delta/docker.git/libnetwork/drivers, branch master github.com: dotcloud/docker.git [chore] clean up reexec.Init() calls 2023-05-09T23:13:17+00:00 Cory Snider csnider@mirantis.com 2023-05-09T22:27:40+00:00 4e0319c87857f180b01f9b072603cc385d7fcee1 Now that most uses of reexec have been replaced with non-reexec solutions, most of the reexec.Init() calls peppered throughout the test suites are unnecessary. Furthermore, most of the reexec.Init() calls in test code neglects to check the return value to determine whether to exit, which would result in the reexec'ed subprocesses proceeding to run the tests, which would reexec another subprocess which would proceed to run the tests, recursively. (That would explain why every reexec callback used to unconditionally call os.Exit() instead of returning...) Remove unneeded reexec.Init() calls from test and example code which no longer needs it, and fix the reexec.Init() calls which are not inert to exit after a reexec callback is invoked. Signed-off-by: Cory Snider <csnider@mirantis.com> 
Now that most uses of reexec have been replaced with non-reexec
solutions, most of the reexec.Init() calls peppered throughout the test
suites are unnecessary. Furthermore, most of the reexec.Init() calls in
test code neglects to check the return value to determine whether to
exit, which would result in the reexec'ed subprocesses proceeding to run
the tests, which would reexec another subprocess which would proceed to
run the tests, recursively. (That would explain why every reexec
callback used to unconditionally call os.Exit() instead of returning...)

Remove unneeded reexec.Init() calls from test and example code which no
longer needs it, and fix the reexec.Init() calls which are not inert to
exit after a reexec callback is invoked.

Signed-off-by: Cory Snider <csnider@mirantis.com>
libnetwork: overlayutils: remove redundant init() 2023-04-28T18:18:29+00:00 Sebastiaan van Stijn github@gone.nl 2023-04-27T22:29:55+00:00 17feabcba0ed46f52b0553396bb2995dbe7df42a Signed-off-by: Sebastiaan van Stijn <github@gone.nl> 
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Merge pull request #45308 from corhere/libnet/overlay-bpf-ipv6 2023-04-26T12:37:09+00:00 Sebastiaan van Stijn thaJeztah@users.noreply.github.com 2023-04-26T12:37:09+00:00 214e200f956b770e6dc239b062424c03774c63fe libnetwork/drivers/overlay: make VNI matcher IPv6-compatible 
libnetwork/drivers/overlay: make VNI matcher IPv6-compatible
 Merge pull request #45366 from akerouanton/fix-docker0-PreferredPool 2023-04-25T18:07:57+00:00 Brian Goff cpuguy83@gmail.com 2023-04-25T18:07:57+00:00 0970cb054c9606c727dda5240750482d0f40f729 daemon: set docker0 subpool as the IPAM pool 
daemon: set docker0 subpool as the IPAM pool
 daemon: set docker0 subpool as the IPAM pool 2023-04-25T13:32:46+00:00 Albin Kerouanton albinker@gmail.com 2023-04-20T11:11:15+00:00 2d31697d82df61ab78b583818f4106c36cf20cec Since cc19eba (backported to v23.0.4), the PreferredPool for docker0 is set only when the user provides the bip config parameter or when the default bridge already exist. That means, if a user provides the fixed-cidr parameter on a fresh install or reboot their computer/server without bip set, dockerd throw the following error when it starts: > failed to start daemon: Error initializing network controller: Error > creating default "bridge" network: failed to parse pool request for > address space "LocalDefault" pool "" subpool "100.64.0.0/26": Invalid > Address SubPool See #45356. Signed-off-by: Albin Kerouanton <albinker@gmail.com> 
Since cc19eba (backported to v23.0.4), the PreferredPool for docker0 is
set only when the user provides the bip config parameter or when the
default bridge already exist. That means, if a user provides the
fixed-cidr parameter on a fresh install or reboot their computer/server
without bip set, dockerd throw the following error when it starts:

> failed to start daemon: Error initializing network controller: Error
> creating default "bridge" network: failed to parse pool request for
> address space "LocalDefault" pool "" subpool "100.64.0.0/26": Invalid
> Address SubPool

See #45356.

