-
Notifications
You must be signed in to change notification settings - Fork 18.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Cannot receive UDP traffic in Docker container in case of UDP server being located at Docker host #15127
Comments
same here with docker v1.9.1 ("a34a1d5-dirty") @ Arch 👍 please fix this bug |
is there a workaround for this? maybe it's an iptables bug. i have no other iptables rules, besides the docker rules, 2 networks (docker0 + 1 other). My host has the ip 172.16.0.1/16.
|
Unbelievable, bug still in current docker version and no one cares from docker dev team (@thaJeztah). |
@timothyklim sorry about that. this fell out of radar. We will take a look at it soon. |
1 month later and still no progress |
I'm having a [possibly] related issue. My app receives UDP syslog messages from most sources with the original source address preserved, but one device has the source rewritten to the docker0 interface's IP (seen by running tcpdump on docker0). I tried disabling the userland proxy as an experiment. The ones that were working before still are, but that one source never makes it to docker0 now, which is obviously concerning. Ubuntu 16.04.2, docker 1.12.6, docker-compose 1.8.0, launched w/ docker-compose up EDIT: Running |
The problem happens because host has multiple network interfaces( Running
As we can see the real cause is: the second packet chooses the wrong source address! And somehow, client does not recognize it, thinks it is INVALID, does not pass it to the application, but instead replies with a ICMP packet. Choosing packet source address is kernel's work, for UDP, by default it will use the IP address of the interface the packet will be sent to. And as to why kernel drops the second packet, is because As for the first problem, socket can actually control which source address should be used with a combination of In conclusion, this is not a problem caused by docker(although it does create a
|
I don't know if my issue is link or not but I can't send or receiver udp message in the docker container, works fine with tcp. nc -l -u -p 8888 I am using Netcat works fine with tcp so I don't get why it doesn't work over udp. |
Also hitting this issue.. any fix for this ? running osx Sierra too |
+1 |
4 similar comments
+1 |
+1 |
+1 |
+1 |
mark |
I am running into this using
I can't use TCP -- NTP runs over UDP. I don't want to change the server or client socket logic -- they are third party code and should be working fine. How should I make the server listen on a specific address then? Reply to myself: Publish the exposed port and IP address, as exlained here
|
+1 I ran dns server on host and make container use this dns server on the same server. |
+1 |
2 similar comments
+1 |
+1 |
++1 |
Thank you! - I disabled the second network adapter on my host and my UDP issue went away! |
I think the actual issue lies in the proxy implementation, see moby/libnetwork#1729. |
With UDP, docker sometimes can't route UDP packets to the correct address because the source address gets mangled [1]. This can be worked around by explicitly binding to a certain interface. [1]: moby/moby#15127 (comment) Signed-off-by: Harald Seiler <hws@denx.de>
Just hit this same issue. enabling running dnsmasq on the host resolv.conf inside docker looks like:
i don't really know why the |
Apparently my issue was I needed to bind dnsmasq to a specific IP address not 0.0.0.0 as per https://blog.powerdns.com/2012/10/08/on-binding-datagram-udp-sockets-to-the-any-addresses/ |
I got an issue with UDP packets and a docker-container. In my case, I solved that in my docker-compose file adding "/udp" in the ports section.
Source: https://docs.docker.com/config/containers/container-networking/ |
i got the same issue when connect the udp port of container, maybe docker forward the tcp connections by default, if want to connect udp port of container, u should add one forward rule to iptables's PREROUTING chain which under the type nat. |
Description of problem:
When issuing UDP connections from docker container to docker host, no incoming UDP packets are received in container.
UDP works for accessing external resources.
TCP works for accessing docker host.
docker version
:Mostly tested on
Client:
Version: 1.8.0-dev
API version: 1.20
Go version: go1.4.2
Git commit: b900aaa
Built: Fri Jul 17 15:15:47 UTC 2015
Still actual in:
Go version: go1.4.2
Git commit: 9d3ad6d
Built: Wed Jul 29 16:26:04 UTC 2015
docker info
:Containers: 283
Images: 687
Storage Driver: overlay
Backing Filesystem: extfs
Execution Driver: native-0.2
Logging Driver: json-file
Kernel Version: 4.1.2███████
Operating System: Gentoo/Linux
CPUs: 8
Total Memory: 7.746 GiB
Name: ███████
ID: 7WYK:23Z2:J7KR:JFF2:QMLD:E5Z6:FF5O:LAAA:XOW4:56ZR:BOSD:WWAI
uname -a
: Linux ███████ 4.1.2-███████ #2 SMP Mon Jul 20 14:13:03 CEST 2015 x86_64 Intel(R) Core(TM) i7-4790 CPU @ 3.60GHz GenuineIntel GNU/LinuxEnvironment details (AWS, VirtualBox, physical, etc.): physical
How reproducible:
Steps to Reproduce:
ncat -e /bin/cat -k -u -l 5151
, also I rechecked withudpqotd
, yeah that one from old Perl Cookbook) on Docker host outside of Docker (not tested starting server in docker container)Actual Results:
Expected Results:
Additional info:
The text was updated successfully, but these errors were encountered: