summaryrefslogtreecommitdiff
path: root/vendor/github.com/docker/libnetwork
diff options
context:
space:
mode:
Diffstat (limited to 'vendor/github.com/docker/libnetwork')
-rw-r--r--vendor/github.com/docker/libnetwork/LICENSE202
-rw-r--r--vendor/github.com/docker/libnetwork/README.md100
-rw-r--r--vendor/github.com/docker/libnetwork/ipamutils/utils.go135
-rw-r--r--vendor/github.com/docker/libnetwork/netutils/utils.go194
-rw-r--r--vendor/github.com/docker/libnetwork/netutils/utils_freebsd.go23
-rw-r--r--vendor/github.com/docker/libnetwork/netutils/utils_linux.go126
-rw-r--r--vendor/github.com/docker/libnetwork/netutils/utils_windows.go25
-rw-r--r--vendor/github.com/docker/libnetwork/ns/init_linux.go140
-rw-r--r--vendor/github.com/docker/libnetwork/ns/init_windows.go3
-rw-r--r--vendor/github.com/docker/libnetwork/osl/interface_freebsd.go4
-rw-r--r--vendor/github.com/docker/libnetwork/osl/interface_linux.go460
-rw-r--r--vendor/github.com/docker/libnetwork/osl/interface_windows.go4
-rw-r--r--vendor/github.com/docker/libnetwork/osl/kernel/knobs.go16
-rw-r--r--vendor/github.com/docker/libnetwork/osl/kernel/knobs_linux.go47
-rw-r--r--vendor/github.com/docker/libnetwork/osl/kernel/knobs_unsupported.go7
-rw-r--r--vendor/github.com/docker/libnetwork/osl/namespace_linux.go657
-rw-r--r--vendor/github.com/docker/libnetwork/osl/namespace_unsupported.go17
-rw-r--r--vendor/github.com/docker/libnetwork/osl/namespace_windows.go38
-rw-r--r--vendor/github.com/docker/libnetwork/osl/neigh_freebsd.go4
-rw-r--r--vendor/github.com/docker/libnetwork/osl/neigh_linux.go194
-rw-r--r--vendor/github.com/docker/libnetwork/osl/neigh_windows.go4
-rw-r--r--vendor/github.com/docker/libnetwork/osl/options_linux.go73
-rw-r--r--vendor/github.com/docker/libnetwork/osl/route_linux.go203
-rw-r--r--vendor/github.com/docker/libnetwork/osl/sandbox.go187
-rw-r--r--vendor/github.com/docker/libnetwork/osl/sandbox_freebsd.go44
-rw-r--r--vendor/github.com/docker/libnetwork/osl/sandbox_unsupported.go22
-rw-r--r--vendor/github.com/docker/libnetwork/resolvconf/README.md1
-rw-r--r--vendor/github.com/docker/libnetwork/resolvconf/dns/resolvconf.go26
-rw-r--r--vendor/github.com/docker/libnetwork/resolvconf/resolvconf.go251
-rw-r--r--vendor/github.com/docker/libnetwork/types/types.go653
-rw-r--r--vendor/github.com/docker/libnetwork/vendor.conf50
31 files changed, 0 insertions, 3910 deletions
diff --git a/vendor/github.com/docker/libnetwork/LICENSE b/vendor/github.com/docker/libnetwork/LICENSE
deleted file mode 100644
index e06d20818..000000000
--- a/vendor/github.com/docker/libnetwork/LICENSE
+++ /dev/null
@@ -1,202 +0,0 @@
-Apache License
- Version 2.0, January 2004
- http://www.apache.org/licenses/
-
- TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
-
- 1. Definitions.
-
- "License" shall mean the terms and conditions for use, reproduction,
- and distribution as defined by Sections 1 through 9 of this document.
-
- "Licensor" shall mean the copyright owner or entity authorized by
- the copyright owner that is granting the License.
-
- "Legal Entity" shall mean the union of the acting entity and all
- other entities that control, are controlled by, or are under common
- control with that entity. For the purposes of this definition,
- "control" means (i) the power, direct or indirect, to cause the
- direction or management of such entity, whether by contract or
- otherwise, or (ii) ownership of fifty percent (50%) or more of the
- outstanding shares, or (iii) beneficial ownership of such entity.
-
- "You" (or "Your") shall mean an individual or Legal Entity
- exercising permissions granted by this License.
-
- "Source" form shall mean the preferred form for making modifications,
- including but not limited to software source code, documentation
- source, and configuration files.
-
- "Object" form shall mean any form resulting from mechanical
- transformation or translation of a Source form, including but
- not limited to compiled object code, generated documentation,
- and conversions to other media types.
-
- "Work" shall mean the work of authorship, whether in Source or
- Object form, made available under the License, as indicated by a
- copyright notice that is included in or attached to the work
- (an example is provided in the Appendix below).
-
- "Derivative Works" shall mean any work, whether in Source or Object
- form, that is based on (or derived from) the Work and for which the
- editorial revisions, annotations, elaborations, or other modifications
- represent, as a whole, an original work of authorship. For the purposes
- of this License, Derivative Works shall not include works that remain
- separable from, or merely link (or bind by name) to the interfaces of,
- the Work and Derivative Works thereof.
-
- "Contribution" shall mean any work of authorship, including
- the original version of the Work and any modifications or additions
- to that Work or Derivative Works thereof, that is intentionally
- submitted to Licensor for inclusion in the Work by the copyright owner
- or by an individual or Legal Entity authorized to submit on behalf of
- the copyright owner. For the purposes of this definition, "submitted"
- means any form of electronic, verbal, or written communication sent
- to the Licensor or its representatives, including but not limited to
- communication on electronic mailing lists, source code control systems,
- and issue tracking systems that are managed by, or on behalf of, the
- Licensor for the purpose of discussing and improving the Work, but
- excluding communication that is conspicuously marked or otherwise
- designated in writing by the copyright owner as "Not a Contribution."
-
- "Contributor" shall mean Licensor and any individual or Legal Entity
- on behalf of whom a Contribution has been received by Licensor and
- subsequently incorporated within the Work.
-
- 2. Grant of Copyright License. Subject to the terms and conditions of
- this License, each Contributor hereby grants to You a perpetual,
- worldwide, non-exclusive, no-charge, royalty-free, irrevocable
- copyright license to reproduce, prepare Derivative Works of,
- publicly display, publicly perform, sublicense, and distribute the
- Work and such Derivative Works in Source or Object form.
-
- 3. Grant of Patent License. Subject to the terms and conditions of
- this License, each Contributor hereby grants to You a perpetual,
- worldwide, non-exclusive, no-charge, royalty-free, irrevocable
- (except as stated in this section) patent license to make, have made,
- use, offer to sell, sell, import, and otherwise transfer the Work,
- where such license applies only to those patent claims licensable
- by such Contributor that are necessarily infringed by their
- Contribution(s) alone or by combination of their Contribution(s)
- with the Work to which such Contribution(s) was submitted. If You
- institute patent litigation against any entity (including a
- cross-claim or counterclaim in a lawsuit) alleging that the Work
- or a Contribution incorporated within the Work constitutes direct
- or contributory patent infringement, then any patent licenses
- granted to You under this License for that Work shall terminate
- as of the date such litigation is filed.
-
- 4. Redistribution. You may reproduce and distribute copies of the
- Work or Derivative Works thereof in any medium, with or without
- modifications, and in Source or Object form, provided that You
- meet the following conditions:
-
- (a) You must give any other recipients of the Work or
- Derivative Works a copy of this License; and
-
- (b) You must cause any modified files to carry prominent notices
- stating that You changed the files; and
-
- (c) You must retain, in the Source form of any Derivative Works
- that You distribute, all copyright, patent, trademark, and
- attribution notices from the Source form of the Work,
- excluding those notices that do not pertain to any part of
- the Derivative Works; and
-
- (d) If the Work includes a "NOTICE" text file as part of its
- distribution, then any Derivative Works that You distribute must
- include a readable copy of the attribution notices contained
- within such NOTICE file, excluding those notices that do not
- pertain to any part of the Derivative Works, in at least one
- of the following places: within a NOTICE text file distributed
- as part of the Derivative Works; within the Source form or
- documentation, if provided along with the Derivative Works; or,
- within a display generated by the Derivative Works, if and
- wherever such third-party notices normally appear. The contents
- of the NOTICE file are for informational purposes only and
- do not modify the License. You may add Your own attribution
- notices within Derivative Works that You distribute, alongside
- or as an addendum to the NOTICE text from the Work, provided
- that such additional attribution notices cannot be construed
- as modifying the License.
-
- You may add Your own copyright statement to Your modifications and
- may provide additional or different license terms and conditions
- for use, reproduction, or distribution of Your modifications, or
- for any such Derivative Works as a whole, provided Your use,
- reproduction, and distribution of the Work otherwise complies with
- the conditions stated in this License.
-
- 5. Submission of Contributions. Unless You explicitly state otherwise,
- any Contribution intentionally submitted for inclusion in the Work
- by You to the Licensor shall be under the terms and conditions of
- this License, without any additional terms or conditions.
- Notwithstanding the above, nothing herein shall supersede or modify
- the terms of any separate license agreement you may have executed
- with Licensor regarding such Contributions.
-
- 6. Trademarks. This License does not grant permission to use the trade
- names, trademarks, service marks, or product names of the Licensor,
- except as required for reasonable and customary use in describing the
- origin of the Work and reproducing the content of the NOTICE file.
-
- 7. Disclaimer of Warranty. Unless required by applicable law or
- agreed to in writing, Licensor provides the Work (and each
- Contributor provides its Contributions) on an "AS IS" BASIS,
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
- implied, including, without limitation, any warranties or conditions
- of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
- PARTICULAR PURPOSE. You are solely responsible for determining the
- appropriateness of using or redistributing the Work and assume any
- risks associated with Your exercise of permissions under this License.
-
- 8. Limitation of Liability. In no event and under no legal theory,
- whether in tort (including negligence), contract, or otherwise,
- unless required by applicable law (such as deliberate and grossly
- negligent acts) or agreed to in writing, shall any Contributor be
- liable to You for damages, including any direct, indirect, special,
- incidental, or consequential damages of any character arising as a
- result of this License or out of the use or inability to use the
- Work (including but not limited to damages for loss of goodwill,
- work stoppage, computer failure or malfunction, or any and all
- other commercial damages or losses), even if such Contributor
- has been advised of the possibility of such damages.
-
- 9. Accepting Warranty or Additional Liability. While redistributing
- the Work or Derivative Works thereof, You may choose to offer,
- and charge a fee for, acceptance of support, warranty, indemnity,
- or other liability obligations and/or rights consistent with this
- License. However, in accepting such obligations, You may act only
- on Your own behalf and on Your sole responsibility, not on behalf
- of any other Contributor, and only if You agree to indemnify,
- defend, and hold each Contributor harmless for any liability
- incurred by, or claims asserted against, such Contributor by reason
- of your accepting any such warranty or additional liability.
-
- END OF TERMS AND CONDITIONS
-
- APPENDIX: How to apply the Apache License to your work.
-
- To apply the Apache License to your work, attach the following
- boilerplate notice, with the fields enclosed by brackets "{}"
- replaced with your own identifying information. (Don't include
- the brackets!) The text should be enclosed in the appropriate
- comment syntax for the file format. We also recommend that a
- file or class name and description of purpose be included on the
- same "printed page" as the copyright notice for easier
- identification within third-party archives.
-
- Copyright {yyyy} {name of copyright owner}
-
- Licensed under the Apache License, Version 2.0 (the "License");
- you may not use this file except in compliance with the License.
- You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing, software
- distributed under the License is distributed on an "AS IS" BASIS,
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- See the License for the specific language governing permissions and
- limitations under the License.
-
diff --git a/vendor/github.com/docker/libnetwork/README.md b/vendor/github.com/docker/libnetwork/README.md
deleted file mode 100644
index a9020381a..000000000
--- a/vendor/github.com/docker/libnetwork/README.md
+++ /dev/null
@@ -1,100 +0,0 @@
-# libnetwork - networking for containers
-
-[![Circle CI](https://circleci.com/gh/docker/libnetwork/tree/master.svg?style=svg)](https://circleci.com/gh/docker/libnetwork/tree/master) [![Coverage Status](https://coveralls.io/repos/docker/libnetwork/badge.svg)](https://coveralls.io/r/docker/libnetwork) [![GoDoc](https://godoc.org/github.com/docker/libnetwork?status.svg)](https://godoc.org/github.com/docker/libnetwork) [![Go Report Card](https://goreportcard.com/badge/github.com/docker/libnetwork)](https://goreportcard.com/report/github.com/docker/libnetwork)
-
-Libnetwork provides a native Go implementation for connecting containers
-
-The goal of libnetwork is to deliver a robust Container Network Model that provides a consistent programming interface and the required network abstractions for applications.
-
-#### Design
-Please refer to the [design](docs/design.md) for more information.
-
-#### Using libnetwork
-
-There are many networking solutions available to suit a broad range of use-cases. libnetwork uses a driver / plugin model to support all of these solutions while abstracting the complexity of the driver implementations by exposing a simple and consistent Network Model to users.
-
-
-```go
-import (
- "fmt"
- "log"
-
- "github.com/docker/docker/pkg/reexec"
- "github.com/docker/libnetwork"
- "github.com/docker/libnetwork/config"
- "github.com/docker/libnetwork/netlabel"
- "github.com/docker/libnetwork/options"
-)
-
-func main() {
- if reexec.Init() {
- return
- }
-
- // Select and configure the network driver
- networkType := "bridge"
-
- // Create a new controller instance
- driverOptions := options.Generic{}
- genericOption := make(map[string]interface{})
- genericOption[netlabel.GenericData] = driverOptions
- controller, err := libnetwork.New(config.OptionDriverConfig(networkType, genericOption))
- if err != nil {
- log.Fatalf("libnetwork.New: %s", err)
- }
-
- // Create a network for containers to join.
- // NewNetwork accepts Variadic optional arguments that libnetwork and Drivers can use.
- network, err := controller.NewNetwork(networkType, "network1", "")
- if err != nil {
- log.Fatalf("controller.NewNetwork: %s", err)
- }
-
- // For each new container: allocate IP and interfaces. The returned network
- // settings will be used for container infos (inspect and such), as well as
- // iptables rules for port publishing. This info is contained or accessible
- // from the returned endpoint.
- ep, err := network.CreateEndpoint("Endpoint1")
- if err != nil {
- log.Fatalf("network.CreateEndpoint: %s", err)
- }
-
- // Create the sandbox for the container.
- // NewSandbox accepts Variadic optional arguments which libnetwork can use.
- sbx, err := controller.NewSandbox("container1",
- libnetwork.OptionHostname("test"),
- libnetwork.OptionDomainname("docker.io"))
- if err != nil {
- log.Fatalf("controller.NewSandbox: %s", err)
- }
-
- // A sandbox can join the endpoint via the join api.
- err = ep.Join(sbx)
- if err != nil {
- log.Fatalf("ep.Join: %s", err)
- }
-
- // libnetwork client can check the endpoint's operational data via the Info() API
- epInfo, err := ep.DriverInfo()
- if err != nil {
- log.Fatalf("ep.DriverInfo: %s", err)
- }
-
- macAddress, ok := epInfo[netlabel.MacAddress]
- if !ok {
- log.Fatalf("failed to get mac address from endpoint info")
- }
-
- fmt.Printf("Joined endpoint %s (%s) to sandbox %s (%s)\n", ep.Name(), macAddress, sbx.ContainerID(), sbx.Key())
-}
-```
-
-## Future
-Please refer to [roadmap](ROADMAP.md) for more information.
-
-## Contributing
-
-Want to hack on libnetwork? [Docker's contributions guidelines](https://github.com/docker/docker/blob/master/CONTRIBUTING.md) apply.
-
-## Copyright and license
-Code and documentation copyright 2015 Docker, inc. Code released under the Apache 2.0 license. Docs released under Creative commons.
diff --git a/vendor/github.com/docker/libnetwork/ipamutils/utils.go b/vendor/github.com/docker/libnetwork/ipamutils/utils.go
deleted file mode 100644
index 3fd37cd88..000000000
--- a/vendor/github.com/docker/libnetwork/ipamutils/utils.go
+++ /dev/null
@@ -1,135 +0,0 @@
-// Package ipamutils provides utility functions for ipam management
-package ipamutils
-
-import (
- "fmt"
- "net"
- "sync"
-)
-
-var (
- // PredefinedLocalScopeDefaultNetworks contains a list of 31 IPv4 private networks with host size 16 and 12
- // (172.17-31.x.x/16, 192.168.x.x/20) which do not overlap with the networks in `PredefinedGlobalScopeDefaultNetworks`
- PredefinedLocalScopeDefaultNetworks []*net.IPNet
- // PredefinedGlobalScopeDefaultNetworks contains a list of 64K IPv4 private networks with host size 8
- // (10.x.x.x/24) which do not overlap with the networks in `PredefinedLocalScopeDefaultNetworks`
- PredefinedGlobalScopeDefaultNetworks []*net.IPNet
- mutex sync.Mutex
- localScopeDefaultNetworks = []*NetworkToSplit{{"172.17.0.0/16", 16}, {"172.18.0.0/16", 16}, {"172.19.0.0/16", 16},
- {"172.20.0.0/14", 16}, {"172.24.0.0/14", 16}, {"172.28.0.0/14", 16},
- {"192.168.0.0/16", 20}}
- globalScopeDefaultNetworks = []*NetworkToSplit{{"10.0.0.0/8", 24}}
-)
-
-// NetworkToSplit represent a network that has to be split in chunks with mask length Size.
-// Each subnet in the set is derived from the Base pool. Base is to be passed
-// in CIDR format.
