cc-oci-runtime icon indicating copy to clipboard operation
cc-oci-runtime copied to clipboard
verified publisher icon intel

Exporting a port that is not open by a container results in SYN,ACK

Open albertomurillo opened this issue 9 years ago • 0 comments

I am creating a busybox container and exporting port 31337 from the container to the hosts. Note that the busybox image does NOT starts any application listening on that port.

After that I run a tasks to wait for port 31337 to be open.

The expected behavior is the task to hung since the busybox container does not listen on the port. See the following data capture from docker on ubuntu.

  6   0.618406    127.0.0.1 → 127.0.0.1    TCP 76 51332→31337 [SYN] Seq=0 Win=43690 Len=0 MSS=65495 SACK_PERM=1 TSval=24608971 TSecr=0 WS=128
  7   0.618428    127.0.0.1 → 127.0.0.1    TCP 56 31337→51332 [RST, ACK] Seq=1 Ack=1 Win=0 Len=0
 19   1.618688    127.0.0.1 → 127.0.0.1    TCP 76 51334→31337 [SYN] Seq=0 Win=43690 Len=0 MSS=65495 SACK_PERM=1 TSval=24609221 TSecr=0 WS=128
 20   1.618697    127.0.0.1 → 127.0.0.1    TCP 56 31337→51334 [RST, ACK] Seq=1 Ack=1 Win=0 Len=0
151   4.054560    127.0.0.1 → 127.0.0.1    TCP 76 51336→31337 [SYN] Seq=0 Win=43690 Len=0 MSS=65495 SACK_PERM=1 TSval=24609830 TSecr=0 WS=128
152   4.054569    127.0.0.1 → 127.0.0.1    TCP 56 31337→51336 [RST, ACK] Seq=1 Ack=1 Win=0 Len=0
...

The current behavior is that the task returns immediately when running in clear containers. See the following data capture from docker-cor on clearlinux.

74   5.428436          ::1 → ::1          TCP 96 35462→31337 [SYN] Seq=0 Win=43690 Len=0 MSS=65476 SACK_PERM=1 TSval=98805222 TSecr=0 WS=128
 75   5.428446          ::1 → ::1          TCP 96 31337→35462 [SYN, ACK] Seq=0 Ack=1 Win=43690 Len=0 MSS=65476 SACK_PERM=1 TSval=98805222 TSecr=98805222 WS=128
 76   5.428454          ::1 → ::1          TCP 88 35462→31337 [ACK] Seq=1 Ack=1 Win=43776 Len=0 TSval=98805222 TSecr=98805222
 77   5.428481          ::1 → ::1          TCP 88 35462→31337 [FIN, ACK] Seq=1 Ack=1 Win=43776 Len=0 TSval=98805222 TSecr=98805222
 78   5.428566   172.17.0.1 → 172.17.0.3   TCP 76 54202→31337 [SYN] Seq=0 Win=29200 Len=0 MSS=1460 SACK_PERM=1 TSval=98805222 TSecr=0 WS=128
 79   5.428571   172.17.0.1 → 172.17.0.3   TCP 76 [TCP Out-Of-Order] 54202→31337 [SYN] Seq=0 Win=29200 Len=0 MSS=1460 SACK_PERM=1 TSval=98805222 TSecr=0 WS=128
 80   5.428714   172.17.0.3 → 172.17.0.1   TCP 56 31337→54202 [RST, ACK] Seq=1 Ack=1 Win=0 Len=0
 81   5.428714   172.17.0.3 → 172.17.0.1   TCP 56 31337→54202 [RST, ACK] Seq=1 Ack=1 Win=0 Len=0
 82   5.428802          ::1 → ::1          TCP 88 31337→35462 [FIN, ACK] Seq=1 Ack=2 Win=43776 Len=0 TSval=98805222 TSecr=98805222
 83   5.428811          ::1 → ::1          TCP 88 35462→31337 [ACK] Seq=2 Ack=2 Win=43776 Len=0 TSval=98805222 TSecr=98805222

How to reproduce:

  1. Install sysadmin-hostmgmt and containers-basic bundles (for ansible and docker)
  2. Create wait.yml file

---
- hosts: localhost
  become: yes
  tasks:
    - name: Download busybox container image
      docker_image: name=busybox state=present

    - name: Start busybox container
      docker_container:
        name: busybox
        image: busybox
        state: started
        published_ports:
          - 31337:31337

    - name: Wait for port 31337
      wait_for: host=localhost port=31337 state=started
  1. Run the playbook ansible-playbook wait.yml

albertomurillo avatar Oct 25 '16 20:10 albertomurillo