Vendoring libnetwork for 1.12.1-rc1

* Fixes moby#25236
* Fixes moby#24789
* Fixes moby#25340
* Fixes moby#25130
* Fixes moby/libnetwork#1387
* Fix external DNS responses > 512 bytes getting dropped
* Fix crash when remote plugin returns empty address string
* Make service LB work from self
* Fixed a few race-conditions

Signed-off-by: Madhu Venugopal <[email protected]>

Author: mavenugo

hack/vendor.sh

@@ -66,7 +66,7 @@ clone git github.com/RackSec/srslog 259aed10dfa74ea2961eddd1d9847619f6e98837
 clone git github.com/imdario/mergo 0.2.1
 
 #get libnetwork packages
-clone git github.com/docker/libnetwork 5e7bf83ab07c197d1bef6ec073d9f19ce59e3eb2
+clone git github.com/docker/libnetwork f77a0c9f540536c37019cf64d09a9a932dd7b54b
 clone git github.com/docker/go-events afb2b9f2c23f33ada1a22b03651775fdc65a5089
 clone git github.com/armon/go-radix e39d623f12e8e41c7b5529e9a9dd67a1e2261f80
 clone git github.com/armon/go-metrics eb0af217e5e9747e41dd5303755356b62d28e3ec

vendor/src/github.com/docker/libnetwork/agent.go

@@ -136,10 +136,16 @@ func (c *controller) handleKeyChange(keys []*types.EncryptionKey) error {
 		}
 	}
 
-	key, tag := c.getPrimaryKeyTag(subsysGossip)
+	key, tag, err := c.getPrimaryKeyTag(subsysGossip)
+	if err != nil {
+		return err
+	}
 	a.networkDB.SetPrimaryKey(key)
 
-	key, tag = c.getPrimaryKeyTag(subsysIPSec)
+	key, tag, err = c.getPrimaryKeyTag(subsysIPSec)
+	if err != nil {
+		return err
+	}
 	drvEnc.Primary = key
 	drvEnc.PrimaryTag = tag
 
@@ -158,82 +164,6 @@ func (c *controller) handleKeyChange(keys []*types.EncryptionKey) error {
 	return nil
 }
 
-func (c *controller) handleKeyChangeV1(keys []*types.EncryptionKey) error {
-	drvEnc := discoverapi.DriverEncryptionUpdate{}
-
-	// Find the new key and add it to the key ring
-	a := c.agent
-	for _, key := range keys {
-		same := false
-		for _, cKey := range c.keys {
-			if same = cKey.LamportTime == key.LamportTime; same {
-				break
-			}
-		}
-		if !same {
-			c.keys = append(c.keys, key)
-			if key.Subsystem == subsysGossip {
-				a.networkDB.SetKey(key.Key)
-			}
-			if key.Subsystem == subsysGossip /*subsysIPSec*/ {
-				drvEnc.Key = key.Key
-				drvEnc.Tag = key.LamportTime
-			}
-			break
-		}
-	}
-	// Find the deleted key. If the deleted key was the primary key,
-	// a new primary key should be set before removing if from keyring.
-	deleted := []byte{}
-	for i, cKey := range c.keys {
-		same := false
-		for _, key := range keys {
-			if same = key.LamportTime == cKey.LamportTime; same {
-				break
-			}
-		}
-		if !same {
-			if cKey.Subsystem == subsysGossip {
-				deleted = cKey.Key
-			}
-			if cKey.Subsystem == subsysGossip /*subsysIPSec*/ {
-				drvEnc.Prune = cKey.Key
-				drvEnc.PruneTag = cKey.LamportTime
-			}
-			c.keys = append(c.keys[:i], c.keys[i+1:]...)
-			break
-		}
-	}
-
-	sort.Sort(ByTime(c.keys))
-	for _, key := range c.keys {
-		if key.Subsystem == subsysGossip {
-			a.networkDB.SetPrimaryKey(key.Key)
-			break
-		}
-	}
-	for _, key := range c.keys {
-		if key.Subsystem == subsysGossip /*subsysIPSec*/ {
-			drvEnc.Primary = key.Key
-			drvEnc.PrimaryTag = key.LamportTime
-			break
-		}
-	}
-	if len(deleted) > 0 {
-		a.networkDB.RemoveKey(deleted)
-	}
-
-	c.drvRegistry.WalkDrivers(func(name string, driver driverapi.Driver, capability driverapi.Capability) bool {
-		err := driver.DiscoverNew(discoverapi.EncryptionKeysUpdate, drvEnc)
-		if err != nil {
-			logrus.Warnf("Failed to update datapath keys in driver %s: %v", name, err)
-		}
-		return false
-	})
-
-	return nil
-}
-
 func (c *controller) agentSetup() error {
 	clusterProvider := c.cfg.Daemon.ClusterProvider
 
@@ -281,25 +211,22 @@ func (c *controller) getKeys(subsys string) ([][]byte, []uint64) {
 		}
 	}
 
