IPv6 address port mappings no longer works with v2

[nightah]

trafficstars

Description

IPv6 address port mapping no longer works with compose v2.

The following compose file is an example with said issue:

version: "2.4"

networks:
  net:
    driver: bridge
    enable_ipv6: true
    ipam:
      driver: default
      config:
        - subnet: fd00:1111:2222:3333::/64

services:
  nginx:
    image: nginx
    container_name: nginx
    networks:
      - net
    ports:
      - 10.10.10.200:80:80
      - 10.10.10.200:443:443
      - fc00:1337:1337:1337:1337:1337:1337:1337:80:80
      - fc00:1337:1337:1337:1337:1337:1337:1337:443:443
    restart: unless-stopped
    environment:
      - TZ=Australia/Melbourne

Steps to reproduce the issue:

1. Attempt to start containers with the above docker-compose.yml.

Describe the results you received:

1 error(s) decoding:

* error decoding 'Ports': Invalid ip address fc00:1337:1337:1337:1337:1337:1337:1337: address fc00:1337:1337:1337:1337:1337:1337:1337:: too many colons in address

Describe the results you expected: Containers to come up successfully per compose v1.

Additional information you deem important (e.g. issue happens only occasionally):

Output of docker compose version:

Docker Compose version 2.0.0

Output of docker info:

Client:
 Context:    default
 Debug Mode: false
 Plugins:
  buildx: Build with BuildKit (Docker Inc., v0.6.3)
  compose: Docker Compose (Docker Inc., 2.0.0)

Server:
 Containers: 94
  Running: 93
  Paused: 0
  Stopped: 1
 Images: 118
 Server Version: 20.10.8
 Storage Driver: zfs
  Zpool: nerv
  Zpool Health: ONLINE
  Parent Dataset: nerv/ROOT/arch
  Space Used By Parent: 375816531968
  Space Available: 87945592832
  Parent Quota: no
  Compression: on
 Logging Driver: json-file
 Cgroup Driver: cgroupfs
 Cgroup Version: 1
 Plugins:
  Volume: local
  Network: bridge host ipvlan macvlan null overlay
  Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
 Swarm: inactive
 Runtimes: crun io.containerd.runc.v2 io.containerd.runtime.v1.linux runc
 Default Runtime: crun
 Init Binary: docker-init
 containerd version: 72cec4be58a9eb6b2910f5d10f1c01ca47d231c0.m
 runc version: 5b341a145c4f515f96f55e3e7760d1c79ec3cf1f
 init version: de40ad0
 Security Options:
  seccomp
   Profile: default
 Kernel Version: 5.14.6-arch1-1
 Operating System: Arch Linux
 OSType: linux
 Architecture: x86_64
 CPUs: 40
 Total Memory: 251.8GiB
 Name: nerv
 ID: SXIL:MFO4:NM7T:4QN2:EHQA:EBJP:3YXG:PLQ7:II2X:PH4S:BJT2:IGNK
 Docker Root Dir: /var/lib/docker
 Debug Mode: false
 Username: nightah
 Registry: https://index.docker.io/v1/
 Labels:
 Experimental: true
 Insecure Registries:
  127.0.0.0/8
 Live Restore Enabled: false

WARNING: bridge-nf-call-iptables is disabled
WARNING: bridge-nf-call-ip6tables is disabled

Additional environment details: N/A.

[wiseaidev]

It seems like the current version of compose supports only ipv6 addresses wrapped within square brackets. So doing something like the following might solve the issue:

    ports:
      - 10.10.10.200:80:80
      - 10.10.10.200:443:443
      - "[fc00:1337:1337:1337:1337:1337:1337:1337]:80:80"
      - "[fc00:1337:1337:1337:1337:1337:1337:1337]:443:443"

Besides, i am trying to figure out where the ports are decoded(which file of the package) to add support for a raw version of ipv6 and open a PR.

[wiseaidev]

Following up on this, the changes introduced by @ndeloof solved the issue. But, somehow it did not reflect on the current version of docker compose. Presumably, docker/go-connections requires a release bump since the latest one was 0.4.0 back to 2018. Not sure. Just guessing. But, it sounds like the case. Awaiting response from the maintainers on this.

[nightah]

@Harmouch101 thanks for the update, just to clarify the changes allow a raw IPv6 address to be specified as opposed to a square bracket encapsulated address/port.

What I did notice with the square bracket workaround was that even while it accepts the address and binds it, none of the actual containers seem to have any of the other IPv6 networking configuration applied (which in turn meant that ip6tables rules also were not being applied).

I had to downgrade to the last version of 1.x to get IPv6 working properly. Did you notice the same issues with containers not having any IPv6 configuration being applied too?

[wiseaidev]

Did you notice the same issues with containers not having any IPv6 configuration being applied too?

@nightah yup. I have noticed that in #8832

[hwittenborn]

Any status on this? I'm currently being quite affected by this due to Mailcow utilizing it, and I'm wanting to avoid making manual changes to their Compose file if at all possible.

[ndeloof]

we indeed are waiting for a docker/go-connections release so that we can bump dependency. @thaJeztah would it make sense to release v0.5.0?

[thaJeztah]

Yes, we should have a new release for it; I recall there was a regression though that needs to be digged into (see https://github.com/moby/moby/pull/41084 / https://github.com/moby/moby/pull/41042)

[thaJeztah]

If possible, I would still recommend using the notation with square brackets though, as without brackets, the format may still be ambiguous in some cases (due to the unfortunate choice to use colons as separator in the format, combined with "optional" parts, both in the "ports" and in IPv6 itself)

[stale[bot]]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

[stale[bot]]

This issue has been automatically closed because it had not recent activity during the stale period.