{"payload":{"feedbackUrl":"https://github.com/orgs/community/discussions/53140","repo":{"id":716209508,"defaultBranch":"master","name":"moby","ownerLogin":"robmry","currentUserCanPush":false,"isFork":true,"isEmpty":false,"createdAt":"2023-11-08T16:56:35.000Z","ownerAvatar":"https://avatars.githubusercontent.com/u/148866618?v=4","public":true,"private":false,"isOrgOwned":false},"refInfo":{"name":"","listCacheKey":"v0:1715764583.0","currentOid":""},"activityList":{"items":[{"before":"8af4af3ec4a6ba2eff752038d0aed0c01ef0ea4b","after":"b17872918fbe9edcb0cb0ed1e4859e8f9342b434","ref":"refs/heads/47639_per-interface-sysctls","pushedAt":"2024-05-17T13:45:06.000Z","pushType":"force_push","commitsCount":0,"pusher":{"login":"robmry","name":"Rob Murray","path":"/robmry","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/148866618?s=80&v=4"},"commit":{"message":"Add per-endpoint sysctls to DriverOpts\n\nUntil now it's been possible to set per-interface sysctls using, for\nexample, '--sysctl net.ipv6.conf.eth0.accept_ra=2'. But, the index in\nthe interface name is allocated serially, and the numbering in a container\nwith more than one interface may change when a container is restarted.\nThe change to make it possible to connect a container to more than one\nnetwork when it's created increased the ambiguity.\n\nThis change adds label \"com.docker.network.endpoint.sysctls\" to the\nDriverOpts in EndpointSettings. This option is explicitly associated\nwith the interface.\n\nSettings in \"--sysctl\" for \"eth0\" are migrated to DriverOpts.\n\nBecause using \"--sysctl\" with any interface apart from \"eth0\" would have\nunpredictable results, it is now an error to use any other interface name\nin the top level \"--sysctl\" option. The error message includes a hint at\nhow to use the new per-interface setting.\n\nThe per-endpoint sysctl name is a shortened form of the sysctl name,\nintended to limit settings to 'net.*', and to eliminate the need to\nidentify the interface by name. For example:\n    net.ipv6.conf.eth0.accept_ra=2\nbecomes:\n    ipv6.conf.accept_ra=2\n\nThe value of DriverOpts[\"com.docker.network.endpoint.sysctls\"] is a\ncomma separated list of these short-form sysctls.\n\nSettings from '--sysctl' are applied by the runtime lib during task\ncreation. So, task creation fails if the endpoint does not exist.\nApplying per-endpoint settings during interface configuration means the\nendpoint can be created later, which paves the way for removal of the\nSetKey OCI prestart hook.\n\nUnlike other DriverOpts, the sysctl label itself is not driver-specific,\nbut each driver has a chance to check settings/values and raise an error\nif a setting would cause it a problem - no such checks have been added\nin this initial version. As a future extension, if required, it would be\npossible for the driver to echo back valid/extended/modified settings to\nlibnetwork for it to apply to the interface. (At that point, the syntax\nfor the options could become driver specific to allow, for example, a\ndriver to create more than one interface).\n\nSigned-off-by: Rob Murray <rob.murray@docker.com>","shortMessageHtmlLink":"Add per-endpoint sysctls to DriverOpts"}},{"before":"20f3db3a4fe73e0112ecbee775166c800849d161","after":"8af4af3ec4a6ba2eff752038d0aed0c01ef0ea4b","ref":"refs/heads/47639_per-interface-sysctls","pushedAt":"2024-05-17T13:42:30.000Z","pushType":"force_push","commitsCount":0,"pusher":{"login":"robmry","name":"Rob Murray","path":"/robmry","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/148866618?s=80&v=4"},"commit":{"message":"Add per-endpoint sysctls to DriverOpts\n\nUntil now it's been possible to set per-interface sysctls using, for\nexample, '--sysctl net.ipv6.conf.eth0.accept_ra=2'. But, the index in\nthe interface name is allocated serially, and the numbering in a container\nwith more than one interface may change when a container is restarted.\nThe change to make it possible to connect a container to more than one\nnetwork when it's created increased the ambiguity.\n\nThis change adds label \"com.docker.network.endpoint.sysctls\" to the\nDriverOpts in EndpointSettings. This option is explicitly associated\nwith the interface.\n\nSettings in \"--sysctl\" for \"eth0\" are migrated to DriverOpts.\n\nBecause using \"--sysctl\" with any interface apart from \"eth0\" would have\nunpredictable results, it is now an error to use any other interface name\nin the top level \"--sysctl\" option. The error message includes a hint at\nhow to use the new per-interface setting.\n\nThe per-endpoint sysctl name is a shortened form of the sysctl name,\nintended to limit settings to 'net.*', and to eliminate the need to\nidentify the interface by name. For example:\n    net.ipv6.conf.eth0.accept_ra=2\nbecomes:\n    ipv6.conf.accept_ra=2\n\nThe value of DriverOpts[\"com.docker.network.endpoint.sysctls\"] is a\ncomma separated list of these short-form sysctls.\n\nSettings from '--sysctl' are applied by the runtime lib during task\ncreation. So, task creation fails if the endpoint does not exist.\nApplying per-endpoint settings during interface configuration means the\nendpoint can be created later, which paves the way for removal of the\nSetKey OCI prestart hook.\n\nUnlike other DriverOpts, the sysctl label itself is not driver-specific,\nbut each driver has a chance to check settings/values and raise an error\nif a setting would cause it a problem - no such checks have been added\nin this initial version. As a future extension, if required, it would be\npossible for the driver to echo back valid/extended/modified settings to\nlibnetwork for it to apply to the interface. (At that point, the syntax\nfor the options could become driver specific to allow, for example, a\ndriver to create more than one interface).\n\nSigned-off-by: Rob Murray <rob.murray@docker.com>","shortMessageHtmlLink":"Add per-endpoint sysctls to DriverOpts"}},{"before":"93e43d522d900258a3e4101ff16bed95bc6e536b","after":"20f3db3a4fe73e0112ecbee775166c800849d161","ref":"refs/heads/47639_per-interface-sysctls","pushedAt":"2024-05-17T13:37:36.000Z","pushType":"force_push","commitsCount":0,"pusher":{"login":"robmry","name":"Rob Murray","path":"/robmry","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/148866618?s=80&v=4"},"commit":{"message":"Add per-endpoint sysctls to DriverOpts\n\nUntil now it's been possible to set per-interface sysctls using, for\nexample, '--sysctl net.ipv6.conf.eth0.accept_ra=2'. But, the index in\nthe interface name is allocated serially, and the numbering in a container\nwith more than one interface may change when a container is restarted.\nThe change to make it possible to connect a container to more than one\nnetwork when it's created increased the ambiguity.\n\nThis change adds label \"com.docker.network.endpoint.sysctls\" to the\nDriverOpts in EndpointSettings. This option is explicitly associated\nwith the interface.\n\nSettings in \"--sysctl\" for \"eth0\" are migrated to DriverOpts.\n\nBecause using \"--sysctl\" with any interface apart from \"eth0\" would have\nunpredictable results, it is now an error to use any other interface name\nin the top level \"--sysctl\" option. The error message includes a hint at\nhow to use the new per-interface setting.\n\nThe per-endpoint sysctl name is a shortened form of the sysctl name,\nintended to limit settings to 'net.*', and to eliminate the need to\nidentify the interface by name. For example:\n    net.ipv6.conf.eth0.accept_ra=2\nbecomes:\n    ipv6.conf.accept_ra=2\n\nThe value of DriverOpts[\"com.docker.network.endpoint.sysctls\"] is a\ncomma separated list of these short-form sysctls.\n\nSettings from '--sysctl' are applied by the runtime lib during task\ncreation. So, task creation fails if the endpoint does not exist.\nApplying per-endpoint settings during interface configuration means the\nendpoint can be created later, which paves the way for removal of the\nSetKey OCI prestart hook.\n\nUnlike other DriverOpts, the sysctl label itself is not driver-specific,\nbut each driver has a chance to check settings/values and raise an error\nif a setting would cause it a problem - no such checks have been added\nin this initial version. As a future extension, if required, it would be\npossible for the driver to echo back valid/extended/modified settings to\nlibnetwork for it to apply to the interface. (At that point, the syntax\nfor the options could become driver specific to allow, for example, a\ndriver to create more than one interface).