-// Example: a Base "10.10.0.0/16 with Size 24 will define the set of 256
-// 10.10.[0-255].0/24 address pools
-type NetworkToSplit struct {
- Base string `json:"base"`
- Size int `json:"size"`
-}
-
-func init() {
- var err error
- if PredefinedGlobalScopeDefaultNetworks, err = splitNetworks(globalScopeDefaultNetworks); err != nil {
- //we are going to panic in case of error as we should never get into this state
- panic("InitAddressPools failed to initialize the global scope default address pool")
- }
-
- if PredefinedLocalScopeDefaultNetworks, err = splitNetworks(localScopeDefaultNetworks); err != nil {
- //we are going to panic in case of error as we should never get into this state
- panic("InitAddressPools failed to initialize the local scope default address pool")
- }
-}
-
-// configDefaultNetworks configures local as well global default pool based on input
-func configDefaultNetworks(defaultAddressPool []*NetworkToSplit, result *[]*net.IPNet) error {
- mutex.Lock()
- defer mutex.Unlock()
- defaultNetworks, err := splitNetworks(defaultAddressPool)
- if err != nil {
- return err
- }
- *result = defaultNetworks
- return nil
-}
-
-// GetGlobalScopeDefaultNetworks returns PredefinedGlobalScopeDefaultNetworks
-func GetGlobalScopeDefaultNetworks() []*net.IPNet {
- mutex.Lock()
- defer mutex.Unlock()
- return PredefinedGlobalScopeDefaultNetworks
-}
-
-// GetLocalScopeDefaultNetworks returns PredefinedLocalScopeDefaultNetworks
-func GetLocalScopeDefaultNetworks() []*net.IPNet {
- mutex.Lock()
- defer mutex.Unlock()
- return PredefinedLocalScopeDefaultNetworks
-}
-
-// ConfigGlobalScopeDefaultNetworks configures global default pool.
-// Ideally this will be called from SwarmKit as part of swarm init
-func ConfigGlobalScopeDefaultNetworks(defaultAddressPool []*NetworkToSplit) error {
- if defaultAddressPool == nil {
- defaultAddressPool = globalScopeDefaultNetworks
- }
- return configDefaultNetworks(defaultAddressPool, &PredefinedGlobalScopeDefaultNetworks)
-}
-
-// ConfigLocalScopeDefaultNetworks configures local default pool.
-// Ideally this will be called during libnetwork init
-func ConfigLocalScopeDefaultNetworks(defaultAddressPool []*NetworkToSplit) error {
- if defaultAddressPool == nil {
- return nil
- }
- return configDefaultNetworks(defaultAddressPool, &PredefinedLocalScopeDefaultNetworks)
-}
-
-// splitNetworks takes a slice of networks, split them accordingly and returns them
-func splitNetworks(list []*NetworkToSplit) ([]*net.IPNet, error) {
- localPools := make([]*net.IPNet, 0, len(list))
-
- for _, p := range list {
- _, b, err := net.ParseCIDR(p.Base)
- if err != nil {
- return nil, fmt.Errorf("invalid base pool %q: %v", p.Base, err)
- }
- ones, _ := b.Mask.Size()
- if p.Size <= 0 || p.Size < ones {
- return nil, fmt.Errorf("invalid pools size: %d", p.Size)
- }
- localPools = append(localPools, splitNetwork(p.Size, b)...)
- }
- return localPools, nil
-}
-
-func splitNetwork(size int, base *net.IPNet) []*net.IPNet {
- one, bits := base.Mask.Size()
- mask := net.CIDRMask(size, bits)
- n := 1 << uint(size-one)
- s := uint(bits - size)
- list := make([]*net.IPNet, 0, n)
-
- for i := 0; i < n; i++ {
- ip := copyIP(base.IP)
- addIntToIP(ip, uint(i<<s))
- list = append(list, &net.IPNet{IP: ip, Mask: mask})
- }
- return list
-}
-
-func copyIP(from net.IP) net.IP {
- ip := make([]byte, len(from))
- copy(ip, from)
- return ip
-}
-
-func addIntToIP(array net.IP, ordinal uint) {
- for i := len(array) - 1; i >= 0; i-- {
- array[i] |= (byte)(ordinal & 0xff)
- ordinal >>= 8
- }
-}
diff --git a/vendor/github.com/docker/libnetwork/netutils/utils.go b/vendor/github.com/docker/libnetwork/netutils/utils.go
deleted file mode 100644
index 7de98f6b0..000000000
--- a/vendor/github.com/docker/libnetwork/netutils/utils.go
+++ /dev/null
@@ -1,194 +0,0 @@
-// Network utility functions.
-
-package netutils
-
-import (
- "crypto/rand"
- "encoding/hex"
- "errors"
- "fmt"
- "io"
- "net"
- "strings"
-
- "github.com/docker/libnetwork/types"
-)
-
-var (
- // ErrNetworkOverlapsWithNameservers preformatted error
- ErrNetworkOverlapsWithNameservers = errors.New("requested network overlaps with nameserver")
- // ErrNetworkOverlaps preformatted error
- ErrNetworkOverlaps = errors.New("requested network overlaps with existing network")
- // ErrNoDefaultRoute preformatted error
- ErrNoDefaultRoute = errors.New("no default route")
-)
-
-// CheckNameserverOverlaps checks whether the passed network overlaps with any of the nameservers
-func CheckNameserverOverlaps(nameservers []string, toCheck *net.IPNet) error {
- if len(nameservers) > 0 {
- for _, ns := range nameservers {
- _, nsNetwork, err := net.ParseCIDR(ns)
- if err != nil {
- return err
- }
- if NetworkOverlaps(toCheck, nsNetwork) {
- return ErrNetworkOverlapsWithNameservers
- }
- }
- }
- return nil
-}
-
-// NetworkOverlaps detects overlap between one IPNet and another
-func NetworkOverlaps(netX *net.IPNet, netY *net.IPNet) bool {
- return netX.Contains(netY.IP) || netY.Contains(netX.IP)
-}
-
-// NetworkRange calculates the first and last IP addresses in an IPNet
-func NetworkRange(network *net.IPNet) (net.IP, net.IP) {
- if network == nil {
- return nil, nil
- }
-
- firstIP := network.IP.Mask(network.Mask)
- lastIP := types.GetIPCopy(firstIP)
- for i := 0; i < len(firstIP); i++ {
- lastIP[i] = firstIP[i] | ^network.Mask[i]
- }
-
- if network.IP.To4() != nil {
- firstIP = firstIP.To4()
- lastIP = lastIP.To4()
- }
-
- return firstIP, lastIP
-}
-
-// GetIfaceAddr returns the first IPv4 address and slice of IPv6 addresses for the specified network interface
-func GetIfaceAddr(name string) (net.Addr, []net.Addr, error) {
- iface, err := net.InterfaceByName(name)
- if err != nil {
- return nil, nil, err
- }
- addrs, err := iface.Addrs()
- if err != nil {
- return nil, nil, err
- }
- var addrs4 []net.Addr
- var addrs6 []net.Addr
- for _, addr := range addrs {
- ip := (addr.(*net.IPNet)).IP
- if ip4 := ip.To4(); ip4 != nil {
- addrs4 = append(addrs4, addr)
- } else if ip6 := ip.To16(); len(ip6) == net.IPv6len {
- addrs6 = append(addrs6, addr)
- }
- }
- switch {
- case len(addrs4) == 0:
- return nil, nil, fmt.Errorf("Interface %v has no IPv4 addresses", name)
- case len(addrs4) > 1:
- fmt.Printf("Interface %v has more than 1 IPv4 address. Defaulting to using %v\n",
- name, (addrs4[0].(*net.IPNet)).IP)
- }
- return addrs4[0], addrs6, nil
-}
-
-func genMAC(ip net.IP) net.HardwareAddr {
- hw := make(net.HardwareAddr, 6)
- // The first byte of the MAC address has to comply with these rules:
- // 1. Unicast: Set the least-significant bit to 0.
- // 2. Address is locally administered: Set the second-least-significant bit (U/L) to 1.
- hw[0] = 0x02
- // The first 24 bits of the MAC represent the Organizationally Unique Identifier (OUI).
- // Since this address is locally administered, we can do whatever we want as long as
- // it doesn't conflict with other addresses.
- hw[1] = 0x42
- // Fill the remaining 4 bytes based on the input
- if ip == nil {
- rand.Read(hw[2:])
- } else {
- copy(hw[2:], ip.To4())
- }
- return hw
-}
-
-// GenerateRandomMAC returns a new 6-byte(48-bit) hardware address (MAC)
-func GenerateRandomMAC() net.HardwareAddr {
- return genMAC(nil)
-}
-
-// GenerateMACFromIP returns a locally administered MAC address where the 4 least
-// significant bytes are derived from the IPv4 address.
-func GenerateMACFromIP(ip net.IP) net.HardwareAddr {
- return genMAC(ip)
-}
-
-// GenerateRandomName returns a new name joined with a prefix. This size
-// specified is used to truncate the randomly generated value
-func GenerateRandomName(prefix string, size int) (string, error) {
- id := make([]byte, 32)
- if _, err := io.ReadFull(rand.Reader, id); err != nil {
- return "", err
- }
- return prefix + hex.EncodeToString(id)[:size], nil
-}
-
-// ReverseIP accepts a V4 or V6 IP string in the canonical form and returns a reversed IP in
-// the dotted decimal form . This is used to setup the IP to service name mapping in the optimal
-// way for the DNS PTR queries.
-func ReverseIP(IP string) string {
- var reverseIP []string
-
- if net.ParseIP(IP).To4() != nil {
- reverseIP = strings.Split(IP, ".")
- l := len(reverseIP)
- for i, j := 0, l-1; i < l/2; i, j = i+1, j-1 {
- reverseIP[i], reverseIP[j] = reverseIP[j], reverseIP[i]
- }
- } else {
- reverseIP = strings.Split(IP, ":")
-
- // Reversed IPv6 is represented in dotted decimal instead of the typical
- // colon hex notation
- for key := range reverseIP {
- if len(reverseIP[key]) == 0 { // expand the compressed 0s
- reverseIP[key] = strings.Repeat("0000", 8-strings.Count(IP, ":"))
- } else if len(reverseIP[key]) < 4 { // 0-padding needed
- reverseIP[key] = strings.Repeat("0", 4-len(reverseIP[key])) + reverseIP[key]
- }
- }
-
- reverseIP = strings.Split(strings.Join(reverseIP, ""), "")
-
- l := len(reverseIP)
- for i, j := 0, l-1; i < l/2; i, j = i+1, j-1 {
- reverseIP[i], reverseIP[j] = reverseIP[j], reverseIP[i]
- }
- }
-
- return strings.Join(reverseIP, ".")
-}
-
-// ParseAlias parses and validates the specified string as an alias format (name:alias)
-func ParseAlias(val string) (string, string, error) {
- if val == "" {
- return "", "", errors.New("empty string specified for alias")
- }
- arr := strings.Split(val, ":")
- if len(arr) > 2 {
- return "", "", fmt.Errorf("bad format for alias: %s", val)
- }
- if len(arr) == 1 {
- return val, val, nil
- }
- return arr[0], arr[1], nil
-}
-
-// ValidateAlias validates that the specified string has a valid alias format (containerName:alias).
-func ValidateAlias(val string) (string, error) {
- if _, _, err := ParseAlias(val); err != nil {
- return val, err
- }
- return val, nil
-}
diff --git a/vendor/github.com/docker/libnetwork/netutils/utils_freebsd.go b/vendor/github.com/docker/libnetwork/netutils/utils_freebsd.go
deleted file mode 100644
index 02bcd32aa..000000000
--- a/vendor/github.com/docker/libnetwork/netutils/utils_freebsd.go
+++ /dev/null
@@ -1,23 +0,0 @@
-package netutils
-
-import (
- "net"
-
- "github.com/docker/libnetwork/types"
-)
-
-// ElectInterfaceAddresses looks for an interface on the OS with the specified name
-// and returns returns all its IPv4 and IPv6 addresses in CIDR notation.
-// If a failure in retrieving the addresses or no IPv4 address is found, an error is returned.
-// If the interface does not exist, it chooses from a predefined
-// list the first IPv4 address which does not conflict with other
-// interfaces on the system.
-func ElectInterfaceAddresses(name string) ([]*net.IPNet, []*net.IPNet, error) {
- return nil, nil, types.NotImplementedErrorf("not supported on freebsd")
-}
-
-// FindAvailableNetwork returns a network from the passed list which does not
-// overlap with existing interfaces in the system
-func FindAvailableNetwork(list []*net.IPNet) (*net.IPNet, error) {
- return nil, types.NotImplementedErrorf("not supported on freebsd")
-}
diff --git a/vendor/github.com/docker/libnetwork/netutils/utils_linux.go b/vendor/github.com/docker/libnetwork/netutils/utils_linux.go
deleted file mode 100644
index 10a5e109e..000000000
--- a/vendor/github.com/docker/libnetwork/netutils/utils_linux.go
+++ /dev/null
@@ -1,126 +0,0 @@
-// +build linux
-// Network utility functions.
-
-package netutils
-
-import (
- "fmt"
- "net"
- "strings"
-
- "github.com/docker/libnetwork/ipamutils"
- "github.com/docker/libnetwork/ns"
- "github.com/docker/libnetwork/osl"
- "github.com/docker/libnetwork/resolvconf"
- "github.com/docker/libnetwork/types"
- "github.com/vishvananda/netlink"
-)
-
-var (
- networkGetRoutesFct func(netlink.Link, int) ([]netlink.Route, error)
-)
-
-// CheckRouteOverlaps checks whether the passed network overlaps with any existing routes
-func CheckRouteOverlaps(toCheck *net.IPNet) error {
- if networkGetRoutesFct == nil {
- networkGetRoutesFct = ns.NlHandle().RouteList
- }
- networks, err := networkGetRoutesFct(nil, netlink.FAMILY_V4)
- if err != nil {
- return err
- }
- for _, network := range networks {
- if network.Dst != nil && NetworkOverlaps(toCheck, network.Dst) {
- return ErrNetworkOverlaps
- }
- }
- return nil
-}
-
-// GenerateIfaceName returns an interface name using the passed in
-// prefix and the length of random bytes. The api ensures that the
-// there are is no interface which exists with that name.
-func GenerateIfaceName(nlh *netlink.Handle, prefix string, len int) (string, error) {
- linkByName := netlink.LinkByName
- if nlh != nil {
- linkByName = nlh.LinkByName
- }
- for i := 0; i < 3; i++ {
- name, err := GenerateRandomName(prefix, len)
- if err != nil {
- continue
- }
- _, err = linkByName(name)
- if err != nil {
- if strings.Contains(err.Error(), "not found") {
- return name, nil
- }
- return "", err
- }
- }
- return "", types.InternalErrorf("could not generate interface name")
-}
-
-// ElectInterfaceAddresses looks for an interface on the OS with the
-// specified name and returns returns all its IPv4 and IPv6 addresses in CIDR notation.
-// If a failure in retrieving the addresses or no IPv4 address is found, an error is returned.
-// If the interface does not exist, it chooses from a predefined
-// list the first IPv4 address which does not conflict with other
-// interfaces on the system.
-func ElectInterfaceAddresses(name string) ([]*net.IPNet, []*net.IPNet, error) {
- var (
- v4Nets []*net.IPNet
- v6Nets []*net.IPNet
- )
-
- defer osl.InitOSContext()()
-
- link, _ := ns.NlHandle().LinkByName(name)
- if link != nil {
- v4addr, err := ns.NlHandle().AddrList(link, netlink.FAMILY_V4)
- if err != nil {
- return nil, nil, err
- }
- v6addr, err := ns.NlHandle().AddrList(link, netlink.FAMILY_V6)
- if err != nil {
- return nil, nil, err
- }
- for _, nlAddr := range v4addr {
- v4Nets = append(v4Nets, nlAddr.IPNet)
- }
- for _, nlAddr := range v6addr {
- v6Nets = append(v6Nets, nlAddr.IPNet)
- }
- }
-
- if link == nil || len(v4Nets) == 0 {
- // Choose from predefined local scope networks
- v4Net, err := FindAvailableNetwork(ipamutils.PredefinedLocalScopeDefaultNetworks)
- if err != nil {
- return nil, nil, err
- }
- v4Nets = append(v4Nets, v4Net)
- }
-
- return v4Nets, v6Nets, nil
-}
-
-// FindAvailableNetwork returns a network from the passed list which does not
-// overlap with existing interfaces in the system
-func FindAvailableNetwork(list []*net.IPNet) (*net.IPNet, error) {
- // We don't check for an error here, because we don't really care if we
- // can't read /etc/resolv.conf. So instead we skip the append if resolvConf
- // is nil. It either doesn't exist, or we can't read it for some reason.
- var nameservers []string
- if rc, err := resolvconf.Get(); err == nil {
- nameservers = resolvconf.GetNameserversAsCIDR(rc.Content)
- }
- for _, nw := range list {
- if err := CheckNameserverOverlaps(nameservers, nw); err == nil {
- if err := CheckRouteOverlaps(nw); err == nil {
- return nw, nil
- }
- }
- }
- return nil, fmt.Errorf("no available network")
-}
diff --git a/vendor/github.com/docker/libnetwork/netutils/utils_windows.go b/vendor/github.com/docker/libnetwork/netutils/utils_windows.go
deleted file mode 100644
index 73af44ec7..000000000
--- a/vendor/github.com/docker/libnetwork/netutils/utils_windows.go
+++ /dev/null
@@ -1,25 +0,0 @@
-package netutils
-
-import (
- "net"
-
- "github.com/docker/libnetwork/types"
-)
-
-// ElectInterfaceAddresses looks for an interface on the OS with the specified name
-// and returns returns all its IPv4 and IPv6 addresses in CIDR notation.
-// If a failure in retrieving the addresses or no IPv4 address is found, an error is returned.
-// If the interface does not exist, it chooses from a predefined
-// list the first IPv4 address which does not conflict with other
-// interfaces on the system.
