Geek Answers Handbook

Docker accepts multicast traffic

We have an application for connecting to a server that automatically detects physical devices on the network by listening to multicast packets on port 6969. Therefore, we need our dock container to be able to receive these packets from devices outside the host through the host, and in container. I saw several similar questions , and did a lot of reading , but I still have not been able to get the server response to these broadcast packets.

I am sitting on Wireshark and watching network traffic, but I'm not an expert. I know that Docker creates a MASQUERADE address MASQUERADE that all traffic looks like it comes from the Docker gateway, so when I look veth I see mostly conversations between 172.17.0.1 and 172.17.0.2 although my server cannot get any Information about devices on the network. (If I run outside the docker, I have no problem, of course.)

I cannot use --net=host because, like others, we use --link . I tried the following options ...

  • docker run --name app -p 6969:6969 -d me/app:latest
  • docker run --name app -p 0.0.0.0:6969:6969 -d me/app:latest (This one I could swear worked once, but now no?)
  • docker run --name app -p 0.0.0.0:6969:6969/udp -d me/app:latest
  • docker run --name app -p 255.255.255.255:6969:6969 -d me/app:latest

I would really appreciate any help or understanding you can provide.

+12
docker multicast networking wireshark
source share
2 answers

Try enabling multicat for your nics:

 ip link set eth0 multicast on

echo 1 >/proc/sys/net/ipv4/ip_forwarding to enable IP forwarding

You need to explicitly install or at least verify that it is enabled on the corresponding interfaces.

 net.ipv4.conf.all.mc_forwarding = 1 net.ipv4.conf.eth0.rp_filter=0

Allow multicast traffic:

 iptables -I INPUT -d 224.0.0.0/4 -j ACCEPT iptables -I FORWARD -d 224.0.0.0/4 -j ACCEPT

You may also need to add a route for multicast traffic:

 route add -net 224.0.0.0 netmask 240.0.0.0 dev eth0

Change the TTL of the multicast sender:

 iptables -t mangle -A OUTPUT -d <group> -j TTL --ttl-set 128 Where group is the multicast group address of the stream you want to change the TTL of.

You can also start the multicast proxy

PS:

You should try (if the above did not help) start the docker container with the --net = none parameter and use the pipeline with the following command:

 pipework docker0 -i eth0 CONTAINER_ID IP_ADDRESS/ IP_MASK@DEFAULT _ROUTE_IP

which creates the eth0 interface inside the container with the IFF_MULTICAST flag and a specific IP address.

+3
source share

Are there working solutions to this problem?

0
source share

More articles:


All Articles