From e42600632f2caed84128d97980093a831020cf72 Mon Sep 17 00:00:00 2001
From: Bryan Boreham <bjboreham@gmail.com>
Date: Mon, 14 Nov 2016 14:51:34 +0000
Subject: [PATCH 1/2] Don't release dead container's IP addresses if not asked
 to check it is alive.

---
 ipam/allocator.go | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/ipam/allocator.go b/ipam/allocator.go
index c0fc0c17e6..1a846e8bbf 100644
--- a/ipam/allocator.go
+++ b/ipam/allocator.go
@@ -322,7 +322,7 @@ func (alloc *Allocator) Claim(ident string, cidr address.CIDR, isContainer, noEr
 // ContainerDied called from the updater interface.  Async.
 func (alloc *Allocator) ContainerDied(ident string) {
 	alloc.actionChan <- func() {
-		if alloc.hasOwned(ident) {
+		if alloc.hasOwnedByContainer(ident) {
 			alloc.debugln("Container", ident, "died; noting to remove later")
 			alloc.dead[ident] = alloc.now()
 		}
@@ -335,7 +335,7 @@ func (alloc *Allocator) ContainerDied(ident string) {
 // ContainerDestroyed called from the updater interface.  Async.
 func (alloc *Allocator) ContainerDestroyed(ident string) {
 	alloc.actionChan <- func() {
-		if alloc.hasOwned(ident) {
+		if alloc.hasOwnedByContainer(ident) {
 			alloc.debugln("Container", ident, "destroyed; removing addresses")
 			alloc.delete(ident)
 			delete(alloc.dead, ident)
@@ -996,9 +996,9 @@ func (alloc *Allocator) persistOwned() {
 
 // Owned addresses
 
-func (alloc *Allocator) hasOwned(ident string) bool {
-	_, b := alloc.owned[ident]
-	return b
+func (alloc *Allocator) hasOwnedByContainer(ident string) bool {
+	d, b := alloc.owned[ident]
+	return b && d.IsContainer
 }
 
 // NB: addr must not be owned by ident already

From 9cc98919fa8ed0c75c7e09bfb747736fd91af93e Mon Sep 17 00:00:00 2001
From: Bryan Boreham <bjboreham@gmail.com>
Date: Mon, 14 Nov 2016 14:58:24 +0000
Subject: [PATCH 2/2] Adjust CNI smoke-test to cope with new plugin behaviour

---
 test/830_cni_plugin_test.sh | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/test/830_cni_plugin_test.sh b/test/830_cni_plugin_test.sh
index f6eefaf235..89c67648fa 100755
--- a/test/830_cni_plugin_test.sh
+++ b/test/830_cni_plugin_test.sh
@@ -45,7 +45,7 @@ C2IP=$(container_ip $HOST1 c2)
 assert_raises "exec_on $HOST1 c1 $PING $C2IP"
 assert_raises "exec_on $HOST1 c2 $PING $C1IP"
 
-# Now remove and start a new container to see if IP address re-use breaks things
+# Now remove and start a new container to see if anything breaks
 docker_on $HOST1 rm -f c2
 
 C3=$(docker_on $HOST1 run --net=none --name=c3 -dt $SMALL_IMAGE /bin/sh)
@@ -56,7 +56,9 @@ EOF
 
 C3IP=$(container_ip $HOST1 c3)
 
-assert_raises "exec_on $HOST1 c1 $PING $C2IP"
+# CNI shouldn't re-use the address until we call DEL
+assert_raises "[ $C2IP != $C3IP ]"
+assert_raises "exec_on $HOST1 c1 $PING $C3IP"
 
 
 # Ensure existing containers can reclaim their IP addresses after CNI has been used -- see #2548