-func ElectInterfaceAddresses(name string) ([]*net.IPNet, []*net.IPNet, error) {
- return nil, nil, types.NotImplementedErrorf("not supported on windows")
-}
-
-// FindAvailableNetwork returns a network from the passed list which does not
-// overlap with existing interfaces in the system
-
-// TODO : Use appropriate windows APIs to identify non-overlapping subnets
-func FindAvailableNetwork(list []*net.IPNet) (*net.IPNet, error) {
- return nil, nil
-}
diff --git a/vendor/github.com/docker/libnetwork/ns/init_linux.go b/vendor/github.com/docker/libnetwork/ns/init_linux.go
deleted file mode 100644
index 567a6242a..000000000
--- a/vendor/github.com/docker/libnetwork/ns/init_linux.go
+++ /dev/null
@@ -1,140 +0,0 @@
-package ns
-
-import (
- "fmt"
- "os"
- "os/exec"
- "strings"
- "sync"
- "syscall"
- "time"
-
- "github.com/sirupsen/logrus"
- "github.com/vishvananda/netlink"
- "github.com/vishvananda/netns"
-)
-
-var (
- initNs netns.NsHandle
- initNl *netlink.Handle
- initOnce sync.Once
- // NetlinkSocketsTimeout represents the default timeout duration for the sockets
- NetlinkSocketsTimeout = 3 * time.Second
-)
-
-// Init initializes a new network namespace
-func Init() {
- var err error
- initNs, err = netns.Get()
- if err != nil {
- logrus.Errorf("could not get initial namespace: %v", err)
- }
- initNl, err = netlink.NewHandle(getSupportedNlFamilies()...)
- if err != nil {
- logrus.Errorf("could not create netlink handle on initial namespace: %v", err)
- }
- err = initNl.SetSocketTimeout(NetlinkSocketsTimeout)
- if err != nil {
- logrus.Warnf("Failed to set the timeout on the default netlink handle sockets: %v", err)
- }
-}
-
-// SetNamespace sets the initial namespace handler
-func SetNamespace() error {
- initOnce.Do(Init)
- if err := netns.Set(initNs); err != nil {
- linkInfo, linkErr := getLink()
- if linkErr != nil {
- linkInfo = linkErr.Error()
- }
- return fmt.Errorf("failed to set to initial namespace, %v, initns fd %d: %v", linkInfo, initNs, err)
- }
- return nil
-}
-
-// ParseHandlerInt transforms the namespace handler into an integer
-func ParseHandlerInt() int {
- return int(getHandler())
-}
-
-// GetHandler returns the namespace handler
-func getHandler() netns.NsHandle {
- initOnce.Do(Init)
- return initNs
-}
-
-func getLink() (string, error) {
- return os.Readlink(fmt.Sprintf("/proc/%d/task/%d/ns/net", os.Getpid(), syscall.Gettid()))
-}
-
-// NlHandle returns the netlink handler
-func NlHandle() *netlink.Handle {
- initOnce.Do(Init)
- return initNl
-}
-
-func getSupportedNlFamilies() []int {
- fams := []int{syscall.NETLINK_ROUTE}
- // NETLINK_XFRM test
- if err := loadXfrmModules(); err != nil {
- if checkXfrmSocket() != nil {
- logrus.Warnf("Could not load necessary modules for IPSEC rules: %v", err)
- } else {
- fams = append(fams, syscall.NETLINK_XFRM)
- }
- } else {
- fams = append(fams, syscall.NETLINK_XFRM)
- }
- // NETLINK_NETFILTER test
- if err := loadNfConntrackModules(); err != nil {
- if checkNfSocket() != nil {
- logrus.Warnf("Could not load necessary modules for Conntrack: %v", err)
- } else {
- fams = append(fams, syscall.NETLINK_NETFILTER)
- }
- } else {
- fams = append(fams, syscall.NETLINK_NETFILTER)
- }
-
- return fams
-}
-
-func loadXfrmModules() error {
- if out, err := exec.Command("modprobe", "-va", "xfrm_user").CombinedOutput(); err != nil {
- return fmt.Errorf("Running modprobe xfrm_user failed with message: `%s`, error: %v", strings.TrimSpace(string(out)), err)
- }
- if out, err := exec.Command("modprobe", "-va", "xfrm_algo").CombinedOutput(); err != nil {
- return fmt.Errorf("Running modprobe xfrm_algo failed with message: `%s`, error: %v", strings.TrimSpace(string(out)), err)
- }
- return nil
-}
-
-// API check on required xfrm modules (xfrm_user, xfrm_algo)
-func checkXfrmSocket() error {
- fd, err := syscall.Socket(syscall.AF_NETLINK, syscall.SOCK_RAW, syscall.NETLINK_XFRM)
- if err != nil {
- return err
- }
- syscall.Close(fd)
- return nil
-}
-
-func loadNfConntrackModules() error {
- if out, err := exec.Command("modprobe", "-va", "nf_conntrack").CombinedOutput(); err != nil {
- return fmt.Errorf("Running modprobe nf_conntrack failed with message: `%s`, error: %v", strings.TrimSpace(string(out)), err)
- }
- if out, err := exec.Command("modprobe", "-va", "nf_conntrack_netlink").CombinedOutput(); err != nil {
- return fmt.Errorf("Running modprobe nf_conntrack_netlink failed with message: `%s`, error: %v", strings.TrimSpace(string(out)), err)
- }
- return nil
-}
-
-// API check on required nf_conntrack* modules (nf_conntrack, nf_conntrack_netlink)
-func checkNfSocket() error {
- fd, err := syscall.Socket(syscall.AF_NETLINK, syscall.SOCK_RAW, syscall.NETLINK_NETFILTER)
- if err != nil {
- return err
- }
- syscall.Close(fd)
- return nil
-}
diff --git a/vendor/github.com/docker/libnetwork/ns/init_windows.go b/vendor/github.com/docker/libnetwork/ns/init_windows.go
deleted file mode 100644
index f5838f81d..000000000
--- a/vendor/github.com/docker/libnetwork/ns/init_windows.go
+++ /dev/null
@@ -1,3 +0,0 @@
-package ns
-
-// File is present so that go build ./... is closer to working on Windows from repo root.
diff --git a/vendor/github.com/docker/libnetwork/osl/interface_freebsd.go b/vendor/github.com/docker/libnetwork/osl/interface_freebsd.go
deleted file mode 100644
index 9c0141fd9..000000000
--- a/vendor/github.com/docker/libnetwork/osl/interface_freebsd.go
+++ /dev/null
@@ -1,4 +0,0 @@
-package osl
-
-// IfaceOption is a function option type to set interface options
-type IfaceOption func()
diff --git a/vendor/github.com/docker/libnetwork/osl/interface_linux.go b/vendor/github.com/docker/libnetwork/osl/interface_linux.go
deleted file mode 100644
index 4f8ff3d63..000000000
--- a/vendor/github.com/docker/libnetwork/osl/interface_linux.go
+++ /dev/null
@@ -1,460 +0,0 @@
-package osl
-
-import (
- "fmt"
- "net"
- "regexp"
- "sync"
- "syscall"
- "time"
-
- "github.com/docker/libnetwork/ns"
- "github.com/docker/libnetwork/types"
- "github.com/sirupsen/logrus"
- "github.com/vishvananda/netlink"
- "github.com/vishvananda/netns"
-)
-
-// IfaceOption is a function option type to set interface options
-type IfaceOption func(i *nwIface)
-
-type nwIface struct {
- srcName string
- dstName string
- master string
- dstMaster string
- mac net.HardwareAddr
- address *net.IPNet
- addressIPv6 *net.IPNet
- llAddrs []*net.IPNet
- routes []*net.IPNet
- bridge bool
- ns *networkNamespace
- sync.Mutex
-}
-
-func (i *nwIface) SrcName() string {
- i.Lock()
- defer i.Unlock()
-
- return i.srcName
-}
-
-func (i *nwIface) DstName() string {
- i.Lock()
- defer i.Unlock()
-
- return i.dstName
-}
-
-func (i *nwIface) DstMaster() string {
- i.Lock()
- defer i.Unlock()
-
- return i.dstMaster
-}
-
-func (i *nwIface) Bridge() bool {
- i.Lock()
- defer i.Unlock()
-
- return i.bridge
-}
-
-func (i *nwIface) Master() string {
- i.Lock()
- defer i.Unlock()
-
- return i.master
-}
-
-func (i *nwIface) MacAddress() net.HardwareAddr {
- i.Lock()
- defer i.Unlock()
-
- return types.GetMacCopy(i.mac)
-}
-
-func (i *nwIface) Address() *net.IPNet {
- i.Lock()
- defer i.Unlock()
-
- return types.GetIPNetCopy(i.address)
-}
-
-func (i *nwIface) AddressIPv6() *net.IPNet {
- i.Lock()
- defer i.Unlock()
-
- return types.GetIPNetCopy(i.addressIPv6)
-}
-
-func (i *nwIface) LinkLocalAddresses() []*net.IPNet {
- i.Lock()
- defer i.Unlock()
-
- return i.llAddrs
-}
-
-func (i *nwIface) Routes() []*net.IPNet {
- i.Lock()
- defer i.Unlock()
-
- routes := make([]*net.IPNet, len(i.routes))
- for index, route := range i.routes {
- r := types.GetIPNetCopy(route)
- routes[index] = r
- }
-
- return routes
-}
-
-func (n *networkNamespace) Interfaces() []Interface {
- n.Lock()
- defer n.Unlock()
-
- ifaces := make([]Interface, len(n.iFaces))
-
- for i, iface := range n.iFaces {
- ifaces[i] = iface
- }
-
- return ifaces
-}
-
-func (i *nwIface) Remove() error {
- i.Lock()
- n := i.ns
- i.Unlock()
-
- n.Lock()
- isDefault := n.isDefault
- nlh := n.nlHandle
- n.Unlock()
-
- // Find the network interface identified by the DstName attribute.
- iface, err := nlh.LinkByName(i.DstName())
- if err != nil {
- return err
- }
-
- // Down the interface before configuring
- if err := nlh.LinkSetDown(iface); err != nil {
- return err
- }
-
- err = nlh.LinkSetName(iface, i.SrcName())
- if err != nil {
- logrus.Debugf("LinkSetName failed for interface %s: %v", i.SrcName(), err)
- return err
- }
-
- // if it is a bridge just delete it.
- if i.Bridge() {
- if err := nlh.LinkDel(iface); err != nil {
- return fmt.Errorf("failed deleting bridge %q: %v", i.SrcName(), err)
- }
- } else if !isDefault {
- // Move the network interface to caller namespace.
- if err := nlh.LinkSetNsFd(iface, ns.ParseHandlerInt()); err != nil {
- logrus.Debugf("LinkSetNsPid failed for interface %s: %v", i.SrcName(), err)
- return err
- }
- }
-
- n.Lock()
- for index, intf := range n.iFaces {
- if intf == i {
- n.iFaces = append(n.iFaces[:index], n.iFaces[index+1:]...)
- break
- }
- }
- n.Unlock()
-
- n.checkLoV6()
-
- return nil
-}
-
-// Returns the sandbox's side veth interface statistics
-func (i *nwIface) Statistics() (*types.InterfaceStatistics, error) {
- i.Lock()
- n := i.ns
- i.Unlock()
-
- l, err := n.nlHandle.LinkByName(i.DstName())
- if err != nil {
- return nil, fmt.Errorf("failed to retrieve the statistics for %s in netns %s: %v", i.DstName(), n.path, err)
- }
-
- stats := l.Attrs().Statistics
- if stats == nil {
- return nil, fmt.Errorf("no statistics were returned")
- }
-
- return &types.InterfaceStatistics{
- RxBytes: uint64(stats.RxBytes),
- TxBytes: uint64(stats.TxBytes),
- RxPackets: uint64(stats.RxPackets),
- TxPackets: uint64(stats.TxPackets),
- RxDropped: uint64(stats.RxDropped),
- TxDropped: uint64(stats.TxDropped),
- }, nil
-}
-
-func (n *networkNamespace) findDst(srcName string, isBridge bool) string {
- n.Lock()
- defer n.Unlock()
-
- for _, i := range n.iFaces {
- // The master should match the srcname of the interface and the
- // master interface should be of type bridge, if searching for a bridge type
- if i.SrcName() == srcName && (!isBridge || i.Bridge()) {
- return i.DstName()
- }
- }
-
- return ""
-}
-
-func (n *networkNamespace) AddInterface(srcName, dstPrefix string, options ...IfaceOption) error {
- i := &nwIface{srcName: srcName, dstName: dstPrefix, ns: n}
- i.processInterfaceOptions(options...)
-
- if i.master != "" {
- i.dstMaster = n.findDst(i.master, true)
- if i.dstMaster == "" {
- return fmt.Errorf("could not find an appropriate master %q for %q",
- i.master, i.srcName)
- }
- }
-
- n.Lock()
- if n.isDefault {
- i.dstName = i.srcName
- } else {
- i.dstName = fmt.Sprintf("%s%d", dstPrefix, n.nextIfIndex[dstPrefix])
- n.nextIfIndex[dstPrefix]++
- }
-
- path := n.path
- isDefault := n.isDefault
- nlh := n.nlHandle
- nlhHost := ns.NlHandle()
- n.Unlock()
-
- // If it is a bridge interface we have to create the bridge inside
- // the namespace so don't try to lookup the interface using srcName
- if i.bridge {
- link := &netlink.Bridge{
- LinkAttrs: netlink.LinkAttrs{
- Name: i.srcName,
- },
- }
- if err := nlh.LinkAdd(link); err != nil {
- return fmt.Errorf("failed to create bridge %q: %v", i.srcName, err)
- }
- } else {
- // Find the network interface identified by the SrcName attribute.
- iface, err := nlhHost.LinkByName(i.srcName)
- if err != nil {
- return fmt.Errorf("failed to get link by name %q: %v", i.srcName, err)
- }
-
- // Move the network interface to the destination
- // namespace only if the namespace is not a default
- // type
- if !isDefault {
- newNs, err := netns.GetFromPath(path)
- if err != nil {
- return fmt.Errorf("failed get network namespace %q: %v", path, err)
- }
- defer newNs.Close()
- if err := nlhHost.LinkSetNsFd(iface, int(newNs)); err != nil {
- return fmt.Errorf("failed to set namespace on link %q: %v", i.srcName, err)
- }
- }
- }
-
- // Find the network interface identified by the SrcName attribute.
- iface, err := nlh.LinkByName(i.srcName)
- if err != nil {
- return fmt.Errorf("failed to get link by name %q: %v", i.srcName, err)
- }
-
- // Down the interface before configuring
- if err := nlh.LinkSetDown(iface); err != nil {
- return fmt.Errorf("failed to set link down: %v", err)
- }
-
- // Configure the interface now this is moved in the proper namespace.
- if err := configureInterface(nlh, iface, i); err != nil {
- // If configuring the device fails move it back to the host namespace
- // and change the name back to the source name. This allows the caller
- // to properly cleanup the interface. Its important especially for
- // interfaces with global attributes, ex: vni id for vxlan interfaces.
- if nerr := nlh.LinkSetName(iface, i.SrcName()); nerr != nil {
- logrus.Errorf("renaming interface (%s->%s) failed, %v after config error %v", i.DstName(), i.SrcName(), nerr, err)
- }
- if nerr := nlh.LinkSetNsFd(iface, ns.ParseHandlerInt()); nerr != nil {
- logrus.Errorf("moving interface %s to host ns failed, %v, after config error %v", i.SrcName(), nerr, err)
- }
- return err
- }
-
- // Up the interface.
- cnt := 0
- for err = nlh.LinkSetUp(iface); err != nil && cnt < 3; cnt++ {
- logrus.Debugf("retrying link setup because of: %v", err)
- time.Sleep(10 * time.Millisecond)
- err = nlh.LinkSetUp(iface)
- }
- if err != nil {
- return fmt.Errorf("failed to set link up: %v", err)
- }
-
- // Set the routes on the interface. This can only be done when the interface is up.