\n\nSigned-off-by: Rob Murray <rob.murray@docker.com>","shortMessageHtmlLink":"Add per-endpoint sysctls to DriverOpts"}},{"before":"2681c580c97a45d738081966df0a7ff2671b4c6d","after":"93e43d522d900258a3e4101ff16bed95bc6e536b","ref":"refs/heads/47639_per-interface-sysctls","pushedAt":"2024-05-16T08:45:04.000Z","pushType":"force_push","commitsCount":0,"pusher":{"login":"robmry","name":"Rob Murray","path":"/robmry","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/148866618?s=80&v=4"},"commit":{"message":"Add per-endpoint sysctls to DriverOpts\n\nUntil now it's been possible to set per-interface sysctls using, for\nexample, '--sysctl net.ipv6.conf.eth0.accept_ra=2'. But, the index in\nthe interface name is allocated serially, and the numbering in a container\nwith more than one interface may change when a container is restarted.\nThe change to make it possible to connect a container to more than one\nnetwork when it's created increased the ambiguity.\n\nThis change adds label \"com.docker.network.endpoint.sysctls\" to the\nDriverOpts in EndpointSettings. This option is explicitly associated\nwith the interface.\n\nSettings in \"--sysctl\" for \"eth0\" are migrated to DriverOpts.\n\nBecause using \"--sysctl\" with any interface apart from \"eth0\" would have\nunpredictable results, it is now an error to use any other interface name\nin the top level \"--sysctl\" option. The error message includes a hint at\nhow to use the new per-interface setting.\n\nThe per-endpoint sysctl name is a shortened form of the sysctl name,\nintended to limit settings to 'net.*', and to eliminate the need to\nidentify the interface by name. For example:\n    net.ipv6.conf.eth0.accept_ra=2\nbecomes:\n    ipv6.conf.accept_ra=2\n\nThe value of DriverOpts[\"com.docker.network.endpoint.sysctls\"] is a\ncomma separated list of these short-form sysctls.\n\nSettings from '--sysctl' are applied by the runtime lib during task\ncreation. So, task creation fails if the endpoint does not exist.\nApplying per-endpoint settings during interface configuration means the\nendpoint can be created later, which paves the way for removal of the\nSetKey OCI prestart hook.\n\nUnlike other DriverOpts, the sysctl label itself is not driver-specific,\nbut each driver has a chance to check settings/values and raise an error\nif a setting would cause it a problem - no such checks have been added\nin this initial version. As a future extension, if required, it would be\npossible for the driver to echo back valid/extended/modified settings to\nlibnetwork for it to apply to the interface. (At that point, the syntax\nfor the options could become driver specific to allow, for example, a\ndriver to create more than one interface).\n\nSigned-off-by: Rob Murray <rob.murray@docker.com>","shortMessageHtmlLink":"Add per-endpoint sysctls to DriverOpts"}},{"before":"ff8de5e15690ff88fd5bae59918915effb46faef","after":null,"ref":"refs/heads/firewalld_forwarding_policy","pushedAt":"2024-05-15T09:16:23.000Z","pushType":"branch_deletion","commitsCount":0,"pusher":{"login":"robmry","name":"Rob Murray","path":"/robmry","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/148866618?s=80&v=4"}},{"before":"77a47dba3bb2f997e063a9174177b8670edfa865","after":null,"ref":"refs/heads/internal_network_with_dns","pushedAt":"2024-05-15T09:14:58.000Z","pushType":"branch_deletion","commitsCount":0,"pusher":{"login":"robmry","name":"Rob Murray","path":"/robmry","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/148866618?s=80&v=4"}},{"before":"fda708f55dd87707268ac66e7c2e82ca16e896e8","after":null,"ref":"refs/heads/bad_integration-cli_ipv6_tests","pushedAt":"2024-05-15T09:14:34.000Z","pushType":"branch_deletion","commitsCount":0,"pusher":{"login":"robmry","name":"Rob Murray","path":"/robmry","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/148866618?s=80&v=4"}},{"before":"b11e95f5bc67b59ec4fe4230eee510d19a79dfe1","after":null,"ref":"refs/heads/47778_preserve_kernel_ll_addrs","pushedAt":"2024-05-15T09:12:07.000Z","pushType":"branch_deletion","commitsCount":0,"pusher":{"login":"robmry","name":"Rob