-	if len(keys) < keyringSize {
-		return keys, tags
-	}
 	keys[0], keys[1] = keys[1], keys[0]
 	tags[0], tags[1] = tags[1], tags[0]
 	return keys, tags
 }
 
-// getPrimaryKeyTag returns the primary key for a given subsytem from the
+// getPrimaryKeyTag returns the primary key for a given subsystem from the
 // list of sorted key and the associated tag
-func (c *controller) getPrimaryKeyTag(subsys string) ([]byte, uint64) {
+func (c *controller) getPrimaryKeyTag(subsys string) ([]byte, uint64, error) {
 	sort.Sort(ByTime(c.keys))
 	keys := []*types.EncryptionKey{}
 	for _, key := range c.keys {
 		if key.Subsystem == subsys {
 			keys = append(keys, key)
 		}
 	}
-	return keys[1].Key, keys[1].LamportTime
+	return keys[1].Key, keys[1].LamportTime, nil
 }
 
 func (c *controller) agentInit(bindAddrOrInterface, advertiseAddr string) error {
@@ -462,6 +389,7 @@ func (ep *endpoint) addToCluster() error {
 			VirtualIP:    ep.virtualIP.String(),
 			IngressPorts: ingressPorts,
 			Aliases:      ep.svcAliases,
+			TaskAliases:  ep.myAliases,
 			EndpointIP:   ep.Iface().Address().IP.String(),
 		})
 
@@ -540,7 +468,10 @@ func (n *network) addDriverWatches() {
 		}
 
 		c.agent.networkDB.WalkTable(tableName, func(nid, key string, value []byte) bool {
-			d.EventNotify(driverapi.Create, n.ID(), tableName, key, value)
+			if nid == n.ID() {
+				d.EventNotify(driverapi.Create, nid, tableName, key, value)
+			}
+
 			return false
 		})
 	}
@@ -653,6 +584,7 @@ func (c *controller) handleEpTableEvent(ev events.Event) {
 	ip := net.ParseIP(epRec.EndpointIP)
 	ingressPorts := epRec.IngressPorts
 	aliases := epRec.Aliases
+	taskaliases := epRec.TaskAliases
 
 	if name == "" || ip == nil {
 		logrus.Errorf("Invalid endpoint name/ip received while handling service table event %s", value)
@@ -668,6 +600,9 @@ func (c *controller) handleEpTableEvent(ev events.Event) {
 		}
 
 		n.addSvcRecords(name, ip, nil, true)
+		for _, alias := range taskaliases {
+			n.addSvcRecords(alias, ip, nil, true)
+		}
 	} else {
 		if svcID != "" {
 			if err := c.rmServiceBinding(svcName, svcID, nid, eid, vip, ingressPorts, aliases, ip); err != nil {
@@ -677,5 +612,8 @@ func (c *controller) handleEpTableEvent(ev events.Event) {
 		}
 
 		n.deleteSvcRecords(name, ip, nil, true)
+		for _, alias := range taskaliases {
+			n.deleteSvcRecords(alias, ip, nil, true)
+		}
 	}
 }

vendor/src/github.com/docker/libnetwork/agent.pb.go

@@ -34,6 +34,9 @@ message EndpointRecord {
 
 	// A list of aliases which are alternate names for the service
 	repeated string aliases = 7;
+
+	// List of aliases task specific aliases
+	repeated string task_aliases = 8;
 }
 
 // PortConfig specifies an exposed port which can be

vendor/src/github.com/docker/libnetwork/agent.proto

@@ -97,7 +97,7 @@ type NetworkController interface {
 	// Sandboxes returns the list of Sandbox(s) managed by this controller.
 	Sandboxes() []Sandbox
 
-	// WlakSandboxes uses the provided function to walk the Sandbox(s) managed by this controller.
+	// WalkSandboxes uses the provided function to walk the Sandbox(s) managed by this controller.
 	WalkSandboxes(walker SandboxWalker)
 
 	// SandboxByID returns the Sandbox which has the passed id. If not found, a types.NotFoundError is returned.
@@ -250,6 +250,21 @@ func (c *controller) SetKeys(keys []*types.EncryptionKey) error {
 	clusterConfigAvailable := c.clusterConfigAvailable
 	agent := c.agent
 	c.Unlock()
+
+	subsysKeys := make(map[string]int)
+	for _, key := range keys {
+		if key.Subsystem != subsysGossip &&
+			key.Subsystem != subsysIPSec {
+			return fmt.Errorf("key received for unrecognized subsystem")
+		}
+		subsysKeys[key.Subsystem]++
+	}
+	for s, count := range subsysKeys {
+		if count != keyringSize {
+			return fmt.Errorf("incorrect number of keys for susbsystem %v", s)
+		}
+	}
+
 	if len(existingKeys) == 0 {
 		c.Lock()
 		c.keys = keys
@@ -269,9 +284,6 @@ func (c *controller) SetKeys(keys []*types.EncryptionKey) error {
 		c.Unlock()
 		return nil
 	}
-	if len(keys) < keyringSize {
-		return c.handleKeyChangeV1(keys)
-	}
 	return c.handleKeyChange(keys)
 }