- if err := setInterfaceRoutes(nlh, iface, i); err != nil {
- return fmt.Errorf("error setting interface %q routes to %q: %v", iface.Attrs().Name, i.Routes(), err)
- }
-
- n.Lock()
- n.iFaces = append(n.iFaces, i)
- n.Unlock()
-
- n.checkLoV6()
-
- return nil
-}
-
-func configureInterface(nlh *netlink.Handle, iface netlink.Link, i *nwIface) error {
- ifaceName := iface.Attrs().Name
- ifaceConfigurators := []struct {
- Fn func(*netlink.Handle, netlink.Link, *nwIface) error
- ErrMessage string
- }{
- {setInterfaceName, fmt.Sprintf("error renaming interface %q to %q", ifaceName, i.DstName())},
- {setInterfaceMAC, fmt.Sprintf("error setting interface %q MAC to %q", ifaceName, i.MacAddress())},
- {setInterfaceIP, fmt.Sprintf("error setting interface %q IP to %v", ifaceName, i.Address())},
- {setInterfaceIPv6, fmt.Sprintf("error setting interface %q IPv6 to %v", ifaceName, i.AddressIPv6())},
- {setInterfaceMaster, fmt.Sprintf("error setting interface %q master to %q", ifaceName, i.DstMaster())},
- {setInterfaceLinkLocalIPs, fmt.Sprintf("error setting interface %q link local IPs to %v", ifaceName, i.LinkLocalAddresses())},
- }
-
- for _, config := range ifaceConfigurators {
- if err := config.Fn(nlh, iface, i); err != nil {
- return fmt.Errorf("%s: %v", config.ErrMessage, err)
- }
- }
- return nil
-}
-
-func setInterfaceMaster(nlh *netlink.Handle, iface netlink.Link, i *nwIface) error {
- if i.DstMaster() == "" {
- return nil
- }
-
- return nlh.LinkSetMaster(iface, &netlink.Bridge{
- LinkAttrs: netlink.LinkAttrs{Name: i.DstMaster()}})
-}
-
-func setInterfaceMAC(nlh *netlink.Handle, iface netlink.Link, i *nwIface) error {
- if i.MacAddress() == nil {
- return nil
- }
- return nlh.LinkSetHardwareAddr(iface, i.MacAddress())
-}
-
-func setInterfaceIP(nlh *netlink.Handle, iface netlink.Link, i *nwIface) error {
- if i.Address() == nil {
- return nil
- }
- if err := checkRouteConflict(nlh, i.Address(), netlink.FAMILY_V4); err != nil {
- return err
- }
- ipAddr := &netlink.Addr{IPNet: i.Address(), Label: ""}
- return nlh.AddrAdd(iface, ipAddr)
-}
-
-func setInterfaceIPv6(nlh *netlink.Handle, iface netlink.Link, i *nwIface) error {
- if i.AddressIPv6() == nil {
- return nil
- }
- if err := checkRouteConflict(nlh, i.AddressIPv6(), netlink.FAMILY_V6); err != nil {
- return err
- }
- if err := setIPv6(i.ns.path, i.DstName(), true); err != nil {
- return fmt.Errorf("failed to enable ipv6: %v", err)
- }
- ipAddr := &netlink.Addr{IPNet: i.AddressIPv6(), Label: "", Flags: syscall.IFA_F_NODAD}
- return nlh.AddrAdd(iface, ipAddr)
-}
-
-func setInterfaceLinkLocalIPs(nlh *netlink.Handle, iface netlink.Link, i *nwIface) error {
- for _, llIP := range i.LinkLocalAddresses() {
- ipAddr := &netlink.Addr{IPNet: llIP}
- if err := nlh.AddrAdd(iface, ipAddr); err != nil {
- return err
- }
- }
- return nil
-}
-
-func setInterfaceName(nlh *netlink.Handle, iface netlink.Link, i *nwIface) error {
- return nlh.LinkSetName(iface, i.DstName())
-}
-
-func setInterfaceRoutes(nlh *netlink.Handle, iface netlink.Link, i *nwIface) error {
- for _, route := range i.Routes() {
- err := nlh.RouteAdd(&netlink.Route{
- Scope: netlink.SCOPE_LINK,
- LinkIndex: iface.Attrs().Index,
- Dst: route,
- })
- if err != nil {
- return err
- }
- }
- return nil
-}
-
-// In older kernels (like the one in Centos 6.6 distro) sysctl does not have netns support. Therefore
-// we cannot gather the statistics from /sys/class/net/<dev>/statistics/<counter> files. Per-netns stats
-// are naturally found in /proc/net/dev in kernels which support netns (ifconfig relies on that).
-const (
- netStatsFile = "/proc/net/dev"
- base = "[ ]*%s:([ ]+[0-9]+){16}"
-)
-
-func scanInterfaceStats(data, ifName string, i *types.InterfaceStatistics) error {
- var (
- bktStr string
- bkt uint64
- )
-
- regex := fmt.Sprintf(base, ifName)
- re := regexp.MustCompile(regex)
- line := re.FindString(data)
-
- _, err := fmt.Sscanf(line, "%s %d %d %d %d %d %d %d %d %d %d %d %d %d %d %d %d",
- &bktStr, &i.RxBytes, &i.RxPackets, &i.RxErrors, &i.RxDropped, &bkt, &bkt, &bkt,
- &bkt, &i.TxBytes, &i.TxPackets, &i.TxErrors, &i.TxDropped, &bkt, &bkt, &bkt, &bkt)
-
- return err
-}
-
-func checkRouteConflict(nlh *netlink.Handle, address *net.IPNet, family int) error {
- routes, err := nlh.RouteList(nil, family)
- if err != nil {
- return err
- }
- for _, route := range routes {
- if route.Dst != nil {
- if route.Dst.Contains(address.IP) || address.Contains(route.Dst.IP) {
- return fmt.Errorf("cannot program address %v in sandbox interface because it conflicts with existing route %s",
- address, route)
- }
- }
- }
- return nil
-}
diff --git a/vendor/github.com/docker/libnetwork/osl/interface_windows.go b/vendor/github.com/docker/libnetwork/osl/interface_windows.go
deleted file mode 100644
index 9c0141fd9..000000000
--- a/vendor/github.com/docker/libnetwork/osl/interface_windows.go
+++ /dev/null
@@ -1,4 +0,0 @@
-package osl
-
-// IfaceOption is a function option type to set interface options
-type IfaceOption func()
diff --git a/vendor/github.com/docker/libnetwork/osl/kernel/knobs.go b/vendor/github.com/docker/libnetwork/osl/kernel/knobs.go
deleted file mode 100644
index a7cd7dbb7..000000000
--- a/vendor/github.com/docker/libnetwork/osl/kernel/knobs.go
+++ /dev/null
@@ -1,16 +0,0 @@
-package kernel
-
-type conditionalCheck func(val1, val2 string) bool
-
-// OSValue represents a tuple, value defined, check function when to apply the value
-type OSValue struct {
- Value string
- CheckFn conditionalCheck
-}
-
-func propertyIsValid(val1, val2 string, check conditionalCheck) bool {
- if check == nil || check(val1, val2) {
- return true
- }
- return false
-}
diff --git a/vendor/github.com/docker/libnetwork/osl/kernel/knobs_linux.go b/vendor/github.com/docker/libnetwork/osl/kernel/knobs_linux.go
deleted file mode 100644
index 964280650..000000000
--- a/vendor/github.com/docker/libnetwork/osl/kernel/knobs_linux.go
+++ /dev/null
@@ -1,47 +0,0 @@
-package kernel
-
-import (
- "io/ioutil"
- "path"
- "strings"
-
- "github.com/sirupsen/logrus"
-)
-
-// writeSystemProperty writes the value to a path under /proc/sys as determined from the key.
-// For e.g. net.ipv4.ip_forward translated to /proc/sys/net/ipv4/ip_forward.
-func writeSystemProperty(key, value string) error {
- keyPath := strings.Replace(key, ".", "/", -1)
- return ioutil.WriteFile(path.Join("/proc/sys", keyPath), []byte(value), 0644)
-}
-
-// readSystemProperty reads the value from the path under /proc/sys and returns it
-func readSystemProperty(key string) (string, error) {
- keyPath := strings.Replace(key, ".", "/", -1)
- value, err := ioutil.ReadFile(path.Join("/proc/sys", keyPath))
- if err != nil {
- return "", err
- }
- return strings.TrimSpace(string(value)), nil
-}
-
-// ApplyOSTweaks applies the configuration values passed as arguments
-func ApplyOSTweaks(osConfig map[string]*OSValue) {
- for k, v := range osConfig {
- // read the existing property from disk
- oldv, err := readSystemProperty(k)
- if err != nil {
- logrus.WithError(err).Errorf("error reading the kernel parameter %s", k)
- continue
- }
-
- if propertyIsValid(oldv, v.Value, v.CheckFn) {
- // write new prop value to disk
- if err := writeSystemProperty(k, v.Value); err != nil {
- logrus.WithError(err).Errorf("error setting the kernel parameter %s = %s, (leaving as %s)", k, v.Value, oldv)
- continue
- }
- logrus.Debugf("updated kernel parameter %s = %s (was %s)", k, v.Value, oldv)
- }
- }
-}
diff --git a/vendor/github.com/docker/libnetwork/osl/kernel/knobs_unsupported.go b/vendor/github.com/docker/libnetwork/osl/kernel/knobs_unsupported.go
deleted file mode 100644
index 32f258f41..000000000
--- a/vendor/github.com/docker/libnetwork/osl/kernel/knobs_unsupported.go
+++ /dev/null
@@ -1,7 +0,0 @@
-// +build !linux
-
-package kernel
-
-// ApplyOSTweaks applies the configuration values passed as arguments
-func ApplyOSTweaks(osConfig map[string]*OSValue) {
-}
diff --git a/vendor/github.com/docker/libnetwork/osl/namespace_linux.go b/vendor/github.com/docker/libnetwork/osl/namespace_linux.go
deleted file mode 100644
index abb748b56..000000000
--- a/vendor/github.com/docker/libnetwork/osl/namespace_linux.go
+++ /dev/null
@@ -1,657 +0,0 @@
-package osl
-
-import (
- "fmt"
- "io/ioutil"
- "net"
- "os"
- "os/exec"
- "path/filepath"
- "runtime"
- "strconv"
- "strings"
- "sync"
- "syscall"
- "time"
-
- "github.com/docker/docker/pkg/reexec"
- "github.com/docker/libnetwork/ns"
- "github.com/docker/libnetwork/osl/kernel"
- "github.com/docker/libnetwork/types"
- "github.com/sirupsen/logrus"
- "github.com/vishvananda/netlink"
- "github.com/vishvananda/netns"
-)
-
-const defaultPrefix = "/var/run/docker"
-
-func init() {
- reexec.Register("set-ipv6", reexecSetIPv6)
-}
-
-var (
- once sync.Once
- garbagePathMap = make(map[string]bool)
- gpmLock sync.Mutex
- gpmWg sync.WaitGroup
- gpmCleanupPeriod = 60 * time.Second
- gpmChan = make(chan chan struct{})
- prefix = defaultPrefix
- loadBalancerConfig = map[string]*kernel.OSValue{
- // expires connection from the IPVS connection table when the backend is not available
- // more info: https://github.com/torvalds/linux/blob/master/Documentation/networking/ipvs-sysctl.txt#L126:1
- "net.ipv4.vs.expire_nodest_conn": {"1", nil},
- }
-)
-
-// The networkNamespace type is the linux implementation of the Sandbox
-// interface. It represents a linux network namespace, and moves an interface
-// into it when called on method AddInterface or sets the gateway etc.
-type networkNamespace struct {
- path string
- iFaces []*nwIface
- gw net.IP
- gwv6 net.IP
- staticRoutes []*types.StaticRoute
- neighbors []*neigh
- nextIfIndex map[string]int
- isDefault bool
- nlHandle *netlink.Handle
- loV6Enabled bool
- sync.Mutex
-}
-
-// SetBasePath sets the base url prefix for the ns path
-func SetBasePath(path string) {
- prefix = path
-}
-
-func init() {
- reexec.Register("netns-create", reexecCreateNamespace)
-}
-
-func basePath() string {
- return filepath.Join(prefix, "netns")
-}
-
-func createBasePath() {
- err := os.MkdirAll(basePath(), 0755)
- if err != nil {
- panic("Could not create net namespace path directory")
- }
-
- // Start the garbage collection go routine
- go removeUnusedPaths()
-}
-
-func removeUnusedPaths() {
- gpmLock.Lock()
- period := gpmCleanupPeriod
- gpmLock.Unlock()
-
- ticker := time.NewTicker(period)
- for {
- var (
- gc chan struct{}
- gcOk bool
- )
-
- select {
- case <-ticker.C:
- case gc, gcOk = <-gpmChan:
- }
-
- gpmLock.Lock()
- pathList := make([]string, 0, len(garbagePathMap))
- for path := range garbagePathMap {
- pathList = append(pathList, path)
- }
- garbagePathMap = make(map[string]bool)
- gpmWg.Add(1)
- gpmLock.Unlock()
-
- for _, path := range pathList {
- os.Remove(path)
- }
-
- gpmWg.Done()
- if gcOk {
- close(gc)
- }
- }
-}
-
-func addToGarbagePaths(path string) {
- gpmLock.Lock()
- garbagePathMap[path] = true
- gpmLock.Unlock()
-}
-
-func removeFromGarbagePaths(path string) {
- gpmLock.Lock()
- delete(garbagePathMap, path)
- gpmLock.Unlock()
-}
-
-// GC triggers garbage collection of namespace path right away
-// and waits for it.
-func GC() {
- gpmLock.Lock()
- if len(garbagePathMap) == 0 {
- // No need for GC if map is empty
- gpmLock.Unlock()
- return
- }
- gpmLock.Unlock()
-
- // if content exists in the garbage paths
- // we can trigger GC to run, providing a
- // channel to be notified on completion
- waitGC := make(chan struct{})
- gpmChan <- waitGC
- // wait for GC completion
- <-waitGC
-}
-
-// GenerateKey generates a sandbox key based on the passed
-// container id.
-func GenerateKey(containerID string) string {
- maxLen := 12
- // Read sandbox key from host for overlay
- if strings.HasPrefix(containerID, "-") {
- var (
- index int
- indexStr string
- tmpkey string
- )
- dir, err := ioutil.ReadDir(basePath())
- if err != nil {
- return ""
- }
-
- for _, v := range dir {
- id := v.Name()
- if strings.HasSuffix(id, containerID[:maxLen-1]) {
- indexStr = strings.TrimSuffix(id, containerID[:maxLen-1])
- tmpindex, err := strconv.Atoi(indexStr)
- if err != nil {
- return ""
- }
- if tmpindex > index {
- index = tmpindex
- tmpkey = id
- }
-
- }
- }
- containerID = tmpkey
- if containerID == "" {
- return ""
- }
- }
-
- if len(containerID) < maxLen {
- maxLen = len(containerID)
- }
-
- return basePath() + "/" + containerID[:maxLen]
-}
-
-// NewSandbox provides a new sandbox instance created in an os specific way
-// provided a key which uniquely identifies the sandbox
-func NewSandbox(key string, osCreate, isRestore bool) (Sandbox, error) {
- if !isRestore {
- err := createNetworkNamespace(key, osCreate)
- if err != nil {
- return nil, err
- }
- } else {
- once.Do(createBasePath)
- }
-
- n := &networkNamespace{path: key, isDefault: !osCreate, nextIfIndex: make(map[string]int)}
-
- sboxNs, err := netns.GetFromPath(n.path)
- if err != nil {
- return nil, fmt.Errorf("failed get network namespace %q: %v", n.path, err)
- }
- defer sboxNs.Close()
-
- n.nlHandle, err = netlink.NewHandleAt(sboxNs, syscall.NETLINK_ROUTE)
- if err != nil {
- return nil, fmt.Errorf("failed to create a netlink handle: %v", err)
- }
-
- err = n.nlHandle.SetSocketTimeout(ns.NetlinkSocketsTimeout)
- if err != nil {
- logrus.Warnf("Failed to set the timeout on the sandbox netlink handle sockets: %v", err)
- }
- // In live-restore mode, IPV6 entries are getting cleaned up due to below code
- // We should retain IPV6 configurations in live-restore mode when Docker Daemon
- // comes back. It should work as it is on other cases
- // As starting point, disable IPv6 on all interfaces
- if !isRestore && !n.isDefault {
- err = setIPv6(n.path, "all", false)
- if err != nil {
- logrus.Warnf("Failed to disable IPv6 on all interfaces on network namespace %q: %v", n.path, err)
- }
- }
-
- if err = n.loopbackUp(); err != nil {
- n.nlHandle.Delete()
- return nil, err
- }
-
- return n, nil
-}
-
-func (n *networkNamespace) InterfaceOptions() IfaceOptionSetter {
- return n
-}
-
-func (n *networkNamespace) NeighborOptions() NeighborOptionSetter {
- return n
-}
-
-func mountNetworkNamespace(basePath string, lnPath string) error {
- return syscall.Mount(basePath, lnPath, "bind", syscall.MS_BIND, "")
-}
-
-// GetSandboxForExternalKey returns sandbox object for the supplied path
-func GetSandboxForExternalKey(basePath string, key string) (Sandbox, error) {
- if err := createNamespaceFile(key); err != nil {
- return nil, err
- }
-
- if err := mountNetworkNamespace(basePath, key); err != nil {
- return nil, err
- }
- n := &networkNamespace{path: key, nextIfIndex: make(map[string]int)}
-
- sboxNs, err := netns.GetFromPath(n.path)
- if err != nil {
- return nil, fmt.Errorf("failed get network namespace %q: %v", n.path, err)
- }
- defer sboxNs.Close()
-
- n.nlHandle, err = netlink.NewHandleAt(sboxNs, syscall.NETLINK_ROUTE)
- if err != nil {
- return nil, fmt.Errorf("failed to create a netlink handle: %v", err)
- }
-
- err = n.nlHandle.SetSocketTimeout(ns.NetlinkSocketsTimeout)
- if err != nil {
- logrus.Warnf("Failed to set the timeout on the sandbox netlink handle sockets: %v", err)
- }
-
- // As starting point, disable IPv6 on all interfaces
- err = setIPv6(n.path, "all", false)
- if err != nil {
- logrus.Warnf("Failed to disable IPv6 on all interfaces on network namespace %q: %v", n.path, err)
- }
-
- if err = n.loopbackUp(); err != nil {
- n.nlHandle.Delete()
- return nil, err
- }
-
- return n, nil
-}
-
-func reexecCreateNamespace() {
- if len(os.Args) < 2 {
- logrus.Fatal("no namespace path provided")
- }
- if err := mountNetworkNamespace("/proc/self/ns/net", os.Args[1]); err != nil {
- logrus.Fatal(err)
- }
-}
-
-func createNetworkNamespace(path string, osCreate bool) error {
- if err := createNamespaceFile(path); err != nil {
- return err
- }
-
- cmd := &exec.Cmd{
- Path: reexec.Self(),
- Args: append([]string{"netns-create"}, path),
- Stdout: os.Stdout,
- Stderr: os.Stderr,
- }
- if osCreate {
- cmd.SysProcAttr = &syscall.SysProcAttr{}
- cmd.SysProcAttr.Cloneflags = syscall.CLONE_NEWNET
- }
- if err := cmd.Run(); err != nil {
- return fmt.Errorf("namespace creation reexec command failed: %v", err)
- }
-
- return nil
-}
-
-func unmountNamespaceFile(path string) {
- if _, err := os.Stat(path); err == nil {
- syscall.Unmount(path, syscall.MNT_DETACH)
- }
-}
-
-func createNamespaceFile(path string) (err error) {
- var f *os.File
-
- once.Do(createBasePath)
- // Remove it from garbage collection list if present
- removeFromGarbagePaths(path)
-
- // If the path is there unmount it first
- unmountNamespaceFile(path)
-
- // wait for garbage collection to complete if it is in progress
- // before trying to create the file.
