libnetwork cherry-picks for 17.06.0 rc3

agent.go

@@ -722,15 +722,13 @@ func (n *network) cancelDriverWatches() {
 	}
 }
 
-func (c *controller) handleTableEvents(ch chan events.Event, fn func(events.Event)) {
+func (c *controller) handleTableEvents(ch *events.Channel, fn func(events.Event)) {
 	for {
 		select {
-		case ev, ok := <-ch:
-			if !ok {
-				return
-			}
-
+		case ev := <-ch.C:
 			fn(ev)
+		case <-ch.Done():
+			return
 		}
 	}
 }

drivers/overlay/ostweaks_linux.go

@@ -0,0 +1,30 @@
+package overlay
+
+import (
+	"io/ioutil"
+	"path"
+	"strings"
+
+	"github.com/Sirupsen/logrus"
+)
+
+var sysctlConf = map[string]string{
+	"net.ipv4.neigh.default.gc_thresh1": "8192",
+	"net.ipv4.neigh.default.gc_thresh2": "49152",
+	"net.ipv4.neigh.default.gc_thresh3": "65536",
+}
+
+// writeSystemProperty writes the value to a path under /proc/sys as determined from the key.
+// For e.g. net.ipv4.ip_forward translated to /proc/sys/net/ipv4/ip_forward.
+func writeSystemProperty(key, value string) error {
+	keyPath := strings.Replace(key, ".", "/", -1)
+	return ioutil.WriteFile(path.Join("/proc/sys", keyPath), []byte(value), 0644)
+}
+
+func applyOStweaks() {
+	for k, v := range sysctlConf {
+		if err := writeSystemProperty(k, v); err != nil {
+			logrus.Errorf("error setting the kernel parameter %s = %s, err: %s", k, v, err)
+		}
+	}
+}

drivers/overlay/ostweaks_unsupported.go

@@ -0,0 +1,5 @@
+// +build !linux
+
+package overlay
+
+func applyOStweaks() {}

drivers/overlay/ov_network.go

@@ -3,15 +3,18 @@ package overlay
 import (
 	"encoding/json"
 	"fmt"
+	"io/ioutil"
 	"net"
 	"os"
+	"os/exec"
 	"path/filepath"
 	"strconv"
 	"strings"
 	"sync"
 	"syscall"
 
 	"github.com/Sirupsen/logrus"
+	"github.com/docker/docker/pkg/reexec"
 	"github.com/docker/libnetwork/datastore"
 	"github.com/docker/libnetwork/driverapi"
 	"github.com/docker/libnetwork/netlabel"
@@ -55,6 +58,7 @@ type network struct {
 	dbIndex   uint64
 	dbExists  bool
 	sbox      osl.Sandbox
+	nlSocket  *nl.NetlinkSocket
 	endpoints endpointTable
 	driver    *driver
 	joinCnt   int
@@ -67,6 +71,54 @@ type network struct {
 	sync.Mutex
 }
 
+func init() {
+	reexec.Register("set-default-vlan", setDefaultVlan)
+}
+
+func setDefaultVlan() {
+	if len(os.Args) < 3 {
+		logrus.Error("insufficient number of arguments")
+		os.Exit(1)
+	}
+	nsPath := os.Args[1]
+	ns, err := netns.GetFromPath(nsPath)
+	if err != nil {
+		logrus.Errorf("overlay namespace get failed, %v", err)
+		os.Exit(1)
+	}
+	if err = netns.Set(ns); err != nil {
+		logrus.Errorf("setting into overlay namespace failed, %v", err)
+		os.Exit(1)
+	}
+
+	// make sure the sysfs mount doesn't propagate back
+	if err = syscall.Unshare(syscall.CLONE_NEWNS); err != nil {
+		logrus.Errorf("unshare failed, %v", err)
+		os.Exit(1)
+	}
+
+	flag := syscall.MS_PRIVATE | syscall.MS_REC
+	if err = syscall.Mount("", "/", "", uintptr(flag), ""); err != nil {
+		logrus.Errorf("root mount failed, %v", err)
+		os.Exit(1)
+	}
+
+	if err = syscall.Mount("sysfs", "/sys", "sysfs", 0, ""); err != nil {
+		logrus.Errorf("mounting sysfs failed, %v", err)
+		os.Exit(1)
+	}
+
+	brName := os.Args[2]
+	path := filepath.Join("/sys/class/net", brName, "bridge/default_pvid")
+	data := []byte{'0', '\n'}
+
+	if err = ioutil.WriteFile(path, data, 0644); err != nil {
+		logrus.Errorf("endbling default vlan on bridge %s failed %v", brName, err)
+		os.Exit(1)
+	}
+	os.Exit(0)
+}
+
 func (d *driver) NetworkAllocate(id string, option map[string]string, ipV4Data, ipV6Data []driverapi.IPAMData) (map[string]string, error) {
 	return nil, types.NotImplementedErrorf("not implemented")
 }
@@ -294,6 +346,12 @@ func (n *network) destroySandbox() {
 			}
 		}
 
