IPV6 :: bound instead of V4 0.0.0.0

[NoRePercussions]

Description

I am on Debian 12.5.

I run docker run 11f -p 0.0.0.0:8080:8080, and see the proxy bind the following socket:

me@machine:~$ sudo netstat -tulpn
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp6       0      0 :::8080                 :::*                    LISTEN      91527/docker-proxy

I do not see this behavior when binding a socket with Python:

me@machine:~$ python3
Python 3.11.2 (main, Mar 13 2023, 12:18:29) [GCC 12.2.0] on linux
Type "help", "copyright", "credits" or "license" for more information.
>>> import socket
>>> s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
>>> s.bind(("0.0.0.0", 8080))
>>> s.listen(5)
---
me@machine:~$ sudo netstat -tulpn
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 0.0.0.0:8080            0.0.0.0:*               LISTEN      92654/python3

This causes a problem with the docker proxy's default interfaces, as the proxy tries to bind 0.0.0.0 (which is changed to ::) and then tries to bind ::, which fails because the first bind already includes it:

me@machine:~$ sudo docker run -p 8080:8080 11f
docker: Error response from daemon: driver failed programming external connectivity on endpoint
<name> (<hash>): Error starting userland
proxy: listen tcp [::]:8080: bind: address already in use.
ERRO[0000] error waiting for container: context canceled

Additionally, the :: bind accepts connections from ipv4, which is unexpected since I have net.ipv6.bindipv6only = 1.

Reproduce

Proxy a container's ports with `docker run -p 0.0.0.0:8080:8080 mycontainer

Expected behavior

When binding 0.0.0.0, I don't expect :: to be bound, and vice versa. Additionally, I expect binding default interfaces to succeed.

docker version

Client: Docker Engine - Community
 Version:           19.03.9
 API version:       1.40
 Go version:        go1.13.10
 Git commit:        9d988398e7
 Built:             Fri May 15 00:22:47 2020
 OS/Arch:           linux/amd64
 Experimental:      false

Server: Docker Engine - Community
 Engine:
  Version:          26.1.0
  API version:      1.45 (minimum version 1.24)
  Go version:       go1.21.9
  Git commit:       c8af8eb
  Built:            Mon Apr 22 17:06:56 2024
  OS/Arch:          linux/amd64
  Experimental:     false
 containerd:
  Version:          1.6.31
  GitCommit:        e377cd56a71523140ca6ae87e30244719194a521
 runc:
  Version:          1.0.0-rc10
  GitCommit:        dc9208a3303feef5b3839f4323d9beb36df0a9dd
 docker-init:
  Version:          0.19.0
  GitCommit:        de40ad0

docker info

Client:
 Debug Mode: false
 Plugins:
  buildx: Docker Buildx (Docker Inc., v0.14.0)
  compose: Docker Compose (Docker Inc., v2.26.1)

Server:
 Containers: 8
  Running: 0
  Paused: 0
  Stopped: 8
 Images: 1
 Server Version: 26.1.0
 Storage Driver: overlay2
  Backing Filesystem: extfs
  Supports d_type: true
  Using metacopy: false
  Native Overlay Diff: true
  userxattr: false
 Logging Driver: json-file
 Cgroup Driver: systemd
 Plugins:
  Volume: local
  Network: bridge host ipvlan macvlan null overlay
  Log: awslogs fluentd gcplogs gelf journald json-file local splunk syslog
 Swarm: inactive
 Runtimes: io.containerd.runc.v2 runc
 Default Runtime: runc
 Init Binary: docker-init
 containerd version: e377cd56a71523140ca6ae87e30244719194a521
 runc version: dc9208a3303feef5b3839f4323d9beb36df0a9dd
 init version: de40ad0
 Security Options:
  apparmor
  seccomp
  WARNING: You're not using the default seccomp profile
   Profile: builtin
  cgroupns
 Kernel Version: 6.1.0-18-amd64
 Operating System: Debian GNU/Linux 12 (bookworm)
 OSType: linux
 Architecture: x86_64
 CPUs: 2
 Total Memory: 3.79GiB
 Name: salt-minion-d01

 ID: 31e3855a-96fc-44a7-b9c3-b0a985f0aa7b
 Docker Root Dir: /var/lib/docker
 Debug Mode: false
 Registry: https://index.docker.io/v1/
 Labels:
 Experimental: false
 Insecure Registries:
  127.0.0.0/8
 Live Restore Enabled: false

WARNING: No kernel memory limit support
WARNING: No oom kill disable support

Additional Info

No response

[robmry]

Hi @NoRePercussions - I've had a quick play, but haven't been able to reproduce the problem.

You're using a very old version of the docker client (19.03.9, from 2020).

Perhaps you also have an old version of docker-proxy?

[robmry]

Did using a current version of docker-proxy help / can we close this issue?

[NoRePercussions]

I can't reproduce it on a fresh bullseye 11.9 machine, and will further try on a bookworm 12.5 machine, so I suspect you are right. Thank you for your help!

[robmry]

Ok, great! Thank you for the update.