New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Remaining steps for IPv6 support #8896
Conversation
thanks!! reviewing now! |
@@ -34,28 +35,31 @@ func init() { | |||
supportsXlock = exec.Command("iptables", "--wait", "-L", "-n").Run() == nil | |||
} | |||
|
|||
func NewChain(name, bridge string) (*Chain, error) { | |||
if output, err := Raw("-t", "nat", "-N", name); err != nil { | |||
func NewChain(ipv6 bool, name, bridge string) (*Chain, error) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think this should be refactored, this passing ipv6
everywhere is not very impressive. Maybe some struct which can create and delete chains. So, you just create it with ipv6
or ipv4
param and use it in code below.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
ah yes I like that
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I agree, it's annoying. NewChain is the object you are describing, I think, and it does embed Ipv6. So if we're using Chains, we only pass ipv4/ipv6 in once.
Unfortunately, Raw is then exported, rather than everything going through Chain. So we have to pass the ipv6 flag in here.
I did debate creating something like
func (c *Chain) Raw(args... string) ([]byte, error) {
return Raw(c.Ipv6, args)
}
Do you think that would help?
The bigger problem is the whole use of Raw in other packages. I was going to clean up the whole use of Raw, but then the patch would have ballooned and been cross-purpose.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
ya i think that would help and we could do a cleanup PR after for the Raw
calls other places
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Went with the suggestion; it isn't too bad, because Raw is actually only used in bridge. Thanks!
Drone failing with some cryptic error :/ |
ya im making sure the kernel has iptables with ipv6 support... |
I can't figure out the drone error either. I've obviously done something stupid. We shouldn't even be testing IPv6 - unless you pass -ipv6, the code should short-circuit to the existing behaviour. (Of course, we do need tests for ipv6, but I can't figure out why drone is failing) |
ya so there's other refernces to the iptables package when the daemon is started and they would need to reflect the changes to the package args, it wouldnt throw a compile time error because the args are passed as args.. |
let me find the file and I can explain better |
actually nm I was thinking of bridge and you got all those |
Found a surprising behavior of the To16() function (it converts IPv4 to a 16 bit address as well), but that still isn't it, I don't think... |
maybe https://github.com/docker/docker/blob/master/daemon/networkdriver/portmapper/mapper.go#L175 |
|
Awesome - thank you. I should be able to fix it quickly now |
@@ -73,7 +73,7 @@ func NetworkRange(network *net.IPNet) (net.IP, net.IP) { | |||
} | |||
|
|||
// Return the IPv4 address of a network interface | |||
func GetIfaceAddr(name string) (net.Addr, error) { | |||
func GetIfaceAddr(name string, ipv4 bool, ipv6 bool) (net.Addr, error) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I dont think we need to pass both if it's not ipv6 it implies its ipv4
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think in future we'll likely want to use both IPv4 and IPv6 at the same time. It's only called with (name, !ipv6, ipv6) at the moment.
Happy to fix either way.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
ah this is true
On Fri, Oct 31, 2014 at 2:12 PM, Justin Santa Barbara <
notifications@github.com> wrote:
In daemon/networkdriver/utils.go:
@@ -73,7 +73,7 @@ func NetworkRange(network *net.IPNet) (net.IP, net.IP) {
}// Return the IPv4 address of a network interface
-func GetIfaceAddr(name string) (net.Addr, error) {
+func GetIfaceAddr(name string, ipv4 bool, ipv6 bool) (net.Addr, error) {I think in future we'll likely want to use both IPv4 and IPv6 at the same
time. It's only called with (name, !ipv6, ipv6) at the moment.Happy to fix either way.
—
Reply to this email directly or view it on GitHub
https://github.com/docker/docker/pull/8896/files#r19694007.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think you're right, on reflection. It would have to be refactored anyway to return multiple IP addresses at the same time. Your way is better.
cool, if you are running locally you can On Fri, Oct 31, 2014 at 2:07 PM, Justin Santa Barbara <
|
61240e8
to
e87ba5e
Compare
ping @jpetazzo would love your thoughts on this one |
Drone still failing :/ |
can you change the lines in integration-cli/docker_cli_links_test.go that reference iptables :) |
awesome drone passed. I swapped this with my local binary and its pretty freaking cool. so things we need to get this in:
|
and we need to be sure the docs specify the requirement for the iptables ipv6 module to be active |
Will that be a requirement to run docker or only if I want to make use of ipv6? Just checking as I have some VPS in a DigitalOcean datacenter that hasn't migrated to IPv6 yet |
Also, so much ♥ for all this groundwork! :D |
Need rebase :) |
Signed-off-by: Justin Santa Barbara <justin@fathomdb.com>
Signed-off-by: Justin Santa Barbara <justin@fathomdb.com>
Otherwise this forces use of a configured subnet. Signed-off-by: Justin Santa Barbara <justin@fathomdb.com>
Signed-off-by: Justin Santa Barbara <justin@fathomdb.com>
Signed-off-by: Justin Santa Barbara <justin@fathomdb.com>
Signed-off-by: Justin Santa Barbara <justin@fathomdb.com>
This saves us from having to pass the ipv6 flag around Signed-off-by: Justin Santa Barbara <justin@fathomdb.com>
Rebased |
Signed-off-by: Justin Santa Barbara <justin@fathomdb.com>
Signed-off-by: Justin SB <justin@fathomdb.com>
I am working on the IPv6 support for a while and have a working version with IPv6 support. |
so - if this is the final one, it needs documentation :) |
@SvenDowideit If I follow correctly, @justinsb and @MalteJ are working on combining their PRs. If I understood that correctly, then probably one should be closed to keep the discussion/progress focused in a single place. |
I would like to keep mine (#8947) open as it has more functionality. |
@MalteJ I'm fine either way as long as you are both in agreement 😄. Having two PRs covering the same goal is confusing; closing one prevents the confusion and may save the maintainers some time. As mentioned, I'm just a bystander, so I'll leave it up to you (the creators of the PRs) and the maintainers. If one PR is closed, please update the description and/or closing comment to guide people to the active PR. Thank you both for this work, really excited to see IPv6 become a reality in Docker! |
@thaJeztah you are right! I just have seen this PR yesterday. @justinsb and I still have to do some communication and agree on the next steps. |
so i am going to close this one since you are combining into #8947, just so there is no confusion and the conversation doesn't get fragmented :) |
Most of the work for IPv6 has already been done; this adds support for using ip6tables, makes sure ipv6 support is enabled on the docker0 bridge, and skips the first IP even on IPv6 so we don't have to use a sub-range.