Murray","path":"/robmry","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/148866618?s=80&v=4"}},{"before":"cd08d377c5e0348984d1f46d196337d895ec47ad","after":"ae976b998be20312526fb0c1bfc4ef4c9d6a19d4","ref":"refs/heads/master","pushedAt":"2024-05-15T09:10:58.000Z","pushType":"push","commitsCount":4,"pusher":{"login":"robmry","name":"Rob Murray","path":"/robmry","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/148866618?s=80&v=4"},"commit":{"message":"Merge pull request #47629 from vvoland/tarexport-tracing-ctx-cancel\n\ntarexport: Plumb ctx, add OTEL spans, handle cancellation","shortMessageHtmlLink":"Merge pull request <a class=\"issue-link js-issue-link\" data-error-text=\"Failed to load title\" data-id=\"2205992268\" data-permission-text=\"Title is private\" data-url=\"https://github.com/moby/moby/issues/47629\" data-hovercard-type=\"pull_request\" data-hovercard-url=\"/moby/moby/pull/47629/hovercard\" href=\"https://github.com/moby/moby/pull/47629\">moby#47629</a> from vvoland/tarexport-tracing-ctx-cancel"}},{"before":null,"after":"33f9a5329a9259bc361f925a09633674878650be","ref":"refs/heads/windns_proxy_default","pushedAt":"2024-05-13T10:17:45.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"robmry","name":"Rob Murray","path":"/robmry","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/148866618?s=80&v=4"},"commit":{"message":"Default to \"windows-dns-proxy\":true\n\nIn 26.1, we added daemon feature flag \"windows-dns-proxy\" which could\nbe set to \"true\" to make \"nslookup\" work in Windows containers, by\nforwarding requests from the internal resolver to the container's\nexternal DNS servers.\n\nThis changes the default to forwarding-enabled - it can be disabled by\nvia daemon.json using ...\n  \"features\": { \"windows-dns-proxy\": false }\n\nSigned-off-by: Rob Murray <rob.murray@docker.com>","shortMessageHtmlLink":"Default to \"windows-dns-proxy\":true"}},{"before":"75821a7d9a14896aa07f93bddf28b2e0b01816e5","after":"cd08d377c5e0348984d1f46d196337d895ec47ad","ref":"refs/heads/master","pushedAt":"2024-05-13T09:56:44.000Z","pushType":"push","commitsCount":2,"pusher":{"login":"robmry","name":"Rob Murray","path":"/robmry","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/148866618?s=80&v=4"},"commit":{"message":"Merge pull request #47819 from akerouanton/libnet-d-remote-replace-errorWithRollback\n\nlibnet/d/remote: replace errorWithRollback","shortMessageHtmlLink":"Merge pull request <a class=\"issue-link js-issue-link\" data-error-text=\"Failed to load title\" data-id=\"2289238341\" data-permission-text=\"Title is private\" data-url=\"https://github.com/moby/moby/issues/47819\" data-hovercard-type=\"pull_request\" data-hovercard-url=\"/moby/moby/pull/47819/hovercard\" href=\"https://github.com/moby/moby/pull/47819\">moby#47819</a> from akerouanton/libnet-d-remote-replac…"}},{"before":"b27e52b88ac513f3c6bf7dbf3cf7984f74e11d18","after":"77a47dba3bb2f997e063a9174177b8670edfa865","ref":"refs/heads/internal_network_with_dns","pushedAt":"2024-05-10T18:37:03.000Z","pushType":"force_push","commitsCount":0,"pusher":{"login":"robmry","name":"Rob Murray","path":"/robmry","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/148866618?s=80&v=4"},"commit":{"message":"Forward DNS requests into --internal networks\n\nA recent change to prevent containers only connected to --internal\nnetworks from communicating with external DNS servers inadvertently\nprevented the daemon's internal DNS server from forwarding requests\nwithin an internal network to a containerised DNS server.\n\nRelax the check, so that only requests that need to be forwarded\nfrom the host's network namespace are dropped.\n\nExternal DNS servers remain unreachable from the internal network.\n\nSigned-off-by: Rob Murray <rob.murray@docker.com>","shortMessageHtmlLink":"Forward DNS requests into --internal networks"}},{"before":"af621b5b1ffed5cfee1f34888f2902529407cc42","after":"b27e52b88ac513f3c6bf7dbf3cf7984f74e11d18","ref":"refs/heads/internal_network_with_dns","pushedAt":"2024-05-10T15:38:49.000Z","pushType":"force_push","commitsCount":0,"pusher":{"login":"robmry","name":"Rob Murray","path":"/robmry","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/148866618?s=80&v=4"},"commit":{"message":"Forward DNS requests into --internal networks\n\nA recent change to prevent containers only connected to --internal\nnetworks from communicating with external DNS servers inadvertently\nprevented the daemon's internal DNS server from forwarding requests\nwithin an internal network to a containerised DNS server.