Docker Community Forums

Share and learn in the Docker community.

Support for more/all "IP-Protocols"


(Agowa338) #1


I want to propose adding the ability to forward not only layer-4 protocols like TCP/UDP/SCP, but also layer-3 protocols like:

  • FC 0x85
  • GRE 0x2F
  • ESP 0x32
  • EGP 0x08
  • IGP 0x09
  • AH 0x33
  • IPv6 0x41
  • IPv6-Route 0x43
  • IPv6-Frag 0x44
  • IPv6-ICMP 0x3A
  • IPv6-NoNxt 0x3B
  • IPv6-Opts 0x3C
  • IGMP 0x02
  • L2TP 0x73
  • SCTP 0x84
  • Mobility Header 0x87

By supporting (all or a subset of) this protocols one would be able to use docker for:

  • vpn
  • routing
  • IPv4 <=> IPv6 tunneling applications
  • firewall
  • supporting legacy protocols without having to implement special handling (for e.g. ARIS 0x68)
  • interact with fiber channel networks (FC 0x85 protocol)
  • Allowing applications to receive packages for by docker unknown protocols, in fact, docker does not need to know the layer-4 protocol, if the whole layer-3 protocol is forwarded into the container.

From a users perspective, the following should exist:
--publish 132/ip as well as EXPOSE 132/ip, which would forward/map all ip packages with protocol 132 (0x84 SCTP) into the container, or even: EXPOSE 17/ip which would map all udp packages into the container, regardless of it’s udp port number.

Currently for these cases either --net=host is used, or the application is not dockerized at all. I think supporting this new feature would also reduce the need for using net=host dramatically and that in turn is a much cleaner solution I think.

Please let me know, what you think, I’m appreciating your feedback.