diff --git a/hack/vendor.sh b/hack/vendor.sh index 3b7e94d1c69c..5b88500fe43b 100755 --- a/hack/vendor.sh +++ b/hack/vendor.sh @@ -66,7 +66,7 @@ clone git github.com/RackSec/srslog 259aed10dfa74ea2961eddd1d9847619f6e98837 clone git github.com/imdario/mergo 0.2.1 #get libnetwork packages -clone git github.com/docker/libnetwork 24f64a6f9e9cade70e3904df291fb321584b1b4e +clone git github.com/docker/libnetwork 82fb373e3eaa4e9bbb5b5ac148b0a3a71f80fca6 clone git github.com/docker/go-events afb2b9f2c23f33ada1a22b03651775fdc65a5089 clone git github.com/armon/go-radix e39d623f12e8e41c7b5529e9a9dd67a1e2261f80 clone git github.com/armon/go-metrics eb0af217e5e9747e41dd5303755356b62d28e3ec diff --git a/vendor/src/github.com/docker/libnetwork/network.go b/vendor/src/github.com/docker/libnetwork/network.go index 5c83bef903ec..ffdc23248651 100644 --- a/vendor/src/github.com/docker/libnetwork/network.go +++ b/vendor/src/github.com/docker/libnetwork/network.go @@ -1110,8 +1110,8 @@ func (n *network) getSvcRecords(ep *endpoint) []etchosts.Record { epName := ep.Name() n.ctrlr.Lock() + defer n.ctrlr.Unlock() sr, _ := n.ctrlr.svcRecords[n.id] - n.ctrlr.Unlock() for h, ip := range sr.svcMap { if strings.Split(h, ".")[0] == epName { diff --git a/vendor/src/github.com/docker/libnetwork/resolver.go b/vendor/src/github.com/docker/libnetwork/resolver.go index 8ba3860b70b0..b9eb4f3ff2c4 100644 --- a/vendor/src/github.com/docker/libnetwork/resolver.go +++ b/vendor/src/github.com/docker/libnetwork/resolver.go @@ -255,6 +255,9 @@ func (r *resolver) handleSRVQuery(svc string, query *dns.Msg) (*dns.Msg, error) if err != nil { return nil, err } + if len(srv) == 0 { + return nil, nil + } if len(srv) != len(ip) { return nil, fmt.Errorf("invalid reply for SRV query %s", svc) } diff --git a/vendor/src/github.com/docker/libnetwork/sandbox.go b/vendor/src/github.com/docker/libnetwork/sandbox.go index 8a659b038c89..52e9bb678382 100644 --- a/vendor/src/github.com/docker/libnetwork/sandbox.go +++ b/vendor/src/github.com/docker/libnetwork/sandbox.go @@ -444,16 +444,16 @@ func (sb *sandbox) ResolveService(name string) ([]*net.SRV, []net.IP, error) { log.Debugf("Service name To resolve: %v", name) + // There are DNS implementaions that allow SRV queries for names not in + // the format defined by RFC 2782. Hence specific validations checks are + // not done parts := strings.Split(name, ".") if len(parts) < 3 { - return nil, nil, fmt.Errorf("invalid service name, %s", name) + return nil, nil, nil } portName := parts[0] proto := parts[1] - if proto != "_tcp" && proto != "_udp" { - return nil, nil, fmt.Errorf("invalid protocol in service, %s", name) - } svcName := strings.Join(parts[2:], ".") for _, ep := range sb.getConnectedEndpoints() { diff --git a/vendor/src/github.com/docker/libnetwork/service_linux.go b/vendor/src/github.com/docker/libnetwork/service_linux.go index 337d32520710..9dc27f5578bf 100644 --- a/vendor/src/github.com/docker/libnetwork/service_linux.go +++ b/vendor/src/github.com/docker/libnetwork/service_linux.go @@ -647,7 +647,7 @@ func invokeFWMarker(path string, vip net.IP, fwMark uint32, ingressPorts []*Port cmd := &exec.Cmd{ Path: reexec.Self(), - Args: append([]string{"fwmarker"}, path, vip.String(), fmt.Sprintf("%d", fwMark), addDelOpt, ingressPortsFile, eIP.IP.String()), + Args: append([]string{"fwmarker"}, path, vip.String(), fmt.Sprintf("%d", fwMark), addDelOpt, ingressPortsFile, eIP.String()), Stdout: os.Stdout, Stderr: os.Stderr, } @@ -719,7 +719,13 @@ func fwMarker() { } if addDelOpt == "-A" { - ruleParams := strings.Fields(fmt.Sprintf("-m ipvs --ipvs -j SNAT --to-source %s", os.Args[6])) + eIP, subnet, err := net.ParseCIDR(os.Args[6]) + if err != nil { + logrus.Errorf("Failed to parse endpoint IP %s: %v", os.Args[6], err) + os.Exit(9) + } + + ruleParams := strings.Fields(fmt.Sprintf("-m ipvs --ipvs -d %s -j SNAT --to-source %s", subnet, eIP)) if !iptables.Exists("nat", "POSTROUTING", ruleParams...) { rule := append(strings.Fields("-t nat -A POSTROUTING"), ruleParams...) rules = append(rules, rule)