|
@@ -0,0 +1,74 @@
|
|
|
|
|
+From 7b9c2905883df5171fda10a364a81b8c6176c8e2 Mon Sep 17 00:00:00 2001
|
|
|
|
|
+From: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
|
|
|
|
|
+Date: Mon, 26 Apr 2021 15:28:40 +0900
|
|
|
|
|
+Subject: [PATCH] fix port forwarding with ipv6.disable=1
|
|
|
|
|
+
|
|
|
|
|
+Make `docker run -p 80:80` functional again on environments with kernel boot parameter `ipv6.disable=1`.
|
|
|
|
|
+
|
|
|
|
|
+Fix moby/moby issue 42288
|
|
|
|
|
+
|
|
|
|
|
+Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
|
|
|
|
|
+[Upstream: https://github.com/moby/libnetwork/pull/2635,
|
|
|
|
|
+ https://github.com/moby/moby/pull/42322]
|
|
|
|
|
+[Rework path/drop test for docker-engine]
|
|
|
|
|
+Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
|
|
|
|
|
+---
|
|
|
|
|
+ vendor/github.com/docker/libnetwork/drivers/bridge/port_mapping.go | 31 +++++++++++++++++++++++++++++++
|
|
|
|
|
+ 1 file changed, 35 insertions(+), 0 deletion(-)
|
|
|
|
|
+
|
|
|
|
|
+diff --git a/vendor/github.com/docker/libnetwork/drivers/bridge/port_mapping.go b/vendor/github.com/docker/libnetwork/drivers/bridge/port_mapping.go
|
|
|
|
|
+index 946130ec..17bf36f9 100644
|
|
|
|
|
+--- a/vendor/github.com/docker/libnetwork/drivers/bridge/port_mapping.go
|
|
|
|
|
++++ b/vendor/github.com/docker/libnetwork/drivers/bridge/port_mapping.go
|
|
|
|
|
+@@ -5,6 +5,7 @@ import (
|
|
|
|
|
+ "errors"
|
|
|
|
|
+ "fmt"
|
|
|
|
|
+ "net"
|
|
|
|
|
++ "sync"
|
|
|
|
|
+
|
|
|
|
|
+ "github.com/docker/libnetwork/types"
|
|
|
|
|
+ "github.com/ishidawataru/sctp"
|
|
|
|
|
+@@ -50,6 +51,13 @@ func (n *bridgeNetwork) allocatePortsInternal(bindings []types.PortBinding, cont
|
|
|
|
|
+ bs = append(bs, bIPv4)
|
|
|
|
|
+ }
|
|
|
|
|
+
|
|
|
|
|
++ // skip adding implicit v6 addr, when the kernel was booted with `ipv6.disable=1`
|
|
|
|
|
++ // https://github.com/moby/moby/issues/42288
|
|
|
|
|
++ isV6Binding := c.HostIP != nil && c.HostIP.To4() == nil
|
|
|
|
|
++ if !isV6Binding && !IsV6Listenable() {
|
|
|
|
|
++ continue
|
|
|
|
|
++ }
|
|
|
|
|
++
|
|
|
|
|
+ // Allocate IPv6 Port mappings
|
|
|
|
|
+ // If the container has no IPv6 address, allow proxying host IPv6 traffic to it
|
|
|
|
|
+ // by setting up the binding with the IPv4 interface if the userland proxy is enabled
|
|
|
|
|
+@@ -211,3 +219,26 @@ func (n *bridgeNetwork) releasePort(bnd types.PortBinding) error {
|
|
|
|
|
+
|
|
|
|
|
+ return portmapper.Unmap(host)
|
|
|
|
|
+ }
|
|
|
|
|
++
|
|
|
|
|
++var (
|
|
|
|
|
++ v6ListenableCached bool
|
|
|
|
|
++ v6ListenableOnce sync.Once
|
|
|
|
|
++)
|
|
|
|
|
++
|
|
|
|
|
++// IsV6Listenable returns true when `[::1]:0` is listenable.
|
|
|
|
|
++// IsV6Listenable returns false mostly when the kernel was booted with `ipv6.disable=1` option.
|
|
|
|
|
++func IsV6Listenable() bool {
|
|
|
|
|
++ v6ListenableOnce.Do(func() {
|
|
|
|
|
++ ln, err := net.Listen("tcp6", "[::1]:0")
|
|
|
|
|
++ if err != nil {
|
|
|
|
|
++ // When the kernel was booted with `ipv6.disable=1`,
|
|
|
|
|
++ // we get err "listen tcp6 [::1]:0: socket: address family not supported by protocol"
|
|
|
|
|
++ // https://github.com/moby/moby/issues/42288
|
|
|
|
|
++ logrus.Debugf("port_mapping: v6Listenable=false (%v)", err)
|
|
|
|
|
++ } else {
|
|
|
|
|
++ v6ListenableCached = true
|
|
|
|
|
++ ln.Close()
|
|
|
|
|
++ }
|
|
|
|
|
++ })
|
|
|
|
|
++ return v6ListenableCached
|
|
|
|
|
++}
|
|
|
|
|
+--
|
|
|
|
|
+2.20.1
|
|
|
|
|
+
|
Peter Korsgaard