search

google / gvisor

Application Kernel for Containers
https://gvisor.dev
Apache License 2.0
15.63k stars 1.29k forks source link

Loopback address should be 127.0.0.1/8, not 127.0.0.1/32 #4022

Closed AkihiroSuda closed 3 years ago

AkihiroSuda commented 4 years ago

Description

Loopback address should be 127.0.0.1/8, not 127.0.0.1/32 .

Steps to reproduce

$ docker run --rm --runtime runsc alpine ip addr show dev lo
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/32 scope global dynamic

OTOH runc works as expected

$ docker run --rm --runtime runc alpine ip addr show dev lo
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever

Environment

Please include the following details of your environment:

Server: Engine: Version: dev API version: 1.41 (minimum version 1.12) Go version: go1.13.15 Git commit: f99814d749 Built: Wed Sep 16 10:07:13 2020 OS/Arch: linux/amd64 Experimental: true containerd: Version: v1.4.0-81-g373cbc2a GitCommit: 373cbc2a7f5469b2a833660ba2f474cf4f947d32 runc: Version: 1.0.0-rc92+dev GitCommit: 892477ca26638b214dc79150a09ba3565b93137d docker-init: Version: 0.19.0 GitCommit: de40ad0

*   `uname -a`
```console
Linux suda-ws01 5.4.0-47-generic #51-Ubuntu SMP Fri Sep 4 19:50:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux
AkihiroSuda commented 4 years ago

A workaround is to run ip addr add 127.0.0.2/8 dev lo.

These loopback addresses are required for running https://github.com/norouter/norouter

fvoznika commented 3 years ago

runsc was not passing the interface address mask up to netstack. Fix is on the way.