Docker-tc fails with multiple containers in same network

[Silcet]

When a new container is started, docker-tc finds out the network device of the container without any issue and everything works. When a second container is started in the same network, the docker_network_get_interface() function returns both network devices separated by a space. This return value makes any other function that tries to use it fail. Test with 2 busybox containers pinging google.com:

$ NETWORK_ID=$(docker network inspect --format '{{ .Id }}' "test-net")
$ echo $NETWORK_ID
b8c595e522ccdfbd75be7543eaa214f97603274a79e3f1d86269fb59ddd627c8
$ SHORT_NETWORK_ID=$(echo -n "$NETWORK_ID" | head -c 12)
$ echo $SHORT_NETWORK_ID
b8c595e522cc
$ NETWORK_INTERFACE_NAME=$(ip a | grep -E "veth.*br-$SHORT_NETWORK_ID" | grep -o 'veth[^@]*' || :)
$ echo $NETWORK_INTERFACE_NAME
veth756b15f vethcea04c9

[Silcet]

@lukaszlach I believe I already have a fix for it and I have already forked the repo. I'll try to fix it myself and if you like the solution I can make a pull request ;)

[zzhou612]

Confirmed. If multiple docker containers are connected to the same bridge network, then the current workflow will fail to work.

Docker Container → Docker Network ID → Linux Network Interface

For a single bridge network, each container that links to it will have a veth interface. So the bash script will return multiple items for NETWORK_INTERFACE_NAME.

[zzhou612]

It seems that matching Docker Container ID with veth is not that trivial. There are some open-sourced scripts doing this: https://github.com/micahculpepper/dockerveth.

[Silcet]

I have a fix for it already in my fork. I just need to get my branch and commits cleaned up and I'll make a pull request ;)

[zzhou612]

Thank you. I saw your implementation. But https://github.com/micahculpepper/dockerveth points out:

When I'm tracking down a problem in production, I'll typically wind up on a Docker server and see that my problems are coming from one veth interface or another. But making the leap from veth ID to container ID can be tricky. Folks on the internet suggest that you run some commands in bash inside your container, which is OK if your container has bash. Sometimes I'm working on Go containers that are just a single binary and don't even have a command-line interface to attach to.

I wish that I could make the leap from container ID to veth ID without provoking sudo privileges. But it seems that it is hard to do so with out sudo.

[Lawouach]

Hello folks, I am interested in using this tool too and was wondering if there was a chance for a release with the fix @Silcet? Thanks :)

[Silcet]

@Lawouach I just need to clean my commits to make a branch for the pull request. I'll try to get it done today. Sorry for the wait ;)

[Lawouach]

No worries. Always appreciated to have feedback :)

[Silcet]

Ok, I have just made the pull request #5 . @Lawouach maybe you could try to test it to see if it feets your needs?

[Lawouach]

Awesome. Your branch seems to be working just fine @Silcet!

[lukaszlach]

Can I ask you to confirm that the #5 just merged resolves this issue? The updated Docker image has also been released on Docker Hub.