FS#69258 - [docker] IPv6 is no longer proxied with 20.10.2
Attached to Project:
Community Packages
Opened by Sébastien Luttringer (seblu) - Saturday, 09 January 2021, 12:46 GMT
Last edited by Sébastien Luttringer (seblu) - Monday, 12 April 2021, 16:12 GMT
Opened by Sébastien Luttringer (seblu) - Saturday, 09 January 2021, 12:46 GMT
Last edited by Sébastien Luttringer (seblu) - Monday, 12 April 2021, 16:12 GMT
|
Details
Description:
Since 20.10.2, IPv6 host forwarding to IPv4 container is broken. Links: - https://github.com/moby/moby/issues/41858 - https://github.com/moby/libnetwork/pull/2604 - https://github.com/moby/libnetwork/issues/2607 - https://github.com/moby/libnetwork/pull/2608 Rollback to 20.10.1 is a workaround until further notice. |
This task depends upon
Closed by Sébastien Luttringer (seblu)
Monday, 12 April 2021, 16:12 GMT
Reason for closing: Fixed
Additional comments about closing: 20.10.6-1
Monday, 12 April 2021, 16:12 GMT
Reason for closing: Fixed
Additional comments about closing: 20.10.6-1
Also could you write down a way to reproduce :)?
That remembered, if you have an IPv6 host, your forwarded ports to a container works for IPv4 and IPv6 until now. So, I think it will have impact on folks who use IPv6 (the best of us?) and have no IPv6 stack on containers (IMHO most of them).
The way to reproduce, is well explained in the libnetwork ticket. The ascii schema in this reply helps to catch it quickly: https://github.com/moby/libnetwork/issues/2607#issuecomment-755104810.
Waiting to break people setup to count them doesn't look like a good idea to me. Not to mention, it's sneaky as IPv4 connection still works and service may only be broken on IPv6.
I think discussion around it was a good idea are finished but I will wait the pending patch (2608) to be merged before trying it and eventually release a downstream package.
But yes, waiting for the patch to be merged and see if it fixes the problem before contemplating a downgrade sounds good to me :) Thanks for the work!
Our PKGBUILD is broken, we don't build with the libnetwork we fetch in $sources.
$ find -path *bridge/port_mapping.go
./src/moby/vendor/github.com/docker/libnetwork/drivers/bridge/port_mapping.go
./src/libnetwork/drivers/bridge/port_mapping.go
docker-proxy binary is built with a libnetwork at another location (the one we pull in sources).
We have the same library in two places, with potentially 2 different versions, to handle the same component which is the docker-proxy.
Not sure if we are broken or it's upstream design...
The 20.10.2-3 package apply the fixes on the correct file.
https://github.com/moby/moby/blob/v20.10.2/vendor.conf#L50
I'm more curious about the case of the other components we are pulling. If we can drop the subcomponents because of the vendor then that is IMO better and simplifies the PKGBUILD.
Could you report this in https://github.com/moby/libnetwork/issues/2607 ?
UPDATE:
You already reported it here ? https://github.com/ansible-collections/community.docker/issues/70
If your issue is with docker-compose, I think you should mention it on the moby issue.
UPDATE:
I tested it with docker cli, the port binding problem exists there too.
There is a new bug report (https://bugs.archlinux.org/task/69367) that seems to be the same problem.
I'm building a -4 version, without the patch. Next patched versions will first land in cty-testing.