From eb9eabe25426f30d4690a9b651f7af7d5d715477 Mon Sep 17 00:00:00 2001
From: chenjiankun <chenjiankun1@huawei.com>
Date: Tue, 22 Nov 2022 20:56:57 +0800
Subject: [PATCH] docker: fix dockerd core when release network

fix #I627ON
---
 VERSION-openeuler                             |  2 +-
 docker-engine-openeuler.spec                  |  8 +-
 ...ection-marking-information-from-CT-f.patch | 96 +++++++++++++++++++
 series.conf                                   |  1 +
 4 files changed, 105 insertions(+), 2 deletions(-)
 create mode 100644 patch/0233-docker-Read-connection-marking-information-from-CT-f.patch

diff --git a/VERSION-openeuler b/VERSION-openeuler
index 1a575db..71f1af8 100644
--- a/VERSION-openeuler
+++ b/VERSION-openeuler
@@ -1 +1 @@
-18.09.0.245
+18.09.0.246
diff --git a/docker-engine-openeuler.spec b/docker-engine-openeuler.spec
index 67d01ef..21b4221 100644
--- a/docker-engine-openeuler.spec
+++ b/docker-engine-openeuler.spec
@@ -1,6 +1,6 @@
 Name: docker-engine
 Version: 18.09.0
-Release: 244
+Release: 246
 Epoch: 1
 Summary: The open-source application container engine
 Group: Tools/Docker
@@ -199,6 +199,12 @@ fi
 %endif
 
 %changelog
+* Tue Nov 22 2022 chenjiankun<chenjiankun1@huawei.com> - 18.09.0-246
+- Type:bugfix
+- CVE:NA
+- SUG:NA
+- DESC:fix dockerd core when release network
+
 * Tue Nov 22 2022 chenjiankun<chenjiankun1@huawei.com> - 18.09.0-245
 - Type:bugfix
 - CVE:NA
diff --git a/patch/0233-docker-Read-connection-marking-information-from-CT-f.patch b/patch/0233-docker-Read-connection-marking-information-from-CT-f.patch
new file mode 100644
index 0000000..bd3f4aa
--- /dev/null
+++ b/patch/0233-docker-Read-connection-marking-information-from-CT-f.patch
@@ -0,0 +1,96 @@
+From 9765477e687597b59f7119abf0b495ef6497986c Mon Sep 17 00:00:00 2001
+From: chenjiankun <chenjiankun1@huawei.com>
+Date: Tue, 8 Nov 2022 15:17:58 +0800
+From: GopiKrishna Kodali <gkodali@zededa.com>
+Date: Wed, 12 Jun 2019 10:56:30 +0530
+Subject: [PATCH] docker: Read connection marking information from CT flow TLV
+
+Conflict:conntrack_linux.go
+Reference:https://github.com/vishvananda/netlink/commit/941b4de9e151f1c3662f3f1fa23ec263999f09de
+
+---
+ .../vishvananda/netlink/conntrack_linux.go    | 55 ++++++++++---------
+ 1 file changed, 28 insertions(+), 27 deletions(-)
+
+diff --git a/components/engine/vendor/github.com/vishvananda/netlink/conntrack_linux.go b/components/engine/vendor/github.com/vishvananda/netlink/conntrack_linux.go
+index ecf044565..efb686e79 100644
+--- a/components/engine/vendor/github.com/vishvananda/netlink/conntrack_linux.go
++++ b/components/engine/vendor/github.com/vishvananda/netlink/conntrack_linux.go
+@@ -220,9 +220,17 @@ func parseBERaw16(r *bytes.Reader, v *uint16) {
+ 	binary.Read(r, binary.BigEndian, v)
+ }
+ 
++func parseBERaw32(r *bytes.Reader, v *uint32) {
++	binary.Read(r, binary.BigEndian, v)
++}
++
++func parseConnectionMark(r *bytes.Reader) (mark uint32) {
++	parseBERaw32(r, &mark)
++	return
++}
++
+ func parseRawData(data []byte) *ConntrackFlow {
+ 	s := &ConntrackFlow{}
+-	var proto uint8
+ 	// First there is the Nfgenmsg header
+ 	// consume only the family field
+ 	reader := bytes.NewReader(data)
+@@ -238,36 +246,29 @@ func parseRawData(data []byte) *ConntrackFlow {
+ 	// <len, NLA_F_NESTED|CTA_TUPLE_IP> 4 bytes
+ 	// flow information of the reverse flow
+ 	for reader.Len() > 0 {
+-		nested, t, l := parseNfAttrTL(reader)
+-		if nested && t == nl.CTA_TUPLE_ORIG {
+-			if nested, t, _ = parseNfAttrTL(reader); nested && t == nl.CTA_TUPLE_IP {
+-				proto = parseIpTuple(reader, &s.Forward)
++		if nested, t, l := parseNfAttrTL(reader); nested {
++			if t == nl.CTA_TUPLE_ORIG {
++				if nested, t, _ = parseNfAttrTL(reader); nested && t == nl.CTA_TUPLE_IP {
++					parseIpTuple(reader, &s.Forward)
++				}
++			} else if t == nl.CTA_TUPLE_REPLY {
++				if nested, t, _ = parseNfAttrTL(reader); nested && t == nl.CTA_TUPLE_IP {
++					parseIpTuple(reader, &s.Reverse)
++
++					// Got all the useful information stop parsing
++					break
++				} else {
++					// Header not recognized skip it
++					reader.Seek(int64(l), seekCurrent)
++				}
+ 			}
+-		} else if nested && t == nl.CTA_TUPLE_REPLY {
+-			if nested, t, _ = parseNfAttrTL(reader); nested && t == nl.CTA_TUPLE_IP {
+-				parseIpTuple(reader, &s.Reverse)
+-
+-				// Got all the useful information stop parsing
+-				break
+-			} else {
+-				// Header not recognized skip it
+-				reader.Seek(int64(l), seekCurrent)
++		} else {
++			switch t {
++			case nl.CTA_MARK:
++				s.Mark = parseConnectionMark(reader)
+ 			}
+ 		}
+ 	}
+-	if proto == TCP_PROTO {
+-		reader.Seek(64, seekCurrent)
+-		_, t, _, v := parseNfAttrTLV(reader)
+-		if t == nl.CTA_MARK {
+-			s.Mark = uint32(v[3])
+-		}
+-	} else if proto == UDP_PROTO {
+-		reader.Seek(16, seekCurrent)
+-		_, t, _, v := parseNfAttrTLV(reader)
+-		if t == nl.CTA_MARK {
+-			s.Mark = uint32(v[3])
+-		}
+-	}
+ 	return s
+ }
+ 
+-- 
+2.23.0
+
diff --git a/series.conf b/series.conf
index 09957b8..4f69366 100644
--- a/series.conf
+++ b/series.conf
@@ -226,4 +226,5 @@ patch/0229-docker-Add-an-ExitPid-field-for-State-struct-to-reco.patch
 patch/0230-docker-AdditionalGids-must-include-effective-group-I.patch
 patch/0231-docker-ensure-layer-digest-folder-removed-if-ls.driv.patch
 patch/0232-docker-cleanup-netns-file-when-close-docker-daemon.patch
+patch/0233-docker-Read-connection-marking-information-from-CT-f.patch
 #end
-- 
Gitee