- gpmWg.Wait()
-
- if f, err = os.Create(path); err == nil {
- f.Close()
- }
-
- return err
-}
-
-func (n *networkNamespace) loopbackUp() error {
- iface, err := n.nlHandle.LinkByName("lo")
- if err != nil {
- return err
- }
- return n.nlHandle.LinkSetUp(iface)
-}
-
-func (n *networkNamespace) GetLoopbackIfaceName() string {
- return "lo"
-}
-
-func (n *networkNamespace) AddAliasIP(ifName string, ip *net.IPNet) error {
- iface, err := n.nlHandle.LinkByName(ifName)
- if err != nil {
- return err
- }
- return n.nlHandle.AddrAdd(iface, &netlink.Addr{IPNet: ip})
-}
-
-func (n *networkNamespace) RemoveAliasIP(ifName string, ip *net.IPNet) error {
- iface, err := n.nlHandle.LinkByName(ifName)
- if err != nil {
- return err
- }
- return n.nlHandle.AddrDel(iface, &netlink.Addr{IPNet: ip})
-}
-
-func (n *networkNamespace) InvokeFunc(f func()) error {
- return nsInvoke(n.nsPath(), func(nsFD int) error { return nil }, func(callerFD int) error {
- f()
- return nil
- })
-}
-
-// InitOSContext initializes OS context while configuring network resources
-func InitOSContext() func() {
- runtime.LockOSThread()
- if err := ns.SetNamespace(); err != nil {
- logrus.Error(err)
- }
- return runtime.UnlockOSThread
-}
-
-func nsInvoke(path string, prefunc func(nsFD int) error, postfunc func(callerFD int) error) error {
- defer InitOSContext()()
-
- newNs, err := netns.GetFromPath(path)
- if err != nil {
- return fmt.Errorf("failed get network namespace %q: %v", path, err)
- }
- defer newNs.Close()
-
- // Invoked before the namespace switch happens but after the namespace file
- // handle is obtained.
- if err := prefunc(int(newNs)); err != nil {
- return fmt.Errorf("failed in prefunc: %v", err)
- }
-
- if err = netns.Set(newNs); err != nil {
- return err
- }
- defer ns.SetNamespace()
-
- // Invoked after the namespace switch.
- return postfunc(ns.ParseHandlerInt())
-}
-
-func (n *networkNamespace) nsPath() string {
- n.Lock()
- defer n.Unlock()
-
- return n.path
-}
-
-func (n *networkNamespace) Info() Info {
- return n
-}
-
-func (n *networkNamespace) Key() string {
- return n.path
-}
-
-func (n *networkNamespace) Destroy() error {
- if n.nlHandle != nil {
- n.nlHandle.Delete()
- }
- // Assuming no running process is executing in this network namespace,
- // unmounting is sufficient to destroy it.
- if err := syscall.Unmount(n.path, syscall.MNT_DETACH); err != nil {
- return err
- }
-
- // Stash it into the garbage collection list
- addToGarbagePaths(n.path)
- return nil
-}
-
-// Restore restore the network namespace
-func (n *networkNamespace) Restore(ifsopt map[string][]IfaceOption, routes []*types.StaticRoute, gw net.IP, gw6 net.IP) error {
- // restore interfaces
- for name, opts := range ifsopt {
- if !strings.Contains(name, "+") {
- return fmt.Errorf("wrong iface name in restore osl sandbox interface: %s", name)
- }
- seps := strings.Split(name, "+")
- srcName := seps[0]
- dstPrefix := seps[1]
- i := &nwIface{srcName: srcName, dstName: dstPrefix, ns: n}
- i.processInterfaceOptions(opts...)
- if i.master != "" {
- i.dstMaster = n.findDst(i.master, true)
- if i.dstMaster == "" {
- return fmt.Errorf("could not find an appropriate master %q for %q",
- i.master, i.srcName)
- }
- }
- if n.isDefault {
- i.dstName = i.srcName
- } else {
- links, err := n.nlHandle.LinkList()
- if err != nil {
- return fmt.Errorf("failed to retrieve list of links in network namespace %q during restore", n.path)
- }
- // due to the docker network connect/disconnect, so the dstName should
- // restore from the namespace
- for _, link := range links {
- addrs, err := n.nlHandle.AddrList(link, netlink.FAMILY_V4)
- if err != nil {
- return err
- }
- ifaceName := link.Attrs().Name
- if strings.HasPrefix(ifaceName, "vxlan") {
- if i.dstName == "vxlan" {
- i.dstName = ifaceName
- break
- }
- }
- // find the interface name by ip
- if i.address != nil {
- for _, addr := range addrs {
- if addr.IPNet.String() == i.address.String() {
- i.dstName = ifaceName
- break
- }
- continue
- }
- if i.dstName == ifaceName {
- break
- }
- }
- // This is to find the interface name of the pair in overlay sandbox
- if strings.HasPrefix(ifaceName, "veth") {
- if i.master != "" && i.dstName == "veth" {
- i.dstName = ifaceName
- }
- }
- }
-
- var index int
- indexStr := strings.TrimPrefix(i.dstName, dstPrefix)
- if indexStr != "" {
- index, err = strconv.Atoi(indexStr)
- if err != nil {
- return err
- }
- }
- index++
- n.Lock()
- if index > n.nextIfIndex[dstPrefix] {
- n.nextIfIndex[dstPrefix] = index
- }
- n.iFaces = append(n.iFaces, i)
- n.Unlock()
- }
- }
-
- // restore routes
- for _, r := range routes {
- n.Lock()
- n.staticRoutes = append(n.staticRoutes, r)
- n.Unlock()
- }
-
- // restore gateway
- if len(gw) > 0 {
- n.Lock()
- n.gw = gw
- n.Unlock()
- }
-
- if len(gw6) > 0 {
- n.Lock()
- n.gwv6 = gw6
- n.Unlock()
- }
-
- return nil
-}
-
-// Checks whether IPv6 needs to be enabled/disabled on the loopback interface
-func (n *networkNamespace) checkLoV6() {
- var (
- enable = false
- action = "disable"
- )
-
- n.Lock()
- for _, iface := range n.iFaces {
- if iface.AddressIPv6() != nil {
- enable = true
- action = "enable"
- break
- }
- }
- n.Unlock()
-
- if n.loV6Enabled == enable {
- return
- }
-
- if err := setIPv6(n.path, "lo", enable); err != nil {
- logrus.Warnf("Failed to %s IPv6 on loopback interface on network namespace %q: %v", action, n.path, err)
- }
-
- n.loV6Enabled = enable
-}
-
-func reexecSetIPv6() {
- runtime.LockOSThread()
- defer runtime.UnlockOSThread()
-
- if len(os.Args) < 3 {
- logrus.Errorf("invalid number of arguments for %s", os.Args[0])
- os.Exit(1)
- }
-
- ns, err := netns.GetFromPath(os.Args[1])
- if err != nil {
- logrus.Errorf("failed get network namespace %q: %v", os.Args[1], err)
- os.Exit(2)
- }
- defer ns.Close()
-
- if err = netns.Set(ns); err != nil {
- logrus.Errorf("setting into container netns %q failed: %v", os.Args[1], err)
- os.Exit(3)
- }
-
- var (
- action = "disable"
- value = byte('1')
- path = fmt.Sprintf("/proc/sys/net/ipv6/conf/%s/disable_ipv6", os.Args[2])
- )
-
- if os.Args[3] == "true" {
- action = "enable"
- value = byte('0')
- }
-
- if _, err := os.Stat(path); err != nil {
- if os.IsNotExist(err) {
- logrus.Warnf("file does not exist: %s : %v Has IPv6 been disabled in this node's kernel?", path, err)
- os.Exit(0)
- }
- logrus.Errorf("failed to stat %s : %v", path, err)
- os.Exit(5)
- }
-
- if err = ioutil.WriteFile(path, []byte{value, '\n'}, 0644); err != nil {
- logrus.Errorf("failed to %s IPv6 forwarding for container's interface %s: %v", action, os.Args[2], err)
- os.Exit(4)
- }
-
- os.Exit(0)
-}
-
-func setIPv6(path, iface string, enable bool) error {
- cmd := &exec.Cmd{
- Path: reexec.Self(),
- Args: append([]string{"set-ipv6"}, path, iface, strconv.FormatBool(enable)),
- Stdout: os.Stdout,
- Stderr: os.Stderr,
- }
- if err := cmd.Run(); err != nil {
- return fmt.Errorf("reexec to set IPv6 failed: %v", err)
- }
- return nil
-}
-
-// ApplyOSTweaks applies linux configs on the sandbox
-func (n *networkNamespace) ApplyOSTweaks(types []SandboxType) {
- for _, t := range types {
- switch t {
- case SandboxTypeLoadBalancer:
- kernel.ApplyOSTweaks(loadBalancerConfig)
- }
- }
-}
diff --git a/vendor/github.com/docker/libnetwork/osl/namespace_unsupported.go b/vendor/github.com/docker/libnetwork/osl/namespace_unsupported.go
deleted file mode 100644
index 74372e249..000000000
--- a/vendor/github.com/docker/libnetwork/osl/namespace_unsupported.go
+++ /dev/null
@@ -1,17 +0,0 @@
-// +build !linux,!windows,!freebsd
-
-package osl
-
-// GC triggers garbage collection of namespace path right away
-// and waits for it.
-func GC() {
-}
-
-// GetSandboxForExternalKey returns sandbox object for the supplied path
-func GetSandboxForExternalKey(path string, key string) (Sandbox, error) {
- return nil, nil
-}
-
-// SetBasePath sets the base url prefix for the ns path
-func SetBasePath(path string) {
-}
diff --git a/vendor/github.com/docker/libnetwork/osl/namespace_windows.go b/vendor/github.com/docker/libnetwork/osl/namespace_windows.go
deleted file mode 100644
index 49503c00f..000000000
--- a/vendor/github.com/docker/libnetwork/osl/namespace_windows.go
+++ /dev/null
@@ -1,38 +0,0 @@
-package osl
-
-import "testing"
-
-// GenerateKey generates a sandbox key based on the passed
-// container id.
-func GenerateKey(containerID string) string {
- return containerID
-}
-
-// NewSandbox provides a new sandbox instance created in an os specific way
-// provided a key which uniquely identifies the sandbox
-func NewSandbox(key string, osCreate, isRestore bool) (Sandbox, error) {
- return nil, nil
-}
-
-func GetSandboxForExternalKey(path string, key string) (Sandbox, error) {
- return nil, nil
-}
-
-// GC triggers garbage collection of namespace path right away
-// and waits for it.
-func GC() {
-}
-
-// InitOSContext initializes OS context while configuring network resources
-func InitOSContext() func() {
- return func() {}
-}
-
-// SetupTestOSContext sets up a separate test OS context in which tests will be executed.
-func SetupTestOSContext(t *testing.T) func() {
- return func() {}
-}
-
-// SetBasePath sets the base url prefix for the ns path
-func SetBasePath(path string) {
-}
diff --git a/vendor/github.com/docker/libnetwork/osl/neigh_freebsd.go b/vendor/github.com/docker/libnetwork/osl/neigh_freebsd.go
deleted file mode 100644
index 280f00639..000000000
--- a/vendor/github.com/docker/libnetwork/osl/neigh_freebsd.go
+++ /dev/null
@@ -1,4 +0,0 @@
-package osl
-
-// NeighOption is a function option type to set neighbor options
-type NeighOption func()
diff --git a/vendor/github.com/docker/libnetwork/osl/neigh_linux.go b/vendor/github.com/docker/libnetwork/osl/neigh_linux.go
deleted file mode 100644
index 6bf1c16dc..000000000
--- a/vendor/github.com/docker/libnetwork/osl/neigh_linux.go
+++ /dev/null
@@ -1,194 +0,0 @@
-package osl
-
-import (
- "bytes"
- "fmt"
- "net"
-
- "github.com/sirupsen/logrus"
- "github.com/vishvananda/netlink"
-)
-
-// NeighborSearchError indicates that the neighbor is already present
-type NeighborSearchError struct {
- ip net.IP
- mac net.HardwareAddr
- present bool
-}
-
-func (n NeighborSearchError) Error() string {
- return fmt.Sprintf("Search neighbor failed for IP %v, mac %v, present in db:%t", n.ip, n.mac, n.present)
-}
-
-// NeighOption is a function option type to set interface options
-type NeighOption func(nh *neigh)
-
-type neigh struct {
- dstIP net.IP
- dstMac net.HardwareAddr
- linkName string
- linkDst string
- family int
-}
-
-func (n *networkNamespace) findNeighbor(dstIP net.IP, dstMac net.HardwareAddr) *neigh {
- n.Lock()
- defer n.Unlock()
-
- for _, nh := range n.neighbors {
- if nh.dstIP.Equal(dstIP) && bytes.Equal(nh.dstMac, dstMac) {
- return nh
- }
- }
-
- return nil
-}
-
-func (n *networkNamespace) DeleteNeighbor(dstIP net.IP, dstMac net.HardwareAddr, osDelete bool) error {
- var (
- iface netlink.Link
- err error
- )
-
- nh := n.findNeighbor(dstIP, dstMac)
- if nh == nil {
- return NeighborSearchError{dstIP, dstMac, false}
- }
-
- if osDelete {
- n.Lock()
- nlh := n.nlHandle
- n.Unlock()
-
- if nh.linkDst != "" {
- iface, err = nlh.LinkByName(nh.linkDst)
- if err != nil {
- return fmt.Errorf("could not find interface with destination name %s: %v",
- nh.linkDst, err)
- }
- }
-
- nlnh := &netlink.Neigh{
- IP: dstIP,
- State: netlink.NUD_PERMANENT,
- Family: nh.family,
- }
-
- if nlnh.Family > 0 {
- nlnh.HardwareAddr = dstMac
- nlnh.Flags = netlink.NTF_SELF
- }
-
- if nh.linkDst != "" {
- nlnh.LinkIndex = iface.Attrs().Index
- }
-
- // If the kernel deletion fails for the neighbor entry still remote it
- // from the namespace cache. Otherwise if the neighbor moves back to the
- // same host again, kernel update can fail.
- if err := nlh.NeighDel(nlnh); err != nil {
- logrus.Warnf("Deleting neighbor IP %s, mac %s failed, %v", dstIP, dstMac, err)
- }
-
- // Delete the dynamic entry in the bridge
- if nlnh.Family > 0 {
- nlnh := &netlink.Neigh{
- IP: dstIP,
- Family: nh.family,
- }
-
- nlnh.HardwareAddr = dstMac
- nlnh.Flags = netlink.NTF_MASTER
- if nh.linkDst != "" {
- nlnh.LinkIndex = iface.Attrs().Index
- }
- nlh.NeighDel(nlnh)
- }
- }
-
- n.Lock()
- for i, nh := range n.neighbors {
- if nh.dstIP.Equal(dstIP) && bytes.Equal(nh.dstMac, dstMac) {
- n.neighbors = append(n.neighbors[:i], n.neighbors[i+1:]...)
- break
- }
- }
- n.Unlock()
- logrus.Debugf("Neighbor entry deleted for IP %v, mac %v osDelete:%t", dstIP, dstMac, osDelete)
-
- return nil
-}
-
-func (n *networkNamespace) AddNeighbor(dstIP net.IP, dstMac net.HardwareAddr, force bool, options ...NeighOption) error {
- var (
- iface netlink.Link
- err error
- neighborAlreadyPresent bool
- )
-
- // If the namespace already has the neighbor entry but the AddNeighbor is called
- // because of a miss notification (force flag) program the kernel anyway.
- nh := n.findNeighbor(dstIP, dstMac)
- if nh != nil {
- neighborAlreadyPresent = true
- logrus.Warnf("Neighbor entry already present for IP %v, mac %v neighbor:%+v forceUpdate:%t", dstIP, dstMac, nh, force)
- if !force {
- return NeighborSearchError{dstIP, dstMac, true}
- }
- }
-
- nh = &neigh{
- dstIP: dstIP,
- dstMac: dstMac,
- }
-
- nh.processNeighOptions(options...)
