networking on RHEL 6.
Upstream-commit: 7a94cdf8edd917899a38a58917cd4439652047a1
Component: engine
Make sure the firewall rules are created even if the bridge interface is already created
Upstream-commit: 79031c4f8cd443a3d6fe26205b6d66830e306619
Component: engine
This commit improves upon the PortMapper and PortAllocator classes by changing
their internal data structures for port allocations to use a string rather than
a single integer. This string holds the network interface address as well as the
port number. This solves a previous problem where a port would be incorrectly
reported as being in use because it had been allocated for a different interface.
I've also added a basic test case for the PortMapper class, and extended the
existing test case for PortAllocator. In the case of PortMapper, this is done
by handing it a stub function for creating proxies rather than an actual
implementation.
Upstream-commit: 1cb1e08644b450d3371bfd7d6e305be454d19719
Component: engine
Explicitly enable container networking for Fedora and other distros that
have a REJECT all rule at the end of their FORWARD table.
Upstream-commit: ec4657b28a3e97447921357d454df974e0979ac6
Component: engine
Retrieve /etc/resolv.conf data (if available)
Add checkNameserverOverlaps and call it to
make sure there are no conflicts
Add utils.GetNameserversAsCIDR and tests
Read /etc/resolv.conf and pull out nameservers,
formatting them as a CIDR block ("1.2.3.4/32")
Upstream-commit: 3560c922b193e0f6b06c715a7b920f90a5990859
Component: engine
This allows the user to toggle enabling and
disabling intercontainer communication when
they run the daemon.
Upstream-commit: 94e5081baca9a3b3408d3a6ffa2926d1e262d6fe
Component: engine
We have our own netlink version of all the required calls now, so
we can just skip the /sbin/ip dependency.
Upstream-commit: 494cd07f722d6bf5f2e69a6d2d729848882e1971
Component: engine
Sometimes `ip route` will show mask-less IPs, so net.ParseCIDR will fail. If it does we check if we can net.ParseIP, and fail only if we can't.
Fixes#1214Fixes#362
Upstream-commit: 2e72882216ce13169a578614202830a5b084bfb4
Component: engine
API Changes
-----------
The port notation is extended to support "/udp" or "/tcp" at the *end*
of the specifier string (and defaults to tcp if "/tcp" or "/udp" are
missing)
`docker ps` now shows UDP ports as "frontend->backend/udp". Nothing
changes for TCP ports.
`docker inspect` now displays two sub-dictionaries: "Tcp" and "Udp",
under "PortMapping" in "NetworkSettings".
Theses changes stand true for the values returned by the HTTP API too.
This changeset will definitely break tools built upon the API (or upon
`docker inspect`). A less intrusive way to add UDP ports in `docker
inspect` would be to simply add "/udp" for UDP ports but it will still
break existing applications which tries to convert the whole field to an
integer. I believe that having two TCP/UDP sub-dictionaries is better
because it makes the whole thing more clear and more easy to parse right
away (i.e: you don't have to check the format of the string, split it
and convert the right part to an integer)
Code Changes
------------
Significant changes in network.go:
- A second PortAllocator is instantiated for the UDP range;
- PortMapper maintains separate mapping for TCP and UDP;
- The extPorts array in NetworkInterface is now an array of Nat objects
(so we can know on which protocol a given port was mapped when
NetworkInterface.Release() is called);
- TCP proxying on localhost has been moved away in network_proxy.go.
localhost proxy code rewrite in network_proxy.go:
We have to proxy the traffic between localhost:frontend-port and
container:backend-port because Netfilter doesn't work properly on the
loopback interface and DNAT iptable rules aren't applied there.
- Goroutines in the TCP proxying code are now explicitly stopped when
the proxy is stopped;
- UDP connection tracking using a map (more infos in [1]);
- Support for IPv6 (to be more accurate, the code is transparent to the
Go net package, so you can use, tcp/tcp4/tcp6/udp/udp4/udp6);
- Single Proxy interface for both UDP and TCP proxying;
- Full test suite.
[1] https://github.com/dotcloud/docker/issues/33#issuecomment-20010400
Upstream-commit: fac0d87d00ada08309ea3b82cae69beeef637c89
Component: engine
For structs protected by a single mutex, embed the mutex for more
concise usage.
Also use a sync.Mutex directly, rather than a pointer, to avoid the
need for initialization (because a Mutex's zero-value is valid and
ready to be used).
Upstream-commit: 1cf9c80e976fb60b4d5d489cd1c4c9959bcc4f7f
Component: engine
