libnetwork/d/overlay: handle coalesced peer updates

corhere · corhere · commit bace1b8a3bf3 · 2025-08-11T15:13:25.000-04:00
The eventually-consistent nature of NetworkDB means we cannot depend on events being received in the same order that they were sent. Nor can we depend on receiving events for all intermediate states. It is possible for a series of entry UPDATEs, or a DELETE followed by a CREATE with the same key, to get coalesced into a single UPDATE event on the receiving node. Watchers of NetworkDB tables therefore need to be prepared to gracefully handle arbitrary UPDATEs of a key, including those where the new value may have nothing in common with the previous value. The overlay driver naively handled events for overlay_peer_table assuming that an endpoint leave followed by a rejoin of the same endpoint would always be expressed as a DELETE event followed by a CREATE. It would handle a coalesced UPDATE as a CREATE, inserting a new entry into peerDB without removing the old one. This would have various side effects, such as having the "transient state" of multiple entries in peerDB with the same peer IP never settle. Update driverapi to pass both the previous and new value of a table entry into the driver. Modify the overlay driver to handle an UPDATE by removing the previous peer entry from peerDB then adding the new one. Modify the Windows overlay driver to match. Signed-off-by: Cory Snider <csnider@mirantis.com> (cherry picked from commit e1a586a) libn/d/overlay: don't deref nil PeerRecord on error If unmarshaling the peer record fails, there is no need to check if it's a record for a local peer. Attempting to do so anyway will result in a nil-dereference panic. Don't do that. The Windows overlay driver has a typo: prevPeer is being checked twice for whether it was a local-peer record. Check prevPeer once and newPeer once each, as intended. Signed-off-by: Cory Snider <csnider@mirantis.com> (cherry picked from commit 12c6345) Signed-off-by: Cory Snider <csnider@mirantis.com>
diff --git a/libnetwork/agent.go b/libnetwork/agent.go
@@ -821,25 +821,8 @@ func (n *Network) handleDriverTableEvent(ev events.Event) {
 		return
 	}
 
-	var (
-		etype driverapi.EventType
-		value []byte
-	)
-
 	event := ev.(networkdb.WatchEvent)
-	switch {
-	case event.IsCreate():
-		value = event.Value
-		etype = driverapi.Create
-	case event.IsDelete():
-		value = event.Prev
-		etype = driverapi.Delete
-	case event.IsUpdate():
-		value = event.Value
-		etype = driverapi.Update
-	}
-
-	ed.EventNotify(etype, n.ID(), event.Table, event.Key, value)
+	ed.EventNotify(n.ID(), event.Table, event.Key, event.Prev, event.Value)
 }
 
 func (c *Controller) handleNodeTableEvent(ev events.Event) {
diff --git a/libnetwork/driverapi/driverapi.go b/libnetwork/driverapi/driverapi.go
@@ -72,7 +72,7 @@ type TableWatcher interface {
 	// happened on a table of its interest as soon as this node
 	// receives such an event in the gossip layer. This method is
 	// only invoked for the global scope driver.
-	EventNotify(event EventType, nid string, tableName string, key string, value []byte)
+	EventNotify(nid string, tableName string, key string, prev, value []byte)
 
 	// DecodeTableEntry passes the driver a key, value pair from table it registered
 	// with libnetwork. Driver should return {object ID, map[string]string} tuple.
@@ -173,18 +173,6 @@ type IPAMData struct {
 	AuxAddresses map[string]*net.IPNet
 }
 
-// EventType defines a type for the CRUD event
-type EventType uint8
-
-const (
-	// Create event is generated when a table entry is created,
-	Create EventType = 1 + iota
-	// Update event is generated when a table entry is updated.
-	Update
-	// Delete event is generated when a table entry is deleted.
-	Delete
-)
-
 // ObjectType represents the type of object driver wants to store in libnetwork's networkDB
 type ObjectType int
 
diff --git a/libnetwork/drivers/overlay/joinleave.go b/libnetwork/drivers/overlay/joinleave.go
@@ -11,7 +11,6 @@ import (
 
 	"github.com/containerd/log"
 	"github.com/docker/docker/libnetwork/driverapi"
-	"github.com/docker/docker/libnetwork/internal/hashable"
 	"github.com/docker/docker/libnetwork/internal/netiputil"
 	"github.com/docker/docker/libnetwork/ns"
 	"github.com/docker/docker/libnetwork/osl"
@@ -151,41 +150,43 @@ func (d *driver) DecodeTableEntry(tablename string, key string, value []byte) (s
 	}
 }
 