\n\nRelax the check, so that only requests that need to be forwarded\nfrom the host's network namespace are dropped.\n\nExternal DNS servers remain unreachable from the internal network.\n\nSigned-off-by: Rob Murray <rob.murray@docker.com>","shortMessageHtmlLink":"Forward DNS requests into --internal networks"}},{"before":"a5054d0aa0856c2ea6703eef9396548d150270b1","after":"af621b5b1ffed5cfee1f34888f2902529407cc42","ref":"refs/heads/internal_network_with_dns","pushedAt":"2024-05-10T14:46:33.000Z","pushType":"force_push","commitsCount":0,"pusher":{"login":"robmry","name":"Rob Murray","path":"/robmry","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/148866618?s=80&v=4"},"commit":{"message":"Forward DNS requests into --internal networks\n\nA recent change to prevent containers only connected to --internal\nnetworks from communicating with external DNS servers inadvertently\nprevented the daemon's internal DNS server from forwarding requests\nwithin an internal network to a containerised DNS server.\n\nRelax the check, so that only requests that need to be forwarded\nfrom the host's network namespace are dropped.\n\nExternal DNS servers remain unreachable from the internal network.\n\nSigned-off-by: Rob Murray <rob.murray@docker.com>","shortMessageHtmlLink":"Forward DNS requests into --internal networks"}},{"before":null,"after":"a5054d0aa0856c2ea6703eef9396548d150270b1","ref":"refs/heads/internal_network_with_dns","pushedAt":"2024-05-10T14:30:04.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"robmry","name":"Rob Murray","path":"/robmry","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/148866618?s=80&v=4"},"commit":{"message":"Forward DNS requests into --internal networks\n\nA recent change to prevent containers only connected to --internal\nnetworks from communicating with external DNS servers inadvertently\nprevented the daemon's internal DNS server from forwarding requests\nwithin an internal network to a containerised DNS server.\n\nRelax the check, so that only requests that need to be forwarded\nfrom the host's network namespace are dropped.\n\nExternal DNS servers remain unreachable from the internal network.\n\nSigned-off-by: Rob Murray <rob.murray@docker.com>","shortMessageHtmlLink":"Forward DNS requests into --internal networks"}},{"before":"2319f511ca9816d81688b61146e27fb35ee81a5e","after":"41ddc47bbfacae438793238126be4d268ddf7469","ref":"refs/heads/non-experimental-ip6tables","pushedAt":"2024-05-10T09:18:49.000Z","pushType":"force_push","commitsCount":0,"pusher":{"login":"robmry","name":"Rob Murray","path":"/robmry","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/148866618?s=80&v=4"},"commit":{"message":"Don't explicitly enable ip6tables in tests\n\nTests no longer need to use \"--experimental --ip6tables\", now ip6tables\nis the default behaviour.\n\nSigned-off-by: Rob Murray <rob.murray@docker.com>","shortMessageHtmlLink":"Don't explicitly enable ip6tables in tests"}},{"before":"4554d871d70bd055a0faa3ed595419ec4dc50406","after":"75821a7d9a14896aa07f93bddf28b2e0b01816e5","ref":"refs/heads/master","pushedAt":"2024-05-10T08:20:57.000Z","pushType":"push","commitsCount":11,"pusher":{"login":"robmry","name":"Rob Murray","path":"/robmry","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/148866618?s=80&v=4"},"commit":{"message":"Merge pull request #47787 from robmry/47778_preserve_kernel_ll_addrs\n\nPreserve kernel-assigned IPv6 link-local addresses on a bridge network's bridge","shortMessageHtmlLink":"Merge pull request <a class=\"issue-link js-issue-link\" data-error-text=\"Failed to load title\" data-id=\"2273870450\" data-permission-text=\"Title is private\" data-url=\"https://github.com/moby/moby/issues/47787\" data-hovercard-type=\"pull_request\" data-hovercard-url=\"/moby/moby/pull/47787/hovercard\" href=\"https://github.com/moby/moby/pull/47787\">moby#47787</a> from robmry/47778_preserve_kernel_ll_addrs"}},{"before":"1b6ef928a334b8cab2551d078d8be93e6a8f1031","after":"018c93d934e241924f1faaa13eb96ccb181d1a92","ref":"refs/heads/defer_ipv6_addr_allocation","pushedAt":"2024-05-09T10:59:13.000Z","pushType":"force_push","commitsCount":0,"pusher":{"login":"robmry","name":"Rob Murray","path":"/robmry","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/148866618?s=80&v=4"},"commit":{"message":"Change meaning of return from DNSBackend.ResolveName\n\nInterface DNSBackend.ResolveName, implemented by Network,\nSandbox (and noopDNSBackend) had a bool return value that\nmeant 'ipv6Miss'.