diff options
32 files changed, 11 insertions, 3650 deletions
diff --git a/libpod/container_internal.go b/libpod/container_internal.go index 9a2777efc..9f584d2e2 100644 --- a/libpod/container_internal.go +++ b/libpod/container_internal.go @@ -15,14 +15,13 @@ import ( "github.com/containers/libpod/pkg/chrootuser" "github.com/containers/libpod/pkg/hooks" "github.com/containers/libpod/pkg/hooks/exec" + "github.com/containers/libpod/pkg/resolvconf" "github.com/containers/libpod/pkg/rootless" "github.com/containers/libpod/pkg/secrets" "github.com/containers/storage" "github.com/containers/storage/pkg/archive" "github.com/containers/storage/pkg/chrootarchive" "github.com/containers/storage/pkg/mount" - "github.com/docker/libnetwork/netutils" - "github.com/docker/libnetwork/resolvconf" spec "github.com/opencontainers/runtime-spec/specs-go" "github.com/opencontainers/runtime-tools/generate" "github.com/opencontainers/selinux/go-selinux/label" @@ -1039,7 +1038,7 @@ func (c *Container) generateResolvConf() (string, error) { } // Make a new resolv.conf - nameservers := resolvconf.GetNameservers(resolv.Content, netutils.IP) + nameservers := resolvconf.GetNameservers(resolv.Content) if len(c.config.DNSServer) > 0 { // We store DNS servers as net.IP, so need to convert to string nameservers = []string{} diff --git a/vendor/github.com/docker/libnetwork/resolvconf/dns/resolvconf.go b/pkg/resolvconf/dns/resolvconf.go index e348bc57f..cb4bd1033 100644 --- a/vendor/github.com/docker/libnetwork/resolvconf/dns/resolvconf.go +++ b/pkg/resolvconf/dns/resolvconf.go @@ -1,3 +1,5 @@ +// Originally from github.com/docker/libnetwork/resolvconf/dns + package dns import ( diff --git a/vendor/github.com/docker/libnetwork/resolvconf/resolvconf.go b/pkg/resolvconf/resolvconf.go index 23caf7f12..476999f00 100644 --- a/vendor/github.com/docker/libnetwork/resolvconf/resolvconf.go +++ b/pkg/resolvconf/resolvconf.go @@ -1,4 +1,5 @@ -// Package resolvconf provides utility code to query and update DNS configuration in /etc/resolv.conf +// Package resolvconf provides utility code to query and update DNS configuration in /etc/resolv.conf. +// Originally from github.com/docker/libnetwork/resolvconf. package resolvconf import ( @@ -8,9 +9,8 @@ import ( "strings" "sync" + "github.com/containers/libpod/pkg/resolvconf/dns" "github.com/docker/docker/pkg/ioutils" - "github.com/docker/libnetwork/resolvconf/dns" - "github.com/docker/libnetwork/types" "github.com/sirupsen/logrus" ) @@ -119,7 +119,7 @@ func FilterResolvDNS(resolvConf []byte, ipv6Enabled bool) (*File, error) { } // if the resulting resolvConf has no more nameservers defined, add appropriate // default DNS servers for IPv4 and (optionally) IPv6 - if len(GetNameservers(cleanedResolvConf, types.IP)) == 0 { + if len(GetNameservers(cleanedResolvConf)) == 0 { logrus.Infof("No non-localhost DNS nameservers are left in resolv.conf. Using default external servers: %v", defaultIPv4Dns) dns := defaultIPv4Dns if ipv6Enabled { @@ -151,17 +151,10 @@ func getLines(input []byte, commentMarker []byte) [][]byte { } // GetNameservers returns nameservers (if any) listed in /etc/resolv.conf -func GetNameservers(resolvConf []byte, kind int) []string { +func GetNameservers(resolvConf []byte) []string { nameservers := []string{} for _, line := range getLines(resolvConf, []byte("#")) { - var ns [][]byte - if kind == types.IP { - ns = nsRegexp.FindSubmatch(line) - } else if kind == types.IPv4 { - ns = nsIPv4Regexpmatch.FindSubmatch(line) - } else if kind == types.IPv6 { - ns = nsIPv6Regexpmatch.FindSubmatch(line) - } + ns := nsRegexp.FindSubmatch(line) if len(ns) > 0 { nameservers = append(nameservers, string(ns[1])) } @@ -174,7 +167,7 @@ func GetNameservers(resolvConf []byte, kind int) []string { // This function's output is intended for net.ParseCIDR func GetNameserversAsCIDR(resolvConf []byte) []string { nameservers := []string{} - for _, nameserver := range GetNameservers(resolvConf, types.IP) { + for _, nameserver := range GetNameservers(resolvConf) { var address string // If IPv6, strip zone if present if strings.Contains(nameserver, ":") { diff --git a/vendor/github.com/docker/libnetwork/LICENSE b/vendor/github.com/docker/libnetwork/LICENSE deleted file mode 100644 index e06d20818..000000000 --- a/vendor/github.com/docker/libnetwork/LICENSE +++ /dev/null @@ -1,202 +0,0 @@ -Apache License - Version 2.0, January 2004 - http://www.apache.org/licenses/ - - TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION - - 1. Definitions. - - "License" shall mean the terms and conditions for use, reproduction, - and distribution as defined by Sections 1 through 9 of this document. - - "Licensor" shall mean the copyright owner or entity authorized by - the copyright owner that is granting the License. - - "Legal Entity" shall mean the union of the acting entity and all - other entities that control, are controlled by, or are under common - control with that entity. For the purposes of this definition, - "control" means (i) the power, direct or indirect, to cause the - direction or management of such entity, whether by contract or - otherwise, or (ii) ownership of fifty percent (50%) or more of the - outstanding shares, or (iii) beneficial ownership of such entity. - - "You" (or "Your") shall mean an individual or Legal Entity - exercising permissions granted by this License. - - "Source" form shall mean the preferred form for making modifications, - including but not limited to software source code, documentation - source, and configuration files. - - "Object" form shall mean any form resulting from mechanical - transformation or translation of a Source form, including but - not limited to compiled object code, generated documentation, - and conversions to other media types. - - "Work" shall mean the work of authorship, whether in Source or - Object form, made available under the License, as indicated by a - copyright notice that is included in or attached to the work - (an example is provided in the Appendix below). - - "Derivative Works" shall mean any work, whether in Source or Object - form, that is based on (or derived from) the Work and for which the - editorial revisions, annotations, elaborations, or other modifications - represent, as a whole, an original work of authorship. For the purposes - of this License, Derivative Works shall not include works that remain - separable from, or merely link (or bind by name) to the interfaces of, - the Work and Derivative Works thereof. - - "Contribution" shall mean any work of authorship, including - the original version of the Work and any modifications or additions - to that Work or Derivative Works thereof, that is intentionally - submitted to Licensor for inclusion in the Work by the copyright owner - or by an individual or Legal Entity authorized to submit on behalf of - the copyright owner. For the purposes of this definition, "submitted" - means any form of electronic, verbal, or written communication sent - to the Licensor or its representatives, including but not limited to - communication on electronic mailing lists, source code control systems, - and issue tracking systems that are managed by, or on behalf of, the - Licensor for the purpose of discussing and improving the Work, but - excluding communication that is conspicuously marked or otherwise - designated in writing by the copyright owner as "Not a Contribution." - - "Contributor" shall mean Licensor and any individual or Legal Entity - on behalf of whom a Contribution has been received by Licensor and - subsequently incorporated within the Work. - - 2. Grant of Copyright License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - copyright license to reproduce, prepare Derivative Works of, - publicly display, publicly perform, sublicense, and distribute the - Work and such Derivative Works in Source or Object form. - - 3. Grant of Patent License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - (except as stated in this section) patent license to make, have made, - use, offer to sell, sell, import, and otherwise transfer the Work, - where such license applies only to those patent claims licensable - by such Contributor that are necessarily infringed by their - Contribution(s) alone or by combination of their Contribution(s) - with the Work to which such Contribution(s) was submitted. If You - institute patent litigation against any entity (including a - cross-claim or counterclaim in a lawsuit) alleging that the Work - or a Contribution incorporated within the Work constitutes direct - or contributory patent infringement, then any patent licenses - granted to You under this License for that Work shall terminate - as of the date such litigation is filed. - - 4. Redistribution. You may reproduce and distribute copies of the - Work or Derivative Works thereof in any medium, with or without - modifications, and in Source or Object form, provided that You - meet the following conditions: - - (a) You must give any other recipients of the Work or - Derivative Works a copy of this License; and - - (b) You must cause any modified files to carry prominent notices - stating that You changed the files; and - - (c) You must retain, in the Source form of any Derivative Works - that You distribute, all copyright, patent, trademark, and - attribution notices from the Source form of the Work, - excluding those notices that do not pertain to any part of - the Derivative Works; and - - (d) If the Work includes a "NOTICE" text file as part of its - distribution, then any Derivative Works that You distribute must - include a readable copy of the attribution notices contained - within such NOTICE file, excluding those notices that do not - pertain to any part of the Derivative Works, in at least one - of the following places: within a NOTICE text file distributed - as part of the Derivative Works; within the Source form or - documentation, if provided along with the Derivative Works; or, - within a display generated by the Derivative Works, if and - wherever such third-party notices normally appear. The contents - of the NOTICE file are for informational purposes only and - do not modify the License. You may add Your own attribution - notices within Derivative Works that You distribute, alongside - or as an addendum to the NOTICE text from the Work, provided - that such additional attribution notices cannot be construed - as modifying the License. - - You may add Your own copyright statement to Your modifications and - may provide additional or different license terms and conditions - for use, reproduction, or distribution of Your modifications, or - for any such Derivative Works as a whole, provided Your use, - reproduction, and distribution of the Work otherwise complies with - the conditions stated in this License. - - 5. Submission of Contributions. Unless You explicitly state otherwise, - any Contribution intentionally submitted for inclusion in the Work - by You to the Licensor shall be under the terms and conditions of - this License, without any additional terms or conditions. - Notwithstanding the above, nothing herein shall supersede or modify - the terms of any separate license agreement you may have executed - with Licensor regarding such Contributions. - - 6. Trademarks. This License does not grant permission to use the trade - names, trademarks, service marks, or product names of the Licensor, - except as required for reasonable and customary use in describing the - origin of the Work and reproducing the content of the NOTICE file. - - 7. Disclaimer of Warranty. Unless required by applicable law or - agreed to in writing, Licensor provides the Work (and each - Contributor provides its Contributions) on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or - implied, including, without limitation, any warranties or conditions - of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A - PARTICULAR PURPOSE. You are solely responsible for determining the - appropriateness of using or redistributing the Work and assume any - risks associated with Your exercise of permissions under this License. - - 8. Limitation of Liability. In no event and under no legal theory, - whether in tort (including negligence), contract, or otherwise, - unless required by applicable law (such as deliberate and grossly - negligent acts) or agreed to in writing, shall any Contributor be - liable to You for damages, including any direct, indirect, special, - incidental, or consequential damages of any character arising as a - result of this License or out of the use or inability to use the - Work (including but not limited to damages for loss of goodwill, - work stoppage, computer failure or malfunction, or any and all - other commercial damages or losses), even if such Contributor - has been advised of the possibility of such damages. - - 9. Accepting Warranty or Additional Liability. While redistributing - the Work or Derivative Works thereof, You may choose to offer, - and charge a fee for, acceptance of support, warranty, indemnity, - or other liability obligations and/or rights consistent with this - License. However, in accepting such obligations, You may act only - on Your own behalf and on Your sole responsibility, not on behalf - of any other Contributor, and only if You agree to indemnify, - defend, and hold each Contributor harmless for any liability - incurred by, or claims asserted against, such Contributor by reason - of your accepting any such warranty or additional liability. - - END OF TERMS AND CONDITIONS - - APPENDIX: How to apply the Apache License to your work. - - To apply the Apache License to your work, attach the following - boilerplate notice, with the fields enclosed by brackets "{}" - replaced with your own identifying information. (Don't include - the brackets!) The text should be enclosed in the appropriate - comment syntax for the file format. We also recommend that a - file or class name and description of purpose be included on the - same "printed page" as the copyright notice for easier - identification within third-party archives. - - Copyright {yyyy} {name of copyright owner} - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. - diff --git a/vendor/github.com/docker/libnetwork/README.md b/vendor/github.com/docker/libnetwork/README.md deleted file mode 100644 index a9020381a..000000000 --- a/vendor/github.com/docker/libnetwork/README.md +++ /dev/null @@ -1,100 +0,0 @@ -# libnetwork - networking for containers - -[](https://circleci.com/gh/docker/libnetwork/tree/master) [](https://coveralls.io/r/docker/libnetwork) [](https://godoc.org/github.com/docker/libnetwork) [](https://goreportcard.com/report/github.com/docker/libnetwork) - -Libnetwork provides a native Go implementation for connecting containers - -The goal of libnetwork is to deliver a robust Container Network Model that provides a consistent programming interface and the required network abstractions for applications. - -#### Design -Please refer to the [design](docs/design.md) for more information. - -#### Using libnetwork - -There are many networking solutions available to suit a broad range of use-cases. libnetwork uses a driver / plugin model to support all of these solutions while abstracting the complexity of the driver implementations by exposing a simple and consistent Network Model to users. - - -```go -import ( - "fmt" - "log" - - "github.com/docker/docker/pkg/reexec" - "github.com/docker/libnetwork" - "github.com/docker/libnetwork/config" - "github.com/docker/libnetwork/netlabel" - "github.com/docker/libnetwork/options" -) - -func main() { - if reexec.Init() { - return - } - - // Select and configure the network driver - networkType := "bridge" - - // Create a new controller instance - driverOptions := options.Generic{} - genericOption := make(map[string]interface{}) - genericOption[netlabel.GenericData] = driverOptions - controller, err := libnetwork.New(config.OptionDriverConfig(networkType, genericOption)) - if err != nil { - log.Fatalf("libnetwork.New: %s", err) - } - - // Create a network for containers to join. - // NewNetwork accepts Variadic optional arguments that libnetwork and Drivers can use. - network, err := controller.NewNetwork(networkType, "network1", "") - if err != nil { - log.Fatalf("controller.NewNetwork: %s", err) - } - - // For each new container: allocate IP and interfaces. The returned network - // settings will be used for container infos (inspect and such), as well as - // iptables rules for port publishing. This info is contained or accessible - // from the returned endpoint. - ep, err := network.CreateEndpoint("Endpoint1") - if err != nil { - log.Fatalf("network.CreateEndpoint: %s", err) - } - - // Create the sandbox for the container. - // NewSandbox accepts Variadic optional arguments which libnetwork can use. - sbx, err := controller.NewSandbox("container1", - libnetwork.OptionHostname("test"), - libnetwork.OptionDomainname("docker.io")) - if err != nil { - log.Fatalf("controller.NewSandbox: %s", err) - } - - // A sandbox can join the endpoint via the join api. - err = ep.Join(sbx) - if err != nil { - log.Fatalf("ep.Join: %s", err) - } - - // libnetwork client can check the endpoint's operational data via the Info() API - epInfo, err := ep.DriverInfo() - if err != nil { - log.Fatalf("ep.DriverInfo: %s", err) - } - - macAddress, ok := epInfo[netlabel.MacAddress] - if !ok { - log.Fatalf("failed to get mac address from endpoint info") - } - - fmt.Printf("Joined endpoint %s (%s) to sandbox %s (%s)\n", ep.Name(), macAddress, sbx.ContainerID(), sbx.Key()) -} -``` - -## Future -Please refer to [roadmap](ROADMAP.md) for more information. - -## Contributing - -Want to hack on libnetwork? [Docker's contributions guidelines](https://github.com/docker/docker/blob/master/CONTRIBUTING.md) apply. - -## Copyright and license -Code and documentation copyright 2015 Docker, inc. Code released under the Apache 2.0 license. Docs released under Creative commons. diff --git a/vendor/github.com/docker/libnetwork/ipamutils/utils.go b/vendor/github.com/docker/libnetwork/ipamutils/utils.go deleted file mode 100644 index 3fd37cd88..000000000 --- a/vendor/github.com/docker/libnetwork/ipamutils/utils.go +++ /dev/null @@ -1,135 +0,0 @@ -// Package ipamutils provides utility functions for ipam management -package ipamutils - -import ( - "fmt" - "net" - "sync" -) - -var ( - // PredefinedLocalScopeDefaultNetworks contains a list of 31 IPv4 private networks with host size 16 and 12 - // (172.17-31.x.x/16, 192.168.x.x/20) which do not overlap with the networks in `PredefinedGlobalScopeDefaultNetworks` - PredefinedLocalScopeDefaultNetworks []*net.IPNet - // PredefinedGlobalScopeDefaultNetworks contains a list of 64K IPv4 private networks with host size 8 - // (10.x.x.x/24) which do not overlap with the networks in `PredefinedLocalScopeDefaultNetworks` - PredefinedGlobalScopeDefaultNetworks []*net.IPNet - mutex sync.Mutex - localScopeDefaultNetworks = []*NetworkToSplit{{"172.17.0.0/16", 16}, {"172.18.0.0/16", 16}, {"172.19.0.0/16", 16}, - {"172.20.0.0/14", 16}, {"172.24.0.0/14", 16}, {"172.28.0.0/14", 16}, - {"192.168.0.0/16", 20}} - globalScopeDefaultNetworks = []*NetworkToSplit{{"10.0.0.0/8", 24}} -) - -// NetworkToSplit represent a network that has to be split in chunks with mask length Size. -// Each subnet in the set is derived from the Base pool. Base is to be passed -// in CIDR format. -// Example: a Base "10.10.0.0/16 with Size 24 will define the set of 256 -// 10.10.[0-255].0/24 address pools -type NetworkToSplit struct { - Base string `json:"base"` - Size int `json:"size"` -} - -func init() { - var err error - if PredefinedGlobalScopeDefaultNetworks, err = splitNetworks(globalScopeDefaultNetworks); err != nil { - //we are going to panic in case of error as we should never get into this state - panic("InitAddressPools failed to initialize the global scope default address pool") - } - - if PredefinedLocalScopeDefaultNetworks, err = splitNetworks(localScopeDefaultNetworks); err != nil { - //we are going to panic in case of error as we should never get into this state - panic("InitAddressPools failed to initialize the local scope default address pool") - } -} - -// configDefaultNetworks configures local as well global default pool based on input -func configDefaultNetworks(defaultAddressPool []*NetworkToSplit, result *[]*net.IPNet) error { - mutex.Lock() - defer mutex.Unlock() - defaultNetworks, err := splitNetworks(defaultAddressPool) - if err != nil { - return err - } - *result = defaultNetworks - return nil -} - -// GetGlobalScopeDefaultNetworks returns PredefinedGlobalScopeDefaultNetworks -func GetGlobalScopeDefaultNetworks() []*net.IPNet { - mutex.Lock() - defer mutex.Unlock() - return PredefinedGlobalScopeDefaultNetworks -} - -// GetLocalScopeDefaultNetworks returns PredefinedLocalScopeDefaultNetworks -func GetLocalScopeDefaultNetworks() []*net.IPNet { - mutex.Lock() - defer mutex.Unlock() - return PredefinedLocalScopeDefaultNetworks -} - -// ConfigGlobalScopeDefaultNetworks configures global default pool. -// Ideally this will be called from SwarmKit as part of swarm init -func ConfigGlobalScopeDefaultNetworks(defaultAddressPool []*NetworkToSplit) error { - if defaultAddressPool == nil { - defaultAddressPool = globalScopeDefaultNetworks - } - return configDefaultNetworks(defaultAddressPool, &PredefinedGlobalScopeDefaultNetworks) -} - -// ConfigLocalScopeDefaultNetworks configures local default pool. -// Ideally this will be called during libnetwork init -func ConfigLocalScopeDefaultNetworks(defaultAddressPool []*NetworkToSplit) error { - if defaultAddressPool == nil { - return nil - } - return configDefaultNetworks(defaultAddressPool, &PredefinedLocalScopeDefaultNetworks) -} - -// splitNetworks takes a slice of networks, split them accordingly and returns them -func splitNetworks(list []*NetworkToSplit) ([]*net.IPNet, error) { - localPools := make([]*net.IPNet, 0, len(list)) - - for _, p := range list { - _, b, err := net.ParseCIDR(p.Base) - if err != nil { - return nil, fmt.Errorf("invalid base pool %q: %v", p.Base, err) - } - ones, _ := b.Mask.Size() - if p.Size <= 0 || p.Size < ones { - return nil, fmt.Errorf("invalid pools size: %d", p.Size) - } - localPools = append(localPools, splitNetwork(p.Size, b)...) - } - return localPools, nil -} - -func splitNetwork(size int, base *net.IPNet) []*net.IPNet { - one, bits := base.Mask.Size() - mask := net.CIDRMask(size, bits) - n := 1 << uint(size-one) - s := uint(bits - size) - list := make([]*net.IPNet, 0, n) - - for i := 0; i < n; i++ { - ip := copyIP(base.IP) - addIntToIP(ip, uint(i<<s)) - list = append(list, &net.IPNet{IP: ip, Mask: mask}) - } - return list -} - -func copyIP(from net.IP) net.IP { - ip := make([]byte, len(from)) - copy(ip, from) - return ip -} - -func addIntToIP(array net.IP, ordinal uint) { - for i := len(array) - 1; i >= 0; i-- { - array[i] |= (byte)(ordinal & 0xff) - ordinal >>= 8 - } -} diff --git a/vendor/github.com/docker/libnetwork/netutils/utils.go b/vendor/github.com/docker/libnetwork/netutils/utils.go deleted file mode 100644 index 7de98f6b0..000000000 --- a/vendor/github.com/docker/libnetwork/netutils/utils.go +++ /dev/null @@ -1,194 +0,0 @@ -// Network utility functions. - -package netutils - -import ( - "crypto/rand" - "encoding/hex" - "errors" - "fmt" - "io" - "net" - "strings" - - "github.com/docker/libnetwork/types" -) - -var ( - // ErrNetworkOverlapsWithNameservers preformatted error - ErrNetworkOverlapsWithNameservers = errors.New("requested network overlaps with nameserver") - // ErrNetworkOverlaps preformatted error - ErrNetworkOverlaps = errors.New("requested network overlaps with existing network") - // ErrNoDefaultRoute preformatted error - ErrNoDefaultRoute = errors.New("no default route") -) - -// CheckNameserverOverlaps checks whether the passed network overlaps with any of the nameservers -func CheckNameserverOverlaps(nameservers []string, toCheck *net.IPNet) error { - if len(nameservers) > 0 { - for _, ns := range nameservers { - _, nsNetwork, err := net.ParseCIDR(ns) - if err != nil { - return err - } - if NetworkOverlaps(toCheck, nsNetwork) { - return ErrNetworkOverlapsWithNameservers - } - } - } - return nil -} - -// NetworkOverlaps detects overlap between one IPNet and another -func NetworkOverlaps(netX *net.IPNet, netY *net.IPNet) bool { - return netX.Contains(netY.IP) || netY.Contains(netX.IP) -} - -// NetworkRange calculates the first and last IP addresses in an IPNet -func NetworkRange(network *net.IPNet) (net.IP, net.IP) { - if network == nil { - return nil, nil - } - - firstIP := network.IP.Mask(network.Mask) - lastIP := types.GetIPCopy(firstIP) - for i := 0; i < len(firstIP); i++ { - lastIP[i] = firstIP[i] | ^network.Mask[i] - } - - if network.IP.To4() != nil { - firstIP = firstIP.To4() - lastIP = lastIP.To4() - } - - return firstIP, lastIP -} - -// GetIfaceAddr returns the first IPv4 address and slice of IPv6 addresses for the specified network interface -func GetIfaceAddr(name string) (net.Addr, []net.Addr, error) { - iface, err := net.InterfaceByName(name) - if err != nil { - return nil, nil, err - } - addrs, err := iface.Addrs() - if err != nil { - return nil, nil, err - } - var addrs4 []net.Addr - var addrs6 []net.Addr - for _, addr := range addrs { - ip := (addr.(*net.IPNet)).IP - if ip4 := ip.To4(); ip4 != nil { - addrs4 = append(addrs4, addr) - } else if ip6 := ip.To16(); len(ip6) == net.IPv6len { - addrs6 = append(addrs6, addr) - } - } - switch { - case len(addrs4) == 0: - return nil, nil, fmt.Errorf("Interface %v has no IPv4 addresses", name) - case len(addrs4) > 1: - fmt.Printf("Interface %v has more than 1 IPv4 address. Defaulting to using %v\n", - name, (addrs4[0].(*net.IPNet)).IP) - } - return addrs4[0], addrs6, nil -} - -func genMAC(ip net.IP) net.HardwareAddr { - hw := make(net.HardwareAddr, 6) - // The first byte of the MAC address has to comply with these rules: - // 1. Unicast: Set the least-significant bit to 0. - // 2. Address is locally administered: Set the second-least-significant bit (U/L) to 1. - hw[0] = 0x02 - // The first 24 bits of the MAC represent the Organizationally Unique Identifier (OUI). - // Since this address is locally administered, we can do whatever we want as long as - // it doesn't conflict with other addresses. - hw[1] = 0x42 - // Fill the remaining 4 bytes based on the input - if ip == nil { - rand.Read(hw[2:]) - } else { - copy(hw[2:], ip.To4()) - } - return hw -} - -// GenerateRandomMAC returns a new 6-byte(48-bit) hardware address (MAC) -func GenerateRandomMAC() net.HardwareAddr { - return genMAC(nil) -} - -// GenerateMACFromIP returns a locally administered MAC address where the 4 least -// significant bytes are derived from the IPv4 address. -func GenerateMACFromIP(ip net.IP) net.HardwareAddr { - return genMAC(ip) -} - -// GenerateRandomName returns a new name joined with a prefix. This size -// specified is used to truncate the randomly generated value -func GenerateRandomName(prefix string, size int) (string, error) { - id := make([]byte, 32) - if _, err := io.ReadFull(rand.Reader, id); err != nil { - return "", err - } - return prefix + hex.EncodeToString(id)[:size], nil -} - -// ReverseIP accepts a V4 or V6 IP string in the canonical form and returns a reversed IP in -// the dotted decimal form . This is used to setup the IP to service name mapping in the optimal -// way for the DNS PTR queries. -func ReverseIP(IP string) string { - var reverseIP []string - - if net.ParseIP(IP).To4() != nil { - reverseIP = strings.Split(IP, ".") - l := len(reverseIP) - for i, j := 0, l-1; i < l/2; i, j = i+1, j-1 { - reverseIP[i], reverseIP[j] = reverseIP[j], reverseIP[i] - } - } else { - reverseIP = strings.Split(IP, ":") - - // Reversed IPv6 is represented in dotted decimal instead of the typical - // colon hex notation - for key := range reverseIP { - if len(reverseIP[key]) == 0 { // expand the compressed 0s - reverseIP[key] = strings.Repeat("0000", 8-strings.Count(IP, ":")) - } else if len(reverseIP[key]) < 4 { // 0-padding needed - reverseIP[key] = strings.Repeat("0", 4-len(reverseIP[key])) + reverseIP[key] - } - } - - reverseIP = strings.Split(strings.Join(reverseIP, ""), "") - - l := len(reverseIP) - for i, j := 0, l-1; i < l/2; i, j = i+1, j-1 { - reverseIP[i], reverseIP[j] = reverseIP[j], reverseIP[i] - } - } - - return strings.Join(reverseIP, ".") -} - -// ParseAlias parses and validates the specified string as an alias format (name:alias) -func ParseAlias(val string) (string, string, error) { - if val == "" { - return "", "", errors.New("empty string specified for alias") - } - arr := strings.Split(val, ":") - if len(arr) > 2 { - return "", "", fmt.Errorf("bad format for alias: %s", val) - } - if len(arr) == 1 { - return val, val, nil - } - return arr[0], arr[1], nil -} - -// ValidateAlias validates that the specified string has a valid alias format (containerName:alias). -func ValidateAlias(val string) (string, error) { - if _, _, err := ParseAlias(val); err != nil { - return val, err - } - return val, nil -} diff --git a/vendor/github.com/docker/libnetwork/netutils/utils_freebsd.go b/vendor/github.com/docker/libnetwork/netutils/utils_freebsd.go deleted file mode 100644 index 02bcd32aa..000000000 --- a/vendor/github.com/docker/libnetwork/netutils/utils_freebsd.go +++ /dev/null @@ -1,23 +0,0 @@ -package netutils - -import ( - "net" - - "github.com/docker/libnetwork/types" -) - -// ElectInterfaceAddresses looks for an interface on the OS with the specified name -// and returns returns all its IPv4 and IPv6 addresses in CIDR notation. -// If a failure in retrieving the addresses or no IPv4 address is found, an error is returned. -// If the interface does not exist, it chooses from a predefined -// list the first IPv4 address which does not conflict with other -// interfaces on the system. -func ElectInterfaceAddresses(name string) ([]*net.IPNet, []*net.IPNet, error) { - return nil, nil, types.NotImplementedErrorf("not supported on freebsd") -} - -// FindAvailableNetwork returns a network from the passed list which does not -// overlap with existing interfaces in the system -func FindAvailableNetwork(list []*net.IPNet) (*net.IPNet, error) { - return nil, types.NotImplementedErrorf("not supported on freebsd") -} diff --git a/vendor/github.com/docker/libnetwork/netutils/utils_linux.go b/vendor/github.com/docker/libnetwork/netutils/utils_linux.go deleted file mode 100644 index 10a5e109e..000000000 --- a/vendor/github.com/docker/libnetwork/netutils/utils_linux.go +++ /dev/null @@ -1,126 +0,0 @@ -// +build linux -// Network utility functions. - -package netutils - -import ( - "fmt" - "net" - "strings" - - "github.com/docker/libnetwork/ipamutils" - "github.com/docker/libnetwork/ns" - "github.com/docker/libnetwork/osl" - "github.com/docker/libnetwork/resolvconf" - "github.com/docker/libnetwork/types" - "github.com/vishvananda/netlink" -) - -var ( - networkGetRoutesFct func(netlink.Link, int) ([]netlink.Route, error) -) - -// CheckRouteOverlaps checks whether the passed network overlaps with any existing routes -func CheckRouteOverlaps(toCheck *net.IPNet) error { - if networkGetRoutesFct == nil { - networkGetRoutesFct = ns.NlHandle().RouteList - } - networks, err := networkGetRoutesFct(nil, netlink.FAMILY_V4) - if err != nil { - return err - } - for _, network := range networks { - if network.Dst != nil && NetworkOverlaps(toCheck, network.Dst) { - return ErrNetworkOverlaps - } - } - return nil -} - -// GenerateIfaceName returns an interface name using the passed in -// prefix and the length of random bytes. The api ensures that the -// there are is no interface which exists with that name. -func GenerateIfaceName(nlh *netlink.Handle, prefix string, len int) (string, error) { - linkByName := netlink.LinkByName - if nlh != nil { - linkByName = nlh.LinkByName - } - for i := 0; i < 3; i++ { - name, err := GenerateRandomName(prefix, len) - if err != nil { - continue - } - _, err = linkByName(name) - if err != nil { - if strings.Contains(err.Error(), "not found") { - return name, nil - } - return "", err - } - } - return "", types.InternalErrorf("could not generate interface name") -} - -// ElectInterfaceAddresses looks for an interface on the OS with the -// specified name and returns returns all its IPv4 and IPv6 addresses in CIDR notation. -// If a failure in retrieving the addresses or no IPv4 address is found, an error is returned. -// If the interface does not exist, it chooses from a predefined -// list the first IPv4 address which does not conflict with other -// interfaces on the system. -func ElectInterfaceAddresses(name string) ([]*net.IPNet, []*net.IPNet, error) { - var ( - v4Nets []*net.IPNet - v6Nets []*net.IPNet - ) - - defer osl.InitOSContext()() - - link, _ := ns.NlHandle().LinkByName(name) - if link != nil { - v4addr, err := ns.NlHandle().AddrList(link, netlink.FAMILY_V4) - if err != nil { - return nil, nil, err - } - v6addr, err := ns.NlHandle().AddrList(link, netlink.FAMILY_V6) - if err != nil { - return nil, nil, err - } - for _, nlAddr := range v4addr { - v4Nets = append(v4Nets, nlAddr.IPNet) - } - for _, nlAddr := range v6addr { - v6Nets = append(v6Nets, nlAddr.IPNet) - } - } - - if link == nil || len(v4Nets) == 0 { - // Choose from predefined local scope networks - v4Net, err := FindAvailableNetwork(ipamutils.PredefinedLocalScopeDefaultNetworks) - if err != nil { - return nil, nil, err - } - v4Nets = append(v4Nets, v4Net) - } - - return v4Nets, v6Nets, nil -} - -// FindAvailableNetwork returns a network from the passed list which does not -// overlap with existing interfaces in the system -func FindAvailableNetwork(list []*net.IPNet) (*net.IPNet, error) { - // We don't check for an error here, because we don't really care if we - // can't read /etc/resolv.conf. So instead we skip the append if resolvConf - // is nil. It either doesn't exist, or we can't read it for some reason. - var nameservers []string - if rc, err := resolvconf.Get(); err == nil { - nameservers = resolvconf.GetNameserversAsCIDR(rc.Content) - } - for _, nw := range list { - if err := CheckNameserverOverlaps(nameservers, nw); err == nil { - if err := CheckRouteOverlaps(nw); err == nil { - return nw, nil - } - } - } - return nil, fmt.Errorf("no available network") -} diff --git a/vendor/github.com/docker/libnetwork/netutils/utils_windows.go b/vendor/github.com/docker/libnetwork/netutils/utils_windows.go deleted file mode 100644 index 73af44ec7..000000000 --- a/vendor/github.com/docker/libnetwork/netutils/utils_windows.go +++ /dev/null @@ -1,25 +0,0 @@ -package netutils - -import ( - "net" - - "github.com/docker/libnetwork/types" -) - -// ElectInterfaceAddresses looks for an interface on the OS with the specified name -// and returns returns all its IPv4 and IPv6 addresses in CIDR notation. -// If a failure in retrieving the addresses or no IPv4 address is found, an error is returned. -// If the interface does not exist, it chooses from a predefined -// list the first IPv4 address which does not conflict with other -// interfaces on the system. -func ElectInterfaceAddresses(name string) ([]*net.IPNet, []*net.IPNet, error) { - return nil, nil, types.NotImplementedErrorf("not supported on windows") -} - -// FindAvailableNetwork returns a network from the passed list which does not -// overlap with existing interfaces in the system - -// TODO : Use appropriate windows APIs to identify non-overlapping subnets -func FindAvailableNetwork(list []*net.IPNet) (*net.IPNet, error) { - return nil, nil -} diff --git a/vendor/github.com/docker/libnetwork/ns/init_linux.go b/vendor/github.com/docker/libnetwork/ns/init_linux.go deleted file mode 100644 index 567a6242a..000000000 --- a/vendor/github.com/docker/libnetwork/ns/init_linux.go +++ /dev/null @@ -1,140 +0,0 @@ -package ns - -import ( - "fmt" - "os" - "os/exec" - "strings" - "sync" - "syscall" - "time" - - "github.com/sirupsen/logrus" - "github.com/vishvananda/netlink" - "github.com/vishvananda/netns" -) - -var ( - initNs netns.NsHandle - initNl *netlink.Handle - initOnce sync.Once - // NetlinkSocketsTimeout represents the default timeout duration for the sockets - NetlinkSocketsTimeout = 3 * time.Second -) - -// Init initializes a new network namespace -func Init() { - var err error - initNs, err = netns.Get() - if err != nil { - logrus.Errorf("could not get initial namespace: %v", err) - } - initNl, err = netlink.NewHandle(getSupportedNlFamilies()...) - if err != nil { - logrus.Errorf("could not create netlink handle on initial namespace: %v", err) - } - err = initNl.SetSocketTimeout(NetlinkSocketsTimeout) - if err != nil { - logrus.Warnf("Failed to set the timeout on the default netlink handle sockets: %v", err) - } -} - -// SetNamespace sets the initial namespace handler -func SetNamespace() error { - initOnce.Do(Init) - if err := netns.Set(initNs); err != nil { - linkInfo, linkErr := getLink() - if linkErr != nil { - linkInfo = linkErr.Error() - } - return fmt.Errorf("failed to set to initial namespace, %v, initns fd %d: %v", linkInfo, initNs, err) - } - return nil -} - -// ParseHandlerInt transforms the namespace handler into an integer -func ParseHandlerInt() int { - return int(getHandler()) -} - -// GetHandler returns the namespace handler -func getHandler() netns.NsHandle { - initOnce.Do(Init) - return initNs -} - -func getLink() (string, error) { - return os.Readlink(fmt.Sprintf("/proc/%d/task/%d/ns/net", os.Getpid(), syscall.Gettid())) -} - -// NlHandle returns the netlink handler -func NlHandle() *netlink.Handle { - initOnce.Do(Init) - return initNl -} - -func getSupportedNlFamilies() []int { - fams := []int{syscall.NETLINK_ROUTE} - // NETLINK_XFRM test - if err := loadXfrmModules(); err != nil { - if checkXfrmSocket() != nil { - logrus.Warnf("Could not load necessary modules for IPSEC rules: %v", err) - } else { - fams = append(fams, syscall.NETLINK_XFRM) - } - } else { - fams = append(fams, syscall.NETLINK_XFRM) - } - // NETLINK_NETFILTER test - if err := loadNfConntrackModules(); err != nil { - if checkNfSocket() != nil { - logrus.Warnf("Could not load necessary modules for Conntrack: %v", err) - } else { - fams = append(fams, syscall.NETLINK_NETFILTER) - } - } else { - fams = append(fams, syscall.NETLINK_NETFILTER) - } - - return fams -} - -func loadXfrmModules() error { - if out, err := exec.Command("modprobe", "-va", "xfrm_user").CombinedOutput(); err != nil { - return fmt.Errorf("Running modprobe xfrm_user failed with message: `%s`, error: %v", strings.TrimSpace(string(out)), err) - } - if out, err := exec.Command("modprobe", "-va", "xfrm_algo").CombinedOutput(); err != nil { - return fmt.Errorf("Running modprobe xfrm_algo failed with message: `%s`, error: %v", strings.TrimSpace(string(out)), err) - } - return nil -} - -// API check on required xfrm modules (xfrm_user, xfrm_algo) -func checkXfrmSocket() error { - fd, err := syscall.Socket(syscall.AF_NETLINK, syscall.SOCK_RAW, syscall.NETLINK_XFRM) - if err != nil { - return err - } - syscall.Close(fd) - return nil -} - -func loadNfConntrackModules() error { - if out, err := exec.Command("modprobe", "-va", "nf_conntrack").CombinedOutput(); err != nil { - return fmt.Errorf("Running modprobe nf_conntrack failed with message: `%s`, error: %v", strings.TrimSpace(string(out)), err) - } - if out, err := exec.Command("modprobe", "-va", "nf_conntrack_netlink").CombinedOutput(); err != nil { - return fmt.Errorf("Running modprobe nf_conntrack_netlink failed with message: `%s`, error: %v", strings.TrimSpace(string(out)), err) - } - return nil -} - -// API check on required nf_conntrack* modules (nf_conntrack, nf_conntrack_netlink) -func checkNfSocket() error { - fd, err := syscall.Socket(syscall.AF_NETLINK, syscall.SOCK_RAW, syscall.NETLINK_NETFILTER) - if err != nil { - return err - } - syscall.Close(fd) - return nil -} diff --git a/vendor/github.com/docker/libnetwork/ns/init_windows.go b/vendor/github.com/docker/libnetwork/ns/init_windows.go deleted file mode 100644 index f5838f81d..000000000 --- a/vendor/github.com/docker/libnetwork/ns/init_windows.go +++ /dev/null @@ -1,3 +0,0 @@ -package ns - -// File is present so that go build ./... is closer to working on Windows from repo root. diff --git a/vendor/github.com/docker/libnetwork/osl/interface_freebsd.go b/vendor/github.com/docker/libnetwork/osl/interface_freebsd.go deleted file mode 100644 index 9c0141fd9..000000000 --- a/vendor/github.com/docker/libnetwork/osl/interface_freebsd.go +++ /dev/null @@ -1,4 +0,0 @@ -package osl - -// IfaceOption is a function option type to set interface options -type IfaceOption func() diff --git a/vendor/github.com/docker/libnetwork/osl/interface_linux.go b/vendor/github.com/docker/libnetwork/osl/interface_linux.go deleted file mode 100644 index 4f8ff3d63..000000000 --- a/vendor/github.com/docker/libnetwork/osl/interface_linux.go +++ /dev/null @@ -1,460 +0,0 @@ -package osl - -import ( - "fmt" - "net" - "regexp" - "sync" - "syscall" - "time" - - "github.com/docker/libnetwork/ns" - "github.com/docker/libnetwork/types" - "github.com/sirupsen/logrus" - "github.com/vishvananda/netlink" - "github.com/vishvananda/netns" -) - -// IfaceOption is a function option type to set interface options -type IfaceOption func(i *nwIface) - -type nwIface struct { - srcName string - dstName string - master string - dstMaster string - mac net.HardwareAddr - address *net.IPNet - addressIPv6 *net.IPNet - llAddrs []*net.IPNet - routes []*net.IPNet - bridge bool - ns *networkNamespace - sync.Mutex -} - -func (i *nwIface) SrcName() string { - i.Lock() - defer i.Unlock() - - return i.srcName -} - -func (i *nwIface) DstName() string { - i.Lock() - defer i.Unlock() - - return i.dstName -} - -func (i *nwIface) DstMaster() string { - i.Lock() - defer i.Unlock() - - return i.dstMaster -} - -func (i *nwIface) Bridge() bool { - i.Lock() - defer i.Unlock() - - return i.bridge -} - -func (i *nwIface) Master() string { - i.Lock() - defer i.Unlock() - - return i.master -} - -func (i *nwIface) MacAddress() net.HardwareAddr { - i.Lock() - defer i.Unlock() - - return types.GetMacCopy(i.mac) -} - -func (i *nwIface) Address() *net.IPNet { - i.Lock() - defer i.Unlock() - - return types.GetIPNetCopy(i.address) -} - -func (i *nwIface) AddressIPv6() *net.IPNet { - i.Lock() - defer i.Unlock() - - return types.GetIPNetCopy(i.addressIPv6) -} - -func (i *nwIface) LinkLocalAddresses() []*net.IPNet { - i.Lock() - defer i.Unlock() - - return i.llAddrs -} - -func (i *nwIface) Routes() []*net.IPNet { - i.Lock() - defer i.Unlock() - - routes := make([]*net.IPNet, len(i.routes)) - for index, route := range i.routes { - r := types.GetIPNetCopy(route) - routes[index] = r - } - - return routes -} - -func (n *networkNamespace) Interfaces() []Interface { - n.Lock() - defer n.Unlock() - - ifaces := make([]Interface, len(n.iFaces)) - - for i, iface := range n.iFaces { - ifaces[i] = iface - } - - return ifaces -} - -func (i *nwIface) Remove() error { - i.Lock() - n := i.ns - i.Unlock() - - n.Lock() - isDefault := n.isDefault - nlh := n.nlHandle - n.Unlock() - - // Find the network interface identified by the DstName attribute. - iface, err := nlh.LinkByName(i.DstName()) - if err != nil { - return err - } - - // Down the interface before configuring - if err := nlh.LinkSetDown(iface); err != nil { - return err - } - - err = nlh.LinkSetName(iface, i.SrcName()) - if