Port parameter not working when bridged interface is not the first one

[lorenzo93]

Description

Hi,

if I create a container with two network interfaces (one bridged and the other one not connected to the host), the behaviour is different depending on the order of the connected interfaces.
The port parameter works only if the bridged interface is the first one of the container (eth0), if the bridged interface is second one, it does not work.

This issue was first opened here

Reproduce

In the example I will use the katharanp network plugin to generate a network not connected to the host in any way.

The plugin needs to specify the architecture, in the example I used the arm64 architecture but feel free to change it to amd64 according to your architecture.

docker plugin install lollo93/katharanp:arm64
docker plugin enable lollo93/katharanp:arm64
docker network create --ipam-driver=null --driver=lollo93/katharanp:arm64 l2_net
docker run -ti --rm --net l2_net -p 8080:80 --name=test httpd 

In this situation, if a docker ps command is executed, the output looks like this one. I also attached a docker inspect output of the container.

inspect_before_l2.txt

As it is possible to notice, the docker ps output does not show the configured port (as it should).

Now, I will attach a second interface to the default bridged network with this command:

docker network connect bridge test

The docker ps output now correctly reports the configured port, but the port forwarding is still not working from the host giving me a connection refused error.

inspect_after_l2.txt

If the two networks are connected in the opposite order, everything works correctly :)

docker run -ti --rm --net bridge -p 8080:80 --name=test httpd
docker network connect l2_net test

Expected behavior

The port forwarding should work independently from the order of the connected network interfaces as long as there is a bridged interface connected to the container.

docker version

Client:
 Cloud integration: v1.0.35-desktop+001
 Version:           24.0.5
 API version:       1.43
 Go version:        go1.20.6
 Git commit:        ced0996
 Built:             Fri Jul 21 20:32:30 2023
 OS/Arch:           darwin/arm64
 Context:           desktop-linux

Server: Docker Desktop 4.22.1 (118664)
 Engine:
  Version:          24.0.5
  API version:      1.43 (minimum version 1.12)
  Go version:       go1.20.6
  Git commit:       a61e2b4
  Built:            Fri Jul 21 20:35:38 2023
  OS/Arch:          linux/arm64
  Experimental:     false
 containerd:
  Version:          1.6.21
  GitCommit:        3dce8eb055cbb6872793272b4f20ed16117344f8
 runc:
  Version:          1.1.7
  GitCommit:        v1.1.7-0-g860f061
 docker-init:
  Version:          0.19.0
  GitCommit:        de40ad0

docker info

Client:
 Version:    24.0.5
 Context:    desktop-linux
 Debug Mode: false
 Plugins:
  buildx: Docker Buildx (Docker Inc.)
    Version:  v0.11.2-desktop.1
    Path:     /Users/lorenzo/.docker/cli-plugins/docker-buildx
  compose: Docker Compose (Docker Inc.)
    Version:  v2.20.2-desktop.1
    Path:     /Users/lorenzo/.docker/cli-plugins/docker-compose
  dev: Docker Dev Environments (Docker Inc.)
    Version:  v0.1.0
    Path:     /Users/lorenzo/.docker/cli-plugins/docker-dev
  extension: Manages Docker extensions (Docker Inc.)
    Version:  v0.2.20
    Path:     /Users/lorenzo/.docker/cli-plugins/docker-extension
  init: Creates Docker-related starter files for your project (Docker Inc.)
    Version:  v0.1.0-beta.6
    Path:     /Users/lorenzo/.docker/cli-plugins/docker-init
  sbom: View the packaged-based Software Bill Of Materials (SBOM) for an image (Anchore Inc.)
    Version:  0.6.0
    Path:     /Users/lorenzo/.docker/cli-plugins/docker-sbom
  scan: Docker Scan (Docker Inc.)
    Version:  v0.26.0
    Path:     /Users/lorenzo/.docker/cli-plugins/docker-scan
  scout: Command line tool for Docker Scout (Docker Inc.)
    Version:  0.20.0
    Path:     /Users/lorenzo/.docker/cli-plugins/docker-scout

Server:
 Containers: 0
  Running: 0
  Paused: 0
  Stopped: 0
 Images: 16
 Server Version: 24.0.5
 Storage Driver: overlay2
  Backing Filesystem: extfs
  Supports d_type: true
  Using metacopy: false
  Native Overlay Diff: true
  userxattr: false
 Logging Driver: json-file
 Cgroup Driver: cgroupfs
 Cgroup Version: 2
 Plugins:
  Volume: local
  Network: bridge host ipvlan kathara/katharanp:arm64 lollo93/katharanp:arm64 macvlan null overlay
  Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
 Swarm: inactive
 Runtimes: io.containerd.runc.v2 runc
 Default Runtime: runc
 Init Binary: docker-init
 containerd version: 3dce8eb055cbb6872793272b4f20ed16117344f8
 runc version: v1.1.7-0-g860f061
 init version: de40ad0
 Security Options:
  seccomp
   Profile: unconfined
  cgroupns
 Kernel Version: 5.15.49-linuxkit-pr
 Operating System: Docker Desktop
 OSType: linux
 Architecture: aarch64
 CPUs: 6
 Total Memory: 5.8GiB
 Name: docker-desktop
 ID: 792edd6f-f9c9-4508-989e-8c1d68e8a886
 Docker Root Dir: /var/lib/docker
 Debug Mode: false
 HTTP Proxy: http.docker.internal:3128
 HTTPS Proxy: http.docker.internal:3128
 No Proxy: hubproxy.docker.internal
 Experimental: false
 Insecure Registries:
  hubproxy.docker.internal:5555
  127.0.0.0/8
 Live Restore Enabled: false

WARNING: daemon is not using the default seccomp profile

Diagnostics ID

71989770-6C8B-4018-931E-288AB5CBE49D/20230913170736

Additional Info

There is no different behaviour on Windows and the bug is present in all the architectures (arm64, amd64).

[tcaiazzi]

Hi all,

Any news about this? 😇