port ranges: docker picks a host port used by process other than itself #44136
Description
Description
Hello,
If I use a container port and map it to a range of host ports, docker picks one port from the specified host port range.
When doing so, docker picks a port in-use by a non-docker started process, when there are other ports in the range that are available.
For example,
docker run -itd -p 21-23:100 busybox
Above, docker would pick one of 21-23 host port and map it to container port 100.
In the same example above, lets say host port 21 is in-use by a running container, host port 22 is for ssh, host port 23 is available. Docker skips 21, but picks 22 and fails while trying to map it to container port 100. whereas, it should determine that both port 21 and 22 are in-use, and then pick port 23.
It seems to only know of ports used by itself (process called docker-proxy)
Reproduce
- check host ports in use, for example port 22 for SSH, etc.
(output below is just an example, not the entire list of ports on my host)
sudo netstat -tulpn | grep LISTEN
tcp 0 0 127.0.0.1:39097 0.0.0.0:* LISTEN 4824/containerd
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 3479/sshd
- run a container
ctr1with 1 container port mapped to a range of host ports
docker run -itd -p 21-23:100 busybox
port 21 is free, docker maps it to container port 100.
- check in-use ports on the host
sudo netstat -tulpn | grep LISTEN
tcp 0 0 127.0.0.1:39097 0.0.0.0:* LISTEN 4824/containerd
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 3479/sshd
tcp 0 0 0.0.0.0:21 0.0.0.0:* LISTEN 6105/docker-proxy
- run another container
ctr2.
docker run -itd -p 21-23:100 busybox
this fails with reason:
docker: Error response from daemon: driver failed programming external connectivity on endpoint X: Error starting userland proxy: listen tcp4 0.0.0.0:22: bind: address already in use.
Expected behavior
Docker should pick a host port that's not in-use, even if its used by processes other than docker-proxy
docker version
Client:
Version: 20.10.17
API version: 1.41
Go version: go1.18.3
Git commit: 100c701
Built: Thu Jun 16 20:08:47 2022
OS/Arch: linux/amd64
Context: default
Experimental: true
Server:
Engine:
Version: 20.10.17
API version: 1.41 (minimum version 1.12)
Go version: go1.18.3
Git commit: a89b842
Built: Thu Jun 16 20:09:24 2022
OS/Arch: linux/amd64
Experimental: false
containerd:
Version: 1.6.6
GitCommit: 10c12954828e7c7c9b6e0ea9b0c02b01407d3ae1
runc:
Version: 1.1.3
GitCommit: 1e7bb5b773162b57333d57f612fd72e3f8612d94
docker-init:
Version: 0.19.0
GitCommit: de40ad0docker info
Client:
Context: default
Debug Mode: false
Server:
Containers: 80
Running: 2
Paused: 0
Stopped: 78
Images: 7
Server Version: 20.10.17
Storage Driver: overlay2
Backing Filesystem: xfs
Supports d_type: true
Native Overlay Diff: true
userxattr: false
Logging Driver: json-file
Cgroup Driver: cgroupfs
Cgroup Version: 1
Plugins:
Volume: local
Network: bridge host ipvlan macvlan null overlay
Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
Swarm: inactive
Runtimes: io.containerd.runc.v2 io.containerd.runtime.v1.linux runc
Default Runtime: runc
Init Binary: docker-init
containerd version: 10c12954828e7c7c9b6e0ea9b0c02b01407d3ae1
runc version: 1e7bb5b773162b57333d57f612fd72e3f8612d94
init version: de40ad0
Security Options:
seccomp
Profile: default
Kernel Version: 4.14.290-217.505.amzn2.x86_64
Operating System: Amazon Linux 2
OSType: linux
Architecture: x86_64
CPUs: 2
Total Memory: 7.582GiB
Name: ip-10-0-30-217.ec2.internal
ID: KSG3:W7JG:IKW7:HZZC:BMVO:WRTF:6CKK:ZHXU:4UV3:TVRV:4GSN:RV2X
Docker Root Dir: /var/lib/docker
Debug Mode: true
File Descriptors: 57
Goroutines: 65
System Time: 2022-09-12T21:33:22.945918853Z
EventsListeners: 1
Registry: https://index.docker.io/v1/
Labels:
Experimental: false
Insecure Registries:
127.0.0.0/8
Live Restore Enabled: falseAdditional Info
No response