\n\nBut, it was always set to true on a hit, and callers had\nto deal with that.\n\nSo, changed the meaning of the return value to indicate\nwhether the name was found - which will also work for\n'ipv4Miss' when we have IPv6-only containers/networks.\n\nSigned-off-by: Rob Murray <rob.murray@docker.com>","shortMessageHtmlLink":"Change meaning of return from DNSBackend.ResolveName"}},{"before":"2edd300cd25bbdf5cac873d969403f4509daac20","after":"2681c580c97a45d738081966df0a7ff2671b4c6d","ref":"refs/heads/47639_per-interface-sysctls","pushedAt":"2024-05-08T16:07:20.000Z","pushType":"force_push","commitsCount":0,"pusher":{"login":"robmry","name":"Rob Murray","path":"/robmry","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/148866618?s=80&v=4"},"commit":{"message":"Add per-endpoint sysctls to DriverOpts\n\nUntil now it's been possible to set per-interface sysctls using, for\nexample, '--sysctl net.ipv6.conf.eth0.accept_ra=2'. But, the index in\nthe interface name is allocated serially, and the numbering in a container\nwith more than one interface may change when a container is restarted.\nThe change to make it possible to connect a container to more than one\nnetwork when it's created increased the ambiguity.\n\nThis change adds label \"com.docker.network.endpoint.sysctls\" to the\nDriverOpts in EndpointSettings. This option is explicitly associated\nwith the interface.\n\nSettings in \"--sysctl\" for \"eth0\" are migrated to DriverOpts.\n\nBecause using \"--sysctl\" with any interface apart from \"eth0\" would have\nunpredictable results, it is now an error to use any other interface name\nin the top level \"--sysctl\" option. The error message includes a hint at\nhow to use the new per-interface setting.\n\nThe per-endpoint sysctl name is a shortened form of the sysctl name,\nintended to limit settings to 'net.*', and to eliminate the need to\nidentify the interface by name. For example:\n    net.ipv6.conf.eth0.accept_ra=2\nbecomes:\n    ipv6.conf.accept_ra=2\n\nThe value of DriverOpts[\"com.docker.network.endpoint.sysctls\"] is a\ncomma separated list of these short-form sysctls.\n\nSettings from '--sysctl' are applied by the runtime lib during task\ncreation. So, task creation fails if the endpoint does not exist.\nApplying per-endpoint settings during interface configuration means the\nendpoint can be created later, which paves the way for removal of the\nSetKey OCI prestart hook.\n\nUnlike other DriverOpts, the sysctl label itself is not driver-specific,\nbut each driver has a chance to check settings/values and raise an error\nif a setting would cause it a problem - no such checks have been added\nin this initial version. As a future extension, if required, it would be\npossible for the driver to echo back valid/extended/modified settings to\nlibnetwork for it to apply to the interface. (At that point, the syntax\nfor the options could become driver specific to allow, for example, a\ndriver to create more than one interface).