docker: fix dockerd core when release network

fix #I627ON
2022-11-22 20:49:27 +08:00 · 2022-11-22 20:49:27 +08:00 · 07ce32f65f
commit 07ce32f65f
parent 8f09263541
5 changed files with 106 additions and 3 deletions
--- a/2
+++ b/2
@ -1 +1 @@
-18.09.0.313
+18.09.0.314
--- a/docker.spec
+++ b/docker.spec
@ -1,6 +1,6 @@
 Name: docker-engine
 Version: 18.09.0
-Release: 313
+Release: 314
 Epoch: 2
 Summary: The open-source application container engine
 Group: Tools/Docker
@ -213,6 +213,12 @@ fi
 %endif

 %changelog
+* Tue Nov 22 2022 chenjiankun<chenjiankun1@huawei.com> - 18.09.0-314
+- Type:bugfix
+- CVE:NA
+- SUG:NA
+- DESC:fix dockerd core when release network
+
 * Tue Nov 22 2022 chenjiankun<chenjiankun1@huawei.com> - 18.09.0-313
 - Type:bugfix
 - CVE:NA
--- a/2
+++ b/2
@ -1 +1 @@
-f06d9b2e6b86090d87db5b8d20fc87243cbcd1c4
+eca9bca4da7991a3fc6397f580ffedeb25ccb15d
--- a/patch/0234-docker-Read-connection-marking-information-from-CT-f.patch
+++ b/patch/0234-docker-Read-connection-marking-information-from-CT-f.patch
@ -0,0 +1,96 @@
+From 9765477e687597b59f7119abf0b495ef6497986c Mon Sep 17 00:00:00 2001
+From: chenjiankun <chenjiankun1@huawei.com>
+Date: Tue, 8 Nov 2022 15:17:58 +0800
+From: GopiKrishna Kodali <gkodali@zededa.com>
+Date: Wed, 12 Jun 2019 10:56:30 +0530
+Subject: [PATCH] docker: Read connection marking information from CT flow TLV
+
+Conflict:conntrack_linux.go
+Reference:https://github.com/vishvananda/netlink/commit/941b4de9e151f1c3662f3f1fa23ec263999f09de
+
+---
+ .../vishvananda/netlink/conntrack_linux.go    | 55 ++++++++++---------
+ 1 file changed, 28 insertions(+), 27 deletions(-)
+
+diff --git a/components/engine/vendor/github.com/vishvananda/netlink/conntrack_linux.go b/components/engine/vendor/github.com/vishvananda/netlink/conntrack_linux.go
+index ecf044565..efb686e79 100644
+--- a/components/engine/vendor/github.com/vishvananda/netlink/conntrack_linux.go
+++ b/components/engine/vendor/github.com/vishvananda/netlink/conntrack_linux.go
+@@ -220,9 +220,17 @@ func parseBERaw16(r *bytes.Reader, v *uint16) {
+ 	binary.Read(r, binary.BigEndian, v)
+ }
+ 
+func parseBERaw32(r *bytes.Reader, v *uint32) {
+	binary.Read(r, binary.BigEndian, v)
+}
+
+func parseConnectionMark(r *bytes.Reader) (mark uint32) {
+	parseBERaw32(r, &mark)
+	return
+}
+
+ func parseRawData(data []byte) *ConntrackFlow {
+ 	s := &ConntrackFlow{}
+-	var proto uint8
+ 	// First there is the Nfgenmsg header
+ 	// consume only the family field
+ 	reader := bytes.NewReader(data)
+@@ -238,36 +246,29 @@ func parseRawData(data []byte) *ConntrackFlow {
+ 	// <len, NLA_F_NESTED|CTA_TUPLE_IP> 4 bytes
+ 	// flow information of the reverse flow
+ 	for reader.Len() > 0 {
+-		nested, t, l := parseNfAttrTL(reader)
+-		if nested && t == nl.CTA_TUPLE_ORIG {
+-			if nested, t, _ = parseNfAttrTL(reader); nested && t == nl.CTA_TUPLE_IP {
+-				proto = parseIpTuple(reader, &s.Forward)
+		if nested, t, l := parseNfAttrTL(reader); nested {
+			if t == nl.CTA_TUPLE_ORIG {
+				if nested, t, _ = parseNfAttrTL(reader); nested && t == nl.CTA_TUPLE_IP {
+					parseIpTuple(reader, &s.Forward)
+				}
+			} else if t == nl.CTA_TUPLE_REPLY {
+				if nested, t, _ = parseNfAttrTL(reader); nested && t == nl.CTA_TUPLE_IP {
+					parseIpTuple(reader, &s.Reverse)
+
+					// Got all the useful information stop parsing
+					break
+				} else {
+					// Header not recognized skip it
+					reader.Seek(int64(l), seekCurrent)
+				}
+ 			}
+-		} else if nested && t == nl.CTA_TUPLE_REPLY {
+-			if nested, t, _ = parseNfAttrTL(reader); nested && t == nl.CTA_TUPLE_IP {
+-				parseIpTuple(reader, &s.Reverse)
+-
+-				// Got all the useful information stop parsing
+-				break
+-			} else {
+-				// Header not recognized skip it
+-				reader.Seek(int64(l), seekCurrent)
+		} else {
+			switch t {
+			case nl.CTA_MARK:
+				s.Mark = parseConnectionMark(reader)
+ 			}
+ 		}
+ 	}
+-	if proto == TCP_PROTO {
+-		reader.Seek(64, seekCurrent)
+-		_, t, _, v := parseNfAttrTLV(reader)
+-		if t == nl.CTA_MARK {
+-			s.Mark = uint32(v[3])
+-		}
+-	} else if proto == UDP_PROTO {
+-		reader.Seek(16, seekCurrent)
+-		_, t, _, v := parseNfAttrTLV(reader)
+-		if t == nl.CTA_MARK {
+-			s.Mark = uint32(v[3])
+-		}
+-	}
+ 	return s
+ }
+ 
+-- 
+2.23.0
+
--- a/series.conf
+++ b/series.conf
@ -231,4 +231,5 @@ patch/0230-docker-Add-an-ExitPid-field-for-State-struct-to-reco.patch
 patch/0231-docker-AdditionalGids-must-include-effective-group-I.patch
 patch/0232-docker-ensure-layer-digest-folder-removed-if-ls.driv.patch
 patch/0233-docker-cleanup-netns-file-when-close-docker-daemon.patch
+patch/0234-docker-Read-connection-marking-information-from-CT-f.patch
 #end