-
- if nh.linkName != "" {
- nh.linkDst = n.findDst(nh.linkName, false)
- if nh.linkDst == "" {
- return fmt.Errorf("could not find the interface with name %s", nh.linkName)
- }
- }
-
- n.Lock()
- nlh := n.nlHandle
- n.Unlock()
-
- if nh.linkDst != "" {
- iface, err = nlh.LinkByName(nh.linkDst)
- if err != nil {
- return fmt.Errorf("could not find interface with destination name %s: %v", nh.linkDst, err)
- }
- }
-
- nlnh := &netlink.Neigh{
- IP: dstIP,
- HardwareAddr: dstMac,
- State: netlink.NUD_PERMANENT,
- Family: nh.family,
- }
-
- if nlnh.Family > 0 {
- nlnh.Flags = netlink.NTF_SELF
- }
-
- if nh.linkDst != "" {
- nlnh.LinkIndex = iface.Attrs().Index
- }
-
- if err := nlh.NeighSet(nlnh); err != nil {
- return fmt.Errorf("could not add neighbor entry:%+v error:%v", nlnh, err)
- }
-
- if neighborAlreadyPresent {
- return nil
- }
-
- n.Lock()
- n.neighbors = append(n.neighbors, nh)
- n.Unlock()
- logrus.Debugf("Neighbor entry added for IP:%v, mac:%v on ifc:%s", dstIP, dstMac, nh.linkName)
-
- return nil
-}
diff --git a/vendor/github.com/docker/libnetwork/osl/neigh_windows.go b/vendor/github.com/docker/libnetwork/osl/neigh_windows.go
deleted file mode 100644
index 280f00639..000000000
--- a/vendor/github.com/docker/libnetwork/osl/neigh_windows.go
+++ /dev/null
@@ -1,4 +0,0 @@
-package osl
-
-// NeighOption is a function option type to set neighbor options
-type NeighOption func()
diff --git a/vendor/github.com/docker/libnetwork/osl/options_linux.go b/vendor/github.com/docker/libnetwork/osl/options_linux.go
deleted file mode 100644
index 818669647..000000000
--- a/vendor/github.com/docker/libnetwork/osl/options_linux.go
+++ /dev/null
@@ -1,73 +0,0 @@
-package osl
-
-import "net"
-
-func (nh *neigh) processNeighOptions(options ...NeighOption) {
- for _, opt := range options {
- if opt != nil {
- opt(nh)
- }
- }
-}
-
-func (n *networkNamespace) LinkName(name string) NeighOption {
- return func(nh *neigh) {
- nh.linkName = name
- }
-}
-
-func (n *networkNamespace) Family(family int) NeighOption {
- return func(nh *neigh) {
- nh.family = family
- }
-}
-
-func (i *nwIface) processInterfaceOptions(options ...IfaceOption) {
- for _, opt := range options {
- if opt != nil {
- opt(i)
- }
- }
-}
-
-func (n *networkNamespace) Bridge(isBridge bool) IfaceOption {
- return func(i *nwIface) {
- i.bridge = isBridge
- }
-}
-
-func (n *networkNamespace) Master(name string) IfaceOption {
- return func(i *nwIface) {
- i.master = name
- }
-}
-
-func (n *networkNamespace) MacAddress(mac net.HardwareAddr) IfaceOption {
- return func(i *nwIface) {
- i.mac = mac
- }
-}
-
-func (n *networkNamespace) Address(addr *net.IPNet) IfaceOption {
- return func(i *nwIface) {
- i.address = addr
- }
-}
-
-func (n *networkNamespace) AddressIPv6(addr *net.IPNet) IfaceOption {
- return func(i *nwIface) {
- i.addressIPv6 = addr
- }
-}
-
-func (n *networkNamespace) LinkLocalAddresses(list []*net.IPNet) IfaceOption {
- return func(i *nwIface) {
- i.llAddrs = list
- }
-}
-
-func (n *networkNamespace) Routes(routes []*net.IPNet) IfaceOption {
- return func(i *nwIface) {
- i.routes = routes
- }
-}
diff --git a/vendor/github.com/docker/libnetwork/osl/route_linux.go b/vendor/github.com/docker/libnetwork/osl/route_linux.go
deleted file mode 100644
index a9ff191b3..000000000
--- a/vendor/github.com/docker/libnetwork/osl/route_linux.go
+++ /dev/null
@@ -1,203 +0,0 @@
-package osl
-
-import (
- "fmt"
- "net"
-
- "github.com/docker/libnetwork/types"
- "github.com/vishvananda/netlink"
-)
-
-func (n *networkNamespace) Gateway() net.IP {
- n.Lock()
- defer n.Unlock()
-
- return n.gw
-}
-
-func (n *networkNamespace) GatewayIPv6() net.IP {
- n.Lock()
- defer n.Unlock()
-
- return n.gwv6
-}
-
-func (n *networkNamespace) StaticRoutes() []*types.StaticRoute {
- n.Lock()
- defer n.Unlock()
-
- routes := make([]*types.StaticRoute, len(n.staticRoutes))
- for i, route := range n.staticRoutes {
- r := route.GetCopy()
- routes[i] = r
- }
-
- return routes
-}
-
-func (n *networkNamespace) setGateway(gw net.IP) {
- n.Lock()
- n.gw = gw
- n.Unlock()
-}
-
-func (n *networkNamespace) setGatewayIPv6(gwv6 net.IP) {
- n.Lock()
- n.gwv6 = gwv6
- n.Unlock()
-}
-
-func (n *networkNamespace) SetGateway(gw net.IP) error {
- // Silently return if the gateway is empty
- if len(gw) == 0 {
- return nil
- }
-
- err := n.programGateway(gw, true)
- if err == nil {
- n.setGateway(gw)
- }
-
- return err
-}
-
-func (n *networkNamespace) UnsetGateway() error {
- gw := n.Gateway()
-
- // Silently return if the gateway is empty
- if len(gw) == 0 {
- return nil
- }
-
- err := n.programGateway(gw, false)
- if err == nil {
- n.setGateway(net.IP{})
- }
-
- return err
-}
-
-func (n *networkNamespace) programGateway(gw net.IP, isAdd bool) error {
- gwRoutes, err := n.nlHandle.RouteGet(gw)
- if err != nil {
- return fmt.Errorf("route for the gateway %s could not be found: %v", gw, err)
- }
-
- var linkIndex int
- for _, gwRoute := range gwRoutes {
- if gwRoute.Gw == nil {
- linkIndex = gwRoute.LinkIndex
- break
- }
- }
-
- if linkIndex == 0 {
- return fmt.Errorf("Direct route for the gateway %s could not be found", gw)
- }
-
- if isAdd {
- return n.nlHandle.RouteAdd(&netlink.Route{
- Scope: netlink.SCOPE_UNIVERSE,
- LinkIndex: linkIndex,
- Gw: gw,
- })
- }
-
- return n.nlHandle.RouteDel(&netlink.Route{
- Scope: netlink.SCOPE_UNIVERSE,
- LinkIndex: linkIndex,
- Gw: gw,
- })
-}
-
-// Program a route in to the namespace routing table.
-func (n *networkNamespace) programRoute(path string, dest *net.IPNet, nh net.IP) error {
- gwRoutes, err := n.nlHandle.RouteGet(nh)
- if err != nil {
- return fmt.Errorf("route for the next hop %s could not be found: %v", nh, err)
- }
-
- return n.nlHandle.RouteAdd(&netlink.Route{
- Scope: netlink.SCOPE_UNIVERSE,
- LinkIndex: gwRoutes[0].LinkIndex,
- Gw: nh,
- Dst: dest,
- })
-}
-
-// Delete a route from the namespace routing table.
-func (n *networkNamespace) removeRoute(path string, dest *net.IPNet, nh net.IP) error {
- gwRoutes, err := n.nlHandle.RouteGet(nh)
- if err != nil {
- return fmt.Errorf("route for the next hop could not be found: %v", err)
- }
-
- return n.nlHandle.RouteDel(&netlink.Route{
- Scope: netlink.SCOPE_UNIVERSE,
- LinkIndex: gwRoutes[0].LinkIndex,
- Gw: nh,
- Dst: dest,
- })
-}
-
-func (n *networkNamespace) SetGatewayIPv6(gwv6 net.IP) error {
- // Silently return if the gateway is empty
- if len(gwv6) == 0 {
- return nil
- }
-
- err := n.programGateway(gwv6, true)
- if err == nil {
- n.setGatewayIPv6(gwv6)
- }
-
- return err
-}
-
-func (n *networkNamespace) UnsetGatewayIPv6() error {
- gwv6 := n.GatewayIPv6()
-
- // Silently return if the gateway is empty
- if len(gwv6) == 0 {
- return nil
- }
-
- err := n.programGateway(gwv6, false)
- if err == nil {
- n.Lock()
- n.gwv6 = net.IP{}
- n.Unlock()
- }
-
- return err
-}
-
-func (n *networkNamespace) AddStaticRoute(r *types.StaticRoute) error {
- err := n.programRoute(n.nsPath(), r.Destination, r.NextHop)
- if err == nil {
- n.Lock()
- n.staticRoutes = append(n.staticRoutes, r)
- n.Unlock()
- }
- return err
-}
-
-func (n *networkNamespace) RemoveStaticRoute(r *types.StaticRoute) error {
-
- err := n.removeRoute(n.nsPath(), r.Destination, r.NextHop)
- if err == nil {
- n.Lock()
- lastIndex := len(n.staticRoutes) - 1
- for i, v := range n.staticRoutes {
- if v == r {
- // Overwrite the route we're removing with the last element
- n.staticRoutes[i] = n.staticRoutes[lastIndex]
- // Shorten the slice to trim the extra element
- n.staticRoutes = n.staticRoutes[:lastIndex]
- break
- }
- }
- n.Unlock()
- }
- return err
-}
diff --git a/vendor/github.com/docker/libnetwork/osl/sandbox.go b/vendor/github.com/docker/libnetwork/osl/sandbox.go
deleted file mode 100644
index 5019e068d..000000000
--- a/vendor/github.com/docker/libnetwork/osl/sandbox.go
+++ /dev/null
@@ -1,187 +0,0 @@
-// Package osl describes structures and interfaces which abstract os entities
-package osl
-
-import (
- "net"
-
- "github.com/docker/libnetwork/types"
-)
-
-// SandboxType specify the time of the sandbox, this can be used to apply special configs
-type SandboxType int
-
-const (
- // SandboxTypeIngress indicates that the sandbox is for the ingress
- SandboxTypeIngress = iota
- // SandboxTypeLoadBalancer indicates that the sandbox is a load balancer
- SandboxTypeLoadBalancer = iota
-)
-
-// Sandbox represents a network sandbox, identified by a specific key. It
-// holds a list of Interfaces, routes etc, and more can be added dynamically.
-type Sandbox interface {
- // The path where the network namespace is mounted.
- Key() string
-
- // Add an existing Interface to this sandbox. The operation will rename
- // from the Interface SrcName to DstName as it moves, and reconfigure the
- // interface according to the specified settings. The caller is expected
- // to only provide a prefix for DstName. The AddInterface api will auto-generate
- // an appropriate suffix for the DstName to disambiguate.
- AddInterface(SrcName string, DstPrefix string, options ...IfaceOption) error
-
- // Set default IPv4 gateway for the sandbox
- SetGateway(gw net.IP) error
-
- // Set default IPv6 gateway for the sandbox
- SetGatewayIPv6(gw net.IP) error
-
- // Unset the previously set default IPv4 gateway in the sandbox
- UnsetGateway() error
-
- // Unset the previously set default IPv6 gateway in the sandbox
- UnsetGatewayIPv6() error
-
- // GetLoopbackIfaceName returns the name of the loopback interface
- GetLoopbackIfaceName() string
-
- // AddAliasIP adds the passed IP address to the named interface
- AddAliasIP(ifName string, ip *net.IPNet) error
-
- // RemoveAliasIP removes the passed IP address from the named interface
- RemoveAliasIP(ifName string, ip *net.IPNet) error
-
- // Add a static route to the sandbox.
- AddStaticRoute(*types.StaticRoute) error
-
- // Remove a static route from the sandbox.
- RemoveStaticRoute(*types.StaticRoute) error
-
- // AddNeighbor adds a neighbor entry into the sandbox.
- AddNeighbor(dstIP net.IP, dstMac net.HardwareAddr, force bool, option ...NeighOption) error
-
- // DeleteNeighbor deletes neighbor entry from the sandbox.
- DeleteNeighbor(dstIP net.IP, dstMac net.HardwareAddr, osDelete bool) error
-
- // Returns an interface with methods to set neighbor options.
- NeighborOptions() NeighborOptionSetter
-
- // Returns an interface with methods to set interface options.
- InterfaceOptions() IfaceOptionSetter
-
- //Invoke
- InvokeFunc(func()) error
-
- // Returns an interface with methods to get sandbox state.
- Info() Info
-
- // Destroy the sandbox
- Destroy() error
-
- // restore sandbox
- Restore(ifsopt map[string][]IfaceOption, routes []*types.StaticRoute, gw net.IP, gw6 net.IP) error
-
- // ApplyOSTweaks applies operating system specific knobs on the sandbox
- ApplyOSTweaks([]SandboxType)
-}
-
-// NeighborOptionSetter interface defines the option setter methods for interface options
-type NeighborOptionSetter interface {
- // LinkName returns an option setter to set the srcName of the link that should
- // be used in the neighbor entry
- LinkName(string) NeighOption
-
- // Family returns an option setter to set the address family for the neighbor
- // entry. eg. AF_BRIDGE
- Family(int) NeighOption
-}
-
-// IfaceOptionSetter interface defines the option setter methods for interface options.
-type IfaceOptionSetter interface {
- // Bridge returns an option setter to set if the interface is a bridge.
- Bridge(bool) IfaceOption
-
- // MacAddress returns an option setter to set the MAC address.
- MacAddress(net.HardwareAddr) IfaceOption
-
- // Address returns an option setter to set IPv4 address.
- Address(*net.IPNet) IfaceOption
-
- // Address returns an option setter to set IPv6 address.
- AddressIPv6(*net.IPNet) IfaceOption
-
- // LinkLocalAddresses returns an option setter to set the link-local IP addresses.
- LinkLocalAddresses([]*net.IPNet) IfaceOption
-
- // Master returns an option setter to set the master interface if any for this
- // interface. The master interface name should refer to the srcname of a
- // previously added interface of type bridge.
- Master(string) IfaceOption
-
- // Address returns an option setter to set interface routes.
- Routes([]*net.IPNet) IfaceOption
-}
-
-// Info represents all possible information that
-// the driver wants to place in the sandbox which includes
-// interfaces, routes and gateway
-type Info interface {
- // The collection of Interface previously added with the AddInterface
- // method. Note that this doesn't include network interfaces added in any
- // other way (such as the default loopback interface which is automatically
- // created on creation of a sandbox).
- Interfaces() []Interface
-
- // IPv4 gateway for the sandbox.
- Gateway() net.IP
-
- // IPv6 gateway for the sandbox.
- GatewayIPv6() net.IP
-
- // Additional static routes for the sandbox. (Note that directly
- // connected routes are stored on the particular interface they refer to.)
- StaticRoutes() []*types.StaticRoute
-
- // TODO: Add ip tables etc.
-}
-
-// Interface represents the settings and identity of a network device. It is
-// used as a return type for Network.Link, and it is common practice for the
-// caller to use this information when moving interface SrcName from host
-// namespace to DstName in a different net namespace with the appropriate
-// network settings.
-type Interface interface {
- // The name of the interface in the origin network namespace.
- SrcName() string
-
- // The name that will be assigned to the interface once moves inside a
- // network namespace. When the caller passes in a DstName, it is only
- // expected to pass a prefix. The name will modified with an appropriately
- // auto-generated suffix.
- DstName() string
-
- // IPv4 address for the interface.
- Address() *net.IPNet
-
- // IPv6 address for the interface.
- AddressIPv6() *net.IPNet
-
- // LinkLocalAddresses returns the link-local IP addresses assigned to the interface.
- LinkLocalAddresses() []*net.IPNet
-
- // IP routes for the interface.
- Routes() []*net.IPNet
-
- // Bridge returns true if the interface is a bridge
- Bridge() bool
-
- // Master returns the srcname of the master interface for this interface.
- Master() string
-
- // Remove an interface from the sandbox by renaming to original name
- // and moving it out of the sandbox.
- Remove() error
-
- // Statistics returns the statistics for this interface
- Statistics() (*types.InterfaceStatistics, error)
-}
diff --git a/vendor/github.com/docker/libnetwork/osl/sandbox_freebsd.go b/vendor/github.com/docker/libnetwork/osl/sandbox_freebsd.go
deleted file mode 100644
index e5bc6278e..000000000
--- a/vendor/github.com/docker/libnetwork/osl/sandbox_freebsd.go
+++ /dev/null
@@ -1,44 +0,0 @@
-package osl
-
-import "testing"
-
-// GenerateKey generates a sandbox key based on the passed
-// container id.
-func GenerateKey(containerID string) string {
- maxLen := 12
- if len(containerID) < maxLen {
- maxLen = len(containerID)
- }
-
- return containerID[:maxLen]
-}
-
-// NewSandbox provides a new sandbox instance created in an os specific way
-// provided a key which uniquely identifies the sandbox
-func NewSandbox(key string, osCreate, isRestore bool) (Sandbox, error) {
- return nil, nil
-}
-
-// GetSandboxForExternalKey returns sandbox object for the supplied path
-func GetSandboxForExternalKey(path string, key string) (Sandbox, error) {
- return nil, nil
-}
-
-// GC triggers garbage collection of namespace path right away
-// and waits for it.
-func GC() {
-}
-
-// InitOSContext initializes OS context while configuring network resources
-func InitOSContext() func() {
- return func() {}
-}
-
-// SetupTestOSContext sets up a separate test OS context in which tests will be executed.
-func SetupTestOSContext(t *testing.T) func() {
- return func() {}
-}
-
-// SetBasePath sets the base url prefix for the ns path
-func SetBasePath(path string) {
-}
diff --git a/vendor/github.com/docker/libnetwork/osl/sandbox_unsupported.go b/vendor/github.com/docker/libnetwork/osl/sandbox_unsupported.go
deleted file mode 100644
index 51a656c80..000000000
--- a/vendor/github.com/docker/libnetwork/osl/sandbox_unsupported.go
+++ /dev/null
@@ -1,22 +0,0 @@
-// +build !linux,!windows,!freebsd
-
-package osl
-
-import "errors"
-
-var (
- // ErrNotImplemented is for platforms which don't implement sandbox
- ErrNotImplemented = errors.New("not implemented")
-)
-
-// NewSandbox provides a new sandbox instance created in an os specific way
-// provided a key which uniquely identifies the sandbox
-func NewSandbox(key string, osCreate, isRestore bool) (Sandbox, error) {
- return nil, ErrNotImplemented
-}
-
-// GenerateKey generates a sandbox key based on the passed
-// container id.