\n\nSigned-off-by: Rob Murray <rob.murray@docker.com>","shortMessageHtmlLink":"Add per-endpoint sysctls to DriverOpts"}},{"before":"9d07820b221db010bf1bdc26ca904468804ca712","after":"4554d871d70bd055a0faa3ed595419ec4dc50406","ref":"refs/heads/master","pushedAt":"2024-05-08T16:04:20.000Z","pushType":"push","commitsCount":18,"pusher":{"login":"robmry","name":"Rob Murray","path":"/robmry","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/148866618?s=80&v=4"},"commit":{"message":"Merge pull request #47805 from vvoland/update-go\n\nupdate to go1.21.10","shortMessageHtmlLink":"Merge pull request <a class=\"issue-link js-issue-link\" data-error-text=\"Failed to load title\" data-id=\"2284907271\" data-permission-text=\"Title is private\" data-url=\"https://github.com/moby/moby/issues/47805\" data-hovercard-type=\"pull_request\" data-hovercard-url=\"/moby/moby/pull/47805/hovercard\" href=\"https://github.com/moby/moby/pull/47805\">moby#47805</a> from vvoland/update-go"}},{"before":"5d70d23c1166065c1a262242515f0db74959df2b","after":"2edd300cd25bbdf5cac873d969403f4509daac20","ref":"refs/heads/47639_per-interface-sysctls","pushedAt":"2024-05-08T15:58:26.000Z","pushType":"force_push","commitsCount":0,"pusher":{"login":"robmry","name":"Rob Murray","path":"/robmry","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/148866618?s=80&v=4"},"commit":{"message":"Add per-endpoint sysctls to DriverOpts\n\nUntil now it's been possible to set per-interface sysctls using, for\nexample, '--sysctl net.ipv6.conf.eth0.accept_ra=2'. But, the index in\nthe interface name is allocated serially, and the numbering in a container\nwith more than one interface may change when a container is restarted.\nThe change to make it possible to connect a container to more than one\nnetwork when it's created increased the ambiguity.\n\nThis change adds label \"com.docker.network.endpoint.sysctls\" to the\nDriverOpts in EndpointSettings. This option is explicitly associated\nwith the interface.\n\nSettings in \"--sysctl\" for \"eth0\" are migrated to DriverOpts.\n\nBecause using \"--sysctl\" with any interface apart from \"eth0\" would have\nunpredictable results, it is now an error to use any other interface name\nin the top level \"--sysctl\" option. The error message includes a hint at\nhow to use the new per-interface setting.\n\nThe per-endpoint sysctl name is a shortened form of the sysctl name,\nintended to limit settings to 'net.*', and to eliminate the need to\nidentify the interface by name. For example:\n    net.ipv6.conf.eth0.accept_ra=2\nbecomes:\n    ipv6.conf.accept_ra=2\n\nThe value of DriverOpts[\"com.docker.network.endpoint.sysctls\"] is a\ncomma separated list of these short-form sysctls.\n\nSettings from '--sysctl' are applied by the runtime lib during task\ncreation. So, task creation fails if the endpoint does not exist.\nApplying per-endpoint settings during interface configuration means the\nendpoint can be created later, which paves the way for removal of the\nSetKey OCI prestart hook.\n\nUnlike other DriverOpts, the sysctl label itself is not driver-specific,\nbut each driver has a chance to check settings/values and raise an error\nif a setting would cause it a problem - no such checks have been added\nin this initial version. As a future extension, if required, it would be\npossible for the driver to echo back valid/extended/modified settings to\nlibnetwork for it to apply to the interface. (At that point, the syntax\nfor the options could become driver specific to allow, for example, a\ndriver to create more than one interface).\n\nSigned-off-by: Rob Murray <rob.murray@docker.com>","shortMessageHtmlLink":"Add per-endpoint sysctls to DriverOpts"}},{"before":"8a9f4fbe3839110e29e09bd7866061c36dd14816","after":"2319f511ca9816d81688b61146e27fb35ee81a5e","ref":"refs/heads/non-experimental-ip6tables","pushedAt":"2024-05-07T11:37:40.000Z","pushType":"force_push","commitsCount":0,"pusher":{"login":"robmry","name":"Rob Murray","path":"/robmry","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/148866618?s=80&v=4"},"commit":{"message":"Don't explicitly enable ip6tables in tests\n\nTests no longer need to use \"--experimental --ip6tables\", now ip6tables\nis the default behaviour.\n\nSigned-off-by: Rob Murray <rob.murray@docker.com>","shortMessageHtmlLink":"Don't explicitly enable ip6tables in tests"}},{"before":null,"after":"fda708f55dd87707268ac66e7c2e82ca16e896e8","ref":"refs/heads/bad_integration-cli_ipv6_tests","pushedAt":"2024-05-01T18:29:22.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"robmry","name":"Rob Murray","path":"/robmry","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/148866618?s=80&v=4"},"commit":{"message":"Delete broken/unused test requirement helper \"IPv6\"\n\nIt'd only return true on a host with no IPv6 in its kernel.