I am trying to use SSDP to discover Onvif cameras on my local network. I have code that works simply on my workstation and it also works in a container using the host network. I don't want to use the host network (I need to connect with other containers on the host and this works well). I'm also limited in my options as this is a small device running BalenaOS and so not everything that can be done with docker is possible. I don't think it's possible to use pipework, for example.
Here is what I've figured out so far:
- Using wireshark I can see that the multicast packet does not leave my host
- I have increased the TTL for the packet (I'm sure this is necessary but it hasn't made a noticeable difference)
It seems like it should be possible to use iptables on the host to forward packets from the bridged network to eth0 but, really, I don't understand multicast/broadcast well enough to know if this is sufficient.
I see there are specialised tools like pimd and mrouted etc for managing similar cases. The author (?) has quite a bit of information o his site (e.g. https://troglobit.com/2016/03/07/testing-multicast-with-docker/) but I'm not fully understanding how to translate that into something I can try. The case under discussion is not exactly the same as mine anyway (they want to receive multicast messages in docker not send them out).
There are a few stackoverflow questions that seem to be similar but actually are not:
- Docker receiving multicast traffic: this is actually the reverse case, the user needs to receive multicast messages in their containers, in my case the replies are unicast which is easier to route (but in any case I'm not getting far enough along for replies to be sent at all)
- sending udp broadcast from a docker container: no clear resolution, comments suggest using the host network
Ideally, I am hoping to find a way to do the routing I need using iptables but I'm not sure if that is possible.
Update: I don't want to post an answer because I was never able to get this to work the way I wanted. I eventually put a small process - just enough to do discovery - in a new container on the host network. This is able to do discovery and send the results back to the container where I wanted to do discovery from in the first place. It's not a compromise that I'm happy with but I was not able to find another way to resolve it. I still think that may be possible so I'm leaving the question unanswered in case someone stumbles on it one day with a solution.
