Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[25.0 backport] Revert "daemon: automatically set network EnableIPv6 if needed" #47310

Merged
merged 2 commits into from Feb 3, 2024
Merged

[25.0 backport] Revert "daemon: automatically set network EnableIPv6 if needed" #47310

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
28c1a8b
Revert "daemon: automatically set network EnableIPv6 if needed"
akerouanton Feb 2, 2024
0ccf1c2
api/t/network: ValidateIPAM: ignore v6 subnet when IPv6 is disabled
akerouanton Feb 2, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
27 changes: 5 additions & 22 deletions api/types/network/ipam.go
View file
Open in desktop
Expand Up @@ -30,30 +30,9 @@ const (
ip6 ipFamily = "IPv6"
)

// HasIPv6Subnets checks whether there's any IPv6 subnets in the ipam parameter. It ignores any invalid Subnet and nil
// ipam.
func HasIPv6Subnets(ipam *IPAM) bool {
if ipam == nil {
return false
}

for _, cfg := range ipam.Config {
subnet, err := netip.ParsePrefix(cfg.Subnet)
if err != nil {
continue
}

if subnet.Addr().Is6() {
return true
}
}

return false
}

// ValidateIPAM checks whether the network's IPAM passed as argument is valid. It returns a joinError of the list of
// errors found.
func ValidateIPAM(ipam *IPAM) error {
func ValidateIPAM(ipam *IPAM, enableIPv6 bool) error {
if ipam == nil {
return nil
}
Expand All @@ -70,6 +49,10 @@ func ValidateIPAM(ipam *IPAM) error {
subnetFamily = ip6
}

if !enableIPv6 && subnetFamily == ip6 {
continue
}

if subnet != subnet.Masked() {
errs = append(errs, fmt.Errorf("invalid subnet %s: it should be %s", subnet, subnet.Masked()))
}
Expand Down
8 changes: 7 additions & 1 deletion api/types/network/ipam_test.go
View file
Open in desktop
Expand Up @@ -30,6 +30,12 @@ func TestNetworkWithInvalidIPAM(t *testing.T) {
"invalid auxiliary address DefaultGatewayIPv4: parent subnet is an IPv4 block",
},
},
{
// Regression test for https://github.com/moby/moby/issues/47202
name: "IPv6 subnet is discarded with no error when IPv6 is disabled",
ipam: IPAM{Config: []IPAMConfig{{Subnet: "2001:db8::/32"}}},
ipv6: false,
},
{
name: "Invalid data - Subnet",
ipam: IPAM{Config: []IPAMConfig{{Subnet: "foobar"}}},
Expand Down Expand Up @@ -122,7 +128,7 @@ func TestNetworkWithInvalidIPAM(t *testing.T) {
t.Run(tc.name, func(t *testing.T) {
t.Parallel()

errs := ValidateIPAM(&tc.ipam)
errs := ValidateIPAM(&tc.ipam, tc.ipv6)
if tc.expectedErrors == nil {
assert.NilError(t, errs)
return
Expand Down
6 changes: 1 addition & 5 deletions daemon/network.go
View file
Open in desktop
Expand Up @@ -305,10 +305,6 @@ func (daemon *Daemon) createNetwork(cfg *config.Config, create types.NetworkCrea
return nil, errdefs.Forbidden(errors.New(`This node is not a swarm manager. Use "docker swarm init" or "docker swarm join" to connect this node to swarm and try again.`))
}

if network.HasIPv6Subnets(create.IPAM) {
create.EnableIPv6 = true
}

networkOptions := make(map[string]string)
for k, v := range create.Options {
networkOptions[k] = v
Expand All @@ -335,7 +331,7 @@ func (daemon *Daemon) createNetwork(cfg *config.Config, create types.NetworkCrea
nwOptions = append(nwOptions, libnetwork.NetworkOptionConfigOnly())
}

if err := network.ValidateIPAM(create.IPAM); err != nil {
if err := network.ValidateIPAM(create.IPAM, create.EnableIPv6); err != nil {
return nil, errdefs.InvalidParameter(err)
}

Expand Down