When attempting to read a (malformed) resolv.conf with a very long line,
a obscure error would be produced that didn't provide much context to
identify the problem;
Handler for POST /v1.51/containers/mariadb11/start returned error: bufio.Scanner: token too long
This patch adds some additional error-handling to detect this situation,
and includes the filename of the resolv.conf to help the user locating
the file that failed to be parsed.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
In rootless mode, the Engine needs to call the rootless port driver to
know which IP address it should bind to inside of its network namespace.
The slirp4netns port drivers doesn't support binding to IPv6 address, so
we need to detect that before listening on the port.
Before commit 201968cc0, this wasn't a problem because the Engine was
binding the port, then calling rootless port driver to learn whether the
proto/IP family was supported, and listen on the port if so.
Starting with that commit, the Engine does bind + listen in one go, and
then calls the port driver — this is too late. Fix the bug by checking
if the port driver supports the PortBindingReq, and only allocate the
port if so.
Signed-off-by: Albin Kerouanton <albin.kerouanton@docker.com>
These utilities are very handy to use in integration tests, too. Move
the package so it can be imported by them.
Signed-off-by: Cory Snider <csnider@mirantis.com>
These utilities are going to be needed elsewhere in the daemon to handle
netip values from API requests.
Signed-off-by: Cory Snider <csnider@mirantis.com>
The `ErrBackendNotSupported` error was no longer used since [moby@37cbdeb].
[moby@37cbdeb]: 37cbdeb1f2
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
The `BOLTDB` const and related `Backend` type are no longer used since
[moby@ed08486].
[moby@ed08486]: ed08486ec7
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
With this tag, a dynamically linked binary will exec
the nft tool instead of using cgo to call libnftables
directly.
Signed-off-by: Rob Murray <rob.murray@docker.com>
On API v1.52 and newer, the GET /networks/{id} endpoint returns
statistics about the IPAM state for the subnets assigned to the network.
Signed-off-by: Cory Snider <csnider@mirantis.com>
The uint128 type is very convenient for manipulating 128 bit-wide
quantities, as tends to come up in several contexts when working with
IPv6. Move it into a libnetwork/internal/ package so it can be reused
elsewhere within libnetwork.
Signed-off-by: Cory Snider <csnider@mirantis.com>
Add methods to count the number of addresses in the set which have a
particular prefix. The returned counts are 128 bits wide to accommodate
sets containing more than 2**64 addresses.
Signed-off-by: Cory Snider <csnider@mirantis.com>
When generating the rules for an nftables chain, rather than collecting
rules into a slice and iterating over that, use an iterator.
Signed-off-by: Rob Murray <rob.murray@docker.com>
Add nftables.Modifier, to hold a queue of commands that can be applied
using Modifier.Apply. No updates are made to the underlying Table
until Apply is called, errors in the queue if commands are deferred
until Apply.
This has the advantages that:
- less error handling is needed in code that generates update commands
- it's transactional, without needing explicit transactions
Minor disadvantages are that it's slightly more difficult to debug updates,
as it's no longer possible to step through the call making an update to
the Table manipulation in a debugger - and errors in the command, and
errors like trying to update a nonexistent chain/set/vmap, deleting an
object that doesn't exist or creating a duplicate are not reported
until the updates are applied (but, the file/line where the rule was
added is reported).
Signed-off-by: Rob Murray <rob.murray@docker.com>
The macAddr and ipmac types are generally useful within libnetwork. Move
them to a dedicated package and overhaul the API to be more like that of
the net/netip package.
Update the overlay driver to utilize these types, adapting to the new
API.
Signed-off-by: Cory Snider <csnider@mirantis.com>
#27 94.97 executor/oci/internal/resolvconf/resolvconf.go:461:6: the error type name `systemErr` should conform to the `xxxError` format (errname)
#27 94.97 type systemErr struct{ error }
#27 94.97 ^
Also fix an unhandled error; we don't need a defer() for that one
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Rewrite this function to not use text/template, which is ~74× faster,
~25× less memory, and ~56× fewer allocations.
Before/After:
BenchmarkGenerate-10 42550 27439 ns/op 18083 B/op 394 allocs/op
BenchmarkGenerate-10 3148328 373 ns/op 712 B/op 7 allocs/op
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
