robmry
diff --git a/‎libnetwork/drivers/bridge/bridge_linux.go‎
Lines changed: 37 additions & 16 deletions b/‎libnetwork/drivers/bridge/bridge_linux.go‎
Lines changed: 37 additions & 16 deletions
diff --git a/‎libnetwork/drivers/bridge/bridge_linux_test.go‎
Lines changed: 23 additions & 19 deletions b/‎libnetwork/drivers/bridge/bridge_linux_test.go‎
Lines changed: 23 additions & 19 deletions
diff --git a/‎libnetwork/drivers/bridge/bridge_store.go‎
Lines changed: 17 additions & 4 deletions b/‎libnetwork/drivers/bridge/bridge_store.go‎
Lines changed: 17 additions & 4 deletions
@@ -21,7 +21,6 @@ import (
 	"github.com/docker/docker/libnetwork/ns"
 	"github.com/docker/docker/libnetwork/options"
 	"github.com/docker/docker/libnetwork/portallocator"
-	"github.com/docker/docker/libnetwork/portmapper"
 	"github.com/docker/docker/libnetwork/scope"
 	"github.com/docker/docker/libnetwork/types"
 	"github.com/pkg/errors"
@@ -113,7 +112,7 @@ type bridgeEndpoint struct {
 	macAddress      net.HardwareAddr
 	containerConfig *containerConfiguration
 	extConnConfig   *connectivityConfiguration
-	portMapping     []types.PortBinding // Operation port bindings
+	portMapping     []portBinding // Operational port bindings
 	dbIndex         uint64
 	dbExists        bool
 }
@@ -123,9 +122,7 @@ type bridgeNetwork struct {
 	bridge        *bridgeInterface // The bridge's L3 interface
 	config        *networkConfiguration
 	endpoints     map[string]*bridgeEndpoint // key: endpoint id
-	portMapper    *portmapper.PortMapper
-	portMapperV6  *portmapper.PortMapper
-	driver        *driver // The network's driver
+	driver        *driver                    // The network's driver
 	iptCleanFuncs iptablesCleanFuncs
 	sync.Mutex
 }
@@ -355,6 +352,15 @@ func (n *bridgeNetwork) getNetworkBridgeName() string {
 	return config.BridgeName
 }
 
+func (n *bridgeNetwork) userlandProxyPath() string {
+	n.Lock()
+	defer n.Unlock()
+	if n.driver == nil {
+		return ""
+	}
+	return n.driver.userlandProxyPath()
+}
+
 func (n *bridgeNetwork) getEndpoint(eid string) (*bridgeEndpoint, error) {
 	if eid == "" {
 		return nil, InvalidEndpointIDError(eid)
@@ -508,6 +514,16 @@ func (d *driver) getNetwork(id string) (*bridgeNetwork, error) {
 	return nil, types.NotFoundErrorf("network not found: %s", id)
 }
 
+func (d *driver) userlandProxyPath() string {
+	d.Lock()
+	defer d.Unlock()
+
+	if d.config.EnableUserlandProxy {
+		return d.config.UserlandProxyPath
+	}
+	return ""
+}
+
 func parseNetworkGenericOptions(data interface{}) (*networkConfiguration, error) {
 	var (
 		err    error
@@ -714,13 +730,11 @@ func (d *driver) createNetwork(config *networkConfiguration) (err error) {
 
 	// Create and set network handler in driver
 	network := &bridgeNetwork{
-		id:           config.ID,
-		endpoints:    make(map[string]*bridgeEndpoint),
-		config:       config,
-		portMapper:   portmapper.NewWithPortAllocator(d.portAllocator, d.config.UserlandProxyPath),
-		portMapperV6: portmapper.NewWithPortAllocator(d.portAllocator, d.config.UserlandProxyPath),
-		bridge:       bridgeIface,
-		driver:       d,
+		id:        config.ID,
+		endpoints: make(map[string]*bridgeEndpoint),
+		config:    config,
+		bridge:    bridgeIface,
+		driver:    d,
 	}
 
 	d.Lock()
@@ -1221,7 +1235,7 @@ func (d *driver) EndpointOperInfo(nid, eid string) (map[string]interface{}, erro
 		// Return a copy of the operational data
 		pmc := make([]types.PortBinding, 0, len(ep.portMapping))
 		for _, pm := range ep.portMapping {
-			pmc = append(pmc, pm.GetCopy())
+			pmc = append(pmc, pm.PortBinding.GetCopy())
 		}
 		m[netlabel.PortMap] = pmc
 	}
@@ -1321,9 +1335,16 @@ func (d *driver) ProgramExternalConnectivity(nid, eid string, options map[string
 	}
 