-func (d *driver) EventNotify(etype driverapi.EventType, nid, tableName, key string, value []byte) {
+func (d *driver) EventNotify(nid, tableName, key string, prev, value []byte) {
 	if tableName != OverlayPeerTable {
 		log.G(context.TODO()).Errorf("Unexpected table notification for table %s received", tableName)
 		return
 	}
 
 	eid := key
 
-	var peer PeerRecord
-	if err := proto.Unmarshal(value, &peer); err != nil {
-		log.G(context.TODO()).Errorf("Failed to unmarshal peer record: %v", err)
-		return
-	}
-
-	// Ignore local peers. We already know about them and they
-	// should not be added to vxlan fdb.
-	if addr, _ := netip.ParseAddr(peer.TunnelEndpointIP); addr == d.advertiseAddress {
-		return
+	var prevPeer, newPeer *Peer
+	if prev != nil {
+		var err error
+		prevPeer, err = UnmarshalPeerRecord(prev)
+		if err != nil {
+			log.G(context.TODO()).WithError(err).Error("Failed to unmarshal previous peer record")
+		} else if prevPeer.TunnelEndpointIP == d.advertiseAddress {
+			// Ignore local peers. We don't add them to the VXLAN
+			// FDB so don't need to remove them.
+			prevPeer = nil
+		}
 	}
-
-	addr, err := netip.ParsePrefix(peer.EndpointIP)
-	if err != nil {
-		log.G(context.TODO()).WithError(err).Errorf("Invalid peer IP %s received in event notify", peer.EndpointIP)
-		return
+	if value != nil {
+		var err error
+		newPeer, err = UnmarshalPeerRecord(value)
+		if err != nil {
+			log.G(context.TODO()).WithError(err).Error("Failed to unmarshal peer record")
+		} else if newPeer.TunnelEndpointIP == d.advertiseAddress {
+			newPeer = nil
+		}
 	}
 
-	mac, err := hashable.ParseMAC(peer.EndpointMAC)
-	if err != nil {
-		log.G(context.TODO()).WithError(err).Errorf("Invalid mac %s received in event notify", peer.EndpointMAC)
+	if prevPeer == nil && newPeer == nil {
+		// Nothing to do! Either the event was for a local peer,
+		// or unmarshaling failed.
 		return
 	}
-
-	vtep, err := netip.ParseAddr(peer.TunnelEndpointIP)
-	if err != nil {
-		log.G(context.TODO()).WithError(err).Errorf("Invalid VTEP %s received in event notify", peer.TunnelEndpointIP)
+	if prevPeer != nil && newPeer != nil && *prevPeer == *newPeer {
+		// The update did not materially change the FDB entry.
 		return
 	}
 
@@ -199,21 +200,23 @@ func (d *driver) EventNotify(etype driverapi.EventType, nid, tableName, key stri
 	}
 	defer unlock()
 
-	var opname string
-	if etype == driverapi.Delete {
-		opname = "delete"
-		err = n.peerDelete(eid, addr, mac, vtep)
-	} else {
-		opname = "add"
-		err = n.peerAdd(eid, addr, mac, vtep)
+	if prevPeer != nil {
+		if err := n.peerDelete(eid, prevPeer.EndpointIP, prevPeer.EndpointMAC, prevPeer.TunnelEndpointIP); err != nil {
+			log.G(context.TODO()).WithFields(log.Fields{
+				"error": err,
+				"nid":   n.id,
+				"peer":  prevPeer,
+			}).Warn("overlay: failed to delete peer entry")
+		}
 	}
-	if err != nil {
-		log.G(context.TODO()).WithFields(log.Fields{
-			"error": err,
-			"nid":   n.id,
-			"peer":  peer,
-			"op":    opname,
-		}).Warn("Peer operation failed")
+	if newPeer != nil {
+		if err := n.peerAdd(eid, newPeer.EndpointIP, newPeer.EndpointMAC, newPeer.TunnelEndpointIP); err != nil {
+			log.G(context.TODO()).WithFields(log.Fields{
+				"error": err,
+				"nid":   n.id,
+				"peer":  newPeer,
+			}).Warn("overlay: failed to add peer entry")
+		}
 	}
 }
 
diff --git a/libnetwork/drivers/overlay/peer.go b/libnetwork/drivers/overlay/peer.go
@@ -1,4 +1,42 @@
 package overlay
 
