From aef69ee6a15ae89c1a6151e9ad2f8e2607e17420 Mon Sep 17 00:00:00 2001 From: yaoguangzhong Date: Thu, 31 Oct 2024 10:37:50 +0800 Subject: [PATCH] backport upstream patch to fix libnetwork/osl test TestAddRemoveInterface Signed-off-by: Guangzhong Yao --- ...work-osl-test-TestAddRemoveInterface.patch | 76 +++++++++++++++++++ moby.spec | 7 +- 2 files changed, 82 insertions(+), 1 deletion(-) create mode 100644 0007-fix-libnetwork-osl-test-TestAddRemoveInterface.patch diff --git a/0007-fix-libnetwork-osl-test-TestAddRemoveInterface.patch b/0007-fix-libnetwork-osl-test-TestAddRemoveInterface.patch new file mode 100644 index 0000000..d7e75ba --- /dev/null +++ b/0007-fix-libnetwork-osl-test-TestAddRemoveInterface.patch @@ -0,0 +1,76 @@ +From c72e458a7273bf7e542082ef2bbe3d50ca1a62dd Mon Sep 17 00:00:00 2001 +From: Rob Murray +Date: Thu, 18 Jan 2024 21:01:41 +0000 +Subject: [PATCH] Fix libnetwork/osl test TestAddRemoveInterface + +For some time, when adding an interface with no IPv6 address (an +interface to a network that does not have IPv6 enabled), we've been +disabling IPv6 on that interface. + +As part of a separate change, I'm removing that logic - there's nothing +wrong with having IPv6 enabled on an interface with no routable address. +The difference is that the kernel will assign a link-local address. + +TestAddRemoveInterface does this... +- Assign an IPv6 link-local address to one end of a veth interface, and + add it to a namespace. +- Add a bridge with no assigned IPv6 address to the namespace. +- Remove the veth interface from the namespace. +- Put the veth interface back into the namespace, still with an + explicitly assigned IPv6 link local address. + +When IPv6 is disabled on the bridge interface, the test passes. + +But, when IPv6 is enabled, the bridge gets a kernel assigned link-local +address. + +Then, when re-adding the veth interface, the test generates an error in +'osl/interface_linux.go:checkRouteConflict()'. The conflict is between +the explicitly assigned fe80::2 on the veth, and a route for fe80::/64 +belonging to the bridge. + +So, in preparation for not-disabling IPv6 on these interfaces, use a +unique-local address in the test instead of link-local. + +I don't think that changes the intent of the test. + +With the change to not-always disable IPv6, it is possible to repro the +problem with a real container, disconnect and re-connect a user-defined +network with '--subnet fe80::/64' while the container's connected to an +IPv4 network. So, strictly speaking, that will be a regression. + +But, it's also possible to repro the problem in master, by disconnecting +and re-connecting the fe80::/64 network while another IPv6 network is +connected. So, I don't think it's a problem we need to address, perhaps +other than by prohibiting '--subnet fe80::/64'. + +Signed-off-by: Rob Murray +--- + libnetwork/osl/sandbox_linux_test.go | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/libnetwork/osl/sandbox_linux_test.go b/libnetwork/osl/sandbox_linux_test.go +index dd1ac18275..c1c54b0627 100644 +--- a/libnetwork/osl/sandbox_linux_test.go ++++ b/libnetwork/osl/sandbox_linux_test.go +@@ -72,7 +72,7 @@ func newInfo(t *testing.T, hnd *netlink.Handle) (*Namespace, error) { + } + addr.IP = ip4 + +- ip6, addrv6, err := net.ParseCIDR("fe80::2/64") ++ ip6, addrv6, err := net.ParseCIDR("fdac:97b4:dbcc::2/64") + if err != nil { + return nil, err + } +@@ -116,7 +116,7 @@ func newInfo(t *testing.T, hnd *netlink.Handle) (*Namespace, error) { + return &Namespace{ + iFaces: []*Interface{intf1, intf2, intf3}, + gw: net.ParseIP("192.168.1.1"), +- gwv6: net.ParseIP("fe80::1"), ++ gwv6: net.ParseIP("fdac:97b4:dbcc::1/64"), + }, nil + } + +-- +2.42.0.windows.2 + diff --git a/moby.spec b/moby.spec index 71c5899..7e8231c 100644 --- a/moby.spec +++ b/moby.spec @@ -7,7 +7,7 @@ Name: docker Version: 25.0.3 -Release: 13 +Release: 14 Summary: The open-source application container engine License: ASL 2.0 URL: https://www.docker.com @@ -26,6 +26,7 @@ Patch0003: 0003-add-loongarch64-seccomp-support.patch Patch0004: 0004-fix-docker-swarm-run-failed-for-loongarch64.patch Patch0005: 0005-CVE-2024-41110.patch Patch0006: 0006-tini.c-a-function-declaration-without-a-prototype-is.patch +Patch0007: 0007-fix-libnetwork-osl-test-TestAddRemoveInterface.patch Requires: %{name}-engine = %{version}-%{release} Requires: %{name}-client = %{version}-%{release} @@ -95,6 +96,7 @@ Docker client binary and related utilities %patch 0003 -p1 %patch 0004 -p1 %patch 0005 -p1 +%patch 0007 -p1 %setup -q -T -n %{_source_docker_init} -b 2 %patch 0006 -p1 @@ -197,6 +199,9 @@ fi %systemd_postun_with_restart docker.service %changelog +* Thu Oct 31 2024 yaoguangzhong - 25.0.3-14 +- DESC:backport upstream patch to fix libnetwork/osl test TestAddRemoveInterface + * Tue Oct 29 2024 yaoguangzhong - 25.0.3-13 - DESC:modify patch number -- Gitee