Only restore a configured MAC addr on restart.

robmry · robmry · commit dae33031e0ee · 2024-02-01T09:55:54.000Z
The API's EndpointConfig struct has a MacAddress field that's used for
both the configured address, and the current address (which may be generated).

A configured address must be restored when a container is restarted, but a
generated address must not.

The previous attempt to differentiate between the two, without adding a field
to the API's EndpointConfig that would show up in 'inspect' output, was a
field in the daemon's version of EndpointSettings, MACOperational. It did
not work, MACOperational was set to true when a configured address was
used. So, while it ensured addresses were regenerated, it failed to preserve
a configured address.

So, this change removes that code, and adds DesiredMacAddress to the wrapped
version of EndpointSettings, where it is persisted but does not appear in
'inspect' results. Its value is copied from MacAddress (the API field) when
a container is created.

Signed-off-by: Rob Murray &lt;rob.murray@docker.com&gt;
diff --git a/api/types/network/endpoint.go b/api/types/network/endpoint.go
@@ -14,6 +14,9 @@ type EndpointSettings struct {
 	IPAMConfig *EndpointIPAMConfig
 	Links      []string
 	Aliases    []string // Aliases holds the list of extra, user-specified DNS names for this endpoint.
+	// MacAddress may be used to specify a MAC address when the container is created.
+	// Once the container is running, it becomes operational data (it may contain a
+	// generated address).
 	MacAddress string
 	// Operational data
 	NetworkID           string
diff --git a/daemon/container_operations.go b/daemon/container_operations.go
@@ -442,6 +442,11 @@ func (daemon *Daemon) updateContainerNetworkSettings(container *container.Contai
 		for name, epConfig := range endpointsConfig {
 			container.NetworkSettings.Networks[name] = &network.EndpointSettings{
 				EndpointSettings: epConfig,
+				// At this point, during container creation, epConfig.MacAddress is the
+				// configured value from the API. If there is no configured value, the
+				// same field will later be used to store a generated MAC address. So,
+				// remember the requested address now.
+				DesiredMacAddress: epConfig.MacAddress,
 			}
 		}
 	}
@@ -508,7 +513,7 @@ func (daemon *Daemon) allocateNetwork(cfg *config.Config, container *container.C
 	defaultNetName := runconfig.DefaultDaemonNetworkMode().NetworkName()
 	if nConf, ok := container.NetworkSettings.Networks[defaultNetName]; ok {
 		cleanOperationalData(nConf)
-		if err := daemon.connectToNetwork(cfg, container, defaultNetName, nConf.EndpointSettings, updateSettings); err != nil {
+		if err := daemon.connectToNetwork(cfg, container, defaultNetName, nConf, updateSettings); err != nil {
 			return err
 		}
 	}
@@ -525,7 +530,7 @@ func (daemon *Daemon) allocateNetwork(cfg *config.Config, container *container.C
 
 	for netName, epConf := range networks {
 		cleanOperationalData(epConf)
-		if err := daemon.connectToNetwork(cfg, container, netName, epConf.EndpointSettings, updateSettings); err != nil {
+		if err := daemon.connectToNetwork(cfg, container, netName, epConf, updateSettings); err != nil {
 			return err
 		}
 	}
@@ -634,12 +639,10 @@ func cleanOperationalData(es *network.EndpointSettings) {
 	es.IPv6Gateway = ""
 	es.GlobalIPv6Address = ""
 	es.GlobalIPv6PrefixLen = 0
+	es.MacAddress = ""
 	if es.IPAMOperational {
 		es.IPAMConfig = nil
 	}
-	if es.MACOperational {
-		es.MacAddress = ""
-	}
 }
 
 func (daemon *Daemon) updateNetworkConfig(container *container.Container, n *libnetwork.Network, endpointConfig *networktypes.EndpointSettings, updateSettings bool) error {
@@ -682,7 +685,7 @@ func buildEndpointDNSNames(ctr *container.Container, aliases []string) []string
 	return sliceutil.Dedup(dnsNames)
 }
 
