docker-proxy does not set source IP correctly in UDP mode when bound on 0.0.0.0

[HarmtH]

A container is configured to listen for DNS requests on all IP's on port 54:

 /usr/bin/docker-proxy -proto udp -host-ip 0.0.0.0 -host-port 54 -container-ip 172.19.0.2 -container-port 53

When I do a request from another container (in an isolated network from the DNS server container):

root@a9e4256c5510:/# dig google.nl @192.168.0.155 -p 54
;; reply from unexpected source: 172.17.0.1#54, expected 192.168.0.155#54

thinkbox :: work/dockers/bind » sudo tcpdump -n -i docker0
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on docker0, link-type EN10MB (Ethernet), capture size 262144 bytes
16:23:17.239359 IP 172.17.0.2.60735 > 192.168.0.155.54: UDP, length 38
16:23:17.432102 IP 172.17.0.1.54 > 172.17.0.2.60735: UDP, length 200

When I configure the container to just listen on 192.168.0.155:

/usr/bin/docker-proxy -proto udp -host-ip 192.168.0.155 -host-port 54 -container-ip 172.19.0.2 -container-port 53

It works correctly:

thinkbox :: work/dockers/bind » sudo tcpdump -n -i docker0
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on docker0, link-type EN10MB (Ethernet), capture size 262144 bytes
16:22:45.792460 IP 172.17.0.2.44517 > 192.168.0.155.54: UDP, length 38
16:22:45.792847 IP 192.168.0.155.54 > 172.17.0.2.44517: UDP, length 200

[HarmtH]

It seems that transmitting a UDP packet from the source it arrived on it quite a challenge to do in a generic way: http://stackoverflow.com/questions/3062205/setting-the-source-ip-for-a-udp-socket The last answer to that question seems most helpful: http://stackoverflow.com/a/39013106

[Rahix]

There is also this guide: https://blog.powerdns.com/2012/10/08/on-binding-datagram-udp-sockets-to-the-any-addresses/

[tsujamin]

remediating PR is linked, any update on if this can be fixed and merged?