Skip to content

Don't try to remove a cleared docker_gwbridge endpoint#51534

Merged
thaJeztah merged 1 commit into
moby:masterfrom
robmry:dont-remove-removed-gateway
Nov 14, 2025
Merged

Don't try to remove a cleared docker_gwbridge endpoint#51534
thaJeztah merged 1 commit into
moby:masterfrom
robmry:dont-remove-removed-gateway

Conversation

@robmry

@robmry robmry commented Nov 14, 2025
edited by vvoland
Loading

Copy link
Copy Markdown
Contributor

- What I did

If a container is using a docker_gwbridge endpoint as its gateway, when it's connected to another network that provides a gateway, the docker_gwbridge endpoint is removed (in a recursive nightmare).

So, the "before" gateway for the container has been removed before the new gateway is updateExternalConnectivity'd, and an error is raised because it can't be removed again.

This will affect any container using docker_gwbridge - most won't ... the built-in ipvlan/macvlan drivers disable it, and non-internal bridge networks require IPv4 or IPv6. But I'm not sure if there's a way to provoke the error with Swarm.

- How I did it

Don't pass the old gateway to updateExternalConnectivity in that case, because the network driver's already forgotten about it.

- How to verify it

This needs a regression test - but wanted to get the fix in first (missed 29.0.1, but there will be a 29.0.2).

For now, manual repro ...

- Human readable description for the release notes

Fix an issue that could lead to an "endpoint not found" error when creating a container with multiple network connections, when one of the networks is non-internal but does not have its own external IP connectivity.

@robmry
Don't try to remove cleared docker_gwbridge endpoint
1731e9e 
If a container is using a docker_gwbridge endpoint as its gateway,
when it's connected to another network that provides a gateway, the
docker_gwbridge endpoint is removed when that endpoint is added (in
a recursive nightmare).

So, the "before" gateway for the container has been removed
before the new gateway is updateExternalConnectivity'd.

Don't pass the old gateway to updateExternalConnectivity in that
case, because the network driver's already forgotten about it.

Signed-off-by: Rob Murray <rob.murray@docker.com>
@robmry robmry self-assigned this Nov 14, 2025
@github-actions github-actions Bot added the area/daemon Core Engine label Nov 14, 2025
@robmry robmry added kind/bugfix PR's that fix bugs area/networking Networking labels Nov 14, 2025
@robmry robmry added this to the 29.0.2 milestone Nov 14, 2025
@robmry robmry marked this pull request as ready for review November 14, 2025 17:51
@thaJeztah thaJeztah modified the milestones: 29.0.2, 29.1.0 Nov 14, 2025
@thaJeztah

thaJeztah commented Nov 14, 2025

Copy link
Copy Markdown
Member

This related, or a random flakiness?

=== Failed
=== FAIL: daemon/libnetwork/cnmallocator  (0.00s)
panic: test timed out after 5m0s
	running tests:
		TestAllocator (5m0s)
		TestAllocator/TestAllocatorRestoreForUnallocatedNetwork (4m59s)

goroutine 67 [running]:
testing.(*M).startAlarm.func1()
	/usr/local/go/src/testing/testing.go:2682 +0x345
created by time.goFunc
	/usr/local/go/src/time/sleep.go:215 +0x2d

goroutine 1 [chan receive, 4 minutes]:
testing.(*T).Run(0xc00022ae00, {0x117d73d?, 0xc00028db30?}, 0x11d7c80)
	/usr/local/go/src/testing/testing.go:2005 +0x485
testing.runTests.func1(0xc00022ae00)
	/usr/local/go/src/testing/testing.go:2477 +0x37
testing.tRunner(0xc00022ae00, 0xc00028dc70)
	/usr/local/go/src/testing/testing.go:1934 +0xea
testing.runTests(0xc000013140, {0x1ae27a0, 0x12, 0x12}, {0x7?, 0xc0002b5140?, 0x1b57f00?})
	/usr/local/go/src/testing/testing.go:2475 +0x4b4
testing.(*M).Run(0xc0002f0500)
	/usr/local/go/src/testing/testing.go:2337 +0x63a

@robmry

robmry commented Nov 14, 2025

Copy link
Copy Markdown
Contributor Author

This related, or a random flakiness?

Ah, thank you - was just looking at that ... I'm pretty sure it's unrelated.

@robmry robmry mentioned this pull request Nov 14, 2025
Open
thaJeztah
thaJeztah approved these changes Nov 14, 2025
View reviewed changes

@thaJeztah thaJeztah left a comment

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@thaJeztah thaJeztah merged commit a81d441 into moby:master Nov 14, 2025
377 of 384 checks passed
@thaJeztah thaJeztah mentioned this pull request Nov 14, 2025
Merged
@robmry robmry deleted the dont-remove-removed-gateway branch November 26, 2025 16:13
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@akerouanton akerouanton akerouanton approved these changes
@thaJeztah thaJeztah thaJeztah approved these changes
@corhere corhere Awaiting requested review from corhere

Assignees

@robmry robmry

Labels

area/daemon Core Engine area/networking Networking impact/changelog kind/bugfix PR's that fix bugs process/cherry-picked

Projects

None yet

Milestone

29.1.0

Development

Successfully merging this pull request may close these issues.

Problem using DockerCAN in Docker 29

3 participants

@robmry @thaJeztah @akerouanton