Fix issue for --fixed-cidr when bridge has multiple addresses
#26659
Conversation
| if config.bridgeConfig.FixedCIDR != "" { | ||
| _, fCIDR, err := net.ParseCIDR(config.bridgeConfig.FixedCIDR) | ||
| if err != nil { | ||
| return err |
There was a problem hiding this comment.
Can you use errors.Wrap() here from github.com/pkg/errors? It's already vendored.
| // bridge interface. | ||
| func (i *bridgeInterface) addresses() (netlink.Addr, []netlink.Addr, error) { | ||
| func (i *bridgeInterface) addresses() (netlink.Addr, []netlink.Addr, []netlink.Addr, error) { |
There was a problem hiding this comment.
This is pretty unwieldy and I really have no idea what each return actually is without reading the comment above.
Seems like we can at least remove the first return and just call [0] to get the "first ipv4 address"
There was a problem hiding this comment.
Thanks @cpuguy83 the PR has been updated.
| if err != nil { | ||
| return fmt.Errorf("failed to retrieve bridge interface addresses: %v", err) | ||
| } | ||
|
|
||
| // Iterate through all IPv4 addresses in case multiple IPv4 addresses exist | ||
| if config.AddressIPv4 != nil { |
There was a problem hiding this comment.
Seems like a pretty common pattern in the patch.
There was a problem hiding this comment.
Thanks @cpuguy83. The PR has been updated with the logic wrapped into a new func.
yongtang
force-pushed
the
26341-fixed-cidr-multiple-addresses-bridge
branch
from
75bff91
to
16882ea
Compare
|
@cpuguy83 Thanks for the review. The PR has been updated. Please take a look and let me know if there are any other issues. |
|
docker changes look good to me |
| } | ||
|
|
||
| nw := nwList[0] | ||
| if config.bridgeConfig.FixedCIDR != "" { |
There was a problem hiding this comment.
Minor comment, you may want to evaluate this only if len(nwList) > 1.
It will also make it clear why you are looking for an (at first) unrelated extra data (fixedCIDR) to make a better selection on the IPv4 network to pick.
Up to you if you want to make the change.
There was a problem hiding this comment.
Thanks @aboch for the review. The PR has been updated with the changes.
yongtang
force-pushed
the
26341-fixed-cidr-multiple-addresses-bridge
branch
from
16882ea
to
1afabb1
Compare
yongtang
force-pushed
the
26341-fixed-cidr-multiple-addresses-bridge
branch
from
1afabb1
to
e0e9e5b
Compare
This fix tries to address the issue raised in 26341 where multiple addresses in a bridge may cause `--fixed-cidr` to not have the correct addresses. The issue is that `netutils.ElectInterfaceAddresses(bridgeName)` only returns the first IPv4 address. This fix (together with the PR created in libnetwork ) changes `ElectInterfaceAddresses()` and `addresses()` so that all IPv4 addresses are returned. This will allow the possibility of selectively choose the address needed. In `daemon_unix.go`, bridge address is chosen by comparing with the `--fixed-cidr` first, thus resolve the issue in 26341. This fix is tested manually, as is described in 26341: ``` brctl addbr cbr0 ip addr add 10.111.111.111/20 dev cbr0 label cbr0:main ip addr add 10.222.222.222/12 dev cbr0 label cbr0:docker ip link set cbr0 up docker daemon --bridge=cbr0 --iptables=false --ip-masq=false --fixed-cidr=10.222.222.222/24 docker run --rm busybox ip route get 8.8.8.8 | grep -Po 'src.*' src 10.222.222.0 ``` This fix fixes 26341. Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
yongtang
force-pushed
the
26341-fixed-cidr-multiple-addresses-bridge
branch
from
e0e9e5b
to
4fb3836
Compare
This fix updates libnetwork to f4338b6f1085ccfe5972e655cca8a1d15d73439d. Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
yongtang
force-pushed
the
26341-fixed-cidr-multiple-addresses-bridge
branch
from
4fb3836
to
fc62ad6
Compare
|
@aboch The PR has been rebased and libnetwork has been vendored as well. Please take a look and let me know if there are any issues. |
|
Thanks @yongtang I will update the issue's description to include which docker PRs the libnetwork vendoring will fix |
|
Changes look good to me |
|
LGTM |
|
Thanks for working on it @crosbymichael! 👍 |
- What I did
This fix tries to address the issue raised in #26341 where multiple addresses in a bridge may cause
--fixed-cidrto not have the correct addresses.The issue is that
netutils.ElectInterfaceAddresses(bridgeName)only returns the first IPv4 address.- How I did it
This fix (together with the PR created in libnetwork moby/libnetwork#1452) changes
ElectInterfaceAddresses()andaddresses()so that all IPv4 addresses are returned. This will allow the possibility of selectively choose the address needed.In
daemon_unix.go, bridge address is chosen by comparing with the--fixed-cidrfirst, thus resolve the issue in #26341.- How to verify it
This fix is tested manually, as is described in #26341:
- Description for the changelog
- A picture of a cute animal (not mandatory but encouraged)
This fix fixes #26341.
This fix is related to libnetwork PR moby/libnetwork#1452
libnetwork vendoring:
Fixes #22204
Fixes #24637
Fixes #27157
Also, moby/libnetwork#1333, moby/libnetwork#1480
Signed-off-by: Yong Tang yong.tang.github@outlook.com