Docker接收多播流量 [英] Docker receiving multicast traffic

问题描述

我们有一个dockerized服务器应用程序，通过监听端口6969上的组播数据包，在网络上自动发现物理设备。因此，我们需要我们的docker容器能够从主机外的设备接收这些数据包，通过主机，并进入容器。我看过一些 类似 问题，并完成 a 很多 <一个href =https://docs.docker.com/engine/reference/run/#expose-incoming-ports =nofollow noreferrer> 阅读，但我仍然无法让服务器响应这些组播数据包。

We have a dockerized server application that is doing auto-discovery of physical appliances on the network by listening for multicast packets on port 6969. So we need our docker container to be able to receive these packets from devices outside the host, through the host, and in to the container. I've seen some similar issues and done a lot of reading but I'm still unable to get the server to respond to these multicast packets.

我正坐在Wireshark观看网络流量，但我不是专家。我知道Docker创建一个 MASQUERADE 地址，使流量看起来像是从Docker网关来的，所以当我看到 veth 尽管我的服务器无法检索任何有关信息的信息，但大多数人在 172.17.0.1 和 172.17.0.2 网络上的设备。 （如果我在码头工厂外运行，我当然没有问题）。

I'm sitting on Wireshark watching network traffic, but I'm not a specialist. I know Docker creates a MASQUERADE address to make the traffic all look like it's coming from the Docker gateway, so when I watch veth I see mostly talk between 172.17.0.1 and 172.17.0.2 although my server is unable to retrieve any information about the devices on the network. (If I run outside of docker, I have no issues of course.)

我不能使用 - net = host 像其他人一样，我们利用链接功能。我尝试了以下变体...

I can't use --net=host as, like others, we make use of the --link feature. I've tried the following variations...

• docker run --name app -p 6969：6969 - d me / app：latest


• docker run --name app -p 0.0.0.0:6969:6969 -d me / app ：最新的（这个我可以宣誓一次，但现在不是吗？）


• docker run --name app -p 0.0.0.0:6969:6969/udp -d me / app：latest


• docker run --name app -p 255.255。 255.255：6969：6969 -d me / app：latest

• docker run --name app -p 6969:6969 -d me/app:latest
• docker run --name app -p 0.0.0.0:6969:6969 -d me/app:latest (This one I could have sworn worked once but now doesn't?)
• docker run --name app -p 0.0.0.0:6969:6969/udp -d me/app:latest
• docker run --name app -p 255.255.255.255:6969:6969 -d me/app:latest

您可以提供的任何帮助或洞察力非常感谢

Any help or insight you could provide would be greatly appreciated.

推荐答案

尝试在您的nics上启用multicat：

Try to enable multicat on your nics:

ip link set eth0 multicast on

echo 1 > / proc / sys / net / ipv4 / ip_forwarding 打开IP转发

您需要明确设置或至少检查它在相关界面上启用。

You need to explicitly set or at least check that it is enabled on relevant interfaces.

net.ipv4.conf.all.mc_forwarding = 1
net.ipv4.conf.eth0.rp_filter=0

允许多播流量：

iptables -I INPUT -d 224.0.0.0/4 -j ACCEPT
iptables -I FORWARD -d 224.0.0.0/4 -j ACCEPT

此外，您可能需要为多播流量添加路由：

Also you might need to add the route for multicast traffic:

route add -net 224.0.0.0 netmask 240.0.0.0 dev eth0 

更改组播发送方的TTL：

Change the TTL of the multicast sender:

iptables -t mangle -A OUTPUT -d <group> -j TTL --ttl-set 128
Where group is the multicast group address of the stream you want to change the TTL of.

还可以启动多播代理

PS：

尝试（如果以上没有帮助）用--net = none选项启动docker容器，并使用跟随命令的管道：

You should try (if above doesn't help) to start docker container with --net=none option and use pipework with follow command:

pipework docker0 -i eth0 CONTAINER_ID IP_ADDRESS/IP_MASK@DEFAULT_ROUTE_IP 

它在容器内创建了带有IFF_MULTICAST标志的eth0接口并定义了IP地址。

which creates eth0 interface inside container with IFF_MULTICAST flag and defined IP address.

这篇关于Docker接收多播流量的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！