Hi,
I want to propose adding the ability to forward not only layer-4 protocols like TCP/UDP/SCP, but also layer-3 protocols like:
- FC 0x85
- GRE 0x2F
- ESP 0x32
- EGP 0x08
- IGP 0x09
- AH 0x33
- IPv6 0x41
- IPv6-Route 0x43
- IPv6-Frag 0x44
- IPv6-ICMP 0x3A
- IPv6-NoNxt 0x3B
- IPv6-Opts 0x3C
- IGMP 0x02
- L2TP 0x73
- SCTP 0x84
- Mobility Header 0x87
By supporting (all or a subset of) this protocols one would be able to use docker for:
- vpn
- routing
- IPv4 <=> IPv6 tunneling applications
- firewall
- supporting legacy protocols without having to implement special handling (for e.g. ARIS 0x68)
- interact with fiber channel networks (FC 0x85 protocol)
- Allowing applications to receive packages for by docker unknown protocols, in fact, docker does not need to know the layer-4 protocol, if the whole layer-3 protocol is forwarded into the container.
From a users perspective, the following should exist:
--publish 132/ip
as well as EXPOSE 132/ip
, which would forward/map all ip packages with protocol 132 (0x84 SCTP) into the container, or even: EXPOSE 17/ip
which would map all udp packages into the container, regardless of it’s udp port number.
Currently for these cases either --net=host
is used, or the application is not dockerized at all. I think supporting this new feature would also reduce the need for using net=host dramatically and that in turn is a much cleaner solution I think.
Please let me know, what you think, I’m appreciating your feedback.