Signed-off-by: Albin Kerouanton <albinker@gmail.com>
libn/d/overlay: make VNI matcher IPv6-compatible 2023-04-24T18:20:29+00:00 Cory Snider csnider@mirantis.com 2023-04-03T22:25:15+00:00 c3999632437c2a493600bf9b26a151eaa9646998 Use Linux BPF extensions to locate the offset of the VXLAN header within the packet so that the same BPF program works with VXLAN packets received over either IPv4 or IPv6. Signed-off-by: Cory Snider <csnider@mirantis.com> 
Use Linux BPF extensions to locate the offset of the VXLAN header within
the packet so that the same BPF program works with VXLAN packets
received over either IPv4 or IPv6.

Signed-off-by: Cory Snider <csnider@mirantis.com>
libn/d/overlay: test the VNI BPF matcher on IPv4 2023-04-24T18:19:39+00:00 Cory Snider csnider@mirantis.com 2023-04-11T20:19:16+00:00 7d9bb170b7a1d1425a19e95f7242bee58f7bf391 Signed-off-by: Cory Snider <csnider@mirantis.com> 
Signed-off-by: Cory Snider <csnider@mirantis.com>
libnet/d/overlay: clean up iptables rules on network delete 2023-04-17T15:21:21+00:00 Albin Kerouanton albinker@gmail.com 2023-04-16T22:39:22+00:00 1e1efe1f614529a06d26afdb04e5c5f4944584f6 This commit removes iptables rules configured for secure overlay networks when a network is deleted. Prior to this commit, only CreateNetwork() was taking care of removing stale iptables rules. If one of the iptables rule can't be removed, the erorr is logged but it doesn't prevent network deletion. Signed-off-by: Albin Kerouanton <albinker@gmail.com> 
This commit removes iptables rules configured for secure overlay
networks when a network is deleted. Prior to this commit, only
CreateNetwork() was taking care of removing stale iptables rules.

If one of the iptables rule can't be removed, the erorr is logged but
it doesn't prevent network deletion.

Signed-off-by: Albin Kerouanton <albinker@gmail.com>
Merge pull request #44965 from akerouanton/libnetwork-dead-code 2023-04-11T15:09:45+00:00 Sebastiaan van Stijn thaJeztah@users.noreply.github.com 2023-04-11T15:09:45+00:00 0154746b9f1911612f01c82431631c8bf8e19ac8 libnetwork/overlay: remove dead code 
libnetwork/overlay: remove dead code
 libnetwork/overlay: remove host mode 2023-04-06T17:52:41+00:00 Albin Kerouanton albinker@gmail.com 2023-02-15T20:45:13+00:00 8ed900263ef23bea4c9aa1541d5b93b0206f365c Linux kernel prior to v3.16 was not supporting netns for vxlan interfaces. As such, moby/libnetwork#821 introduced a "host mode" to the overlay driver. The related kernel fix is available for rhel7 users since v7.2. This mode could be forced through the use of the env var _OVERLAY_HOST_MODE. However this env var has never been documented and is not referenced in any blog post, so there's little chance many people rely on it. Moreover, this host mode is deemed as an implementation details by maintainers. As such, we can consider it dead and we can remove it without a prior deprecation warning. Signed-off-by: Albin Kerouanton <albinker@gmail.com> 
Linux kernel prior to v3.16 was not supporting netns for vxlan
interfaces. As such, moby/libnetwork#821 introduced a "host mode" to the
overlay driver. The related kernel fix is available for rhel7 users
since v7.2.

This mode could be forced through the use of the env var
_OVERLAY_HOST_MODE. However this env var has never been documented and
is not referenced in any blog post, so there's little chance many people
rely on it. Moreover, this host mode is deemed as an implementation
details by maintainers. As such, we can consider it dead and we can
remove it without a prior deprecation warning.

Signed-off-by: Albin Kerouanton <albinker@gmail.com>