Bug#1017477: IPv6 port forwarding fails in bullseye

2022-08-16 Thread Shengjing Zhu 
Control: unarchive 987584
Control: forcemerge 987584 -1

On Wed, Aug 17, 2022 at 2:44 AM Antoine Beaupre  wrote:
>
> Package: docker.io
> Version: 20.10.5+dfsg1-1+deb11u2
> Severity: normal
> Tags: ipv6
>
> In bullseye, this doesn't work over IPv6:
>
> docker run --publish 80:80 nginx:latest
>
> ... in the sense that this, on the same host, fails:
>

Duplicated to #987584

-- 
Shengjing Zhu

Bug#1017477: IPv6 port forwarding fails in bullseye

2022-08-16 Thread Antoine Beaupre 
Package: docker.io
Version: 20.10.5+dfsg1-1+deb11u2
Severity: normal
Tags: ipv6

In bullseye, this doesn't work over IPv6:

docker run --publish 80:80 nginx:latest

... in the sense that this, on the same host, fails:

anarcat@curie:~$ curl -6 -v localhost
*   Trying ::1:80...
* connect to ::1 port 80 failed: Connection refused
* Failed to connect to localhost port 80: Connection refused
* Closing connection 0
curl: (7) Failed to connect to localhost port 80: Connection refused
anarcat@curie:~[7]$

This is actually a known regression in Docker, documented upstream as
introduced some time around 20.10.2 in:

https://github.com/moby/libnetwork/issues/2607

It *looks* like it is fixed in in 20.10.6 which is just one version
short of what we're running. The patch is here:

https://github.com/moby/moby/pull/42205

I have also confirmed the bug is fixed in unstable.

-- System Information:
Debian Release: 11.4
  APT prefers stable-security
  APT policy: (500, 'stable-security'), (500, 'stable-debug'), (500, 'stable'), 
(1, 'unstable'), (1, 'testing')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 5.10.0-16-amd64 (SMP w/4 CPU threads)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_FIRMWARE_WORKAROUND, 
TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=fr_CA.UTF-8, LC_CTYPE=fr_CA.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages docker.io depends on:
ii  adduser  3.118
ii  containerd   1.4.13~ds1-1~deb11u2
ii  init-system-helpers  1.60
ii  iptables 1.8.7-1
ii  libc62.31-13+deb11u3
ii  libdevmapper1.02.1   2:1.02.175-2.1
ii  libsystemd0  247.3-7
ii  lsb-base 11.1.0
ii  runc 1.0.0~rc93+ds1-5+deb11u2
ii  tini 0.19.0-1

Versions of packages docker.io recommends:
ii  apparmor 2.13.6-10
ii  ca-certificates  20210119
ii  cgroupfs-mount   1.4
ii  git  1:2.30.2-1
ii  needrestart  3.5-4+deb11u2
ii  xz-utils 5.2.5-2.1~deb11u1

Versions of packages docker.io suggests:
pn  aufs-tools  
ii  btrfs-progs 5.10.1-2
ii  debootstrap 1.0.123
pn  docker-doc  
ii  e2fsprogs   1.46.2-2
pn  rinse   
pn  rootlesskit 
ii  xfsprogs5.10.0-4
ii  zfsutils-linux  2.0.3-9

-- Configuration Files:
/etc/default/docker changed:
OPTIONS=" -H unix:///var/run/docker.sock --ip-forward=true --iptables=true 
--ip-masq=true -G docker"
TMPDIR="/tmp/"


-- no debconf information