New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Virtual interfaces are entering/leaving promiscuous mode #14807
Comments
Hi! Please read this important information about creating issues. If you are reporting a new issue, make sure that we do not have any duplicates already open. You can ensure this by searching the issue list for this repository. If there is a duplicate, please close your issue and add a comment to the existing issue instead. If you suspect your issue is a bug, please edit your issue description to include the BUG REPORT INFORMATION shown below. If you fail to provide this information within 7 days, we cannot debug your issue and will close it. We will, however, reopen it if you later provide the information. This is an automated, informational response. Thank you. For more information about reporting issues, see https://github.com/docker/docker/blob/master/CONTRIBUTING.md#reporting-other-issues BUG REPORT INFORMATIONUse the commands below to provide key information from your environment:
Provide additional environment details (AWS, VirtualBox, physical, etc.): List the steps to reproduce the issue: Describe the results you received: Describe the results you expected: Provide additional info you think is important: ----------END REPORT --------- #ENEEDMOREINFO |
Seems like something on the host may be doing this... |
Thanks. That's on our roadmap but we won't be getting to it until maybe a month or two from now. |
Surprise, surprise. This does seem to be the default behavior on CoreOS. Closing this as invalid :) EDIT: in case anyone is interested all I did was setup a fresh CoreOS VM using https://coreos.com/os/docs/latest/booting-on-vagrant.html and started/stopped a Ubuntu container a bunch of times. I found the same messages about the virtual interfaces being in promiscuous mode with EDIT: @mrjana is correct. I was not looking in the right place on the other Linux variants that I was testing this on. These messages are there, just run |
@aaronjwood This is how things work when you connect a particular interface to a bridge. In this case the host end of the veth pair is getting connected to the bridge and when you are a bridge port you cannot only receive packets for your own mac address. You need to receive packets destined to any mac address so that the bridge can forward the packet out of the appropriate outgoing interface or flood it on every interface part of the bridge. So all of this is intentional |
@mrjana you're right. I wasn't looking in the right place on the other non-CoreOS variants. Thanks for the explanation. |
I was able to fix this by using turning to privileged to off administrator@gitlabrunner-prod01:~$ docker run --rm --privileged -t -d -p 23:22 --name ubuntu ubuntu |
For some containers that are launched and stopped or killed (due to errors with what's running inside of them) I'm seeing logs that the virtual interfaces are entering and leaving promiscuous mode. These containers are running with the normal
bridge
networking mode. Example:Most of the containers aren't running with any special privileges or capabilities. There is one that runs with
--privileged
but it exhibits the same behavior as all the others. Another thing to note is that none of the other interfaces on the host are in promiscuous mode.What could be causing this. It doesn't seem to be consistent and I have been unable to reproduce it on a Ubuntu machine with the same Docker version. Here's some info about the environment it's happening in:
The text was updated successfully, but these errors were encountered: