-
Notifications
You must be signed in to change notification settings - Fork 18.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fix issue for --fixed-cidr
when bridge has multiple addresses
#26659
Fix issue for --fixed-cidr
when bridge has multiple addresses
#26659
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
ping @mavenugo
if config.bridgeConfig.FixedCIDR != "" { | ||
_, fCIDR, err := net.ParseCIDR(config.bridgeConfig.FixedCIDR) | ||
if err != nil { | ||
return err |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can you use errors.Wrap()
here from github.com/pkg/errors? It's already vendored.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Fixed.
// bridge interface. | ||
func (i *bridgeInterface) addresses() (netlink.Addr, []netlink.Addr, error) { | ||
func (i *bridgeInterface) addresses() (netlink.Addr, []netlink.Addr, []netlink.Addr, error) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is pretty unwieldy and I really have no idea what each return actually is without reading the comment above.
Seems like we can at least remove the first return and just call [0]
to get the "first ipv4 address"
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks @cpuguy83 the PR has been updated.
if err != nil { | ||
return fmt.Errorf("failed to retrieve bridge interface addresses: %v", err) | ||
} | ||
|
||
// Iterate through all IPv4 addresses in case multiple IPv4 addresses exist | ||
if config.AddressIPv4 != nil { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Seems like a pretty common pattern in the patch.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks @cpuguy83. The PR has been updated with the logic wrapped into a new func.
75bff91
to
16882ea
Compare
@cpuguy83 Thanks for the review. The PR has been updated. Please take a look and let me know if there are any other issues. |
docker changes look good to me |
} | ||
|
||
nw := nwList[0] | ||
if config.bridgeConfig.FixedCIDR != "" { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Minor comment, you may want to evaluate this only if len(nwList) > 1
.
It will also make it clear why you are looking for an (at first) unrelated extra data (fixedCIDR
) to make a better selection on the IPv4 network to pick.
Up to you if you want to make the change.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks @aboch for the review. The PR has been updated with the changes.
16882ea
to
1afabb1
Compare
1afabb1
to
e0e9e5b
Compare
This fix tries to address the issue raised in 26341 where multiple addresses in a bridge may cause `--fixed-cidr` to not have the correct addresses. The issue is that `netutils.ElectInterfaceAddresses(bridgeName)` only returns the first IPv4 address. This fix (together with the PR created in libnetwork ) changes `ElectInterfaceAddresses()` and `addresses()` so that all IPv4 addresses are returned. This will allow the possibility of selectively choose the address needed. In `daemon_unix.go`, bridge address is chosen by comparing with the `--fixed-cidr` first, thus resolve the issue in 26341. This fix is tested manually, as is described in 26341: ``` brctl addbr cbr0 ip addr add 10.111.111.111/20 dev cbr0 label cbr0:main ip addr add 10.222.222.222/12 dev cbr0 label cbr0:docker ip link set cbr0 up docker daemon --bridge=cbr0 --iptables=false --ip-masq=false --fixed-cidr=10.222.222.222/24 docker run --rm busybox ip route get 8.8.8.8 | grep -Po 'src.*' src 10.222.222.0 ``` This fix fixes 26341. Signed-off-by: Yong Tang <[email protected]>
e0e9e5b
to
4fb3836
Compare
This fix updates libnetwork to f4338b6f1085ccfe5972e655cca8a1d15d73439d. Signed-off-by: Yong Tang <[email protected]>
4fb3836
to
fc62ad6
Compare
@aboch The PR has been rebased and libnetwork has been vendored as well. Please take a look and let me know if there are any issues. |
Thanks @yongtang I will update the issue's description to include which docker PRs the libnetwork vendoring will fix |
Changes look good to me |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
LGTM |
Thanks for working on it @crosbymichael! 👍 |
- What I did
This fix tries to address the issue raised in #26341 where multiple addresses in a bridge may cause
--fixed-cidr
to not have the correct addresses.The issue is that
netutils.ElectInterfaceAddresses(bridgeName)
only returns the first IPv4 address.- How I did it
This fix (together with the PR created in libnetwork moby/libnetwork#1452) changes
ElectInterfaceAddresses()
andaddresses()
so that all IPv4 addresses are returned. This will allow the possibility of selectively choose the address needed.In
daemon_unix.go
, bridge address is chosen by comparing with the--fixed-cidr
first, thus resolve the issue in #26341.- How to verify it
This fix is tested manually, as is described in #26341:
- Description for the changelog
- A picture of a cute animal (not mandatory but encouraged)
This fix fixes #26341.
This fix is related to libnetwork PR moby/libnetwork#1452
libnetwork vendoring:
Fixes #22204
Fixes #24637
Fixes #27157
Also, moby/libnetwork#1333, moby/libnetwork#1480
Signed-off-by: Yong Tang [email protected]