packages/moby
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

backport upstream patch to fix libnetwork/osl test TestAddRemoveInterface

Browse Source 
Signed-off-by: Guangzhong Yao <yaoguangzhong@xfusion.com>
This commit is contained in:
yaoguangzhong 2024-10-31 10:37:50 +08:00
parent 83abe347ac
commit aef69ee6a1
2 changed files with 82 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

76
0007-fix-libnetwork-osl-test-TestAddRemoveInterface.patch Normal file
View File

@ -0,0 +1,76 @@
From c72e458a7273bf7e542082ef2bbe3d50ca1a62dd Mon Sep 17 00:00:00 2001
From: Rob Murray <rob.murray@docker.com>
Date: Thu, 18 Jan 2024 21:01:41 +0000
Subject: [PATCH] Fix libnetwork/osl test TestAddRemoveInterface
For some time, when adding an interface with no IPv6 address (an
interface to a network that does not have IPv6 enabled), we've been
disabling IPv6 on that interface.
As part of a separate change, I'm removing that logic - there's nothing
wrong with having IPv6 enabled on an interface with no routable address.
The difference is that the kernel will assign a link-local address.
TestAddRemoveInterface does this...
- Assign an IPv6 link-local address to one end of a veth interface, and
add it to a namespace.
- Add a bridge with no assigned IPv6 address to the namespace.
- Remove the veth interface from the namespace.
- Put the veth interface back into the namespace, still with an
explicitly assigned IPv6 link local address.
When IPv6 is disabled on the bridge interface, the test passes.
But, when IPv6 is enabled, the bridge gets a kernel assigned link-local
address.
Then, when re-adding the veth interface, the test generates an error in
'osl/interface_linux.go:checkRouteConflict()'. The conflict is between
the explicitly assigned fe80::2 on the veth, and a route for fe80::/64
belonging to the bridge.
So, in preparation for not-disabling IPv6 on these interfaces, use a
unique-local address in the test instead of link-local.
I don't think that changes the intent of the test.
With the change to not-always disable IPv6, it is possible to repro the
problem with a real container, disconnect and re-connect a user-defined
network with '--subnet fe80::/64' while the container's connected to an
IPv4 network. So, strictly speaking, that will be a regression.
But, it's also possible to repro the problem in master, by disconnecting
and re-connecting the fe80::/64 network while another IPv6 network is
connected. So, I don't think it's a problem we need to address, perhaps
other than by prohibiting '--subnet fe80::/64'.
Signed-off-by: Rob Murray <rob.murray@docker.com>
---
libnetwork/osl/sandbox_linux_test.go | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/libnetwork/osl/sandbox_linux_test.go b/libnetwork/osl/sandbox_linux_test.go
index dd1ac18275..c1c54b0627 100644
--- a/libnetwork/osl/sandbox_linux_test.go
+++ b/libnetwork/osl/sandbox_linux_test.go
@@ -72,7 +72,7 @@ func newInfo(t *testing.T, hnd *netlink.Handle) (*Namespace, error) {
}
addr.IP = ip4
- ip6, addrv6, err := net.ParseCIDR("fe80::2/64")
+ ip6, addrv6, err := net.ParseCIDR("fdac:97b4:dbcc::2/64")
if err != nil {
return nil, err
}
@@ -116,7 +116,7 @@ func newInfo(t *testing.T, hnd *netlink.Handle) (*Namespace, error) {
return &Namespace{
iFaces: []*Interface{intf1, intf2, intf3},
gw: net.ParseIP("192.168.1.1"),
- gwv6: net.ParseIP("fe80::1"),
+ gwv6: net.ParseIP("fdac:97b4:dbcc::1/64"),
}, nil
}
--
2.42.0.windows.2

7
moby.spec
View File

@ -7,7 +7,7 @@
Name: docker Name: docker
Version: 25.0.3 Version: 25.0.3
Release: 13 Release: 14
Summary: The open-source application container engine Summary: The open-source application container engine
License: ASL 2.0 License: ASL 2.0
URL: https://www.docker.com URL: https://www.docker.com
@ -26,6 +26,7 @@ Patch0003: 0003-add-loongarch64-seccomp-support.patch
Patch0004: 0004-fix-docker-swarm-run-failed-for-loongarch64.patch Patch0004: 0004-fix-docker-swarm-run-failed-for-loongarch64.patch
Patch0005: 0005-CVE-2024-41110.patch Patch0005: 0005-CVE-2024-41110.patch
Patch0006: 0006-tini.c-a-function-declaration-without-a-prototype-is.patch Patch0006: 0006-tini.c-a-function-declaration-without-a-prototype-is.patch
Patch0007: 0007-fix-libnetwork-osl-test-TestAddRemoveInterface.patch
Requires: %{name}-engine = %{version}-%{release} Requires: %{name}-engine = %{version}-%{release}
Requires: %{name}-client = %{version}-%{release} Requires: %{name}-client = %{version}-%{release}
@ -95,6 +96,7 @@ Docker client binary and related utilities
%patch 0003 -p1 %patch 0003 -p1
%patch 0004 -p1 %patch 0004 -p1
%patch 0005 -p1 %patch 0005 -p1
%patch 0007 -p1
%setup -q -T -n %{_source_docker_init} -b 2 %setup -q -T -n %{_source_docker_init} -b 2
%patch 0006 -p1 %patch 0006 -p1
@ -197,6 +199,9 @@ fi
%systemd_postun_with_restart docker.service %systemd_postun_with_restart docker.service
%changelog %changelog
* Thu Oct 31 2024 yaoguangzhong<yaoguangzhong@xfusion.com> - 25.0.3-14
- DESC:backport upstream patch to fix libnetwork/osl test TestAddRemoveInterface
* Tue Oct 29 2024 yaoguangzhong<yaoguangzhong@xfusion.com> - 25.0.3-13 * Tue Oct 29 2024 yaoguangzhong<yaoguangzhong@xfusion.com> - 25.0.3-13
- DESC:modify patch number - DESC:modify patch number