err != nil { - logrus.Debugf("LinkSetName failed for interface %s: %v", i.SrcName(), err) - return err - } - - // if it is a bridge just delete it. - if i.Bridge() { - if err := nlh.LinkDel(iface); err != nil { - return fmt.Errorf("failed deleting bridge %q: %v", i.SrcName(), err) - } - } else if !isDefault { - // Move the network interface to caller namespace. - if err := nlh.LinkSetNsFd(iface, ns.ParseHandlerInt()); err != nil { - logrus.Debugf("LinkSetNsPid failed for interface %s: %v", i.SrcName(), err) - return err - } - } - - n.Lock() - for index, intf := range n.iFaces { - if intf == i { - n.iFaces = append(n.iFaces[:index], n.iFaces[index+1:]...) - break - } - } - n.Unlock() - - n.checkLoV6() - - return nil -} - -// Returns the sandbox's side veth interface statistics -func (i *nwIface) Statistics() (*types.InterfaceStatistics, error) { - i.Lock() - n := i.ns - i.Unlock() - - l, err := n.nlHandle.LinkByName(i.DstName()) - if err != nil { - return nil, fmt.Errorf("failed to retrieve the statistics for %s in netns %s: %v", i.DstName(), n.path, err) - } - - stats := l.Attrs().Statistics - if stats == nil { - return nil, fmt.Errorf("no statistics were returned") - } - - return &types.InterfaceStatistics{ - RxBytes: uint64(stats.RxBytes), - TxBytes: uint64(stats.TxBytes), - RxPackets: uint64(stats.RxPackets), - TxPackets: uint64(stats.TxPackets), - RxDropped: uint64(stats.RxDropped), - TxDropped: uint64(stats.TxDropped), - }, nil -} - -func (n *networkNamespace) findDst(srcName string, isBridge bool) string { - n.Lock() - defer n.Unlock() - - for _, i := range n.iFaces { - // The master should match the srcname of the interface and the - // master interface should be of type bridge, if searching for a bridge type - if i.SrcName() == srcName && (!isBridge || i.Bridge()) { - return i.DstName() - } - } - - return "" -} - -func (n *networkNamespace) AddInterface(srcName, dstPrefix string, options ...IfaceOption) error { - i := &nwIface{srcName: srcName, dstName: dstPrefix, ns: n} - i.processInterfaceOptions(options...) - - if i.master != "" { - i.dstMaster = n.findDst(i.master, true) - if i.dstMaster == "" { - return fmt.Errorf("could not find an appropriate master %q for %q", - i.master, i.srcName) - } - } - - n.Lock() - if n.isDefault { - i.dstName = i.srcName - } else { - i.dstName = fmt.Sprintf("%s%d", dstPrefix, n.nextIfIndex[dstPrefix]) - n.nextIfIndex[dstPrefix]++ - } - - path := n.path - isDefault := n.isDefault - nlh := n.nlHandle - nlhHost := ns.NlHandle() - n.Unlock() - - // If it is a bridge interface we have to create the bridge inside - // the namespace so don't try to lookup the interface using srcName - if i.bridge { - link := &netlink.Bridge{ - LinkAttrs: netlink.LinkAttrs{ - Name: i.srcName, - }, - } - if err := nlh.LinkAdd(link); err != nil { - return fmt.Errorf("failed to create bridge %q: %v", i.srcName, err) - } - } else { - // Find the network interface identified by the SrcName attribute. - iface, err := nlhHost.LinkByName(i.srcName) - if err != nil { - return fmt.Errorf("failed to get link by name %q: %v", i.srcName, err) - } - - // Move the network interface to the destination - // namespace only if the namespace is not a default - // type - if !isDefault { - newNs, err := netns.GetFromPath(path) - if err != nil { - return fmt.Errorf("failed get network namespace %q: %v", path, err) - } - defer newNs.Close() - if err := nlhHost.LinkSetNsFd(iface, int(newNs)); err != nil { - return fmt.Errorf("failed to set namespace on link %q: %v", i.srcName, err) - } - } - } - - // Find the network interface identified by the SrcName attribute. - iface, err := nlh.LinkByName(i.srcName) - if err != nil { - return fmt.Errorf("failed to get link by name %q: %v", i.srcName, err) - } - - // Down the interface before configuring - if err := nlh.LinkSetDown(iface); err != nil { - return fmt.Errorf("failed to set link down: %v", err) - } - - // Configure the interface now this is moved in the proper namespace. - if err := configureInterface(nlh, iface, i); err != nil { - // If configuring the device fails move it back to the host namespace - // and change the name back to the source name. This allows the caller - // to properly cleanup the interface. Its important especially for - // interfaces with global attributes, ex: vni id for vxlan interfaces. - if nerr := nlh.LinkSetName(iface, i.SrcName()); nerr != nil { - logrus.Errorf("renaming interface (%s->%s) failed, %v after config error %v", i.DstName(), i.SrcName(), nerr, err) - } - if nerr := nlh.LinkSetNsFd(iface, ns.ParseHandlerInt()); nerr != nil { - logrus.Errorf("moving interface %s to host ns failed, %v, after config error %v", i.SrcName(), nerr, err) - } - return err - } - - // Up the interface. - cnt := 0 - for err = nlh.LinkSetUp(iface); err != nil && cnt < 3; cnt++ { - logrus.Debugf("retrying link setup because of: %v", err) - time.Sleep(10 * time.Millisecond) - err = nlh.LinkSetUp(iface) - } - if err != nil { - return fmt.Errorf("failed to set link up: %v", err) - } - - // Set the routes on the interface. This can only be done when the interface is up. - if err := setInterfaceRoutes(nlh, iface, i); err != nil { - return fmt.Errorf("error setting interface %q routes to %q: %v", iface.Attrs().Name, i.Routes(), err) - } - - n.Lock() - n.iFaces = append(n.iFaces, i) - n.Unlock() - - n.checkLoV6() - - return nil -} - -func configureInterface(nlh *netlink.Handle, iface netlink.Link, i *nwIface) error { - ifaceName := iface.Attrs().Name - ifaceConfigurators := []struct { - Fn func(*netlink.Handle, netlink.Link, *nwIface) error - ErrMessage string - }{ - {setInterfaceName, fmt.Sprintf("error renaming interface %q to %q", ifaceName, i.DstName())}, - {setInterfaceMAC, fmt.Sprintf("error setting interface %q MAC to %q", ifaceName, i.MacAddress())}, - {setInterfaceIP, fmt.Sprintf("error setting interface %q IP to %v", ifaceName, i.Address())}, - {setInterfaceIPv6, fmt.Sprintf("error setting interface %q IPv6 to %v", ifaceName, i.AddressIPv6())}, - {setInterfaceMaster, fmt.Sprintf("error setting interface %q master to %q", ifaceName, i.DstMaster())}, - {setInterfaceLinkLocalIPs, fmt.Sprintf("error setting interface %q link local IPs to %v", ifaceName, i.LinkLocalAddresses())}, - } - - for _, config := range ifaceConfigurators { - if err := config.Fn(nlh, iface, i); err != nil { - return fmt.Errorf("%s: %v", config.ErrMessage, err) - } - } - return nil -} - -func setInterfaceMaster(nlh *netlink.Handle, iface netlink.Link, i *nwIface) error { - if i.DstMaster() == "" { - return nil - } - - return nlh.LinkSetMaster(iface, &netlink.Bridge{ - LinkAttrs: netlink.LinkAttrs{Name: i.DstMaster()}}) -} - -func setInterfaceMAC(nlh *netlink.Handle, iface netlink.Link, i *nwIface) error { - if i.MacAddress() == nil { - return nil - } - return nlh.LinkSetHardwareAddr(iface, i.MacAddress()) -} - -func setInterfaceIP(nlh *netlink.Handle, iface netlink.Link, i *nwIface) error { - if i.Address() == nil { - return nil - } - if err := checkRouteConflict(nlh, i.Address(), netlink.FAMILY_V4); err != nil { - return err - } - ipAddr := &netlink.Addr{IPNet: i.Address(), Label: ""} - return nlh.AddrAdd(iface, ipAddr) -} - -func setInterfaceIPv6(nlh *netlink.Handle, iface netlink.Link, i *nwIface) error { - if i.AddressIPv6() == nil { - return nil - } - if err := checkRouteConflict(nlh, i.AddressIPv6(), netlink.FAMILY_V6); err != nil { - return err - } - if err := setIPv6(i.ns.path, i.DstName(), true); err != nil { - return fmt.Errorf("failed to enable ipv6: %v", err) - } - ipAddr := &netlink.Addr{IPNet: i.AddressIPv6(), Label: "", Flags: syscall.IFA_F_NODAD} - return nlh.AddrAdd(iface, ipAddr) -} - -func setInterfaceLinkLocalIPs(nlh *netlink.Handle, iface netlink.Link, i *nwIface) error { - for _, llIP := range i.LinkLocalAddresses() { - ipAddr := &netlink.Addr{IPNet: llIP} - if err := nlh.AddrAdd(iface, ipAddr); err != nil { - return err - } - } - return nil -} - -func setInterfaceName(nlh *netlink.Handle, iface netlink.Link, i *nwIface) error { - return nlh.LinkSetName(iface, i.DstName()) -} - -func setInterfaceRoutes(nlh *netlink.Handle, iface netlink.Link, i *nwIface) error { - for _, route := range i.Routes() { - err := nlh.RouteAdd(&netlink.Route{ - Scope: netlink.SCOPE_LINK, - LinkIndex: iface.Attrs().Index, - Dst: route, - }) - if err != nil { - return err - } - } - return nil -} - -// In older kernels (like the one in Centos 6.6 distro) sysctl does not have netns support. Therefore -// we cannot gather the statistics from /sys/class/net/<dev>/statistics/<counter> files. Per-netns stats -// are naturally found in /proc/net/dev in kernels which support netns (ifconfig relies on that). -const ( - netStatsFile = "/proc/net/dev" - base = "[ ]*%s:([ ]+[0-9]+){16}" -) - -func scanInterfaceStats(data, ifName string, i *types.InterfaceStatistics) error { - var ( - bktStr string - bkt uint64 - ) - - regex := fmt.Sprintf(base, ifName) - re := regexp.MustCompile(regex) - line := re.FindString(data) - - _, err := fmt.Sscanf(line, "%s %d %d %d %d %d %d %d %d %d %d %d %d %d %d %d %d", - &bktStr, &i.RxBytes, &i.RxPackets, &i.RxErrors, &i.RxDropped, &bkt, &bkt, &bkt, - &bkt, &i.TxBytes, &i.TxPackets, &i.TxErrors, &i.TxDropped, &bkt, &bkt, &bkt, &bkt) - - return err -} - -func checkRouteConflict(nlh *netlink.Handle, address *net.IPNet, family int) error { - routes, err := nlh.RouteList(nil, family) - if err != nil { - return err - } - for _, route := range routes { - if route.Dst != nil { - if route.Dst.Contains(address.IP) || address.Contains(route.Dst.IP) { - return fmt.Errorf("cannot program address %v in sandbox interface because it conflicts with existing route %s", - address, route) - } - } - } - return nil -} diff --git a/vendor/github.com/docker/libnetwork/osl/interface_windows.go b/vendor/github.com/docker/libnetwork/osl/interface_windows.go deleted file mode 100644 index 9c0141fd9..000000000 --- a/vendor/github.com/docker/libnetwork/osl/interface_windows.go +++ /dev/null @@ -1,4 +0,0 @@ -package osl - -// IfaceOption is a function option type to set interface options -type IfaceOption func() diff --git a/vendor/github.com/docker/libnetwork/osl/kernel/knobs.go b/vendor/github.com/docker/libnetwork/osl/kernel/knobs.go deleted file mode 100644 index a7cd7dbb7..000000000 --- a/vendor/github.com/docker/libnetwork/osl/kernel/knobs.go +++ /dev/null @@ -1,16 +0,0 @@ -package kernel - -type conditionalCheck func(val1, val2 string) bool - -// OSValue represents a tuple, value defined, check function when to apply the value -type OSValue struct { - Value string - CheckFn conditionalCheck -} - -func propertyIsValid(val1, val2 string, check conditionalCheck) bool { - if check == nil || check(val1, val2) { - return true - } - return false -} diff --git a/vendor/github.com/docker/libnetwork/osl/kernel/knobs_linux.go b/vendor/github.com/docker/libnetwork/osl/kernel/knobs_linux.go deleted file mode 100644 index 964280650..000000000 --- a/vendor/github.com/docker/libnetwork/osl/kernel/knobs_linux.go +++ /dev/null @@ -1,47 +0,0 @@ -package kernel - -import ( - "io/ioutil" - "path" - "strings" - - "github.com/sirupsen/logrus" -) - -// writeSystemProperty writes the value to a path under /proc/sys as determined from the key. -// For e.g. net.ipv4.ip_forward translated to /proc/sys/net/ipv4/ip_forward. -func writeSystemProperty(key, value string) error { - keyPath := strings.Replace(key, ".", "/", -1) - return ioutil.WriteFile(path.Join("/proc/sys", keyPath), []byte(value), 0644) -} - -// readSystemProperty reads the value from the path under /proc/sys and returns it -func readSystemProperty(key string) (string, error) { - keyPath := strings.Replace(key, ".", "/", -1) - value, err := ioutil.ReadFile(path.Join("/proc/sys", keyPath)) - if err != nil { - return "", err - } - return strings.TrimSpace(string(value)), nil -} - -// ApplyOSTweaks applies the configuration values passed as arguments -func ApplyOSTweaks(osConfig map[string]*OSValue) { - for k, v := range osConfig { - // read the existing property from disk - oldv, err := readSystemProperty(k) - if err != nil { - logrus.WithError(err).Errorf("error reading the kernel parameter %s", k) - continue - } - - if propertyIsValid(oldv, v.Value, v.CheckFn) { - // write new prop value to disk - if err := writeSystemProperty(k, v.Value); err != nil { - logrus.WithError(err).Errorf("error setting the kernel parameter %s = %s, (leaving as %s)", k, v.Value, oldv) - continue - } - logrus.Debugf("updated kernel parameter %s = %s (was %s)", k, v.Value, oldv) - } - } -} diff --git a/vendor/github.com/docker/libnetwork/osl/kernel/knobs_unsupported.go b/vendor/github.com/docker/libnetwork/osl/kernel/knobs_unsupported.go deleted file mode 100644 index 32f258f41..000000000 --- a/vendor/github.com/docker/libnetwork/osl/kernel/knobs_unsupported.go +++ /dev/null @@ -1,7 +0,0 @@ -// +build !linux - -package kernel - -// ApplyOSTweaks applies the configuration values passed as arguments -func ApplyOSTweaks(osConfig map[string]*OSValue) { -} diff --git a/vendor/github.com/docker/libnetwork/osl/namespace_linux.go b/vendor/github.com/docker/libnetwork/osl/namespace_linux.go deleted file mode 100644 index abb748b56..000000000 --- a/vendor/github.com/docker/libnetwork/osl/namespace_linux.go +++ /dev/null @@ -1,657 +0,0 @@ -package osl - -import ( - "fmt" - "io/ioutil" - "net" - "os" - "os/exec" - "path/filepath" - "runtime" - "strconv" - "strings" - "sync" - "syscall" - "time" - - "github.com/docker/docker/pkg/reexec" - "github.com/docker/libnetwork/ns" - "github.com/docker/libnetwork/osl/kernel" - "github.com/docker/libnetwork/types" - "github.com/sirupsen/logrus" - "github.com/vishvananda/netlink" - "github.com/vishvananda/netns" -) - -const defaultPrefix = "/var/run/docker" - -func init() { - reexec.Register("set-ipv6", reexecSetIPv6) -} - -var ( - once sync.Once - garbagePathMap = make(map[string]bool) - gpmLock sync.Mutex - gpmWg sync.WaitGroup - gpmCleanupPeriod = 60 * time.Second - gpmChan = make(chan chan struct{}) - prefix = defaultPrefix - loadBalancerConfig = map[string]*kernel.OSValue{ - // expires connection from the IPVS connection table when the backend is not available - // more info: https://github.com/torvalds/linux/blob/master/Documentation/networking/ipvs-sysctl.txt#L126:1 - "net.ipv4.vs.expire_nodest_conn": {"1", nil}, - } -) - -// The networkNamespace type is the linux implementation of the Sandbox -// interface. It represents