-func (daemon *Daemon) connectToNetwork(cfg *config.Config, container *container.Container, idOrName string, endpointConfig *networktypes.EndpointSettings, updateSettings bool) (retErr error) {
+func (daemon *Daemon) connectToNetwork(cfg *config.Config, container *container.Container, idOrName string, endpointConfig *network.EndpointSettings, updateSettings bool) (retErr error) {
 	start := time.Now()
 	if container.HostConfig.NetworkMode.IsContainer() {
 		return runconfig.ErrConflictSharedNetwork
@@ -692,10 +695,12 @@ func (daemon *Daemon) connectToNetwork(cfg *config.Config, container *container.
 		return nil
 	}
 	if endpointConfig == nil {
-		endpointConfig = &networktypes.EndpointSettings{}
+		endpointConfig = &network.EndpointSettings{
+			EndpointSettings: &networktypes.EndpointSettings{},
+		}
 	}
 
-	n, nwCfg, err := daemon.findAndAttachNetwork(container, idOrName, endpointConfig)
+	n, nwCfg, err := daemon.findAndAttachNetwork(container, idOrName, endpointConfig.EndpointSettings)
 	if err != nil {
 		return err
 	}
@@ -710,26 +715,20 @@ func (daemon *Daemon) connectToNetwork(cfg *config.Config, container *container.
 		}
 	}
 
-	var operIPAM bool
-	operMAC := true
+	endpointConfig.IPAMOperational = false
 	if nwCfg != nil {
 		if epConfig, ok := nwCfg.EndpointsConfig[nwName]; ok {
 			if endpointConfig.IPAMConfig == nil || (endpointConfig.IPAMConfig.IPv4Address == "" && endpointConfig.IPAMConfig.IPv6Address == "" && len(endpointConfig.IPAMConfig.LinkLocalIPs) == 0) {
-				operIPAM = true
+				endpointConfig.IPAMOperational = true
 			}
 
 			// copy IPAMConfig and NetworkID from epConfig via AttachNetwork
 			endpointConfig.IPAMConfig = epConfig.IPAMConfig
 			endpointConfig.NetworkID = epConfig.NetworkID
-
-			// Work out whether the MAC address is user-configured.
-			operMAC = endpointConfig.MacAddress == ""
-			// Copy the configured MAC address (which may be empty).
-			endpointConfig.MacAddress = epConfig.MacAddress
 		}
 	}
 
-	if err := daemon.updateNetworkConfig(container, n, endpointConfig, updateSettings); err != nil {
+	if err := daemon.updateNetworkConfig(container, n, endpointConfig.EndpointSettings, updateSettings); err != nil {
 		return err
 	}
 
@@ -752,11 +751,7 @@ func (daemon *Daemon) connectToNetwork(cfg *config.Config, container *container.
 			}
 		}
 	}()
-	container.NetworkSettings.Networks[nwName] = &network.EndpointSettings{
-		EndpointSettings: endpointConfig,
-		IPAMOperational:  operIPAM,
-		MACOperational:   operMAC,
-	}
+	container.NetworkSettings.Networks[nwName] = endpointConfig
 
 	delete(container.NetworkSettings.Networks, n.ID())
 
@@ -1060,7 +1055,10 @@ func (daemon *Daemon) ConnectToNetwork(container *container.Container, idOrName
 			}
 		}
 	} else {
-		if err := daemon.connectToNetwork(&daemon.config().Config, container, idOrName, endpointConfig, true); err != nil {
+		epc := &network.EndpointSettings{
+			EndpointSettings: endpointConfig,
+		}
+		if err := daemon.connectToNetwork(&daemon.config().Config, container, idOrName, epc, true); err != nil {
 			return err
 		}
 	}
diff --git a/daemon/inspect.go b/daemon/inspect.go
@@ -70,6 +70,7 @@ func (daemon *Daemon) ContainerInspectCurrent(ctx context.Context, name string,
 		if epConf.EndpointSettings != nil {
 			// We must make a copy of this pointer object otherwise it can race with other operations
 			apiNetworks[nwName] = epConf.EndpointSettings.Copy()
+			apiNetworks[nwName].DesiredMacAddress = ""
 		}
 	}
 
diff --git a/daemon/network.go b/daemon/network.go
@@ -788,7 +788,7 @@ func (daemon *Daemon) clearAttachableNetworks() {
 }
 
