Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Revert "Added API to set ephemeral port allocator range." #43066

Merged
merged 2 commits into from
Jun 3, 2022
Merged

Revert "Added API to set ephemeral port allocator range." #43066

merged 2 commits into from
Jun 3, 2022

Conversation

akerouanton
Copy link
Member

@akerouanton akerouanton commented Dec 6, 2021
edited
Loading

- What I did

Since commit 2c4a868, Docker doesn't
use the value of net.ipv4.ip_local_port_range when choosing an ephemeral
port. This change reverts back to the previous behavior.

Fixes #43054.

- How to verify it

  1. make shell
  2. In the container, sysctl -w net.ipv4.ip_local_port_range="39000 40000"
  3. Start dockerd
  4. Run docker run --rm -it -p 80 nginx
  5. Check what port Docker has picked with docker ps

- Description for the changelog

Use the value of net.ipv4.ip_local_port_range when choosing an ephemeral port

@akerouanton akerouanton mentioned this pull request Dec 6, 2021
Closed
@thaJeztah thaJeztah added this to the 22.06.0 milestone May 31, 2022
neersighted
neersighted approved these changes Jun 2, 2022
View reviewed changes
Copy link
Member

@neersighted neersighted left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This looks really clean from a revert/application standpoint. However, I do wonder if it is desirable to reintroduce the ability to set the range over the API in a way that is documented and falls back to the kernel parameter as a default?

Regardless, this is aligned with the documented behavior and the right move given this has manifested as a regression for users.

tianon
tianon approved these changes Jun 2, 2022
View reviewed changes
Copy link
Member

@tianon tianon left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I was worried that the removal of OptionDynamicPortRange would be a problem, but it looks like it was only ever used in #40055 (which is still unmerged). 👍

@tianon
Copy link
Member

tianon commented Jun 2, 2022

(This needs a rebase for some conflicts, but they look like they're pretty minor -- just the imports, perhaps?)

akerouanton and others added 2 commits June 2, 2022 22:56
@akerouanton @thaJeztah
Revert "Added API to set ephemeral port allocator range."
414dd01 
Since commit 2c4a868, Docker doesn't
use the value of net.ipv4.ip_local_port_range when choosing an ephemeral
port. This change reverts back to the previous behavior.

Fixes moby#43054.

Signed-off-by: Albin Kerouanton <albinker@gmail.com>
@thaJeztah
libnetwork/portallocator: un-export consts for defaults
b4b2a03 
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
thaJeztah
thaJeztah reviewed Jun 2, 2022
View reviewed changes
libnetwork/portallocator/portallocator.go Outdated
logrus.WithError(err).Infof("falling back to default port range %d-%d", defaultPortRangeStart, defaultPortRangeEnd)
start, end = defaultPortRangeStart, defaultPortRangeEnd
logrus.WithError(err).Infof("falling back to default port range %d-%d", DefaultPortRangeStart, DefaultPortRangeEnd)
start, end = DefaultPortRangeStart, DefaultPortRangeEnd
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks like these consts aren't used outside of the package, so I guess we can keep those

@thaJeztah
Copy link
Member

Doing a quick rebase, and I'll add a commit to keep the consts un-exported

thaJeztah
thaJeztah approved these changes Jun 2, 2022
View reviewed changes
Copy link
Member

@thaJeztah thaJeztah left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@akerouanton
Copy link
Member Author

Ah, sorry @thaJeztah, didn't had time to rebase it today. Thanks for doing it 🙂

@thaJeztah
Copy link
Member

No worries! (apologies on our side for this have taken so long!)

thaJeztah
thaJeztah reviewed Jun 2, 2022
View reviewed changes
libnetwork/portallocator/portallocator_unix.go
defaultPortRangeEnd = 60999
defaultPortRangeEnd = 65535
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Let me comment on this line; this may have been related to #40055 (comment) as well (in case we need to un-revert this change in range)

/cc @neersighted @corhere @evol262

(and myself, for if this causes havoc in our products 🙈)

@thaJeztah
Copy link
Member

Failure is unrelated; known flaky test (#38521)

=== FAIL: github.com/docker/docker/integration-cli TestDockerSuite/TestStartReturnCorrectExitCode (4.54s)
    docker_cli_start_test.go:191: assertion failed: 
        Command:  D:\a\moby\moby\out\docker.exe start -a withRestart
        ExitCode: 0
        Stdout:   
        Stderr:   
        
        Failures:
        ExitCode was 0 expected 11
    --- FAIL: TestDockerSuite/TestStartReturnCorrectExitCode (4.54s)

@thaJeztah thaJeztah merged commit 82e58a0 into moby:master Jun 3, 2022
@akerouanton akerouanton deleted the fix-43054 branch June 3, 2022 09:08
This was referenced Nov 7, 2022
Closed
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@thaJeztah thaJeztah thaJeztah approved these changes

@tianon tianon tianon approved these changes

@neersighted neersighted neersighted approved these changes

Assignees
No one assigned
Labels
area/networking kind/bugfix PR's that fix bugs status/4-merge
Projects
None yet
Milestone
23.0.0
Development

Successfully merging this pull request may close these issues.

Linux kernel ephemeral port range ignored in Docker 20+
4 participants
@akerouanton @tianon @thaJeztah @neersighted