 	// Program any required port mapping and store them in the endpoint
-	endpoint.portMapping, err = network.allocatePorts(endpoint, network.config.DefaultBindingIP, d.config.EnableUserlandProxy)
-	if err != nil {
-		return err
+	if endpoint.extConnConfig != nil && endpoint.extConnConfig.PortBindings != nil {
+		endpoint.portMapping, err = network.addPortMappings(
+			endpoint.addr,
+			endpoint.addrv6,
+			endpoint.extConnConfig.PortBindings,
+			network.config.DefaultBindingIP,
+		)
+		if err != nil {
+			return err
+		}
 	}
 
 	defer func() {
 
@@ -59,22 +59,26 @@ func TestEndpointMarshalling(t *testing.T) {
 				},
 			},
 		},
-		portMapping: []types.PortBinding{
+		portMapping: []portBinding{
 			{
-				Proto:       17,
-				IP:          net.ParseIP("172.33.9.56"),
-				Port:        uint16(99),
-				HostIP:      net.ParseIP("10.10.100.2"),
-				HostPort:    uint16(9900),
-				HostPortEnd: uint16(10000),
+				PortBinding: types.PortBinding{
+					Proto:       17,
+					IP:          net.ParseIP("172.33.9.56"),
+					Port:        uint16(99),
+					HostIP:      net.ParseIP("10.10.100.2"),
+					HostPort:    uint16(9900),
+					HostPortEnd: uint16(10000),
+				},
 			},
 			{
-				Proto:       6,
-				IP:          net.ParseIP("171.33.9.56"),
-				Port:        uint16(55),
-				HostIP:      net.ParseIP("10.11.100.2"),
-				HostPort:    uint16(5500),
-				HostPortEnd: uint16(55000),
+				PortBinding: types.PortBinding{
+					Proto:       6,
+					IP:          net.ParseIP("171.33.9.56"),
+					Port:        uint16(55),
+					HostIP:      net.ParseIP("10.11.100.2"),
+					HostPort:    uint16(5500),
+					HostPortEnd: uint16(55000),
+				},
 			},
 		},
 	}
@@ -101,9 +105,9 @@ func TestEndpointMarshalling(t *testing.T) {
 	// a different port cannot be selected on live-restore if the original is
 	// already in-use). So, fix up portMapping in the original before running
 	// the comparison.
-	epms := make([]types.PortBinding, len(e.portMapping))
-	for i, pb := range e.portMapping {
-		epms[i] = pb
+	epms := make([]portBinding, len(e.portMapping))
+	for i, p := range e.portMapping {
+		epms[i] = p
 		epms[i].HostPortEnd = epms[i].HostPort
 	}
 	if !compareBindings(epms, ee.portMapping) {
@@ -197,12 +201,12 @@ func comparePortBinding(p *types.PortBinding, o *types.PortBinding) bool {
 	return true
 }
 
-func compareBindings(a, b []types.PortBinding) bool {
+func compareBindings(a, b []portBinding) bool {
 	if len(a) != len(b) {
 		return false
 	}
 	for i := 0; i < len(a); i++ {
-		if !comparePortBinding(&a[i], &b[i]) {
+		if !comparePortBinding(&a[i].PortBinding, &b[i].PortBinding) {
 			return false
 		}
 	}
@@ -732,7 +736,7 @@ func testQueryEndpointInfo(t *testing.T, ulPxyEnabled bool) {
 		t.Fatal("Incomplete data for port mapping in endpoint operational data")
 	}
 	for i, pb := range ep.portMapping {
-		if !comparePortBinding(&pb, &pm[i]) {
+		if !comparePortBinding(&pb.PortBinding, &pm[i]) {
 			t.Fatal("Unexpected data for port mapping in endpoint operational data")
 		}
 	}
 
@@ -374,17 +374,30 @@ func (ep *bridgeEndpoint) CopyTo(o datastore.KVObject) error {
 	return nil
 }
 
+// restorePortAllocations is used during live-restore. It re-creates iptables
+// forwarding/NAT rules, and restarts docker-proxy, as needed.
+//
+// TODO(robmry) - if any previously-mapped host ports are no longer available, all
+// iptables forwarding/NAT rules get removed and there will be no docker-proxy
+// processes. So, the container will be left running, but inaccessible.
 func (n *bridgeNetwork) restorePortAllocations(ep *bridgeEndpoint) {
 	if ep.extConnConfig == nil ||
 		ep.extConnConfig.ExposedPorts == nil ||
 		ep.extConnConfig.PortBindings == nil {
 		return
 	}
-	tmp := ep.extConnConfig.PortBindings
-	ep.extConnConfig.PortBindings = ep.portMapping
-	_, err := n.allocatePorts(ep, n.config.DefaultBindingIP, n.driver.config.EnableUserlandProxy)
+
+	// ep.portMapping has HostPort=HostPortEnd, the host port allocated last
+	// time around ... use that in place of ep.extConnConfig.PortBindings, which
+	// may specify host port ranges.
+	cfg := make([]types.PortBinding, len(ep.portMapping))
+	for i, b := range ep.portMapping {
+		cfg[i] = b.PortBinding
+	}
+
+	var err error
+	ep.portMapping, err = n.addPortMappings(ep.addr, ep.addrv6, cfg, n.config.DefaultBindingIP)
 	if err != nil {
 		log.G(context.TODO()).Warnf("Failed to reserve existing port mapping for endpoint %.7s:%v", ep.id, err)
 	}
-	ep.extConnConfig.PortBindings = tmp
 }