 // buildCreateEndpointOptions builds endpoint options from a given network.
-func buildCreateEndpointOptions(c *container.Container, n *libnetwork.Network, epConfig *network.EndpointSettings, sb *libnetwork.Sandbox, daemonDNS []string) ([]libnetwork.EndpointOption, error) {
+func buildCreateEndpointOptions(c *container.Container, n *libnetwork.Network, epConfig *internalnetwork.EndpointSettings, sb *libnetwork.Sandbox, daemonDNS []string) ([]libnetwork.EndpointOption, error) {
 	var createOptions []libnetwork.EndpointOption
 	var genericOptions = make(options.Generic)
 
@@ -824,8 +824,8 @@ func buildCreateEndpointOptions(c *container.Container, n *libnetwork.Network, e
 			createOptions = append(createOptions, libnetwork.EndpointOptionGeneric(options.Generic{k: v}))
 		}
 
-		if epConfig.MacAddress != "" {
-			mac, err := net.ParseMAC(epConfig.MacAddress)
+		if epConfig.DesiredMacAddress != "" {
+			mac, err := net.ParseMAC(epConfig.DesiredMacAddress)
 			if err != nil {
 				return nil, err
 			}
diff --git a/daemon/network/settings.go b/daemon/network/settings.go
@@ -33,8 +33,9 @@ type Settings struct {
 type EndpointSettings struct {
 	*networktypes.EndpointSettings
 	IPAMOperational bool
-	// MACOperational is false if EndpointSettings.MacAddress is a user-configured value.
-	MACOperational bool
+	// DesiredMacAddress is the configured value, it's copied from MacAddress (the
+	// API param field) when the container is created.
+	DesiredMacAddress string
 }
 
 // AttachmentStore stores the load balancer IP address for a network id.
diff --git a/integration/networking/mac_addr_test.go b/integration/networking/mac_addr_test.go
@@ -6,6 +6,7 @@ import (
 	containertypes "github.com/docker/docker/api/types/container"
 	"github.com/docker/docker/integration/internal/container"
 	"github.com/docker/docker/integration/internal/network"
+	"github.com/docker/docker/libnetwork/drivers/bridge"
 	"github.com/docker/docker/testutil/daemon"
 	"gotest.tools/v3/assert"
 	is "gotest.tools/v3/assert/cmp"
@@ -35,7 +36,7 @@ func TestMACAddrOnRestart(t *testing.T) {
 	const netName = "testmacaddrs"
 	network.CreateNoError(ctx, t, c, netName,
 		network.WithDriver("bridge"),
-		network.WithOption("com.docker.network.bridge.name", netName))
+		network.WithOption(bridge.BridgeName, netName))
 	defer network.RemoveNoError(ctx, t, c, netName)
 