+import (
+	"fmt"
+	"net/netip"
+
+	"github.com/docker/docker/libnetwork/internal/hashable"
+	"github.com/gogo/protobuf/proto"
+)
+
 // OverlayPeerTable is the NetworkDB table for overlay network peer discovery.
 const OverlayPeerTable = "overlay_peer_table"
+
+type Peer struct {
+	EndpointIP       netip.Prefix
+	EndpointMAC      hashable.MACAddr
+	TunnelEndpointIP netip.Addr
+}
+
+func UnmarshalPeerRecord(data []byte) (*Peer, error) {
+	var pr PeerRecord
+	if err := proto.Unmarshal(data, &pr); err != nil {
+		return nil, fmt.Errorf("failed to unmarshal peer record: %w", err)
+	}
+	var (
+		p   Peer
+		err error
+	)
+	p.EndpointIP, err = netip.ParsePrefix(pr.EndpointIP)
+	if err != nil {
+		return nil, fmt.Errorf("invalid peer IP %q received: %w", pr.EndpointIP, err)
+	}
+	p.EndpointMAC, err = hashable.ParseMAC(pr.EndpointMAC)
+	if err != nil {
+		return nil, fmt.Errorf("invalid MAC %q received: %w", pr.EndpointMAC, err)
+	}
+	p.TunnelEndpointIP, err = netip.ParseAddr(pr.TunnelEndpointIP)
+	if err != nil {
+		return nil, fmt.Errorf("invalid VTEP %q received: %w", pr.TunnelEndpointIP, err)
+	}
+	return &p, nil
+}
diff --git a/libnetwork/drivers/windows/overlay/joinleave_windows.go b/libnetwork/drivers/windows/overlay/joinleave_windows.go
@@ -3,12 +3,10 @@ package overlay
 import (
 	"context"
 	"fmt"
-	"net"
 
 	"github.com/containerd/log"
 	"github.com/docker/docker/libnetwork/driverapi"
 	"github.com/docker/docker/libnetwork/drivers/overlay"
-	"github.com/docker/docker/libnetwork/types"
 	"github.com/gogo/protobuf/proto"
 )
 
@@ -48,57 +46,68 @@ func (d *driver) Join(nid, eid string, sboxKey string, jinfo driverapi.JoinInfo,
 	return nil
 }
 
-func (d *driver) EventNotify(etype driverapi.EventType, nid, tableName, key string, value []byte) {
+func (d *driver) EventNotify(nid, tableName, key string, prev, value []byte) {
 	if tableName != overlay.OverlayPeerTable {
 		log.G(context.TODO()).Errorf("Unexpected table notification for table %s received", tableName)
 		return
 	}
 
 	eid := key
 
-	var peer overlay.PeerRecord
-	if err := proto.Unmarshal(value, &peer); err != nil {
-		log.G(context.TODO()).Errorf("Failed to unmarshal peer record: %v", err)
-		return
-	}
-
 	n := d.network(nid)
 	if n == nil {
 		return
 	}
 
-	// Ignore local peers. We already know about them and they
-	// should not be added to vxlan fdb.
-	if peer.TunnelEndpointIP == n.providerAddress {
-		return
-	}
-
-	addr, err := types.ParseCIDR(peer.EndpointIP)
-	if err != nil {
-		log.G(context.TODO()).Errorf("Invalid peer IP %s received in event notify", peer.EndpointIP)
-		return
-	}
-
-	mac, err := net.ParseMAC(peer.EndpointMAC)
-	if err != nil {
-		log.G(context.TODO()).Errorf("Invalid mac %s received in event notify", peer.EndpointMAC)
-		return
-	}
-
-	vtep := net.ParseIP(peer.TunnelEndpointIP)
-	if vtep == nil {
-		log.G(context.TODO()).Errorf("Invalid VTEP %s received in event notify", peer.TunnelEndpointIP)
+	var prevPeer, newPeer *overlay.Peer
+	if prev != nil {
+		var err error
+		prevPeer, err = overlay.UnmarshalPeerRecord(prev)
+		if err != nil {
+			log.G(context.TODO()).WithError(err).Error("Failed to unmarshal previous peer record")
+		} else if prevPeer.TunnelEndpointIP.String() == n.providerAddress {
+			// Ignore local peers. We don't add them to the VXLAN
+			// FDB so don't need to remove them.
+			prevPeer = nil
+		}
+	}
+	if value != nil {
+		var err error
+		newPeer, err = overlay.UnmarshalPeerRecord(value)
+		if err != nil {
+			log.G(context.TODO()).WithError(err).Error("Failed to unmarshal peer record")
+		} else if newPeer.TunnelEndpointIP.String() == n.providerAddress {
+			newPeer = nil
+		}
+	}
+
+	if prevPeer == nil && newPeer == nil {
+		// Nothing to do! Either the event was for a local peer,
+		// or unmarshaling failed.
 		return
 	}
-
-	if etype == driverapi.Delete {
-		d.peerDelete(nid, eid, addr.IP, addr.Mask, mac, vtep, true)
+	if prevPeer != nil && newPeer != nil && *prevPeer == *newPeer {
+		// The update did not materially change the FDB entry.
 		return
 	}
 