-func GenerateKey(containerID string) string {
- return ""
-}
diff --git a/vendor/github.com/docker/libnetwork/resolvconf/README.md b/vendor/github.com/docker/libnetwork/resolvconf/README.md
deleted file mode 100644
index cdda554ba..000000000
--- a/vendor/github.com/docker/libnetwork/resolvconf/README.md
+++ /dev/null
@@ -1 +0,0 @@
-Package resolvconf provides utility code to query and update DNS configuration in /etc/resolv.conf
diff --git a/vendor/github.com/docker/libnetwork/resolvconf/dns/resolvconf.go b/vendor/github.com/docker/libnetwork/resolvconf/dns/resolvconf.go
deleted file mode 100644
index e348bc57f..000000000
--- a/vendor/github.com/docker/libnetwork/resolvconf/dns/resolvconf.go
+++ /dev/null
@@ -1,26 +0,0 @@
-package dns
-
-import (
- "regexp"
-)
-
-// IPLocalhost is a regex pattern for IPv4 or IPv6 loopback range.
-const IPLocalhost = `((127\.([0-9]{1,3}\.){2}[0-9]{1,3})|(::1)$)`
-
-// IPv4Localhost is a regex pattern for IPv4 localhost address range.
-const IPv4Localhost = `(127\.([0-9]{1,3}\.){2}[0-9]{1,3})`
-
-var localhostIPRegexp = regexp.MustCompile(IPLocalhost)
-var localhostIPv4Regexp = regexp.MustCompile(IPv4Localhost)
-
-// IsLocalhost returns true if ip matches the localhost IP regular expression.
-// Used for determining if nameserver settings are being passed which are
-// localhost addresses
-func IsLocalhost(ip string) bool {
- return localhostIPRegexp.MatchString(ip)
-}
-
-// IsIPv4Localhost returns true if ip matches the IPv4 localhost regular expression.
-func IsIPv4Localhost(ip string) bool {
- return localhostIPv4Regexp.MatchString(ip)
-}
diff --git a/vendor/github.com/docker/libnetwork/resolvconf/resolvconf.go b/vendor/github.com/docker/libnetwork/resolvconf/resolvconf.go
deleted file mode 100644
index 23caf7f12..000000000
--- a/vendor/github.com/docker/libnetwork/resolvconf/resolvconf.go
+++ /dev/null
@@ -1,251 +0,0 @@
-// Package resolvconf provides utility code to query and update DNS configuration in /etc/resolv.conf
-package resolvconf
-
-import (
- "bytes"
- "io/ioutil"
- "regexp"
- "strings"
- "sync"
-
- "github.com/docker/docker/pkg/ioutils"
- "github.com/docker/libnetwork/resolvconf/dns"
- "github.com/docker/libnetwork/types"
- "github.com/sirupsen/logrus"
-)
-
-const (
- // DefaultResolvConf points to the default file used for dns configuration on a linux machine
- DefaultResolvConf = "/etc/resolv.conf"
-)
-
-var (
- // Note: the default IPv4 & IPv6 resolvers are set to Google's Public DNS
- defaultIPv4Dns = []string{"nameserver 8.8.8.8", "nameserver 8.8.4.4"}
- defaultIPv6Dns = []string{"nameserver 2001:4860:4860::8888", "nameserver 2001:4860:4860::8844"}
- ipv4NumBlock = `(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)`
- ipv4Address = `(` + ipv4NumBlock + `\.){3}` + ipv4NumBlock
- // This is not an IPv6 address verifier as it will accept a super-set of IPv6, and also
- // will *not match* IPv4-Embedded IPv6 Addresses (RFC6052), but that and other variants
- // -- e.g. other link-local types -- either won't work in containers or are unnecessary.
- // For readability and sufficiency for Docker purposes this seemed more reasonable than a
- // 1000+ character regexp with exact and complete IPv6 validation
- ipv6Address = `([0-9A-Fa-f]{0,4}:){2,7}([0-9A-Fa-f]{0,4})(%\w+)?`
-
- localhostNSRegexp = regexp.MustCompile(`(?m)^nameserver\s+` + dns.IPLocalhost + `\s*\n*`)
- nsIPv6Regexp = regexp.MustCompile(`(?m)^nameserver\s+` + ipv6Address + `\s*\n*`)
- nsRegexp = regexp.MustCompile(`^\s*nameserver\s*((` + ipv4Address + `)|(` + ipv6Address + `))\s*$`)
- nsIPv6Regexpmatch = regexp.MustCompile(`^\s*nameserver\s*((` + ipv6Address + `))\s*$`)
- nsIPv4Regexpmatch = regexp.MustCompile(`^\s*nameserver\s*((` + ipv4Address + `))\s*$`)
- searchRegexp = regexp.MustCompile(`^\s*search\s*(([^\s]+\s*)*)$`)
- optionsRegexp = regexp.MustCompile(`^\s*options\s*(([^\s]+\s*)*)$`)
-)
-
-var lastModified struct {
- sync.Mutex
- sha256 string
- contents []byte
-}
-
-// File contains the resolv.conf content and its hash
-type File struct {
- Content []byte
- Hash string
-}
-
-// Get returns the contents of /etc/resolv.conf and its hash
-func Get() (*File, error) {
- return GetSpecific(DefaultResolvConf)
-}
-
-// GetSpecific returns the contents of the user specified resolv.conf file and its hash
-func GetSpecific(path string) (*File, error) {
- resolv, err := ioutil.ReadFile(path)
- if err != nil {
- return nil, err
- }
- hash, err := ioutils.HashData(bytes.NewReader(resolv))
- if err != nil {
- return nil, err
- }
- return &File{Content: resolv, Hash: hash}, nil
-}
-
-// GetIfChanged retrieves the host /etc/resolv.conf file, checks against the last hash
-// and, if modified since last check, returns the bytes and new hash.
-// This feature is used by the resolv.conf updater for containers
-func GetIfChanged() (*File, error) {
- lastModified.Lock()
- defer lastModified.Unlock()
-
- resolv, err := ioutil.ReadFile("/etc/resolv.conf")
- if err != nil {
- return nil, err
- }
- newHash, err := ioutils.HashData(bytes.NewReader(resolv))
- if err != nil {
- return nil, err
- }
- if lastModified.sha256 != newHash {
- lastModified.sha256 = newHash
- lastModified.contents = resolv
- return &File{Content: resolv, Hash: newHash}, nil
- }
- // nothing changed, so return no data
- return nil, nil
-}
-
-// GetLastModified retrieves the last used contents and hash of the host resolv.conf.
-// Used by containers updating on restart
-func GetLastModified() *File {
- lastModified.Lock()
- defer lastModified.Unlock()
-
- return &File{Content: lastModified.contents, Hash: lastModified.sha256}
-}
-
-// FilterResolvDNS cleans up the config in resolvConf. It has two main jobs:
-// 1. It looks for localhost (127.*|::1) entries in the provided
-// resolv.conf, removing local nameserver entries, and, if the resulting
-// cleaned config has no defined nameservers left, adds default DNS entries
-// 2. Given the caller provides the enable/disable state of IPv6, the filter
-// code will remove all IPv6 nameservers if it is not enabled for containers
-//
-func FilterResolvDNS(resolvConf []byte, ipv6Enabled bool) (*File, error) {
- cleanedResolvConf := localhostNSRegexp.ReplaceAll(resolvConf, []byte{})
- // if IPv6 is not enabled, also clean out any IPv6 address nameserver
- if !ipv6Enabled {
- cleanedResolvConf = nsIPv6Regexp.ReplaceAll(cleanedResolvConf, []byte{})
- }
- // if the resulting resolvConf has no more nameservers defined, add appropriate
- // default DNS servers for IPv4 and (optionally) IPv6
- if len(GetNameservers(cleanedResolvConf, types.IP)) == 0 {
- logrus.Infof("No non-localhost DNS nameservers are left in resolv.conf. Using default external servers: %v", defaultIPv4Dns)
- dns := defaultIPv4Dns
- if ipv6Enabled {
- logrus.Infof("IPv6 enabled; Adding default IPv6 external servers: %v", defaultIPv6Dns)
- dns = append(dns, defaultIPv6Dns...)
- }
- cleanedResolvConf = append(cleanedResolvConf, []byte("\n"+strings.Join(dns, "\n"))...)
- }
- hash, err := ioutils.HashData(bytes.NewReader(cleanedResolvConf))
- if err != nil {
- return nil, err
- }
- return &File{Content: cleanedResolvConf, Hash: hash}, nil
-}
-
-// getLines parses input into lines and strips away comments.
-func getLines(input []byte, commentMarker []byte) [][]byte {
- lines := bytes.Split(input, []byte("\n"))
- var output [][]byte
- for _, currentLine := range lines {
- var commentIndex = bytes.Index(currentLine, commentMarker)
- if commentIndex == -1 {
- output = append(output, currentLine)
- } else {
- output = append(output, currentLine[:commentIndex])
- }
- }
- return output
-}
-
-// GetNameservers returns nameservers (if any) listed in /etc/resolv.conf
-func GetNameservers(resolvConf []byte, kind int) []string {
- nameservers := []string{}
- for _, line := range getLines(resolvConf, []byte("#")) {
- var ns [][]byte
- if kind == types.IP {
- ns = nsRegexp.FindSubmatch(line)
- } else if kind == types.IPv4 {
- ns = nsIPv4Regexpmatch.FindSubmatch(line)
- } else if kind == types.IPv6 {
- ns = nsIPv6Regexpmatch.FindSubmatch(line)
- }
- if len(ns) > 0 {
- nameservers = append(nameservers, string(ns[1]))
- }
- }
- return nameservers
-}
-
-// GetNameserversAsCIDR returns nameservers (if any) listed in
-// /etc/resolv.conf as CIDR blocks (e.g., "1.2.3.4/32")
-// This function's output is intended for net.ParseCIDR
-func GetNameserversAsCIDR(resolvConf []byte) []string {
- nameservers := []string{}
- for _, nameserver := range GetNameservers(resolvConf, types.IP) {
- var address string
- // If IPv6, strip zone if present
- if strings.Contains(nameserver, ":") {
- address = strings.Split(nameserver, "%")[0] + "/128"
- } else {
- address = nameserver + "/32"
- }
- nameservers = append(nameservers, address)
- }
- return nameservers
-}
-
-// GetSearchDomains returns search domains (if any) listed in /etc/resolv.conf
-// If more than one search line is encountered, only the contents of the last
-// one is returned.
-func GetSearchDomains(resolvConf []byte) []string {
- domains := []string{}
- for _, line := range getLines(resolvConf, []byte("#")) {
- match := searchRegexp.FindSubmatch(line)
- if match == nil {
- continue
- }
- domains = strings.Fields(string(match[1]))
- }
- return domains
-}
-
-// GetOptions returns options (if any) listed in /etc/resolv.conf
-// If more than one options line is encountered, only the contents of the last
-// one is returned.
-func GetOptions(resolvConf []byte) []string {
- options := []string{}
- for _, line := range getLines(resolvConf, []byte("#")) {
- match := optionsRegexp.FindSubmatch(line)
- if match == nil {
- continue
- }
- options = strings.Fields(string(match[1]))
- }
- return options
-}
-
-// Build writes a configuration file to path containing a "nameserver" entry
-// for every element in dns, a "search" entry for every element in
-// dnsSearch, and an "options" entry for every element in dnsOptions.
-func Build(path string, dns, dnsSearch, dnsOptions []string) (*File, error) {
- content := bytes.NewBuffer(nil)
- if len(dnsSearch) > 0 {
- if searchString := strings.Join(dnsSearch, " "); strings.Trim(searchString, " ") != "." {
- if _, err := content.WriteString("search " + searchString + "\n"); err != nil {
- return nil, err
- }
- }
- }
- for _, dns := range dns {
- if _, err := content.WriteString("nameserver " + dns + "\n"); err != nil {
- return nil, err
- }
- }
- if len(dnsOptions) > 0 {
- if optsString := strings.Join(dnsOptions, " "); strings.Trim(optsString, " ") != "" {
- if _, err := content.WriteString("options " + optsString + "\n"); err != nil {
- return nil, err
- }
- }
- }
-
- hash, err := ioutils.HashData(bytes.NewReader(content.Bytes()))
- if err != nil {
- return nil, err
- }
-
- return &File{Content: content.Bytes(), Hash: hash}, ioutil.WriteFile(path, content.Bytes(), 0644)
-}
diff --git a/vendor/github.com/docker/libnetwork/types/types.go b/vendor/github.com/docker/libnetwork/types/types.go
deleted file mode 100644
index b102ba4c3..000000000
--- a/vendor/github.com/docker/libnetwork/types/types.go
+++ /dev/null
@@ -1,653 +0,0 @@
-// Package types contains types that are common across libnetwork project
-package types
-
-import (
- "bytes"
- "fmt"
- "net"
- "strconv"
- "strings"
-
- "github.com/ishidawataru/sctp"
-)
-
-// constants for the IP address type
-const (
- IP = iota // IPv4 and IPv6
- IPv4
- IPv6
-)
-
-// EncryptionKey is the libnetwork representation of the key distributed by the lead
-// manager.
-type EncryptionKey struct {
- Subsystem string
- Algorithm int32
- Key []byte
- LamportTime uint64
-}
-
-// UUID represents a globally unique ID of various resources like network and endpoint
-type UUID string
-
-// QosPolicy represents a quality of service policy on an endpoint
-type QosPolicy struct {
- MaxEgressBandwidth uint64
-}
-
-// TransportPort represents a local Layer 4 endpoint
-type TransportPort struct {
- Proto Protocol
- Port uint16
-}
-
-// Equal checks if this instance of Transportport is equal to the passed one
-func (t *TransportPort) Equal(o *TransportPort) bool {
- if t == o {
- return true
- }
-
- if o == nil {
- return false
- }
-
- if t.Proto != o.Proto || t.Port != o.Port {
- return false
- }
-
- return true
-}
-
-// GetCopy returns a copy of this TransportPort structure instance
-func (t *TransportPort) GetCopy() TransportPort {
- return TransportPort{Proto: t.Proto, Port: t.Port}
-}
-
-// String returns the TransportPort structure in string form
-func (t *TransportPort) String() string {
- return fmt.Sprintf("%s/%d", t.Proto.String(), t.Port)
-}
-
-// FromString reads the TransportPort structure from string
-func (t *TransportPort) FromString(s string) error {
- ps := strings.Split(s, "/")
- if len(ps) == 2 {
- t.Proto = ParseProtocol(ps[0])
- if p, err := strconv.ParseUint(ps[1], 10, 16); err == nil {
- t.Port = uint16(p)
- return nil
- }
- }
- return BadRequestErrorf("invalid format for transport port: %s", s)
-}
-
-// PortBinding represents a port binding between the container and the host
-type PortBinding struct {
- Proto Protocol
- IP net.IP
- Port uint16
- HostIP net.IP
- HostPort uint16
- HostPortEnd uint16
-}
-
-// HostAddr returns the host side transport address
-func (p PortBinding) HostAddr() (net.Addr, error) {
- switch p.Proto {
- case UDP:
- return &net.UDPAddr{IP: p.HostIP, Port: int(p.HostPort)}, nil
- case TCP:
- return &net.TCPAddr{IP: p.HostIP, Port: int(p.HostPort)}, nil
- case SCTP:
- return &sctp.SCTPAddr{IP: []net.IP{p.HostIP}, Port: int(p.HostPort)}, nil
- default:
- return nil, ErrInvalidProtocolBinding(p.Proto.String())
- }
-}
-
-// ContainerAddr returns the container side transport address
-func (p PortBinding) ContainerAddr() (net.Addr, error) {
- switch p.Proto {
- case UDP:
- return &net.UDPAddr{IP: p.IP, Port: int(p.Port)}, nil
- case TCP:
- return &net.TCPAddr{IP: p.IP, Port: int(p.Port)}, nil
- case SCTP:
- return &sctp.SCTPAddr{IP: []net.IP{p.IP}, Port: int(p.Port)}, nil
- default:
- return nil, ErrInvalidProtocolBinding(p.Proto.String())
- }
-}
-
-// GetCopy returns a copy of this PortBinding structure instance
-func (p *PortBinding) GetCopy() PortBinding {
- return PortBinding{
- Proto: p.Proto,
- IP: GetIPCopy(p.IP),
- Port: p.Port,
- HostIP: GetIPCopy(p.HostIP),
- HostPort: p.HostPort,
- HostPortEnd: p.HostPortEnd,
- }
-}
-
-// String returns the PortBinding structure in string form
-func (p *PortBinding) String() string {
- ret := fmt.Sprintf("%s/", p.Proto)
- if p.IP != nil {
- ret += p.IP.String()
- }
- ret = fmt.Sprintf("%s:%d/", ret, p.Port)
- if p.HostIP != nil {
- ret += p.HostIP.String()
- }
- ret = fmt.Sprintf("%s:%d", ret, p.HostPort)
- return ret
-}
-
-// FromString reads the PortBinding structure from string s.
-// String s is a triple of "protocol/containerIP:port/hostIP:port"
-// containerIP and hostIP can be in dotted decimal ("192.0.2.1") or IPv6 ("2001:db8::68") form.
-// Zoned addresses ("169.254.0.23%eth0" or "fe80::1ff:fe23:4567:890a%eth0") are not supported.
-// If string s is incorrectly formatted or the IP addresses or ports cannot be parsed, FromString
-// returns an error.
-func (p *PortBinding) FromString(s string) error {
- ps := strings.Split(s, "/")
- if len(ps) != 3 {
- return BadRequestErrorf("invalid format for port binding: %s", s)
- }
-
- p.Proto = ParseProtocol(ps[0])
-
- var err error
- if p.IP, p.Port, err = parseIPPort(ps[1]); err != nil {
- return BadRequestErrorf("failed to parse Container IP/Port in port binding: %s", err.Error())
- }
-
- if p.HostIP, p.HostPort, err = parseIPPort(ps[2]); err != nil {
- return BadRequestErrorf("failed to parse Host IP/Port in port binding: %s", err.Error())
- }
-
- return nil
-}
-
-func parseIPPort(s string) (net.IP, uint16, error) {
- hoststr, portstr, err := net.SplitHostPort(s)
- if err != nil {
- return nil, 0, err
- }
-
- ip := net.ParseIP(hoststr)
- if ip == nil {
- return nil, 0, BadRequestErrorf("invalid ip: %s", hoststr)
- }
-
- port, err := strconv.ParseUint(portstr, 10, 16)
- if err != nil {
- return nil, 0, BadRequestErrorf("invalid port: %s", portstr)
- }
-
- return ip, uint16(port), nil
-}
-
-// Equal checks if this instance of PortBinding is equal to the passed one
-func (p *PortBinding) Equal(o *PortBinding) bool {
- if p == o {
- return true
- }
-
- if o == nil {
- return false
- }
-
- if p.Proto != o.Proto || p.Port != o.Port ||
- p.HostPort != o.HostPort || p.HostPortEnd != o.HostPortEnd {
- return false
- }
-
- if p.IP != nil {
- if !p.IP.Equal(o.IP) {
- return false
- }
- } else {
- if o.IP != nil {
- return false
- }
- }
-
- if p.HostIP != nil {
- if !p.HostIP.Equal(o.HostIP) {
- return false
- }
- } else {
- if o.HostIP != nil {
- return false
- }
- }
-
- return true
-}
-
-// ErrInvalidProtocolBinding is returned when the port binding protocol is not valid.
-type ErrInvalidProtocolBinding string
-
-func (ipb ErrInvalidProtocolBinding) Error() string {
- return fmt.Sprintf("invalid transport protocol: %s", string(ipb))
-}
-
-const (
- // ICMP is for the ICMP ip protocol
- ICMP = 1
- // TCP is for the TCP ip protocol
- TCP = 6
- // UDP is for the UDP ip protocol
- UDP = 17
- // SCTP is for the SCTP ip protocol
- SCTP = 132
-)
-
-// Protocol represents an IP protocol number
-type Protocol uint8
-
-func (p Protocol) String() string {
- switch p {
- case ICMP:
- return "icmp"
- case TCP:
- return "tcp"
- case UDP:
- return "udp"
- case SCTP:
- return "sctp"
- default:
- return fmt.Sprintf("%d", p)
- }
-}
-
-// ParseProtocol returns the respective Protocol type for the passed string
-func ParseProtocol(s string) Protocol {
- switch strings.ToLower(s) {
- case "icmp":
- return ICMP
- case "udp":
- return UDP
- case "tcp":
- return TCP
- case "sctp":
- return SCTP
- default:
- return 0
- }
-}
-
-// GetMacCopy returns a copy of the passed MAC address
-func GetMacCopy(from net.HardwareAddr) net.HardwareAddr {
- if from == nil {
- return nil
- }
- to := make(net.HardwareAddr, len(from))
- copy(to, from)
- return to
-}
-
-// GetIPCopy returns a copy of the passed IP address
-func GetIPCopy(from net.IP) net.IP {
- if from == nil {
- return nil
- }
- to := make(net.IP, len(from))
- copy(to, from)
- return to
-}
-
-// GetIPNetCopy returns a copy of the passed IP Network
-func GetIPNetCopy(from *net.IPNet) *net.IPNet {
- if from == nil {
- return nil
- }
- bm := make(net.IPMask, len(from.Mask))
- copy(bm, from.Mask)
- return &net.IPNet{IP: GetIPCopy(from.IP), Mask: bm}
-}
-
-// GetIPNetCanonical returns the canonical form for the passed network
-func GetIPNetCanonical(nw *net.IPNet) *net.IPNet {
- if nw == nil {
- return nil
- }
- c := GetIPNetCopy(nw)
- c.IP = c.IP.Mask(nw.Mask)
- return c
-}
-
-// CompareIPNet returns equal if the two IP Networks are equal
-func CompareIPNet(a, b *net.IPNet) bool {
- if a == b {
- return true
- }
- if a == nil || b == nil {
- return false
- }
- return a.IP.Equal(b.IP) && bytes.Equal(a.Mask, b.Mask)
-}
-
-// GetMinimalIP returns the address in its shortest form
-// If ip contains an IPv4-mapped IPv6 address, the 4-octet form of the IPv4 address will be returned.
-// Otherwise ip is returned unchanged.
-func GetMinimalIP(ip net.IP) net.IP {
- if ip != nil && ip.To4() != nil {
- return ip.To4()
- }
- return ip
-}
-
-// GetMinimalIPNet returns a copy of the passed IP Network with congruent ip and mask notation
-func GetMinimalIPNet(nw *net.IPNet) *net.IPNet {
- if nw == nil {
- return nil
- }
- if len(nw.IP) == 16 && nw.IP.To4() != nil {
- m := nw.Mask
- if len(m) == 16 {
- m = m[12:16]
- }
- return &net.IPNet{IP: nw.IP.To4(), Mask: m}
- }
- return nw
-}
-
-// IsIPNetValid returns true if the ipnet is a valid network/mask
-// combination. Otherwise returns false.
-func IsIPNetValid(nw *net.IPNet) bool {
- return nw.String() != "0.0.0.0/0"
-}
-
-var v4inV6MaskPrefix = []byte{0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff}
-
-// compareIPMask checks if the passed ip and mask are semantically compatible.
-// It returns the byte indexes for the address and mask so that caller can
-// do bitwise operations without modifying address representation.
-func compareIPMask(ip net.IP, mask net.IPMask) (is int, ms int, err error) {
- // Find the effective starting of address and mask
- if len(ip) == net.IPv6len && ip.To4() != nil {
- is = 12
- }
- if len(ip[is:]) == net.IPv4len && len(mask) == net.IPv6len && bytes.Equal(mask[:12], v4inV6MaskPrefix) {
- ms = 12
- }
- // Check if address and mask are semantically compatible
- if len(ip[is:]) != len(mask[ms:]) {
- err = fmt.Errorf("ip and mask are not compatible: (%#v, %#v)", ip, mask)
- }
- return
-}
-
-// GetHostPartIP returns the host portion of the ip address identified by the mask.
-// IP address representation is not modified. If address and mask are not compatible
-// an error is returned.
-func GetHostPartIP(ip net.IP, mask net.IPMask) (net.IP, error) {
- // Find the effective starting of address and mask
- is, ms, err := compareIPMask(ip, mask)
- if err != nil {
- return nil, fmt.Errorf("cannot compute host portion ip address because %s", err)
- }
-
- // Compute host portion
- out := GetIPCopy(ip)
- for i := 0; i < len(mask[ms:]); i++ {
- out[is+i] &= ^mask[ms+i]
- }
-
- return out, nil
-}
-
-// GetBroadcastIP returns the broadcast ip address for the passed network (ip and mask).
-// IP address representation is not modified. If address and mask are not compatible
-// an error is returned.
-func GetBroadcastIP(ip net.IP, mask net.IPMask) (net.IP, error) {
- // Find the effective starting of address and mask
- is, ms, err := compareIPMask(ip, mask)
- if err != nil {
- return nil, fmt.Errorf("cannot compute broadcast ip address because %s", err)
- }
-
- // Compute broadcast address
- out := GetIPCopy(ip)
- for i := 0; i < len(mask[ms:]); i++ {
- out[is+i] |= ^mask[ms+i]
- }
-
- return out, nil
-}
-
-// ParseCIDR returns the *net.IPNet represented by the passed CIDR notation
-func ParseCIDR(cidr string) (n *net.IPNet, e error) {
- var i net.IP
- if i, n, e = net.ParseCIDR(cidr); e == nil {
- n.IP = i
- }
- return
-}
-
-const (
- // NEXTHOP indicates a StaticRoute with an IP next hop.
- NEXTHOP = iota
-
- // CONNECTED indicates a StaticRoute with an interface for directly connected peers.
- CONNECTED
-)
-
-// StaticRoute is a statically-provisioned IP route.
-type StaticRoute struct {
- Destination *net.IPNet
-
- RouteType int // NEXT_HOP or CONNECTED
-
- // NextHop will be resolved by the kernel (i.e. as a loose hop).
- NextHop net.IP
-}
-
-// GetCopy returns a copy of this StaticRoute structure
-func (r *StaticRoute) GetCopy() *StaticRoute {
- d := GetIPNetCopy(r.Destination)
- nh := GetIPCopy(r.NextHop)
- return &StaticRoute{Destination: d,
- RouteType: r.RouteType,
- NextHop: nh,
- }
-}
-
-// InterfaceStatistics represents the interface's statistics
-type InterfaceStatistics struct {
- RxBytes uint64
- RxPackets uint64
- RxErrors uint64
- RxDropped uint64
- TxBytes uint64
- TxPackets uint64
- TxErrors uint64
- TxDropped uint64
-}
-
-func (is *InterfaceStatistics) String() string {
- return fmt.Sprintf("\nRxBytes: %d, RxPackets: %d, RxErrors: %d, RxDropped: %d, TxBytes: %d, TxPackets: %d, TxErrors: %d, TxDropped: %d",
- is.RxBytes, is.RxPackets, is.RxErrors, is.RxDropped, is.TxBytes, is.TxPackets, is.TxErrors, is.TxDropped)
-}
-
-/******************************
- * Well-known Error Interfaces
- ******************************/
-
-// MaskableError is an interface for errors which can be ignored by caller
-type MaskableError interface {
- // Maskable makes implementer into MaskableError type
- Maskable()
-}
-
-// RetryError is an interface for errors which might get resolved through retry
-type RetryError interface {
- // Retry makes implementer into RetryError type
- Retry()
-}
-
-// BadRequestError is an interface for errors originated by a bad request
-type BadRequestError interface {
- // BadRequest makes implementer into BadRequestError type
- BadRequest()
-}
-
-// NotFoundError is an interface for errors raised because a needed resource is not available
-type NotFoundError interface {
- // NotFound makes implementer into NotFoundError type
- NotFound()
-}
-
-// ForbiddenError is an interface for errors which denote a valid request that cannot be honored
-type ForbiddenError interface {
- // Forbidden makes implementer into ForbiddenError type
- Forbidden()
-}
-
-// NoServiceError is an interface for errors returned when the required service is not available
-type NoServiceError interface {
- // NoService makes implementer into NoServiceError type
- NoService()
-}
-
-// TimeoutError is an interface for errors raised because of timeout
-type TimeoutError interface {
- // Timeout makes implementer into TimeoutError type
- Timeout()
-}
-
-// NotImplementedError is an interface for errors raised because of requested functionality is not yet implemented
-type NotImplementedError interface {
- // NotImplemented makes implementer into NotImplementedError type
- NotImplemented()
-}
-
-// InternalError is an interface for errors raised because of an internal error
-type InternalError interface {
- // Internal makes implementer into InternalError type
- Internal()
-}
-
-/******************************
- * Well-known Error Formatters
- ******************************/
-
-// BadRequestErrorf creates an instance of BadRequestError
-func BadRequestErrorf(format string, params ...interface{}) error {
- return badRequest(fmt.Sprintf(format, params...))
-}
-
-// NotFoundErrorf creates an instance of NotFoundError
-func NotFoundErrorf(format string, params ...interface{}) error {
- return notFound(fmt.Sprintf(format, params...))
-}
-
-// ForbiddenErrorf creates an instance of ForbiddenError
-func ForbiddenErrorf(format string, params ...interface{}) error {
- return forbidden(fmt.Sprintf(format, params...))
-}
-
-// NoServiceErrorf creates an instance of NoServiceError
-func NoServiceErrorf(format string, params ...interface{}) error {
- return noService(fmt.Sprintf(format, params...))
-}
-
-// NotImplementedErrorf creates an instance of NotImplementedError
-func NotImplementedErrorf(format string, params ...interface{}) error {
- return notImpl(fmt.Sprintf(format, params...))
-}
-
-// TimeoutErrorf creates an instance of TimeoutError
-func TimeoutErrorf(format string, params ...interface{}) error {
- return timeout(fmt.Sprintf(format, params...))
-}
-
-// InternalErrorf creates an instance of InternalError
-func InternalErrorf(format string, params ...interface{}) error {
- return internal(fmt.Sprintf(format, params...))
-}
-
-// InternalMaskableErrorf creates an instance of InternalError and MaskableError
-func InternalMaskableErrorf(format string, params ...interface{}) error {
- return maskInternal(fmt.Sprintf(format, params...))
-}
-
-// RetryErrorf creates an instance of RetryError
-func RetryErrorf(format string, params ...interface{}) error {
- return retry(fmt.Sprintf(format, params...))
-}
-
-/***********************
- * Internal Error Types
- ***********************/
-type badRequest string
-
-func (br badRequest) Error() string {
- return string(br)
-}
-func (br badRequest) BadRequest() {}
-
-type maskBadRequest string
-
-type notFound string
-
-func (nf notFound) Error() string {
- return string(nf)
-}
-func (nf notFound) NotFound() {}
-
-type forbidden string
-
-func (frb forbidden) Error() string {
- return string(frb)
-}
-func (frb forbidden) Forbidden() {}
-
-type noService string
-
-func (ns noService) Error() string {
- return string(ns)
-}
-func (ns noService) NoService() {}
-
-type maskNoService string
-
-type timeout string
-
-func (to timeout) Error() string {
- return string(to)
-}
-func (to timeout) Timeout() {}
-
-type notImpl string
-
-func (ni notImpl) Error() string {
- return string(ni)
-}
-func (ni notImpl) NotImplemented() {}
-
-type internal string
-
-func (nt internal) Error() string {
- return string(nt)
-}
-func (nt internal) Internal() {}
-
-type maskInternal string
-
-func (mnt maskInternal) Error() string {
- return string(mnt)
-}
-func (mnt maskInternal) Internal() {}
-func (mnt maskInternal) Maskable() {}
-
-type retry string
-
-func (r retry) Error() string {
- return string(r)
-}
-func (r retry) Retry() {}
diff --git a/vendor/github.com/docker/libnetwork/vendor.conf b/vendor/github.com/docker/libnetwork/vendor.conf
deleted file mode 100644
index f2bb55223..000000000
--- a/vendor/github.com/docker/libnetwork/vendor.conf
+++ /dev/null
@@ -1,50 +0,0 @@
-github.com/Azure/go-ansiterm d6e3b3328b783f23731bc4d058875b0371ff8109
-github.com/BurntSushi/toml a368813c5e648fee92e5f6c30e3944ff9d5e8895
-github.com/Microsoft/go-winio v0.4.11
-github.com/Microsoft/hcsshim v0.7.3
-github.com/armon/go-metrics eb0af217e5e9747e41dd5303755356b62d28e3ec
-github.com/armon/go-radix e39d623f12e8e41c7b5529e9a9dd67a1e2261f80
-github.com/codegangsta/cli a65b733b303f0055f8d324d805f393cd3e7a7904
-github.com/containerd/continuity d3c23511c1bf5851696cba83143d9cbcd666869b
-github.com/coreos/etcd v3.2.1
-github.com/coreos/go-semver v0.2.0
-github.com/deckarep/golang-set ef32fa3046d9f249d399f98ebaf9be944430fd1d
-go.etcd.io/bbolt v1.3.1-etcd.8
-
-github.com/docker/docker 162ba6016def672690ee4a1f3978368853a1e149
-github.com/docker/go-connections 7beb39f0b969b075d1325fecb092faf27fd357b6
-github.com/docker/go-events 9461782956ad83b30282bf90e31fa6a70c255ba9
-github.com/docker/go-units 9e638d38cf6977a37a8ea0078f3ee75a7cdb2dd1
-github.com/docker/libkv 458977154600b9f23984d9f4b82e79570b5ae12b
-
-github.com/godbus/dbus v4.0.0
-github.com/gogo/protobuf v1.0.0
-github.com/gorilla/context v1.1
-github.com/gorilla/mux v1.1
-github.com/hashicorp/consul v0.5.2
-github.com/hashicorp/go-msgpack 71c2886f5a673a35f909803f38ece5810165097b
-github.com/hashicorp/go-multierror fcdddc395df1ddf4247c69bd436e84cfa0733f7e
-github.com/hashicorp/memberlist 3d8438da9589e7b608a83ffac1ef8211486bcb7c
-github.com/sean-/seed e2103e2c35297fb7e17febb81e49b312087a2372
-github.com/hashicorp/go-sockaddr 6d291a969b86c4b633730bfc6b8b9d64c3aafed9
-github.com/hashicorp/serf 598c54895cc5a7b1a24a398d635e8c0ea0959870
-github.com/mattn/go-shellwords v1.0.3
-github.com/miekg/dns v1.0.7
-github.com/opencontainers/go-digest v1.0.0-rc1
-github.com/opencontainers/image-spec v1.0.1
-github.com/opencontainers/runc 69663f0bd4b60df09991c08812a60108003fa340
-github.com/opencontainers/runtime-spec v1.0.1
-github.com/samuel/go-zookeeper d0e0d8e11f318e000a8cc434616d69e329edc374
-github.com/sirupsen/logrus v1.0.3
-github.com/ugorji/go f1f1a805ed361a0e078bb537e4ea78cd37dcf065
-github.com/vishvananda/netlink b2de5d10e38ecce8607e6b438b6d174f389a004e
-github.com/vishvananda/netns 604eaf189ee867d8c147fafc28def2394e878d25
-golang.org/x/crypto 1a580b3eff7814fc9b40602fd35256c63b50f491
-golang.org/x/net 0ed95abb35c445290478a5348a7b38bb154135fd
-golang.org/x/sys 37707fdb30a5b38865cfb95e5aab41707daec7fd
-golang.org/x/sync fd80eb99c8f653c847d294a001bdf2a3a6f768f5
-github.com/pkg/errors 839d9e913e063e28dfd0e6c7b7512793e0a48be9
-github.com/ishidawataru/sctp 07191f837fedd2f13d1ec7b5f885f0f3ec54b1cb
-
-gotest.tools v2.1.0
-github.com/google/go-cmp v0.2.0