We'll be using release branches for minor version updates, so instead
of (e.g.) a 27.0 branch, we'll be using 27.x and continue using the
branch for minor version updates.
This patch changes the validation step to only compare against the
major version.
Co-authored-by: Cory Snider <corhere@gmail.com>
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Docker EE is no more. Point users looking for commercial support at the
currently-maintained commercial products based on the Moby project:
Docker Desktop and Mirantis Container Runtime.
Signed-off-by: Cory Snider <csnider@mirantis.com>
Replace the regexp checking ID validity with a for loop.
The benefits are:
- faster (up to 10x faster with less allocations);
- no init overhead to compile the regexp.
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
Replace the regexp checking ID validity with a function. The benefits
are:
- function is faster (up to 10x faster with less allocations);
- no init overhead to compile the regexp;
Add a test case.
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
The test checks that it's possible to set a per-interface sysctl
using '--sysctl' - but, after API v1.46, it's not (and driver option
'com.docker.network.endpoint.sysctls' must be used instead).
Test added in commit fde80fe2
Per-interface sysctls added, with API changes, in commit 00718322
Signed-off-by: Rob Murray <rob.murray@docker.com>
For SCTP port mappings, an iptables mangle rule was create to fix
the checksum. The code comment says it was done to fix a problem
caused by the veth driver reporting NETIF_F_SCTP_CRC since kernel
4.9, when used with NICs that do not support NETIF_F_SCTP_CRC.
But the checksum rule fills in the checksum in the IP header,
not an SCTP checksum, so it doesn't seem related. And, quoting
from the github issue, "since kernel v4.19, the xt_CHECKSUM.c
explicitly states it should only be used for UDP and only in the
OUTPUT chain - while docker is using it for SCTP in the PREROUTING
chain".
Furthermore, the rule is reported to be causing errors for SCTP
between containers.
Because we don't entirely understand why the rule exists, it
is now only added if the daemon's env has
DOCKER_IPTABLES_SCTP_CHECKSUM=1. If no problems are reported, that
escape-hatch and the code to add the rule will be removed in a
future release.
Signed-off-by: Rob Murray <rob.murray@docker.com>
Capabilities were implemented in aa96c3176b,
as part of work on an external graphdriver-plugin. Given that none of
the builtin graphdrivers use this option, and support for graphdriver-
plugins has been removed in 555dac5e14,
we can remove this functionality.
This patch:
- removes the CapabilityDriver interface, which has no implementations
- removes the Capabilities type
- layer: remove layerStore.useTarSplit. This field was previously set
through the driver's Capabilities, but always enabled for the builtin
graphdrivers,
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
It was unnecessary; access to the variable was synchronized through a
mutex in all cases but one, where synchonizing through the mutex would
work just fine without any chance of deadlocks.
Signed-off-by: Cory Snider <csnider@mirantis.com>
The netlink.RouteAdd in setupBridgeIPv6 always failed, because
the bridge is always 'down' when it's called.
Signed-off-by: Rob Murray <rob.murray@docker.com>