\n\nSo, removed, having fixed the two tests that used it.\n\nSigned-off-by: Rob Murray <rob.murray@docker.com>","shortMessageHtmlLink":"Delete broken/unused test requirement helper \"IPv6\""}},{"before":"9a50964e9353657ce37229239fdc9fc63a822357","after":"b11e95f5bc67b59ec4fe4230eee510d19a79dfe1","ref":"refs/heads/47778_preserve_kernel_ll_addrs","pushedAt":"2024-05-01T16:46:27.000Z","pushType":"force_push","commitsCount":0,"pusher":{"login":"robmry","name":"Rob Murray","path":"/robmry","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/148866618?s=80&v=4"},"commit":{"message":"Don't delete IPv6 multicast addresses from a bridge\n\nMulticast addresses aren't added by the daemon so, if they're present,\nit's because they were explicitly added - possibly to a user-managed\nbridge. So, don't remove.\n\nSigned-off-by: Rob Murray <rob.murray@docker.com>","shortMessageHtmlLink":"Don't delete IPv6 multicast addresses from a bridge"}},{"before":"1b4f505f916612e2f3b62d8294d6fa16d6bc191c","after":"9a50964e9353657ce37229239fdc9fc63a822357","ref":"refs/heads/47778_preserve_kernel_ll_addrs","pushedAt":"2024-05-01T16:21:07.000Z","pushType":"force_push","commitsCount":0,"pusher":{"login":"robmry","name":"Rob Murray","path":"/robmry","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/148866618?s=80&v=4"},"commit":{"message":"Don't delete IPv6 multicast addresses from a bridge\n\nMulticast addresses aren't added by the daemon so, if they're present,\nit's because they were explicitly added - possibly to a user-managed\nbridge. So, don't remove.\n\nSigned-off-by: Rob Murray <rob.murray@docker.com>","shortMessageHtmlLink":"Don't delete IPv6 multicast addresses from a bridge"}},{"before":null,"after":"1b4f505f916612e2f3b62d8294d6fa16d6bc191c","ref":"refs/heads/47778_preserve_kernel_ll_addrs","pushedAt":"2024-05-01T14:34:09.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"robmry","name":"Rob Murray","path":"/robmry","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/148866618?s=80&v=4"},"commit":{"message":"Don't delete IPv6 multicast addresses from a bridge\n\nMulticast addresses aren't added by the daemon so, if they're present,\nit's because they were explicitly added - possibly to a user-managed\nbridge. So, don't remove.\n\nSigned-off-by: Rob Murray <rob.murray@docker.com>","shortMessageHtmlLink":"Don't delete IPv6 multicast addresses from a bridge"}},{"before":"b77824f1f3f1ca119f45ecd612297a8878961596","after":"43b5f91db83a9c9fb114d47c774df63c603f2f09","ref":"refs/heads/enable_ipv46_masquerade","pushedAt":"2024-05-01T10:25:14.000Z","pushType":"force_push","commitsCount":0,"pusher":{"login":"robmry","name":"Rob Murray","path":"/robmry","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/148866618?s=80&v=4"},"commit":{"message":"Disable bridge n/w masquerading for IPv4, IPv6, or both.\n\nSigned-off-by: Rob Murray <rob.murray@docker.com>","shortMessageHtmlLink":"Disable bridge n/w masquerading for IPv4, IPv6, or both."}},{"before":"6c68be24a2e6a4dea621b82ab4245e4ed363158e","after":null,"ref":"refs/heads/upstream_dns_windows","pushedAt":"2024-05-01T09:11:29.000Z","pushType":"branch_deletion","commitsCount":0,"pusher":{"login":"robmry","name":"Rob Murray","path":"/robmry","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/148866618?s=80&v=4"}},{"before":"9954d7c6bd2023a85ca3e5daa9aafb4a6adbce93","after":null,"ref":"refs/heads/47662_ipvlan_l3_dns","pushedAt":"2024-05-01T09:11:02.000Z","pushType":"branch_deletion","commitsCount":0,"pusher":{"login":"robmry","name":"Rob Murray","path":"/robmry","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/148866618?s=80&v=4"}},{"before":"8ad7f863b3baf05f05a123a140b50415c6496fa9","after":null,"ref":"refs/heads/backport-26.0/47662_ipvlan_l3_dns","pushedAt":"2024-05-01T09:10:40.000Z","pushType":"branch_deletion","commitsCount":0,"pusher":{"login":"robmry","name":"Rob Murray","path":"/robmry","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/148866618?s=80&v=4"}}],"hasNextPage":true,"hasPreviousPage":false,"activityType":"all","actor":null,"timePeriod":"all","sort":"DESC","perPage":30,"cursor":"djE6ks8AAAAETPdG1QA","startCursor":null,"endCursor":null}},"title":"Activity · robmry/moby"}