 	const ctr1Name = "ctr1"
@@ -77,3 +78,60 @@ func TestMACAddrOnRestart(t *testing.T) {
 	assert.Check(t, ctr1MAC != ctr2MAC,
 		"expected containers to have different MAC addresses; got %q for both", ctr1MAC)
 }
+
+// Check that a configured MAC address is restored after a container restart,
+// and after a daemon restart.
+func TestCfgdMACAddrOnRestart(t *testing.T) {
+	skip.If(t, testEnv.DaemonInfo.OSType == "windows")
+
+	ctx := setupTest(t)
+
+	d := daemon.New(t)
+	d.StartWithBusybox(ctx, t)
+	defer d.Stop(t)
+
+	c := d.NewClientT(t)
+	defer c.Close()
+
+	const netName = "testcfgmacaddr"
+	network.CreateNoError(ctx, t, c, netName,
+		network.WithDriver("bridge"),
+		network.WithOption(bridge.BridgeName, netName))
+	defer network.RemoveNoError(ctx, t, c, netName)
+
+	const wantMAC = "02:42:ac:11:00:42"
+	const ctr1Name = "ctr1"
+	id1 := container.Run(ctx, t, c,
+		container.WithName(ctr1Name),
+		container.WithImage("busybox:latest"),
+		container.WithCmd("top"),
+		container.WithNetworkMode(netName),
+		container.WithMacAddress(netName, wantMAC))
+	defer c.ContainerRemove(ctx, id1, containertypes.RemoveOptions{
+		Force: true,
+	})
+
+	inspect := container.Inspect(ctx, t, c, ctr1Name)
+	gotMAC := inspect.NetworkSettings.Networks[netName].MacAddress
+	assert.Check(t, is.Equal(wantMAC, gotMAC))
+
+	startAndCheck := func() {
+		t.Helper()
+		err := c.ContainerStart(ctx, ctr1Name, containertypes.StartOptions{})
+		assert.Assert(t, is.Nil(err))
+		inspect = container.Inspect(ctx, t, c, ctr1Name)
+		gotMAC = inspect.NetworkSettings.Networks[netName].MacAddress
+		assert.Check(t, is.Equal(wantMAC, gotMAC))
+	}
+
+	// Restart the container, check that the MAC address is restored.
+	err := c.ContainerStop(ctx, ctr1Name, containertypes.StopOptions{})
+	assert.Assert(t, is.Nil(err))
+	startAndCheck()
+
+	// Restart the daemon, check that the MAC address is restored.
+	err = c.ContainerStop(ctx, ctr1Name, containertypes.StopOptions{})
+	assert.Assert(t, is.Nil(err))
+	d.Restart(t)
+	startAndCheck()
+}

Original file line number	Diff line number	Diff line change
`@@ -442,6 +442,11 @@ func (daemon Daemon) updateContainerNetworkSettings(container container.Contai`
`442`	`442`	`for name, epConfig := range endpointsConfig {`
`443`	`443`	`container.NetworkSettings.Networks[name] = &network.EndpointSettings{`
`444`	`444`	`EndpointSettings: epConfig,`
	`445`	`+ // At this point, during container creation, epConfig.MacAddress is the`
	`446`	`+ // configured value from the API. If there is no configured value, the`
	`447`	`+ // same field will later be used to store a generated MAC address. So,`
	`448`	`+ // remember the requested address now.`
	`449`	`+ DesiredMacAddress: epConfig.MacAddress,`
`445`	`450`	`}`
`446`	`451`	`}`
`447`	`452`	`}`
`@@ -508,7 +513,7 @@ func (daemon Daemon) allocateNetwork(cfg config.Config, container *container.C`
`508`	`513`	`defaultNetName := runconfig.DefaultDaemonNetworkMode().NetworkName()`
`509`	`514`	`if nConf, ok := container.NetworkSettings.Networks[defaultNetName]; ok {`
`510`	`515`	`cleanOperationalData(nConf)`
`511`		`- if err := daemon.connectToNetwork(cfg, container, defaultNetName, nConf.EndpointSettings, updateSettings); err != nil {`
	`516`	`+ if err := daemon.connectToNetwork(cfg, container, defaultNetName, nConf, updateSettings); err != nil {`
`512`	`517`	`return err`
`513`	`518`	`}`
`514`	`519`	`}`
`@@ -525,7 +530,7 @@ func (daemon Daemon) allocateNetwork(cfg config.Config, container *container.C`
`525`	`530`
`526`	`531`	`for netName, epConf := range networks {`
`527`	`532`	`cleanOperationalData(epConf)`
`528`		`- if err := daemon.connectToNetwork(cfg, container, netName, epConf.EndpointSettings, updateSettings); err != nil {`
	`533`	`+ if err := daemon.connectToNetwork(cfg, container, netName, epConf, updateSettings); err != nil {`
`529`	`534`	`return err`
`530`	`535`	`}`
`531`	`536`	`}`
`@@ -634,12 +639,10 @@ func cleanOperationalData(es *network.EndpointSettings) {`
`634`	`639`	`es.IPv6Gateway = ""`
`635`	`640`	`es.GlobalIPv6Address = ""`
`636`	`641`	`es.GlobalIPv6PrefixLen = 0`
	`642`	`+ es.MacAddress = ""`
`637`	`643`	`if es.IPAMOperational {`
`638`	`644`	`es.IPAMConfig = nil`
`639`	`645`	`}`
`640`		`- if es.MACOperational {`
`641`		`- es.MacAddress = ""`
`642`		`- }`
`643`	`646`	`}`
`644`	`647`
`645`	`648`	`func (daemon Daemon) updateNetworkConfig(container container.Container, n libnetwork.Network, endpointConfig networktypes.EndpointSettings, updateSettings bool) error {`
`@@ -682,7 +685,7 @@ func buildEndpointDNSNames(ctr *container.Container, aliases []string) []string`
`682`	`685`	`return sliceutil.Dedup(dnsNames)`
`683`	`686`	`}`
`684`	`687`
`685`		`-func (daemon Daemon) connectToNetwork(cfg config.Config, container container.Container, idOrName string, endpointConfig networktypes.EndpointSettings, updateSettings bool) (retErr error) {`
	`688`	`+func (daemon Daemon) connectToNetwork(cfg config.Config, container container.Container, idOrName string, endpointConfig network.EndpointSettings, updateSettings bool) (retErr error) {`
`686`	`689`	`start := time.Now()`
`687`	`690`	`if container.HostConfig.NetworkMode.IsContainer() {`
`688`	`691`	`return runconfig.ErrConflictSharedNetwork`
`@@ -692,10 +695,12 @@ func (daemon Daemon) connectToNetwork(cfg config.Config, container *container.`
`692`	`695`	`return nil`
`693`	`696`	`}`
`694`	`697`	`if endpointConfig == nil {`
`695`		`- endpointConfig = &networktypes.EndpointSettings{}`
	`698`	`+ endpointConfig = &network.EndpointSettings{`
	`699`	`+ EndpointSettings: &networktypes.EndpointSettings{},`
	`700`	`+ }`
`696`	`701`	`}`
`697`	`702`
`698`		`- n, nwCfg, err := daemon.findAndAttachNetwork(container, idOrName, endpointConfig)`
	`703`	`+ n, nwCfg, err := daemon.findAndAttachNetwork(container, idOrName, endpointConfig.EndpointSettings)`
`699`	`704`	`if err != nil {`
`700`	`705`	`return err`
`701`	`706`	`}`
`@@ -710,26 +715,20 @@ func (daemon Daemon) connectToNetwork(cfg config.Config, container *container.`
`710`	`715`	`}`
`711`	`716`	`}`
`712`	`717`
`713`		`- var operIPAM bool`
`714`		`- operMAC := true`
	`718`	`+ endpointConfig.IPAMOperational = false`
`715`	`719`	`if nwCfg != nil {`
`716`	`720`	`if epConfig, ok := nwCfg.EndpointsConfig[nwName]; ok {`
`717`	`721`	`if endpointConfig.IPAMConfig == nil \|\| (endpointConfig.IPAMConfig.IPv4Address == "" && endpointConfig.IPAMConfig.IPv6Address == "" && len(endpointConfig.IPAMConfig.LinkLocalIPs) == 0) {`
`718`		`- operIPAM = true`
	`722`	`+ endpointConfig.IPAMOperational = true`
`719`	`723`	`}`
`720`	`724`
`721`	`725`	`// copy IPAMConfig and NetworkID from epConfig via AttachNetwork`
`722`	`726`	`endpointConfig.IPAMConfig = epConfig.IPAMConfig`
`723`	`727`	`endpointConfig.NetworkID = epConfig.NetworkID`
`724`		`-`
`725`		`- // Work out whether the MAC address is user-configured.`
`726`		`- operMAC = endpointConfig.MacAddress == ""`
`727`		`- // Copy the configured MAC address (which may be empty).`
`728`		`- endpointConfig.MacAddress = epConfig.MacAddress`
`729`	`728`	`}`
`730`	`729`	`}`
`731`	`730`
`732`		`- if err := daemon.updateNetworkConfig(container, n, endpointConfig, updateSettings); err != nil {`
	`731`	`+ if err := daemon.updateNetworkConfig(container, n, endpointConfig.EndpointSettings, updateSettings); err != nil {`
`733`	`732`	`return err`
`734`	`733`	`}`
`735`	`734`
`@@ -752,11 +751,7 @@ func (daemon Daemon) connectToNetwork(cfg config.Config, container *container.`
`752`	`751`	`}`
`753`	`752`	`}`
`754`	`753`	`}()`
`755`		`- container.NetworkSettings.Networks[nwName] = &network.EndpointSettings{`
`756`		`- EndpointSettings: endpointConfig,`
`757`		`- IPAMOperational: operIPAM,`
`758`		`- MACOperational: operMAC,`
`759`		`- }`
	`754`	`+ container.NetworkSettings.Networks[nwName] = endpointConfig`
`760`	`755`
`761`	`756`	`delete(container.NetworkSettings.Networks, n.ID())`
`762`	`757`
`@@ -1060,7 +1055,10 @@ func (daemon Daemon) ConnectToNetwork(container container.Container, idOrName`
`1060`	`1055`	`}`
`1061`	`1056`	`}`
`1062`	`1057`	`} else {`
`1063`		`- if err := daemon.connectToNetwork(&daemon.config().Config, container, idOrName, endpointConfig, true); err != nil {`
	`1058`	`+ epc := &network.EndpointSettings{`
	`1059`	`+ EndpointSettings: endpointConfig,`
	`1060`	`+ }`
	`1061`	`+ if err := daemon.connectToNetwork(&daemon.config().Config, container, idOrName, epc, true); err != nil {`
`1064`	`1062`	`return err`
`1065`	`1063`	`}`
`1066`	`1064`	`}`
Original file line number	Diff line number	Diff line change
`@@ -70,6 +70,7 @@ func (daemon *Daemon) ContainerInspectCurrent(ctx context.Context, name string,`
`70`	`70`	`if epConf.EndpointSettings != nil {`
`71`	`71`	`// We must make a copy of this pointer object otherwise it can race with other operations`
`72`	`72`	`apiNetworks[nwName] = epConf.EndpointSettings.Copy()`
	`73`	`+ apiNetworks[nwName].DesiredMacAddress = ""`
`73`	`74`	`}`
`74`	`75`	`}`
`75`	`76`
Original file line number	Diff line number	Diff line change
`@@ -788,7 +788,7 @@ func (daemon *Daemon) clearAttachableNetworks() {`
`788`	`788`	`}`
`789`	`789`
`790`	`790`	`// buildCreateEndpointOptions builds endpoint options from a given network.`
`791`		`-func buildCreateEndpointOptions(c container.Container, n libnetwork.Network, epConfig network.EndpointSettings, sb libnetwork.Sandbox, daemonDNS []string) ([]libnetwork.EndpointOption, error) {`
	`791`	`+func buildCreateEndpointOptions(c container.Container, n libnetwork.Network, epConfig internalnetwork.EndpointSettings, sb libnetwork.Sandbox, daemonDNS []string) ([]libnetwork.EndpointOption, error) {`
`792`	`792`	`var createOptions []libnetwork.EndpointOption`
`793`	`793`	`var genericOptions = make(options.Generic)`
`794`	`794`
`@@ -824,8 +824,8 @@ func buildCreateEndpointOptions(c container.Container, n libnetwork.Network, e`
`824`	`824`	`createOptions = append(createOptions, libnetwork.EndpointOptionGeneric(options.Generic{k: v}))`
`825`	`825`	`}`
`826`	`826`
`827`		`- if epConfig.MacAddress != "" {`
`828`		`- mac, err := net.ParseMAC(epConfig.MacAddress)`
	`827`	`+ if epConfig.DesiredMacAddress != "" {`
	`828`	`+ mac, err := net.ParseMAC(epConfig.DesiredMacAddress)`
`829`	`829`	`if err != nil {`
`830`	`830`	`return nil, err`
`831`	`831`	`}`