0

I'm working on a netflow logger and I want to setup some automated performance testing. I want to take my testing pcap and replay it to my program from within a docker image running under boot2docker. The networking side of this is stumping me.

I can access my desktop (the machine hosting the boot2docker vm) from within the docker image running under boot2docker (scp/ssh/netcat all seem to work as expected). However, when I run tcpreplay on my pcap from within the docker image I never see the traffic on my desktop.

What I've tried:

  • rewrite the srcip in the pcap to be the srcip of the docker host
  • tcpdump piped through netcat (netflow is UDP so I don't really care about the connection setup) The traffic makes it but my program gets some exceptions and dies. This doesn't surprise me, but it does indicate that I can get the traffic out of the docker vm and into my program.
  • I can successfully tcpreplay the pcap to my program from within a normal debian vm

Any ideas on what I need to do to get tcpreplay to send my pcap to my desktop?

skarface
  • 910
  • 6
  • 19
  • 1
    This will be an interesting blog post when you've got it working :) – SvenDowideit May 17 '15 at 01:23
  • 1
    can you tell us more about where you're capturing, perhaps enough to reproduce? (I'm kinda curious about the differences in network types - your debian vm has vs b2d. – SvenDowideit May 17 '15 at 01:24
  • diagram of how stuff is setup. http://imgur.com/BhjjdDI The packets in the pcap have been re-written to be sent towards the OSX host (192.168.1.10 in the diagram). I'm curious as to wether tcpreplay can work at all within a docker container. I'm sure it has something to do with the various virtual networks in play, just can't get my head wrapped around how to approach the problem. – skarface May 17 '15 at 02:03

1 Answers1

1

Try change the destination MAC addr to that of docker0, which is the default VM running. This works for me.

Fu Jiantao
  • 106
  • 6
  • 1
    This will give you the MAC addr to be used: root@98ae3344c7b5:/# arping -f -I $(ip route show match 0/0 | awk '{print $5, $3}') ARPING 172.17.0.1 from 172.17.0.2 eth0 Unicast reply from 172.17.0.1 [02:42:65:93:5C:61] 0.692ms Sent 1 probes (1 broadcast(s)) Received 1 response(s) – Fu Jiantao Dec 17 '15 at 03:07