a linux network namespace, and moves an interface -// into it when called on method AddInterface or sets the gateway etc. -type networkNamespace struct { - path string - iFaces []*nwIface - gw net.IP - gwv6 net.IP - staticRoutes []*types.StaticRoute - neighbors []*neigh - nextIfIndex map[string]int - isDefault bool - nlHandle *netlink.Handle - loV6Enabled bool - sync.Mutex -} - -// SetBasePath sets the base url prefix for the ns path -func SetBasePath(path string) { - prefix = path -} - -func init() { - reexec.Register("netns-create", reexecCreateNamespace) -} - -func basePath() string { - return filepath.Join(prefix, "netns") -} - -func createBasePath() { - err := os.MkdirAll(basePath(), 0755) - if err != nil { - panic("Could not create net namespace path directory") - } - - // Start the garbage collection go routine - go removeUnusedPaths() -} - -func removeUnusedPaths() { - gpmLock.Lock() - period := gpmCleanupPeriod - gpmLock.Unlock() - - ticker := time.NewTicker(period) - for { - var ( - gc chan struct{} - gcOk bool - ) - - select { - case <-ticker.C: - case gc, gcOk = <-gpmChan: - } - - gpmLock.Lock() - pathList := make([]string, 0, len(garbagePathMap)) - for path := range garbagePathMap { - pathList = append(pathList, path) - } - garbagePathMap = make(map[string]bool) - gpmWg.Add(1) - gpmLock.Unlock() - - for _, path := range pathList { - os.Remove(path) - } - - gpmWg.Done() - if gcOk { - close(gc) - } - } -} - -func addToGarbagePaths(path string) { - gpmLock.Lock() - garbagePathMap[path] = true - gpmLock.Unlock() -} - -func removeFromGarbagePaths(path string) { - gpmLock.Lock() - delete(garbagePathMap, path) - gpmLock.Unlock() -} - -// GC triggers garbage collection of namespace path right away -// and waits for it. -func GC() { - gpmLock.Lock() - if len(garbagePathMap) == 0 { - // No need for GC if map is empty - gpmLock.Unlock() - return - } - gpmLock.Unlock() - - // if content exists in the garbage paths - // we can trigger GC to run, providing a - // channel to be notified on completion - waitGC := make(chan struct{}) - gpmChan <- waitGC - // wait for GC completion - <-waitGC -} - -// GenerateKey generates a sandbox key based on the passed -// container id. -func GenerateKey(containerID string) string { - maxLen := 12 - // Read sandbox key from host for overlay - if strings.HasPrefix(containerID, "-") { - var ( - index int - indexStr string - tmpkey string - ) - dir, err := ioutil.ReadDir(basePath()) - if err != nil { - return "" - } - - for _, v := range dir { - id := v.Name() - if strings.HasSuffix(id, containerID[:maxLen-1]) { - indexStr = strings.TrimSuffix(id, containerID[:maxLen-1]) - tmpindex, err := strconv.Atoi(indexStr) - if err != nil { - return "" - } - if tmpindex > index { - index = tmpindex - tmpkey = id - } - - } - } - containerID = tmpkey - if containerID == "" { - return "" - } - } - - if len(containerID) < maxLen { - maxLen = len(containerID) - } - - return basePath() + "/" + containerID[:maxLen] -} - -// NewSandbox provides a new sandbox instance created in an os specific way -// provided a key which uniquely identifies the sandbox -func NewSandbox(key string, osCreate, isRestore bool) (Sandbox, error) { - if !isRestore { - err := createNetworkNamespace(key, osCreate) - if err != nil { - return nil, err - } - } else { - once.Do(createBasePath) - } - - n := &networkNamespace{path: key, isDefault: !osCreate, nextIfIndex: make(map[string]int)} - - sboxNs, err := netns.GetFromPath(n.path) - if err != nil { - return nil, fmt.Errorf("failed get network namespace %q: %v", n.path, err) - } - defer sboxNs.Close() - - n.nlHandle, err = netlink.NewHandleAt(sboxNs, syscall.NETLINK_ROUTE) - if err != nil { - return nil, fmt.Errorf("failed to create a netlink handle: %v", err) - } - - err = n.nlHandle.SetSocketTimeout(ns.NetlinkSocketsTimeout) - if err != nil { - logrus.Warnf("Failed to set the timeout on the sandbox netlink handle sockets: %v", err) - } - // In live-restore mode, IPV6 entries are getting cleaned up due to below code - // We should retain IPV6 configurations in live-restore mode when Docker Daemon - // comes back. It should work as it is on other cases - // As starting point, disable IPv6 on all interfaces - if !isRestore && !n.isDefault { - err = setIPv6(n.path, "all", false) - if err != nil { - logrus.Warnf("Failed to disable IPv6 on all interfaces on network namespace %q: %v", n.path, err) - } - } - - if err = n.loopbackUp(); err != nil { - n.nlHandle.Delete() - return nil, err - } - - return n, nil -} - -func (n *networkNamespace) InterfaceOptions() IfaceOptionSetter { - return n -} - -func (n *networkNamespace) NeighborOptions() NeighborOptionSetter { - return n -} - -func mountNetworkNamespace(basePath string, lnPath string) error { - return syscall.Mount(basePath, lnPath, "bind", syscall.MS_BIND, "") -} - -// GetSandboxForExternalKey returns sandbox object for the supplied path -func GetSandboxForExternalKey(basePath string, key string) (Sandbox, error) { - if err := createNamespaceFile(key); err != nil { - return nil, err - } - - if err := mountNetworkNamespace(basePath, key); err != nil { - return nil, err - } - n := &networkNamespace{path: key, nextIfIndex: make(map[string]int)} - - sboxNs, err := netns.GetFromPath(n.path) - if err != nil { - return nil, fmt.Errorf("failed get network namespace %q: %v", n.path, err) - } - defer sboxNs.Close() - - n.nlHandle, err = netlink.NewHandleAt(sboxNs, syscall.NETLINK_ROUTE) - if err != nil { - return nil, fmt.Errorf("failed to create a netlink handle: %v", err) - } - - err = n.nlHandle.SetSocketTimeout(ns.NetlinkSocketsTimeout) - if err != nil { - logrus.Warnf("Failed to set the timeout on the sandbox netlink handle sockets: %v", err) - } - - // As starting point, disable IPv6 on all interfaces - err = setIPv6(n.path, "all", false) - if err != nil { - logrus.Warnf("Failed to disable IPv6 on all interfaces on network namespace %q: %v", n.path, err) - } - - if err = n.loopbackUp(); err != nil { - n.nlHandle.Delete() - return nil, err - } - - return n, nil -} - -func reexecCreateNamespace() { - if len(os.Args) < 2 { - logrus.Fatal("no namespace path provided") - } - if err := mountNetworkNamespace("/proc/self/ns/net", os.Args[1]); err != nil { - logrus.Fatal(err) - } -} - -func createNetworkNamespace(path string, osCreate bool) error { - if err := createNamespaceFile(path); err != nil { - return err - } - - cmd := &exec.Cmd{ - Path: reexec.Self(), - Args: append([]string{"netns-create"}, path), - Stdout: os.Stdout, - Stderr: os.Stderr, - } - if osCreate { - cmd.SysProcAttr = &syscall.SysProcAttr{} - cmd.SysProcAttr.Cloneflags = syscall.CLONE_NEWNET - } - if err := cmd.Run(); err != nil { - return fmt.Errorf("namespace creation reexec command failed: %v", err) - } - - return nil -} - -func unmountNamespaceFile(path string) { - if _, err := os.Stat(path); err == nil { - syscall.Unmount(path, syscall.MNT_DETACH) - } -} - -func createNamespaceFile(path string) (err error) { - var f *os.File - - once.Do(createBasePath) - // Remove it from garbage collection list if present - removeFromGarbagePaths(path) - - // If the path is there unmount it first - unmountNamespaceFile(path) - - // wait for garbage collection to complete if it is in progress - // before trying to create the file. - gpmWg.Wait() - - if f, err = os.Create(path); err == nil { - f.Close() - } - - return err -} - -func (n *networkNamespace) loopbackUp() error { - iface, err := n.nlHandle.LinkByName("lo") - if err != nil { - return err - } - return n.nlHandle.LinkSetUp(iface) -} - -func (n *networkNamespace) GetLoopbackIfaceName() string { - return "lo" -} - -func (n *networkNamespace) AddAliasIP(ifName string, ip *net.IPNet) error { - iface, err := n.nlHandle.LinkByName(ifName) - if err != nil { - return err - } - return n.nlHandle.AddrAdd(iface, &netlink.Addr{IPNet: ip}) -} - -func (n *networkNamespace) RemoveAliasIP(ifName string, ip *net.IPNet) error { - iface, err := n.nlHandle.LinkByName(ifName) - if err != nil { - return err - } - return n.nlHandle.AddrDel(iface, &netlink.Addr{IPNet: ip}) -} - -func (n *networkNamespace) InvokeFunc(f func()) error { - return nsInvoke(n.nsPath(), func(nsFD int) error { return nil }, func(callerFD int) error { - f() - return nil - }) -} - -// InitOSContext initializes OS context while configuring network resources -func InitOSContext() func() { - runtime.LockOSThread() - if err := ns.SetNamespace(); err != nil { - logrus.Error(err) - } - return runtime.UnlockOSThread -} - -func nsInvoke(path string, prefunc func(nsFD int) error, postfunc func(callerFD int) error) error { - defer InitOSContext()() - - newNs, err := netns.GetFromPath(path) - if err != nil { - return fmt.Errorf("failed get network namespace %q: %v", path, err) - } - defer newNs.Close() - - // Invoked before the namespace switch happens but after the namespace file - // handle is obtained. - if err := prefunc(int(newNs)); err != nil { - return fmt.Errorf("failed in prefunc: %v", err) - } - - if err = netns.Set(newNs); err != nil { - return err - } - defer ns.SetNamespace() - - // Invoked after the namespace switch. - return postfunc(ns.ParseHandlerInt()) -} - -func (n *networkNamespace) nsPath() string { - n.Lock() - defer n.Unlock() - - return n.path -} - -func (n *networkNamespace) Info() Info { - return n -} - -func (n *networkNamespace) Key() string { - return n.path -} - -func (n *networkNamespace) Destroy() error { - if n.nlHandle != nil { - n.nlHandle.Delete() - } - // Assuming no running process is executing in this network namespace, - // unmounting is sufficient to destroy it. - if err := syscall.Unmount(n.path, syscall.MNT_DETACH); err != nil { - return err - } - - // Stash it into the garbage collection list - addToGarbagePaths(n.path) - return nil -} - -// Restore restore the network namespace -func (n *networkNamespace) Restore(ifsopt map[string][]IfaceOption, routes []*types.StaticRoute, gw net.IP, gw6 net.IP) error { - // restore interfaces - for name, opts := range ifsopt { - if !strings.Contains(name, "+") { - return fmt.Errorf("wrong iface name in restore osl sandbox interface: %s", name) - } - seps := strings.Split(name, "+") - srcName := seps[0] - dstPrefix := seps[1] - i := &nwIface{srcName: srcName, dstName: dstPrefix, ns: n} - i.processInterfaceOptions(opts...) - if i.master != "" { - i.dstMaster = n.findDst(i.master, true) - if i.dstMaster == "" { - return fmt.Errorf("could not find an appropriate master %q for %q", - i.master, i.srcName) - } - } - if n.isDefault { - i.dstName = i.srcName - } else { - links, err := n.nlHandle.LinkList() - if err != nil { - return fmt.Errorf("failed to retrieve list of links in network namespace %q during restore", n.path) - } - // due to the docker network connect/disconnect, so the dstName should - // restore from the namespace - for _, link := range links { - addrs, err := n.nlHandle.AddrList(link, netlink.FAMILY_V4) - if err != nil { - return err - } - ifaceName := link.Attrs().Name - if strings.HasPrefix(ifaceName, "vxlan") { - if i.dstName == "vxlan" { - i.dstName = ifaceName - break - } - } - // find the interface name by ip - if i.address != nil { - for _, addr := range addrs { - if addr.IPNet.String() == i.address.String() { - i.dstName = ifaceName - break - } - continue - } - if i.dstName == ifaceName { - break - } - } - // This is to find the interface name of the pair in overlay sandbox - if strings.HasPrefix(ifaceName, "veth") { - if i.master != "" && i.dstName == "veth" { - i.dstName = ifaceName - } - } - } - - var index int - indexStr := strings.TrimPrefix(i.dstName, dstPrefix) - if indexStr != "" { - index, err = strconv.Atoi(indexStr) - if err != nil { - return err - } - } - index++ - n.Lock() - if index > n.nextIfIndex[dstPrefix] { - n.nextIfIndex[dstPrefix] = index - } - n.iFaces = append(n.iFaces, i) - n.Unlock() - } - } - - // restore routes - for _, r := range routes { - n.Lock() - n.staticRoutes = append(n.staticRoutes, r) - n.Unlock() - } - - // restore gateway - if len(gw) > 0 { - n.Lock() - n.gw = gw - n.Unlock() - } - - if len(gw6) > 0 { - n.Lock() - n.gwv6 = gw6 - n.Unlock() - } - - return nil -} - -// Checks whether IPv6 needs to be enabled/disabled on the loopback interface -func (n *networkNamespace) checkLoV6() { - var ( - enable = false - action = "disable" - ) - - n.Lock() - for _, iface := range n.iFaces { - if iface.AddressIPv6() != nil { - enable = true - action = "enable" - break - } - } - n.Unlock() - - if n.loV6Enabled == enable { - return - } - - if err := setIPv6(n.path, "lo", enable); err != nil { - logrus.Warnf("Failed to %s IPv6 on loopback interface on network namespace %q: %v", action, n.path, err) - } - - n.loV6Enabled = enable -} - -func reexecSetIPv6() { - runtime.LockOSThread() - defer runtime.UnlockOSThread() - - if len(os.Args) < 3 { - logrus.Errorf("invalid number of arguments for %s", os.Args[0]) - os.Exit(1) - } - - ns, err := netns.GetFromPath(os.Args[1]) - if err != nil { - logrus.Errorf("failed get network namespace %q: %v", os.Args[1], err) - os.Exit(2) - } - defer ns.Close() - - if err = netns.Set(ns); err != nil { - logrus.Errorf("setting into container netns %q failed: %v", os.Args[1], err) - os.Exit(3) - } - - var ( - action = "disable" - value = byte('1') - path = fmt.Sprintf("/proc/sys/net/ipv6/conf/%s/disable_ipv6", os.Args[2]) - ) - - if os.Args[3] == "true" { - action = "enable" - value = byte('0') - } - - if _, err := os.Stat(path); err != nil { - if os.IsNotExist(err) { - logrus.Warnf("file does not exist: %s : %v Has IPv6 been disabled in this node's kernel?", path, err) - os.Exit(0) - } - logrus.Errorf("failed to stat %s : %v", path, err) - os.Exit(5) - } - - if err = ioutil.WriteFile(path, []byte{value, '\n'}, 0644); err != nil { - logrus.Errorf("failed to %s IPv6 forwarding for container's interface %s: %v", action, os.Args[2], err) - os.Exit(4) - } - - os.Exit(0) -} - -func setIPv6(path, iface string, enable bool) error { - cmd := &exec.Cmd{ - Path: reexec.Self(), - Args: append([]string{"set-ipv6"}, path, iface, strconv.FormatBool(enable)), - Stdout: os.Stdout, - Stderr: os.Stderr, - } - if err := cmd.Run(); err != nil { - return fmt.Errorf("reexec to set IPv6 failed: %v", err) - } - return nil -} - -// ApplyOSTweaks applies linux configs on the sandbox -func (n *networkNamespace) ApplyOSTweaks(types []SandboxType) { - for _, t := range types { - switch t { - case SandboxTypeLoadBalancer: - kernel.ApplyOSTweaks(loadBalancerConfig) - } - } -} diff --git a/vendor/github.com/docker/libnetwork/osl/namespace_unsupported.go b/vendor/github.com/docker/libnetwork/osl/namespace_unsupported.go deleted file mode 100644 index 74372e249..000000000 --- a/vendor/github.com/docker/libnetwork/osl/namespace_unsupported.go +++ /dev/null @@ -1,17 +0,0 @@ -// +build !linux,!windows,!freebsd - -package osl - -// GC triggers garbage collection of namespace path right away -// and waits for it. -func GC() { -} - -// GetSandboxForExternalKey returns sandbox object for the supplied path -func GetSandboxForExternalKey(path string, key string) (Sandbox, error) { - return nil, nil -} - -// SetBasePath sets the base url prefix for the ns path -func SetBasePath(path string) { -} diff --git a/vendor/github.com/docker/libnetwork/osl/namespace_windows.go b/vendor/github.com/docker/libnetwork/osl/namespace_windows.go deleted file mode 100644 index 49503c00f..000000000 --- a/vendor/github.com/docker/libnetwork/osl/namespace_windows.go +++ /dev/null @@ -1,38 +0,0 @@ -package osl - -import "testing" - -// GenerateKey generates a sandbox key based on the passed -// container id. -func GenerateKey(containerID string) string { - return containerID -} - -// NewSandbox provides a new sandbox instance created in an os specific way -// provided a key which uniquely identifies the sandbox -func NewSandbox(key string, osCreate, isRestore bool) (Sandbox, error) { - return nil, nil -} - -func GetSandboxForExternalKey(path string, key string) (Sandbox, error) { - return nil, nil -} - -// GC triggers garbage collection of namespace path right away -// and waits for it. -func GC() { -} - -// InitOSContext initializes OS context while configuring network resources -func InitOSContext() func() { - return func() {} -} - -// SetupTestOSContext sets up a separate test OS context in which tests will be executed. -func SetupTestOSContext(t *testing.T) func() { - return func() {} -} - -// SetBasePath sets the base url prefix for the ns path -func SetBasePath(path string) { -} diff --git a/vendor/github.com/docker/libnetwork/osl/neigh_freebsd.go b/vendor/github.com/docker/libnetwork/osl/neigh_freebsd.go deleted file mode 100644 index 280f00639..000000000 --- a/vendor/github.com/docker/libnetwork/osl/neigh_freebsd.go +++ /dev/null @@ -1,4 +0,0 @@ -package osl - -// NeighOption is a function option type to set neighbor options -type NeighOption func() diff --git a/vendor/github.com/docker/libnetwork/osl/neigh_linux.go b/vendor/github.com/docker/libnetwork/osl/neigh_linux.go deleted file mode 100644 index 6bf1c16dc..000000000 --- a/vendor/github.com/docker/libnetwork/osl/neigh_linux.go +++ /dev/null @@ -1,194 +0,0 @@ -package osl - -import ( - "bytes" - "fmt" - "net" - - "github.com/sirupsen/logrus" - "github.com/vishvananda/netlink" -) - -// NeighborSearchError indicates that the neighbor is already present -type NeighborSearchError struct { - ip net.IP - mac net.HardwareAddr - present bool -} - -func (n NeighborSearchError) Error() string { - return fmt.Sprintf("Search neighbor failed for IP %v, mac %v, present in db:%t", n.ip, n.mac, n.present) -} - -// NeighOption is a function option type to set interface options -type NeighOption func(nh *neigh) - -type neigh struct { - dstIP net.IP - dstMac net.HardwareAddr - linkName string - linkDst string - family int -} - -func (n *networkNamespace) findNeighbor(dstIP net.IP, dstMac net.HardwareAddr) *neigh { - n.Lock() - defer n.Unlock() - - for _, nh := range n.neighbors { - if nh.dstIP.Equal(dstIP) && bytes.Equal(nh.dstMac, dstMac) { - return nh - } - } - - return nil -} - -func (n *networkNamespace) DeleteNeighbor(dstIP net.IP, dstMac net.HardwareAddr, osDelete bool) error { - var ( - iface netlink.Link - err error - ) - - nh := n.findNeighbor(dstIP, dstMac) - if nh == nil { - return NeighborSearchError{dstIP, dstMac, false} - } - - if osDelete { - n.Lock() - nlh := n.nlHandle - n.Unlock() - - if nh.linkDst != "" { - iface, err = nlh.LinkByName(nh.linkDst) - if err != nil { - return fmt.Errorf("could not find interface with destination name %s: %v", - nh.linkDst, err) - } - } - - nlnh := &netlink.Neigh{ - IP: dstIP, - State: netlink.NUD_PERMANENT, - Family: nh.family, - } - - if nlnh.Family > 0 { - nlnh.HardwareAddr = dstMac - nlnh.Flags = netlink.NTF_SELF - } - - if nh.linkDst != "" { - nlnh.LinkIndex = iface.Attrs().Index - } - - // If the kernel deletion fails for the neighbor entry still remote it - // from the namespace cache. Otherwise if the neighbor moves back to the - // same host again, kernel update can fail. - if err := nlh.NeighDel(nlnh); err != nil { - logrus.Warnf("Deleting neighbor IP %s, mac %s failed, %v", dstIP, dstMac, err) - } - - // Delete the dynamic entry in the bridge - if nlnh.Family > 0 { - nlnh := &netlink.Neigh{ - IP: dstIP, - Family: nh.family, - } - - nlnh.HardwareAddr = dstMac - nlnh.Flags = netlink.NTF_MASTER - if nh.linkDst != "" { - nlnh.LinkIndex = iface.Attrs().Index - } - nlh.NeighDel(nlnh) - } - } - - n.Lock() - for i, nh := range n.neighbors { - if nh.dstIP.Equal(dstIP) && bytes.Equal(nh.dstMac, dstMac) { - n.neighbors = append(n.neighbors[:i], n.neighbors[i+1:]...) - break - } - } - n.Unlock() - logrus.Debugf("Neighbor entry deleted for IP %v, mac %v osDelete:%t", dstIP, dstMac, osDelete) - - return nil -} - -func (n *networkNamespace) AddNeighbor(dstIP net.IP, dstMac net.HardwareAddr, force bool, options ...NeighOption) error { - var ( - iface netlink.Link - err error - neighborAlreadyPresent bool - ) - - // If the namespace already has the neighbor entry but the AddNeighbor is called - // because of a miss notification (force flag) program the kernel anyway. - nh := n.findNeighbor(dstIP, dstMac) - if nh != nil { - neighborAlreadyPresent = true - logrus.Warnf("Neighbor entry already present for IP %v, mac %v neighbor:%+v forceUpdate:%t", dstIP, dstMac, nh, force) - if !force { - return NeighborSearchError{dstIP, dstMac, true} - } - } - - nh = &neigh{ - dstIP: dstIP, - dstMac: dstMac, - } - - nh.processNeighOptions(options...) - - if nh.linkName != "" { - nh.linkDst = n.findDst(nh.linkName, false) - if nh.linkDst == "" { - return fmt.Errorf("could not find the interface with name %s", nh.linkName) - } - } - - n.Lock() - nlh := n.nlHandle - n.Unlock() - - if nh.linkDst != "" { - iface, err = nlh.LinkByName(nh.linkDst) - if err != nil { - return fmt.Errorf("could not find interface with destination name %s: %v", nh.linkDst, err) - } - } - - nlnh := &netlink.Neigh{ - IP: dstIP, - HardwareAddr: dstMac, - State: netlink.NUD_PERMANENT, - Family: nh.family, - } - - if nlnh.Family > 0 { - nlnh.Flags = netlink.NTF_SELF - } - - if nh.linkDst != "" { - nlnh.LinkIndex = iface.Attrs().Index - } - - if err := nlh.NeighSet(nlnh); err != nil { - return fmt.Errorf("could not add neighbor entry:%+v error:%v", nlnh, err) - } - - if neighborAlreadyPresent { - return nil - } - - n.Lock() - n.neighbors = append(n.neighbors, nh) - n.Unlock() - logrus.Debugf("Neighbor entry added for IP:%v, mac:%v on ifc:%s", dstIP, dstMac, nh.linkName) - - return nil -} diff --git a/vendor/github.com/docker/libnetwork/osl/neigh_windows.go b/vendor/github.com/docker/libnetwork/osl/neigh_windows.go deleted file mode 100644 index 280f00639..000000000 --- a/vendor/github.com/docker/libnetwork/osl/neigh_windows.go +++ /dev/null @@ -1,4 +0,0 @@ -package osl - -// NeighOption is a function option type to set neighbor options -type NeighOption func() diff --git a/vendor/github.com/docker/libnetwork/osl/options_linux.go b/vendor/github.com/docker/libnetwork/osl/options_linux.go deleted file mode 100644 index 818669647..000000000 --- a/vendor/github.com/docker/libnetwork/osl/options_linux.go +++ /dev/null @@ -1,73 +0,0 @@ -package osl - -import "net" - -func (nh *neigh) processNeighOptions(options ...NeighOption) { - for _, opt := range options { - if opt != nil { - opt(nh) - } - } -} - -func (n *networkNamespace) LinkName(name string) NeighOption { - return func(nh *neigh) { - nh.linkName = name - } -} - -func (n *networkNamespace) Family(family int) NeighOption { - return func(nh *neigh) { - nh.family = family - } -} - -func (i *nwIface) processInterfaceOptions(options ...IfaceOption) { - for _, opt := range options { - if opt != nil { - opt(i) - } - } -} - -func (n *networkNamespace) Bridge(isBridge bool) IfaceOption { - return func(i *nwIface) { - i.bridge = isBridge - } -} - -func (n *networkNamespace) Master(name string) IfaceOption { - return func(i *nwIface) { - i.master = name - } -} - -func (n *networkNamespace) MacAddress(mac net.HardwareAddr) IfaceOption { - return func(i *nwIface) { - i.mac = mac - } -} - -func (n *networkNamespace) Address(addr *net.IPNet) IfaceOption { - return func(i *nwIface) { - i.address = addr - } -} - -func (n *networkNamespace) AddressIPv6(addr *net.IPNet) IfaceOption { - return func(i *nwIface) { - i.addressIPv6 = addr - } -} - -func (n *networkNamespace) LinkLocalAddresses(list []*net.IPNet) IfaceOption { - return func(i *nwIface) { - i.llAddrs = list - } -} - -func (n *networkNamespace) Routes(routes []*net.IPNet) IfaceOption { - return func(i *nwIface) { - i.routes = routes - } -} diff --git a/vendor/github.com/docker/libnetwork/osl/route_linux.go b/vendor/github.com/docker/libnetwork/osl/route_linux.go deleted file mode 100644 index a9ff191b3..000000000 --- a/vendor/github.com/docker/libnetwork/osl/route_linux.go +++ /dev/null @@ -1,203 +0,0 @@ -package osl - -import ( - "fmt" - "net" - - "github.com/docker/libnetwork/types" - "github.com/vishvananda/netlink" -) - -func (n *networkNamespace) Gateway() net.IP { - n.Lock() - defer n.Unlock() - - return n.gw -} - -func (n *networkNamespace) GatewayIPv6() net.IP { - n.Lock() - defer n.Unlock() - - return n.gwv6 -} - -func (n *networkNamespace) StaticRoutes() []*types.StaticRoute { - n.Lock() - defer n.Unlock() - - routes := make([]*types.StaticRoute, len(n.staticRoutes)) - for i, route := range n.staticRoutes { - r := route.GetCopy() - routes[i] = r - } - - return routes -} - -func (n *networkNamespace) setGateway(gw net.IP) { - n.Lock() - n.gw = gw - n.Unlock() -} - -func (n *networkNamespace) setGatewayIPv6(gwv6 net.IP) { - n.Lock() - n.gwv6 = gwv6 - n.Unlock() -} - -func (n *networkNamespace) SetGateway(gw net.IP) error { - // Silently return if the gateway is empty - if len(gw) == 0 { - return nil - } - - err := n.programGateway(gw, true) - if err == nil { - n.setGateway(gw) - } - - return err -} - -func (n *networkNamespace) UnsetGateway() error { - gw := n.Gateway() - - // Silently return if the gateway is empty - if len(gw) == 0 { - return nil - } - - err := n.programGateway(gw, false) - if err == nil { - n.setGateway(net.IP{}) - } - - return err -} - -func (n *networkNamespace) programGateway(gw net.IP, isAdd bool) error { - gwRoutes, err := n.nlHandle.RouteGet(gw) - if err != nil { - return fmt.Errorf("route for the gateway %s could not be found: %v", gw, err) - } - - var linkIndex int - for _, gwRoute := range gwRoutes { - if gwRoute.Gw == nil { - linkIndex = gwRoute.LinkIndex - break - } - } - - if linkIndex == 0 { - return fmt.Errorf("Direct route for the gateway %s could not be found", gw) - } - - if isAdd { - return n.nlHandle.RouteAdd(&netlink.Route{ - Scope: netlink.SCOPE_UNIVERSE, - LinkIndex: linkIndex, - Gw: gw, - }) - } - - return n.nlHandle.RouteDel(&netlink.Route{ - Scope: netlink.SCOPE_UNIVERSE, - LinkIndex: linkIndex, - Gw: gw, - }) -} - -// Program a route in to the namespace routing table. -func (n *networkNamespace) programRoute(path string, dest *net.IPNet, nh net.IP) error { - gwRoutes, err := n.nlHandle.RouteGet(nh) - if err != nil { - return fmt.Errorf("route for the next hop %s could not be found: %v", nh, err) - } - - return n.nlHandle.RouteAdd(&netlink.Route{ - Scope: netlink.SCOPE_UNIVERSE, - LinkIndex: gwRoutes[0].LinkIndex, - Gw: nh, - Dst: dest, - }) -} - -// Delete a route from the namespace routing table. -func (n *networkNamespace) removeRoute(path string, dest *net.IPNet, nh net.IP) error { - gwRoutes, err := n.nlHandle.RouteGet(nh) - if err != nil { - return fmt.Errorf("route for the next hop could not be found: %v", err) - } - - return n.nlHandle.RouteDel(&netlink.Route{ - Scope: netlink.SCOPE_UNIVERSE, - LinkIndex: gwRoutes[0].LinkIndex, - Gw: nh, - Dst: dest, - }) -} - -func (n *networkNamespace) SetGatewayIPv6(gwv6 net.IP) error { - // Silently return if the gateway is empty - if len(gwv6) == 0 { - return nil - } - - err := n.programGateway(gwv6, true) - if err == nil { - n.setGatewayIPv6(gwv6) - } - - return err -} - -func (n *networkNamespace) UnsetGatewayIPv6() error { - gwv6 := n.GatewayIPv6() - - // Silently return if the gateway is empty - if len(gwv6) == 0 { - return nil - } - - err := n.programGateway(gwv6, false) - if err == nil { - n.Lock() - n.gwv6 = net.IP{} - n.Unlock() - } - - return err -} - -func (n *networkNamespace) AddStaticRoute(r *types.StaticRoute) error { - err := n.programRoute(n.nsPath(), r.Destination, r.NextHop) - if err == nil { - n.Lock() - n.staticRoutes = append(n.staticRoutes, r) - n.Unlock() - } - return err -} - -func (n *networkNamespace) RemoveStaticRoute(r *types.StaticRoute) error { - - err := n.removeRoute(n.nsPath(), r.Destination, r.NextHop) - if err == nil { - n.Lock() - lastIndex := len(n.staticRoutes) - 1 - for i, v := range n.staticRoutes { - if v == r { - // Overwrite the route we're removing with the last element - n.staticRoutes[i] = n.staticRoutes[lastIndex] - // Shorten the slice to trim the extra element - n.staticRoutes = n.staticRoutes[:lastIndex] - break - } - } - n.Unlock() - } - return err -} diff --git a/vendor/github.com/docker/libnetwork/osl/sandbox.go b/vendor/github.com/docker/libnetwork/osl/sandbox.go deleted file mode 100644 index 5019e068d..000000000 --- a/vendor/github.com/docker/libnetwork/osl/sandbox.go +++ /dev/null @@ -1,187 +0,0 @@ -// Package osl describes structures and interfaces which abstract os entities -package osl - -import ( - "net" - - "github.com/docker/libnetwork/types" -) - -// SandboxType specify the time of the sandbox, this can be used to apply special configs -type SandboxType int - -const ( - // SandboxTypeIngress indicates that the sandbox is for the ingress - SandboxTypeIngress = iota - // SandboxTypeLoadBalancer indicates that the sandbox is a load balancer - SandboxTypeLoadBalancer = iota -) - -// Sandbox represents a network sandbox, identified by a specific key. It -// holds a list of Interfaces, routes