backport upstream patch to fix libnetwork/osl test TestAddRemoveInterface
Signed-off-by: Guangzhong Yao <yaoguangzhong@xfusion.com>
This commit is contained in:
yaoguangzhong
parent
83abe347ac
commit
aef69ee6a1
76
0007-fix-libnetwork-osl-test-TestAddRemoveInterface.patch
Normal file
76
0007-fix-libnetwork-osl-test-TestAddRemoveInterface.patch
Normal file
@ -0,0 +1,76 @@
|
||||
From c72e458a7273bf7e542082ef2bbe3d50ca1a62dd Mon Sep 17 00:00:00 2001
|
||||
From: Rob Murray <rob.murray@docker.com>
|
||||
Date: Thu, 18 Jan 2024 21:01:41 +0000
|
||||
Subject: [PATCH] Fix libnetwork/osl test TestAddRemoveInterface
|
||||
|
||||
For some time, when adding an interface with no IPv6 address (an
|
||||
interface to a network that does not have IPv6 enabled), we've been
|
||||
disabling IPv6 on that interface.
|
||||
|
||||
As part of a separate change, I'm removing that logic - there's nothing
|
||||
wrong with having IPv6 enabled on an interface with no routable address.
|
||||
The difference is that the kernel will assign a link-local address.
|
||||
|
||||
TestAddRemoveInterface does this...
|
||||
- Assign an IPv6 link-local address to one end of a veth interface, and
|
||||
add it to a namespace.
|
||||
- Add a bridge with no assigned IPv6 address to the namespace.
|
||||
- Remove the veth interface from the namespace.
|
||||
- Put the veth interface back into the namespace, still with an
|
||||
explicitly assigned IPv6 link local address.
|
||||
|
||||
When IPv6 is disabled on the bridge interface, the test passes.
|
||||
|
||||
But, when IPv6 is enabled, the bridge gets a kernel assigned link-local
|
||||
address.
|
||||
|
||||
Then, when re-adding the veth interface, the test generates an error in
|
||||
'osl/interface_linux.go:checkRouteConflict()'. The conflict is between
|
||||
the explicitly assigned fe80::2 on the veth, and a route for fe80::/64
|
||||
belonging to the bridge.
|
||||
|
||||
So, in preparation for not-disabling IPv6 on these interfaces, use a
|
||||
unique-local address in the test instead of link-local.
|
||||
|
||||
I don't think that changes the intent of the test.
|
||||
|
||||
With the change to not-always disable IPv6, it is possible to repro the
|
||||
problem with a real container, disconnect and re-connect a user-defined
|
||||
network with '--subnet fe80::/64' while the container's connected to an
|
||||
IPv4 network. So, strictly speaking, that will be a regression.
|
||||
|
||||
But, it's also possible to repro the problem in master, by disconnecting
|
||||
and re-connecting the fe80::/64 network while another IPv6 network is
|
||||
connected. So, I don't think it's a problem we need to address, perhaps
|
||||
other than by prohibiting '--subnet fe80::/64'.
|
||||
|
||||
Signed-off-by: Rob Murray <rob.murray@docker.com>
|
||||
---
|
||||
libnetwork/osl/sandbox_linux_test.go | 4 ++--
|
||||
1 file changed, 2 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/libnetwork/osl/sandbox_linux_test.go b/libnetwork/osl/sandbox_linux_test.go
|
||||
index dd1ac18275..c1c54b0627 100644
|
||||
--- a/libnetwork/osl/sandbox_linux_test.go
|
||||
+++ b/libnetwork/osl/sandbox_linux_test.go
|
||||
@@ -72,7 +72,7 @@ func newInfo(t *testing.T, hnd *netlink.Handle) (*Namespace, error) {
|
||||
}
|
||||
addr.IP = ip4
|
||||
|
||||
- ip6, addrv6, err := net.ParseCIDR("fe80::2/64")
|
||||
+ ip6, addrv6, err := net.ParseCIDR("fdac:97b4:dbcc::2/64")
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
@@ -116,7 +116,7 @@ func newInfo(t *testing.T, hnd *netlink.Handle) (*Namespace, error) {
|
||||
return &Namespace{
|
||||
iFaces: []*Interface{intf1, intf2, intf3},
|
||||
gw: net.ParseIP("192.168.1.1"),
|
||||
- gwv6: net.ParseIP("fe80::1"),
|
||||
+ gwv6: net.ParseIP("fdac:97b4:dbcc::1/64"),
|
||||
}, nil
|
||||
}
|
||||
|
||||
--
|
||||
2.42.0.windows.2
|
||||
|
||||
@ -7,7 +7,7 @@
|
||||
|
||||
Name: docker
|
||||
Version: 25.0.3
|
||||
Release: 13
|
||||
Release: 14
|
||||
Summary: The open-source application container engine
|
||||
License: ASL 2.0
|
||||
URL: https://www.docker.com
|
||||
@ -26,6 +26,7 @@ Patch0003: 0003-add-loongarch64-seccomp-support.patch
|
||||
Patch0004: 0004-fix-docker-swarm-run-failed-for-loongarch64.patch
|
||||
Patch0005: 0005-CVE-2024-41110.patch
|
||||
Patch0006: 0006-tini.c-a-function-declaration-without-a-prototype-is.patch
|
||||
Patch0007: 0007-fix-libnetwork-osl-test-TestAddRemoveInterface.patch
|
||||
|
||||
Requires: %{name}-engine = %{version}-%{release}
|
||||
Requires: %{name}-client = %{version}-%{release}
|
||||
@ -95,6 +96,7 @@ Docker client binary and related utilities
|
||||
%patch 0003 -p1
|
||||
%patch 0004 -p1
|
||||
%patch 0005 -p1
|
||||
%patch 0007 -p1
|
||||
%setup -q -T -n %{_source_docker_init} -b 2
|
||||
%patch 0006 -p1
|
||||
|
||||
@ -197,6 +199,9 @@ fi
|
||||
%systemd_postun_with_restart docker.service
|
||||
|
||||
%changelog
|
||||
* Thu Oct 31 2024 yaoguangzhong<yaoguangzhong@xfusion.com> - 25.0.3-14
|
||||
- DESC:backport upstream patch to fix libnetwork/osl test TestAddRemoveInterface
|
||||
|
||||
* Tue Oct 29 2024 yaoguangzhong<yaoguangzhong@xfusion.com> - 25.0.3-13
|
||||
- DESC:modify patch number
|
||||
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user