+		// Close the netlink socket, this will also release the watchMiss goroutine that is using it
+		if n.nlSocket != nil {
+			n.nlSocket.Close()
+			n.nlSocket = nil
+		}
+
 		n.sbox.Destroy()
 		n.sbox = nil
 	}
@@ -505,6 +563,25 @@ func (n *network) setupSubnetSandbox(s *subnet, brName, vxlanName string) error
 		return fmt.Errorf("vxlan interface creation failed for subnet %q: %v", s.subnetIP.String(), err)
 	}
 
+	if !hostMode {
+		var name string
+		for _, i := range sbox.Info().Interfaces() {
+			if i.Bridge() {
+				name = i.DstName()
+			}
+		}
+		cmd := &exec.Cmd{
+			Path:   reexec.Self(),
+			Args:   []string{"set-default-vlan", sbox.Key(), name},
+			Stdout: os.Stdout,
+			Stderr: os.Stderr,
+		}
+		if err := cmd.Run(); err != nil {
+			// not a fatal error
+			logrus.Errorf("reexec to set bridge default vlan failed %v", err)
+		}
+	}
+
 	if hostMode {
 		if err := addFilters(n.id[:12], brName); err != nil {
 			return err
@@ -615,6 +692,7 @@ func (n *network) initSandbox(restore bool) error {
 	sbox.InvokeFunc(func() {
 		nlSock, err = nl.Subscribe(syscall.NETLINK_ROUTE, syscall.RTNLGRP_NEIGH)
 	})
+	n.setNetlinkSocket(nlSock)
 
 	if err == nil {
 		go n.watchMiss(nlSock)
@@ -630,6 +708,13 @@ func (n *network) watchMiss(nlSock *nl.NetlinkSocket) {
 	for {
 		msgs, err := nlSock.Receive()
 		if err != nil {
+			n.Lock()
+			nlFd := nlSock.GetFd()
+			n.Unlock()
+			if nlFd == -1 {
+				// The netlink socket got closed, simply exit to not leak this goroutine
+				return
+			}
 			logrus.Errorf("Failed to receive from netlink: %v ", err)
 			continue
 		}
@@ -746,6 +831,12 @@ func (n *network) setSandbox(sbox osl.Sandbox) {
 	n.Unlock()
 }
 
+func (n *network) setNetlinkSocket(nlSk *nl.NetlinkSocket) {
+	n.Lock()
+	n.nlSocket = nlSk
+	n.Unlock()
+}
+
 func (n *network) vxlanID(s *subnet) uint32 {
 	n.Lock()
 	defer n.Unlock()

drivers/overlay/overlay.go

@@ -46,7 +46,7 @@ type driver struct {
 	store            datastore.DataStore
 	localStore       datastore.DataStore
 	vxlanIdm         *idm.Idm
-	once             sync.Once
+	initOS           sync.Once
 	joinOnce         sync.Once
 	localJoinOnce    sync.Once
 	keys             []*key
@@ -180,6 +180,10 @@ func Fini(drv driverapi.Driver) {
 }
 
 func (d *driver) configure() error {
+
+	// Apply OS specific kernel configs if needed
+	d.initOS.Do(applyOStweaks)
+
 	if d.store == nil {
 		return nil
 	}

networkdb/networkdb_test.go

@@ -339,17 +339,17 @@ func TestNetworkDBWatch(t *testing.T) {
 	err = dbs[0].CreateEntry("test_table", "network1", "test_key", []byte("test_value"))
 	assert.NoError(t, err)
 
-	testWatch(t, ch, CreateEvent{}, "test_table", "network1", "test_key", "test_value")
+	testWatch(t, ch.C, CreateEvent{}, "test_table", "network1", "test_key", "test_value")
 
 	err = dbs[0].UpdateEntry("test_table", "network1", "test_key", []byte("test_updated_value"))
 	assert.NoError(t, err)
 
-	testWatch(t, ch, UpdateEvent{}, "test_table", "network1", "test_key", "test_updated_value")
+	testWatch(t, ch.C, UpdateEvent{}, "test_table", "network1", "test_key", "test_updated_value")
 
 	err = dbs[0].DeleteEntry("test_table", "network1", "test_key")
 	assert.NoError(t, err)
 
-	testWatch(t, ch, DeleteEvent{}, "test_table", "network1", "test_key", "")
+	testWatch(t, ch.C, DeleteEvent{}, "test_table", "network1", "test_key", "")
 
 	cancel()
 	closeNetworkDBInstances(dbs)

networkdb/watch.go

@@ -43,7 +43,7 @@ type DeleteEvent event
 // filter is an empty string it acts as a wildcard for that
 // field. Watch returns a channel of events, where the events will be
 // sent.
-func (nDB *NetworkDB) Watch(tname, nid, key string) (chan events.Event, func()) {
+func (nDB *NetworkDB) Watch(tname, nid, key string) (*events.Channel, func()) {
 	var matcher events.Matcher
 
 	if tname != "" || nid != "" || key != "" {
@@ -82,7 +82,7 @@ func (nDB *NetworkDB) Watch(tname, nid, key string) (chan events.Event, func())
 	}
 
 	nDB.broadcaster.Add(sink)
-	return ch.C, func() {
+	return ch, func() {
 		nDB.broadcaster.Remove(sink)
 		ch.Close()
 		sink.Close()

osl/neigh_linux.go

@@ -78,6 +78,23 @@ func (n *networkNamespace) DeleteNeighbor(dstIP net.IP, dstMac net.HardwareAddr,
 		if err := nlh.NeighDel(nlnh); err != nil {
 			logrus.Warnf("Deleting neighbor IP %s, mac %s failed, %v", dstIP, dstMac, err)
 		}
+
+		// Delete the dynamic entry in the bridge
+		if nlnh.Family > 0 {
+			nlnh := &netlink.Neigh{
+				IP:     dstIP,
+				Family: nh.family,
+			}
+
+			nlnh.HardwareAddr = dstMac
+			nlnh.Flags = netlink.NTF_MASTER
+			if nh.linkDst != "" {
+				nlnh.LinkIndex = iface.Attrs().Index
+			}
+			if err := nlh.NeighDel(nlnh); err != nil {
+				logrus.Warnf("Deleting bridge mac mac %s failed, %v", dstMac, err)
+			}
+		}
 	}
 
 	n.Lock()

vendor.conf

@@ -19,25 +19,25 @@ github.com/docker/libkv 1d8431073ae03cdaedb198a89722f3aab6d418ef
 
 github.com/godbus/dbus 5f6efc7ef2759c81b7ba876593971bfce311eab3
 github.com/gogo/protobuf 8d70fb3182befc465c4a1eac8ad4d38ff49778e2
-github.com/golang/protobuf/proto f7137ae6b19afbfd61a94b746fda3b3fe0491874
+github.com/golang/protobuf f7137ae6b19afbfd61a94b746fda3b3fe0491874
 github.com/gorilla/context 215affda49addc4c8ef7e2534915df2c8c35c6cd
 github.com/gorilla/mux 8096f47503459bcc74d1f4c487b7e6e42e5746b5
-github.com/hashicorp/consul/api 954aec66231b79c161a4122b023fbcad13047f79
-github.com/hashicorp/go-msgpack/codec 71c2886f5a673a35f909803f38ece5810165097b
+github.com/hashicorp/consul 954aec66231b79c161a4122b023fbcad13047f79
+github.com/hashicorp/go-msgpack 71c2886f5a673a35f909803f38ece5810165097b
 github.com/hashicorp/go-multierror 2167c8ec40776024589f483a6b836489e47e1049
 github.com/hashicorp/memberlist v0.1.0
 github.com/sean-/seed e2103e2c35297fb7e17febb81e49b312087a2372
 github.com/hashicorp/go-sockaddr acd314c5781ea706c710d9ea70069fd2e110d61d
 github.com/hashicorp/serf 598c54895cc5a7b1a24a398d635e8c0ea0959870
 github.com/mattn/go-shellwords 525bedee691b5a8df547cb5cf9f86b7fb1883e24
 github.com/miekg/dns d27455715200c7d3e321a1e5cadb27c9ee0b0f02
-github.com/opencontainers/runc/libcontainer ba1568de399395774ad84c2ace65937814c542ed
-github.com/samuel/go-zookeeper/zk d0e0d8e11f318e000a8cc434616d69e329edc374
+github.com/opencontainers/runc ba1568de399395774ad84c2ace65937814c542ed
+github.com/samuel/go-zookeeper d0e0d8e11f318e000a8cc434616d69e329edc374
 github.com/seccomp/libseccomp-golang 1b506fc7c24eec5a3693cdcbed40d9c226cfc6a1
 github.com/stretchr/testify dab07ac62d4905d3e48d17dc549c684ac3b7c15a
-github.com/syndtr/gocapability/capability 2c00daeb6c3b45114c80ac44119e7b8801fdd852
+github.com/syndtr/gocapability 2c00daeb6c3b45114c80ac44119e7b8801fdd852
 github.com/ugorji/go f1f1a805ed361a0e078bb537e4ea78cd37dcf065
-github.com/vishvananda/netlink 1e86b2bee5b6a7d377e4c02bb7f98209d6a7297c
+github.com/vishvananda/netlink bd6d5de5ccef2d66b0a26177928d0d8895d7f969
 github.com/vishvananda/netns 604eaf189ee867d8c147fafc28def2394e878d25
 golang.org/x/net c427ad74c6d7a814201695e9ffde0c5d400a7674
 golang.org/x/sys 8f0908ab3b2457e2e15403d3697c9ef5cb4b57a9