etc, and more can be added dynamically. -type Sandbox interface { - // The path where the network namespace is mounted. - Key() string - - // Add an existing Interface to this sandbox. The operation will rename - // from the Interface SrcName to DstName as it moves, and reconfigure the - // interface according to the specified settings. The caller is expected - // to only provide a prefix for DstName. The AddInterface api will auto-generate - // an appropriate suffix for the DstName to disambiguate. - AddInterface(SrcName string, DstPrefix string, options ...IfaceOption) error - - // Set default IPv4 gateway for the sandbox - SetGateway(gw net.IP) error - - // Set default IPv6 gateway for the sandbox - SetGatewayIPv6(gw net.IP) error - - // Unset the previously set default IPv4 gateway in the sandbox - UnsetGateway() error - - // Unset the previously set default IPv6 gateway in the sandbox - UnsetGatewayIPv6() error - - // GetLoopbackIfaceName returns the name of the loopback interface - GetLoopbackIfaceName() string - - // AddAliasIP adds the passed IP address to the named interface - AddAliasIP(ifName string, ip *net.IPNet) error - - // RemoveAliasIP removes the passed IP address from the named interface - RemoveAliasIP(ifName string, ip *net.IPNet) error - - // Add a static route to the sandbox. - AddStaticRoute(*types.StaticRoute) error - - // Remove a static route from the sandbox. - RemoveStaticRoute(*types.StaticRoute) error - - // AddNeighbor adds a neighbor entry into the sandbox. - AddNeighbor(dstIP net.IP, dstMac net.HardwareAddr, force bool, option ...NeighOption) error - - // DeleteNeighbor deletes neighbor entry from the sandbox. - DeleteNeighbor(dstIP net.IP, dstMac net.HardwareAddr, osDelete bool) error - - // Returns an interface with methods to set neighbor options. - NeighborOptions() NeighborOptionSetter - - // Returns an interface with methods to set interface options. - InterfaceOptions() IfaceOptionSetter - - //Invoke - InvokeFunc(func()) error - - // Returns an interface with methods to get sandbox state. - Info() Info - - // Destroy the sandbox - Destroy() error - - // restore sandbox - Restore(ifsopt map[string][]IfaceOption, routes []*types.StaticRoute, gw net.IP, gw6 net.IP) error - - // ApplyOSTweaks applies operating system specific knobs on the sandbox - ApplyOSTweaks([]SandboxType) -} - -// NeighborOptionSetter interface defines the option setter methods for interface options -type NeighborOptionSetter interface { - // LinkName returns an option setter to set the srcName of the link that should - // be used in the neighbor entry - LinkName(string) NeighOption - - // Family returns an option setter to set the address family for the neighbor - // entry. eg. AF_BRIDGE - Family(int) NeighOption -} - -// IfaceOptionSetter interface defines the option setter methods for interface options. -type IfaceOptionSetter interface { - // Bridge returns an option setter to set if the interface is a bridge. - Bridge(bool) IfaceOption - - // MacAddress returns an option setter to set the MAC address. - MacAddress(net.HardwareAddr) IfaceOption - - // Address returns an option setter to set IPv4 address. - Address(*net.IPNet) IfaceOption - - // Address returns an option setter to set IPv6 address. - AddressIPv6(*net.IPNet) IfaceOption - - // LinkLocalAddresses returns an option setter to set the link-local IP addresses. - LinkLocalAddresses([]*net.IPNet) IfaceOption - - // Master returns an option setter to set the master interface if any for this - // interface. The master interface name should refer to the srcname of a - // previously added interface of type bridge. - Master(string) IfaceOption - - // Address returns an option setter to set interface routes. - Routes([]*net.IPNet) IfaceOption -} - -// Info represents all possible information that -// the driver wants to place in the sandbox which includes -// interfaces, routes and gateway -type Info interface { - // The collection of Interface previously added with the AddInterface - // method. Note that this doesn't include network interfaces added in any - // other way (such as the default loopback interface which is automatically - // created on creation of a sandbox). - Interfaces() []Interface - - // IPv4 gateway for the sandbox. - Gateway() net.IP - - // IPv6 gateway for the sandbox. - GatewayIPv6() net.IP - - // Additional static routes for the sandbox. (Note that directly - // connected routes are stored on the particular interface they refer to.) - StaticRoutes() []*types.StaticRoute - - // TODO: Add ip tables etc. -} - -// Interface represents the settings and identity of a network device. It is -// used as a return type for Network.Link, and it is common practice for the -// caller to use this information when moving interface SrcName from host -// namespace to DstName in a different net namespace with the appropriate -// network settings. -type Interface interface { - // The name of the interface in the origin network namespace. - SrcName() string - - // The name that will be assigned to the interface once moves inside a - // network namespace. When the caller passes in a DstName, it is only - // expected to pass a prefix. The name will modified with an appropriately - // auto-generated suffix. - DstName() string - - // IPv4 address for the interface. - Address() *net.IPNet - - // IPv6 address for the interface. - AddressIPv6() *net.IPNet - - // LinkLocalAddresses returns the link-local IP addresses assigned to the interface. - LinkLocalAddresses() []*net.IPNet - - // IP routes for the interface. - Routes() []*net.IPNet - - // Bridge returns true if the interface is a bridge - Bridge() bool - - // Master returns the srcname of the master interface for this interface. - Master() string - - // Remove an interface from the sandbox by renaming to original name - // and moving it out of the sandbox. - Remove() error - - // Statistics returns the statistics for this interface - Statistics() (*types.InterfaceStatistics, error) -} diff --git a/vendor/github.com/docker/libnetwork/osl/sandbox_freebsd.go b/vendor/github.com/docker/libnetwork/osl/sandbox_freebsd.go deleted file mode 100644 index e5bc6278e..000000000 --- a/vendor/github.com/docker/libnetwork/osl/sandbox_freebsd.go +++ /dev/null @@ -1,44 +0,0 @@ -package osl - -import "testing" - -// GenerateKey generates a sandbox key based on the passed -// container id. -func GenerateKey(containerID string) string { - maxLen := 12 - if len(containerID) < maxLen { - maxLen = len(containerID) - } - - return containerID[:maxLen] -} - -// NewSandbox provides a new sandbox instance created in an os specific way -// provided a key which uniquely identifies the sandbox -func NewSandbox(key string, osCreate, isRestore bool) (Sandbox, error) { - return nil, nil -} - -// GetSandboxForExternalKey returns sandbox object for the supplied path -func GetSandboxForExternalKey(path string, key string) (Sandbox, error) { - return nil, nil -} - -// GC triggers garbage collection of namespace path right away -// and waits for it. -func GC() { -} - -// InitOSContext initializes OS context while configuring network resources -func InitOSContext() func() { - return func() {} -} - -// SetupTestOSContext sets up a separate test OS context in which tests will be executed. -func SetupTestOSContext(t *testing.T) func() { - return func() {} -} - -// SetBasePath sets the base url prefix for the ns path -func SetBasePath(path string) { -} diff --git a/vendor/github.com/docker/libnetwork/osl/sandbox_unsupported.go b/vendor/github.com/docker/libnetwork/osl/sandbox_unsupported.go deleted file mode 100644 index 51a656c80..000000000 --- a/vendor/github.com/docker/libnetwork/osl/sandbox_unsupported.go +++ /dev/null @@ -1,22 +0,0 @@ -// +build !linux,!windows,!freebsd - -package osl - -import "errors" - -var ( - // ErrNotImplemented is for platforms which don't implement sandbox - ErrNotImplemented = errors.New("not implemented") -) - -// NewSandbox provides a new sandbox instance created in an os specific way -// provided a key which uniquely identifies the sandbox -func NewSandbox(key string, osCreate, isRestore bool) (Sandbox, error) { - return nil, ErrNotImplemented -} - -// GenerateKey generates a sandbox key based on the passed -// container id. -func GenerateKey(containerID string) string { - return "" -} diff --git a/vendor/github.com/docker/libnetwork/resolvconf/README.md b/vendor/github.com/docker/libnetwork/resolvconf/README.md deleted file mode 100644 index cdda554ba..000000000 --- a/vendor/github.com/docker/libnetwork/resolvconf/README.md +++ /dev/null @@ -1 +0,0 @@ -Package resolvconf provides utility code to query and update DNS configuration in /etc/resolv.conf diff --git a/vendor/github.com/docker/libnetwork/types/types.go b/vendor/github.com/docker/libnetwork/types/types.go deleted file mode 100644 index b102ba4c3..000000000 --- a/vendor/github.com/docker/libnetwork/types/types.go +++ /dev/null @@ -1,653 +0,0 @@ -// Package types contains types that are common across libnetwork project -package types - -import ( - "bytes" - "fmt" - "net" - "strconv" - "strings" - - "github.com/ishidawataru/sctp" -) - -// constants for the IP address type -const ( - IP = iota // IPv4 and IPv6 - IPv4 - IPv6 -) - -// EncryptionKey is the libnetwork representation of the key distributed by the lead -// manager. -type EncryptionKey struct { - Subsystem string - Algorithm int32 - Key []byte - LamportTime uint64 -} - -// UUID represents a globally unique ID of various resources like network and endpoint -type UUID string - -// QosPolicy represents a quality of service policy on an endpoint -type QosPolicy struct { - MaxEgressBandwidth uint64 -} - -// TransportPort represents a local Layer 4 endpoint -type TransportPort struct { - Proto Protocol - Port uint16 -} - -// Equal checks if this instance of Transportport is equal to the passed one -func (t *TransportPort) Equal(o *TransportPort) bool { - if t == o { - return true - } - - if o == nil { - return false - } - - if t.Proto != o.Proto || t.Port != o.Port { - return false - } - - return true -} - -// GetCopy returns a copy of this TransportPort structure instance -func (t *TransportPort) GetCopy() TransportPort { - return TransportPort{Proto: t.Proto, Port: t.Port} -} - -// String returns the TransportPort structure in string form -func (t *TransportPort) String() string { - return fmt.Sprintf("%s/%d", t.Proto.String(), t.Port) -} - -// FromString reads the TransportPort structure from string -func (t *TransportPort) FromString(s string) error { - ps := strings.Split(s, "/") - if len(ps) == 2 { - t.Proto = ParseProtocol(ps[0]) - if p, err := strconv.ParseUint(ps[1], 10, 16); err == nil { - t.Port = uint16(p) - return nil - } - } - return BadRequestErrorf("invalid format for transport port: %s", s) -} - -// PortBinding represents a port binding between the container and the host -type PortBinding struct { - Proto Protocol - IP net.IP - Port uint16 - HostIP net.IP - HostPort uint16 - HostPortEnd uint16 -} - -// HostAddr returns the host side transport address -func (p PortBinding) HostAddr() (net.Addr, error) { - switch p.Proto { - case UDP: - return &net.UDPAddr{IP: p.HostIP, Port: int(p.HostPort)}, nil - case TCP: - return &net.TCPAddr{IP: p.HostIP, Port: int(p.HostPort)}, nil - case SCTP: - return &sctp.SCTPAddr{IP: []net.IP{p.HostIP}, Port: int(p.HostPort)}, nil - default: - return nil, ErrInvalidProtocolBinding(p.Proto.String()) - } -} - -// ContainerAddr returns the container side transport address -func (p PortBinding) ContainerAddr() (net.Addr, error) { - switch p.Proto { - case UDP: - return &net.UDPAddr{IP: p.IP, Port: int(p.Port)}, nil - case TCP: - return &net.TCPAddr{IP: p.IP, Port: int(p.Port)}, nil - case SCTP: - return &sctp.SCTPAddr{IP: []net.IP{p.IP}, Port: int(p.Port)}, nil - default: - return nil, ErrInvalidProtocolBinding(p.Proto.String()) - } -} - -// GetCopy returns a copy of this PortBinding structure instance -func (p *PortBinding) GetCopy() PortBinding { - return PortBinding{ - Proto: p.Proto, - IP: GetIPCopy(p.IP), - Port: p.Port, - HostIP: GetIPCopy(p.HostIP), - HostPort: p.HostPort, - HostPortEnd: p.HostPortEnd, - } -} - -// String returns the PortBinding structure in string form -func (p *PortBinding) String() string { - ret := fmt.Sprintf("%s/", p.Proto) - if p.IP != nil { - ret += p.IP.String() - } - ret = fmt.Sprintf("%s:%d/", ret, p.Port) - if p.HostIP != nil { - ret += p.HostIP.String() - } - ret = fmt.Sprintf("%s:%d", ret, p.HostPort) - return ret -} - -// FromString reads the PortBinding structure from string s. -// String s is a triple of "protocol/containerIP:port/hostIP:port" -// containerIP and hostIP can be in dotted decimal ("192.0.2.1") or IPv6 ("2001:db8::68") form. -// Zoned addresses ("169.254.0.23%eth0" or "fe80::1ff:fe23:4567:890a%eth0") are not supported. -// If string s is incorrectly formatted or the IP addresses or ports cannot be parsed, FromString -// returns an error. -func (p *PortBinding) FromString(s string) error { - ps := strings.Split(s, "/") - if len(ps) != 3 { - return BadRequestErrorf("invalid format for port binding: %s", s) - } - - p.Proto = ParseProtocol(ps[0]) - - var err error - if p.IP, p.Port, err = parseIPPort(ps[1]); err != nil { - return BadRequestErrorf("failed to parse Container IP/Port in port binding: %s", err.Error()) - } - - if p.HostIP, p.HostPort, err = parseIPPort(ps[2]); err != nil { - return BadRequestErrorf("failed to parse Host IP/Port in port binding: %s", err.Error()) - } - - return nil -} - -func parseIPPort(s string) (net.IP, uint16, error) { - hoststr, portstr, err := net.SplitHostPort(s) - if err != nil { - return nil, 0, err - } - - ip := net.ParseIP(hoststr) - if ip == nil { - return nil, 0, BadRequestErrorf("invalid ip: %s", hoststr) - } - - port, err := strconv.ParseUint(portstr, 10, 16) - if err != nil { - return nil, 0, BadRequestErrorf("invalid port: %s", portstr) - } - - return ip, uint16(port), nil -} - -// Equal checks if this instance of PortBinding is equal to the passed one -func (p *PortBinding) Equal(o *PortBinding) bool { - if p == o { - return true - } - - if o == nil { - return false - } - - if p.Proto != o.Proto || p.Port != o.Port || - p.HostPort != o.HostPort || p.HostPortEnd != o.HostPortEnd { - return false - } - - if p.IP != nil { - if !p.IP.Equal(o.IP) { - return false - } - } else { - if o.IP != nil { - return false - } - } - - if p.HostIP != nil { - if !p.HostIP.Equal(o.HostIP) { - return false - } - } else { - if o.HostIP != nil { - return false - } - } - - return true -} - -// ErrInvalidProtocolBinding is returned when the port binding protocol is not valid. -type ErrInvalidProtocolBinding string - -func (ipb ErrInvalidProtocolBinding) Error() string { - return fmt.Sprintf("invalid transport protocol: %s", string(ipb)) -} - -const ( - // ICMP is for the ICMP ip protocol - ICMP = 1 - // TCP is for the TCP ip protocol - TCP = 6 - // UDP is for the UDP ip protocol - UDP = 17 - // SCTP is for the SCTP ip protocol - SCTP = 132 -) - -// Protocol represents an IP protocol number -type Protocol uint8 - -func (p Protocol) String() string { - switch p { - case ICMP: - return "icmp" - case TCP: - return "tcp" - case UDP: - return "udp" - case SCTP: - return "sctp" - default: - return fmt.Sprintf("%d", p) - } -} - -// ParseProtocol returns the respective Protocol type for the passed string -func ParseProtocol(s string) Protocol { - switch strings.ToLower(s) { - case "icmp": - return ICMP - case "udp": - return UDP - case "tcp": - return TCP - case "sctp": - return SCTP - default: - return 0 - } -} - -// GetMacCopy returns a copy of the passed MAC address -func GetMacCopy(from net.HardwareAddr) net.HardwareAddr { - if from == nil { - return nil - } - to := make(net.HardwareAddr, len(from)) - copy(to, from) - return to -} - -// GetIPCopy returns a copy of the passed IP address -func GetIPCopy(from net.IP) net.IP { - if from == nil { - return nil - } - to := make(net.IP, len(from)) - copy(to, from) - return to -} - -// GetIPNetCopy returns a copy of the passed IP Network -func GetIPNetCopy(from *net.IPNet) *net.IPNet { - if from == nil { - return nil - } - bm := make(net.IPMask, len(from.Mask)) - copy(bm, from.Mask) - return &net.IPNet{IP: GetIPCopy(from.IP), Mask: bm} -} - -// GetIPNetCanonical returns the canonical form for the passed network -func GetIPNetCanonical(nw *net.IPNet) *net.IPNet { - if nw == nil { - return nil - } - c := GetIPNetCopy(nw) - c.IP = c.IP.Mask(nw.Mask) - return c -} - -// CompareIPNet returns equal if the two IP Networks are equal -func CompareIPNet(a, b *net.IPNet) bool { - if a == b { - return true - } - if a == nil || b == nil { - return false - } - return a.IP.Equal(b.IP) && bytes.Equal(a.Mask, b.Mask) -} - -// GetMinimalIP returns the address in its shortest form -// If ip contains an IPv4-mapped IPv6 address, the 4-octet form of the IPv4 address will be returned. -// Otherwise ip is returned unchanged. -func GetMinimalIP(ip net.IP) net.IP { - if ip != nil && ip.To4() != nil { - return ip.To4() - } - return ip -} - -// GetMinimalIPNet returns a copy of the passed IP Network with congruent ip and mask notation -func GetMinimalIPNet(nw *net.IPNet) *net.IPNet { - if nw == nil { - return nil - } - if len(nw.IP) == 16 && nw.IP.To4() != nil { - m := nw.Mask - if len(m) == 16 { - m = m[12:16] - } - return &net.IPNet{IP: nw.IP.To4(), Mask: m} - } - return nw -} - -// IsIPNetValid returns true if the ipnet is a valid network/mask -// combination. Otherwise returns false. -func IsIPNetValid(nw *net.IPNet) bool { - return nw.String() != "0.0.0.0/0" -} - -var v4inV6MaskPrefix = []byte{0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff} - -// compareIPMask checks if the passed ip and mask are semantically compatible. -// It returns the byte indexes for the address and mask so that caller can -// do bitwise operations without modifying address representation. -func compareIPMask(ip net.IP, mask net.IPMask) (is int, ms int, err error) { - // Find the effective starting of address and mask - if len(ip) == net.IPv6len && ip.To4() != nil { - is = 12 - } - if len(ip[is:]) == net.IPv4len && len(mask) == net.IPv6len && bytes.Equal(mask[:12], v4inV6MaskPrefix) { - ms = 12 - } - // Check if address and mask are semantically compatible - if len(ip[is:]) != len(mask[ms:]) { - err = fmt.Errorf("ip and mask are not compatible: (%#v, %#v)", ip, mask) - } - return -} - -// GetHostPartIP returns the host portion of the ip address identified by the mask. -// IP address representation is not modified. If address and mask are not compatible -// an error is returned. -func GetHostPartIP(ip net.IP, mask net.IPMask) (net.IP, error) { - // Find the effective starting of address and mask - is, ms, err := compareIPMask(ip, mask) - if err != nil { - return nil, fmt.Errorf("cannot compute host portion ip address because %s", err) - } - - // Compute host portion - out := GetIPCopy(ip) - for i := 0; i < len(mask[ms:]); i++ { - out[is+i] &= ^mask[ms+i] - } - - return out, nil -} - -// GetBroadcastIP returns the broadcast ip address for the passed network (ip and mask). -// IP address representation is not modified. If address and mask are not compatible -// an error is returned. -func GetBroadcastIP(ip net.IP, mask net.IPMask) (net.IP, error) { - // Find the effective starting of address and mask - is, ms, err := compareIPMask(ip, mask) - if err != nil { - return nil, fmt.Errorf("cannot compute broadcast ip address because %s", err) - } - - // Compute broadcast address - out := GetIPCopy(ip) - for i := 0; i < len(mask[ms:]); i++ { - out[is+i] |= ^mask[ms+i] - } - - return out, nil -} - -// ParseCIDR returns the *net.IPNet represented by the passed CIDR notation -func ParseCIDR(cidr string) (n *net.IPNet, e error) { - var i net.IP - if i, n, e = net.ParseCIDR(cidr); e == nil { - n.IP = i - } - return -} - -const ( - // NEXTHOP indicates a StaticRoute with an IP next hop. - NEXTHOP = iota - - // CONNECTED indicates a StaticRoute with an interface for directly connected peers. - CONNECTED -) - -// StaticRoute is a statically-provisioned IP route. -type StaticRoute struct { - Destination *net.IPNet - - RouteType int // NEXT_HOP or CONNECTED - - // NextHop will be resolved by the kernel (i.e. as a loose hop). - NextHop net.IP -} - -// GetCopy returns a copy of this StaticRoute structure -func (r *StaticRoute) GetCopy() *StaticRoute { - d := GetIPNetCopy(r.Destination) - nh := GetIPCopy(r.NextHop) - return &StaticRoute{Destination: d, - RouteType: r.RouteType, - NextHop: nh, - } -} - -// InterfaceStatistics represents the interface's statistics -type InterfaceStatistics struct { - RxBytes uint64 - RxPackets uint64 - RxErrors uint64 - RxDropped uint64 - TxBytes uint64 - TxPackets uint64 - TxErrors uint64 - TxDropped uint64 -} - -func (is *InterfaceStatistics) String() string { - return fmt.Sprintf("\nRxBytes: %d, RxPackets: %d, RxErrors: %d, RxDropped: %d, TxBytes: %d, TxPackets: %d, TxErrors: %d, TxDropped: %d", - is.RxBytes, is.RxPackets, is.RxErrors, is.RxDropped, is.TxBytes, is.TxPackets, is.TxErrors, is.TxDropped) -} - -/****************************** - * Well-known Error Interfaces - ******************************/ - -// MaskableError is an interface for errors which can be ignored by caller -type MaskableError interface { - // Maskable makes implementer into MaskableError type - Maskable() -} - -// RetryError is an interface for errors which might get resolved through retry -type RetryError interface { - // Retry makes implementer into RetryError type - Retry() -} - -// BadRequestError is an interface for errors originated by a bad request -type BadRequestError interface { - // BadRequest makes implementer into BadRequestError type - BadRequest() -} - -// NotFoundError is an interface for errors raised because a needed resource is not available -type NotFoundError interface { - // NotFound makes implementer into NotFoundError type - NotFound() -} - -// ForbiddenError is an interface for errors which denote a valid request that cannot be honored -type ForbiddenError interface { - // Forbidden makes implementer into ForbiddenError type - Forbidden() -} - -// NoServiceError is an interface for errors returned when the required service is not available -type NoServiceError interface { - // NoService makes implementer into NoServiceError type - NoService() -} - -// TimeoutError is an interface for errors raised because of timeout -type TimeoutError interface { - // Timeout makes implementer into TimeoutError type - Timeout() -} - -// NotImplementedError is an interface for errors raised because of requested functionality is not yet implemented -type NotImplementedError interface { - // NotImplemented makes implementer into NotImplementedError type - NotImplemented() -} - -// InternalError is an interface for errors raised because of an internal error -type InternalError interface { - // Internal makes implementer into InternalError type - Internal() -} - -/****************************** - * Well-known Error Formatters - ******************************/ - -// BadRequestErrorf creates an instance of BadRequestError -func BadRequestErrorf(format string, params ...interface{}) error { - return badRequest(fmt.Sprintf(format, params...)) -} - -// NotFoundErrorf creates an instance of NotFoundError -func NotFoundErrorf(format string, params ...interface{}) error { - return notFound(fmt.Sprintf(format, params...)) -} - -// ForbiddenErrorf creates an instance of ForbiddenError -func ForbiddenErrorf(format string, params ...interface{}) error { - return forbidden(fmt.Sprintf(format, params...)) -} - -// NoServiceErrorf creates an instance of NoServiceError -func NoServiceErrorf(format string, params ...interface{}) error { - return noService(fmt.Sprintf(format, params...)) -} - -// NotImplementedErrorf creates an instance of NotImplementedError -func NotImplementedErrorf(format string, params ...interface{}) error { - return notImpl(fmt.Sprintf(format, params...)) -} - -// TimeoutErrorf creates an instance of TimeoutError -func TimeoutErrorf(format string, params ...interface{}) error { - return timeout(fmt.Sprintf(format, params...)) -} - -// InternalErrorf creates an instance of InternalError -func InternalErrorf(format string, params ...interface{}) error { - return internal(fmt.Sprintf(format, params...)) -} - -// InternalMaskableErrorf creates an instance of InternalError and MaskableError -func InternalMaskableErrorf(format string, params ...interface{}) error { - return maskInternal(fmt.Sprintf(format, params...)) -} - -// RetryErrorf creates an instance of RetryError -func RetryErrorf(format string, params ...interface{}) error { - return retry(fmt.Sprintf(format, params...)) -} - -/*********************** - * Internal Error Types - ***********************/ -type badRequest string - -func (br badRequest) Error() string { - return string(br) -} -func (br badRequest) BadRequest() {} - -type maskBadRequest string - -type notFound string - -func (nf notFound) Error() string { - return string(nf) -} -func (nf notFound) NotFound() {} - -type forbidden string - -func (frb forbidden) Error() string { - return string(frb) -} -func (frb forbidden) Forbidden() {} - -type noService string - -func (ns noService) Error() string { - return string(ns) -} -func (ns noService) NoService() {} - -type maskNoService string - -type timeout string - -func (to timeout) Error() string { - return string(to) -} -func (to timeout) Timeout() {} - -type notImpl string - -func (ni notImpl) Error() string { - return string(ni) -} -func (ni notImpl) NotImplemented() {} - -type internal string - -func (nt internal) Error() string { - return string(nt) -} -func (nt internal) Internal() {} - -type maskInternal string - -func (mnt maskInternal) Error() string { - return string(mnt) -} -func (mnt maskInternal) Internal() {} -func (mnt maskInternal) Maskable() {} - -type retry string - -func (r retry) Error() string { - return string(r) -} -func (r retry) Retry() {} diff --git a/vendor/github.com/docker/libnetwork/vendor.conf b/vendor/github.com/docker/libnetwork/vendor.conf deleted file mode 100644 index f2bb55223..000000000 --- a/vendor/github.com/docker/libnetwork/vendor.conf +++ /dev/null @@ -1,50 +0,0 @@ -github.com/Azure/go-ansiterm d6e3b3328b783f23731bc4d058875b0371ff8109 -github.com/BurntSushi/toml a368813c5e648fee92e5f6c30e3944ff9d5e8895 -github.com/Microsoft/go-winio v0.4.11 -github.com/Microsoft/hcsshim v0.7.3 -github.com/armon/go-metrics eb0af217e5e9747e41dd5303755356b62d28e3ec -github.com/armon/go-radix e39d623f12e8e41c7b5529e9a9dd67a1e2261f80 -github.com/codegangsta/cli a65b733b303f0055f8d324d805f393cd3e7a7904 -github.com/containerd/continuity d3c23511c1bf5851696cba83143d9cbcd666869b -github.com/coreos/etcd v3.2.1 -github.com/coreos/go-semver v0.2.0 -github.com/deckarep/golang-set ef32fa3046d9f249d399f98ebaf9be944430fd1d -go.etcd.io/bbolt v1.3.1-etcd.8 - -github.com/docker/docker 162ba6016def672690ee4a1f3978368853a1e149 -github.com/docker/go-connections 7beb39f0b969b075d1325fecb092faf27fd357b6 -github.com/docker/go-events 9461782956ad83b30282bf90e31fa6a70c255ba9 -github.com/docker/go-units 9e638d38cf6977a37a8ea0078f3ee75a7cdb2dd1 -github.com/docker/libkv 458977154600b9f23984d9f4b82e79570b5ae12b - -github.com/godbus/dbus v4.0.0 -github.com/gogo/protobuf v1.0.0 -github.com/gorilla/context v1.1 -github.com/gorilla/mux v1.1 -github.com/hashicorp/consul v0.5.2 -github.com/hashicorp/go-msgpack 71c2886f5a673a35f909803f38ece5810165097b -github.com/hashicorp/go-multierror fcdddc395df1ddf4247c69bd436e84cfa0733f7e -github.com/hashicorp/memberlist 3d8438da9589e7b608a83ffac1ef8211486bcb7c -github.com/sean-/seed e2103e2c35297fb7e17febb81e49b312087a2372 -github.com/hashicorp/go-sockaddr 6d291a969b86c4b633730bfc6b8b9d64c3aafed9 -github.com/hashicorp/serf 598c54895cc5a7b1a24a398d635e8c0ea0959870 -github.com/mattn/go-shellwords v1.0.3 -github.com/miekg/dns v1.0.7 -github.com/opencontainers/go-digest v1.0.0-rc1 -github.com/opencontainers/image-spec v1.0.1 -github.com/opencontainers/runc 69663f0bd4b60df09991c08812a60108003fa340 -github.com/opencontainers/runtime-spec v1.0.1 -github.com/samuel/go-zookeeper d0e0d8e11f318e000a8cc434616d69e329edc374 -github.com/sirupsen/logrus v1.0.3 -github.com/ugorji/go f1f1a805ed361a0e078bb537e4ea78cd37dcf065 -github.com/vishvananda/netlink b2de5d10e38ecce8607e6b438b6d174f389a004e -github.com/vishvananda/netns 604eaf189ee867d8c147fafc28def2394e878d25 -golang.org/x/crypto 1a580b3eff7814fc9b40602fd35256c63b50f491 -golang.org/x/net 0ed95abb35c445290478a5348a7b38bb154135fd -golang.org/x/sys 37707fdb30a5b38865cfb95e5aab41707daec7fd -golang.org/x/sync fd80eb99c8f653c847d294a001bdf2a3a6f768f5 -github.com/pkg/errors 839d9e913e063e28dfd0e6c7b7512793e0a48be9 -github.com/ishidawataru/sctp 07191f837fedd2f13d1ec7b5f885f0f3ec54b1cb - -gotest.tools v2.1.0 -github.com/google/go-cmp v0.2.0 |