From 3098ee6628f49ca81a56c6edc81c909c70cdd9b9 Mon Sep 17 00:00:00 2001
From: Alessandro Boch <aboch@docker.com>
Date: Mon, 4 May 2015 23:45:07 -0700
Subject: [PATCH 1/2] CreateOptionPortMapping to store a copy of the passed
 bindings

- Given this will be internal data, make a defensive copy to
  protect from client inadvertently modifications.

Signed-off-by: Alessandro Boch <aboch@docker.com>
---
 endpoint.go | 15 ++++++++++-----
 1 file changed, 10 insertions(+), 5 deletions(-)

diff --git a/endpoint.go b/endpoint.go
index d8e9806..6056160 100644
--- a/endpoint.go
+++ b/endpoint.go
@@ -486,13 +486,18 @@ func JoinOptionUseDefaultSandbox() EndpointOption {
 // ports option to be passed to network.CreateEndpoint() method.
 func CreateOptionPortMapping(portBindings []netutils.PortBinding) EndpointOption {
 	return func(ep *endpoint) {
-		// Store endpoint label
-		ep.generic[options.PortMap] = portBindings
-		// Extract exposed ports as this is the only concern of libnetwork endpoint
-		ep.exposedPorts = make([]netutils.TransportPort, 0, len(portBindings))
+		// Extract and store exposed ports as this is the only concern of libnetwork endpoint
+		// Store a copy of the bindings as generic data to pass to the driver
+		pbs := make([]netutils.PortBinding, 0, len(portBindings))
+		exp := make([]netutils.TransportPort, 0, len(portBindings))
+
 		for _, b := range portBindings {
-			ep.exposedPorts = append(ep.exposedPorts, netutils.TransportPort{Proto: b.Proto, Port: b.Port})
+			pbs = append(pbs, b.GetCopy())
+			exp = append(exp, netutils.TransportPort{Proto: b.Proto, Port: b.Port})
 		}
+
+		ep.generic[options.PortMap] = pbs
+		ep.exposedPorts = exp
 	}
 }
 

From c203b3959eba37ac1eab284da711499e1d14ac19 Mon Sep 17 00:00:00 2001
From: Alessandro Boch <aboch@docker.com>
Date: Mon, 4 May 2015 23:53:32 -0700
Subject: [PATCH 2/2] Reuse existing docker chain constant in link.go

- in bridge driver

Signed-off-by: Alessandro Boch <aboch@docker.com>
---
 drivers/bridge/link.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/bridge/link.go b/drivers/bridge/link.go
index bcdcd0c..774cd89 100644
--- a/drivers/bridge/link.go
+++ b/drivers/bridge/link.go
@@ -69,7 +69,7 @@ func linkContainers(action, parentIP, childIP string, ports []netutils.PortBindi
 		return InvalidLinkIPAddrError(childIP)
 	}
 
-	chain := iptables.Chain{Name: "DOCKER", Bridge: bridge}
+	chain := iptables.Chain{Name: DockerChain, Bridge: bridge}
 	for _, port := range ports {
 		err := chain.Link(nfAction, ip1, ip2, int(port.Port), port.Proto.String())
 		if !ignoreErrors && err != nil {