1

I have a Docker network with two containers in it. When I run nping with a fake target IP address and a real MAC address of the second container, the packets appear in the tcpdump -eni eth0 output with a different source addresses (both MAC and IP) and with a substantial delay (~10s).

Is it a Docker bug, or am I missing something?

Here is how you can reproduce the issue.

Run this script:

docker network create --driver=bridge --subnet=10.16.17.0/24 so_con

docker run -itd --name=con_A --net=so_con debian /bin/bash
docker run -itd --name=con_B --net=so_con debian /bin/bash

docker exec con_A sh -c 'apt-get update && apt-get install -y tcpdump'
docker exec con_B sh -c 'apt-get update && apt-get install -y nmap'

export A_MAC=`docker inspect -f '{{.NetworkSettings.Networks.so_con.MacAddress}}' con_A`

docker exec con_B nping -c 100 --rate 1 --dest-mac $A_MAC 2.15.9.20 &
docker exec con_A tcpdump -eni eth0

After the apt-get finishes installing packets, you will see intermingled output from nping and tcpdump:

Starting Nping 0.6.47 ( http://nmap.org/nping ) at 2016-01-07 16:35 UTC
SENT (0.0331s) ICMP [10.16.17.3 > 2.15.9.20 Echo request (type=8/code=0) id=6585 seq=1] IP [ttl=64 id=3571 iplen=28 ]
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes
SENT (1.0336s) ICMP [10.16.17.3 > 2.15.9.20 Echo request (type=8/code=0) id=6585 seq=3] IP [ttl=64 id=3571 iplen=28 ]
SENT (2.0351s) ICMP [10.16.17.3 > 2.15.9.20 Echo request (type=8/code=0) id=6585 seq=3] IP [ttl=64 id=3571 iplen=28 ]
SENT (3.0366s) ICMP [10.16.17.3 > 2.15.9.20 Echo request (type=8/code=0) id=6585 seq=4] IP [ttl=64 id=3571 iplen=28 ]
SENT (4.0381s) ICMP [10.16.17.3 > 2.15.9.20 Echo request (type=8/code=0) id=6585 seq=5] IP [ttl=64 id=3571 iplen=28 ]
SENT (5.0396s) ICMP [10.16.17.3 > 2.15.9.20 Echo request (type=8/code=0) id=6585 seq=6] IP [ttl=64 id=3571 iplen=28 ]
SENT (6.0410s) ICMP [10.16.17.3 > 2.15.9.20 Echo request (type=8/code=0) id=6585 seq=7] IP [ttl=64 id=3571 iplen=28 ]
SENT (7.0419s) ICMP [10.16.17.3 > 2.15.9.20 Echo request (type=8/code=0) id=6585 seq=8] IP [ttl=64 id=3571 iplen=28 ]
SENT (8.0433s) ICMP [10.16.17.3 > 2.15.9.20 Echo request (type=8/code=0) id=6585 seq=9] IP [ttl=64 id=3571 iplen=28 ]
SENT (9.0447s) ICMP [10.16.17.3 > 2.15.9.20 Echo request (type=8/code=0) id=6585 seq=10] IP [ttl=64 id=3571 iplen=28 ]
16:36:00.699670 02:42:0a:10:11:03 > 02:42:0a:10:11:02, ethertype IPv4 (0x0800), length 42: 10.16.17.1 > 2.15.9.20: ICMP echo request, id 6585, seq 3, length 8
16:36:00.699764 02:42:0a:10:11:02 > 02:42:1b:a1:db:5a, ethertype IPv4 (0x0800), length 70: 10.16.17.2 > 10.16.17.1: ICMP redirect 2.15.9.20 to host 10.16.17.1, length 36
16:36:00.699809 02:42:0a:10:11:02 > 02:42:1b:a1:db:5a, ethertype IPv4 (0x0800), length 42: 10.16.17.1 > 2.15.9.20: ICMP echo request, id 6585, seq 3, length 8
16:36:01.701244 02:42:0a:10:11:03 > 02:42:0a:10:11:02, ethertype IPv4 (0x0800), length 42: 10.16.17.1 > 2.15.9.20: ICMP echo request, id 6585, seq 3, length 8

Two observations here:

  1. tcpdump receives first package only after some time (9s).

  2. The received package comes from the Docker special bridge interface, that is attached to the host, in my case it is:

    br-436234216b46 Link encap:Ethernet  HWaddr 02:42:1b:a1:db:5a  
      inet addr:10.16.17.1  Bcast:0.0.0.0  Mask:255.255.255.0

Also, if you run tcpdump at the mentioned host-binded interface br-436234216b46, it will show the original nping packages coming from con_B by some reason to it, instead of con_A.

I use Docker 1.9.1 on 64 bit Ubuntu 14.04.

Necto
  • 163
  • 7
  • The intermingled output is confusing. What were the actual commands you ran, with their actual output? –  Jan 07 '16 at 17:30
  • @HenryTK, I ran the script embedded into the question, and the actual output is long so I included only the relevant piece. but here it is in full: https://gist.github.com/necto/782f961be33feae10f8f – Necto Jan 07 '16 at 17:58

0 Answers0