-	err = d.peerAdd(nid, eid, addr.IP, addr.Mask, mac, vtep, true)
-	if err != nil {
-		log.G(context.TODO()).Errorf("peerAdd failed (%v) for ip %s with mac %s", err, addr.IP.String(), mac.String())
+	if prevPeer != nil {
+		if err := d.peerDelete(nid, eid, prevPeer.EndpointIP.Addr().AsSlice(), true); err != nil {
+			log.G(context.TODO()).WithFields(log.Fields{
+				"error": err,
+				"nid":   n.id,
+				"peer":  prevPeer,
+			}).Warn("overlay: failed to delete peer entry")
+		}
+	}
+	if newPeer != nil {
+		if err := d.peerAdd(nid, eid, newPeer.EndpointIP.Addr().AsSlice(), newPeer.EndpointMAC.AsSlice(), newPeer.TunnelEndpointIP.AsSlice(), true); err != nil {
+			log.G(context.TODO()).WithFields(log.Fields{
+				"error": err,
+				"nid":   n.id,
+				"peer":  newPeer,
+			}).Warn("overlay: failed to add peer entry")
+		}
 	}
 }
 
diff --git a/libnetwork/drivers/windows/overlay/peerdb_windows.go b/libnetwork/drivers/windows/overlay/peerdb_windows.go
@@ -11,7 +11,7 @@ import (
 	"github.com/docker/docker/libnetwork/types"
 )
 
-func (d *driver) peerAdd(nid, eid string, peerIP net.IP, peerIPMask net.IPMask, peerMac net.HardwareAddr, vtep net.IP, updateDb bool) error {
+func (d *driver) peerAdd(nid, eid string, peerIP net.IP, peerMac net.HardwareAddr, vtep net.IP, updateDb bool) error {
 	log.G(context.TODO()).Debugf("WINOVERLAY: Enter peerAdd for ca ip %s with ca mac %s", peerIP.String(), peerMac.String())
 
 	if err := validateID(nid, eid); err != nil {
@@ -81,7 +81,7 @@ func (d *driver) peerAdd(nid, eid string, peerIP net.IP, peerIPMask net.IPMask,
 	return nil
 }
 
-func (d *driver) peerDelete(nid, eid string, peerIP net.IP, peerIPMask net.IPMask, peerMac net.HardwareAddr, vtep net.IP, updateDb bool) error {
+func (d *driver) peerDelete(nid, eid string, peerIP net.IP, updateDb bool) error {
 	log.G(context.TODO()).Infof("WINOVERLAY: Enter peerDelete for endpoint %s and peer ip %s", eid, peerIP.String())
 
 	if err := validateID(nid, eid); err != nil {

Original file line number	Diff line number	Diff line change
`@@ -11,7 +11,7 @@ import (`
`11`	`11`	`"github.com/docker/docker/libnetwork/types"`
`12`	`12`	`)`
`13`	`13`
`14`		`-func (d *driver) peerAdd(nid, eid string, peerIP net.IP, peerIPMask net.IPMask, peerMac net.HardwareAddr, vtep net.IP, updateDb bool) error {`
	`14`	`+func (d *driver) peerAdd(nid, eid string, peerIP net.IP, peerMac net.HardwareAddr, vtep net.IP, updateDb bool) error {`
`15`	`15`	`log.G(context.TODO()).Debugf("WINOVERLAY: Enter peerAdd for ca ip %s with ca mac %s", peerIP.String(), peerMac.String())`
`16`	`16`
`17`	`17`	`if err := validateID(nid, eid); err != nil {`
`@@ -81,7 +81,7 @@ func (d *driver) peerAdd(nid, eid string, peerIP net.IP, peerIPMask net.IPMask,`
`81`	`81`	`return nil`
`82`	`82`	`}`
`83`	`83`
`84`		`-func (d *driver) peerDelete(nid, eid string, peerIP net.IP, peerIPMask net.IPMask, peerMac net.HardwareAddr, vtep net.IP, updateDb bool) error {`
	`84`	`+func (d *driver) peerDelete(nid, eid string, peerIP net.IP, updateDb bool) error {`
`85`	`85`	`log.G(context.TODO()).Infof("WINOVERLAY: Enter peerDelete for endpoint %s and peer ip %s", eid, peerIP.String())`
`86`	`86`
`87`	`87`	`if err := validateID(nid, eid); err != nil {`