[PATCH] D42845: Add an option 'allow-all-hosts' to permit lldb debugging inside a Docker container
Alex Blewitt via llvm-commits
llvm-commits at lists.llvm.org
Wed Feb 7 07:03:22 PST 2018
> On 7 Feb 2018, at 06:23, Pavel Labath via Phabricator <reviews at reviews.llvm.org> wrote:
>
> labath added a comment.
>
> I'm confused here. Can you share the exact commands you use to setup the debug session?
I'm running the (patched) server with:
lldb-server platform --allow-all-hosts --server --listen *:4000 --min-gdbserver-port 4001 --max-gdbserver-port 4010 --log-file /tmp/lldb-platformserver.log
The lldb client (outside the Docker image) is then passing through the IP address of the external machine. Since it's not using NAT to get into the docker image (the network address/mask inside Docker is a local 172.17.0.2 address, the one outside it is a 169.254 address (since I'm running on a local WiFi router that's also doing NAT ...). The Docker networking setup doesn't route IP addresses - so I can't ping outside inside or vice versa.
What I do is set up Docker to forward the connections via the specific ports - in effect, the Docker app is listening on localhost:4000, then it routes packets through into inside the Docker instance and changes the IP address. So getpeername inside the Docker instance is getting a different IP address than the connection that the lldb client thinks it is.
> The address we pass to llgs is based on the getpeername(2) of the platform connection. Presumably the second connection is going to come through the same kind of NAT as the first one so LLGS should see the same address as the platform instance does. But then you wouldn't need this switch, so I must be misunderstanding something, and I'd like to know what it is.
The docker network is setup with a bridge, as opposed to piggy-backing off the host networking. I believe that in the case where you're using a host networking docker set up the issue doesn't occur.
I think what's happening is that the client setup is obtaining its IP address and then passing that inside a packet/platform command, which therefore isn't being re-written by the Docker bridging networking stack.
When I connect from a client (with platform connect connect://localhost:4000 <connect://localhost:4000>) I see the following network connections:
$ docker exec netstat
Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 bc4caa7a55c8:4000 172.17.0.1:55204 ESTABLISHED
$ netstat -n | grep 4000
tcp4 0 0 127.0.0.1.4000 127.0.0.1.50619 ESTABLISHED
tcp4 0 0 127.0.0.1.50619 127.0.0.1.4000 ESTABLISHED
Here's the docker network configuration:
$ docker network inspect bridge
[
{
"Name": "bridge",
"Id": "8eba485ba02c35cb6b4945dedc73bf102b541fa5f81268649e86de08fc57c552",
"Created": "2018-02-03T03:44:58.097737525Z",
"Scope": "local",
"Driver": "bridge",
"EnableIPv6": false,
"IPAM": {
"Driver": "default",
"Options": null,
"Config": [
{
"Subnet": "172.17.0.0/16",
"Gateway": "172.17.0.1"
}
]
},
"Internal": false,
"Attachable": false,
"Ingress": false,
"ConfigFrom": {
"Network": ""
},
"ConfigOnly": false,
"Containers": {
"bc4caa7a55c872c4928042a1ab2d32d9d55b05bdc6085c54430717267e6de51d": {
"Name": "nervous_jang",
"EndpointID": "476a610d73b30b0f82bdab312cbd082c9b10bb5baf535d962c823964ca13b14c",
"MacAddress": "02:42:ac:11:00:02",
"IPv4Address": "172.17.0.2/16",
"IPv6Address": ""
}
},
"Options": {
"com.docker.network.bridge.default_bridge": "true",
"com.docker.network.bridge.enable_icc": "true",
"com.docker.network.bridge.enable_ip_masquerade": "true",
"com.docker.network.bridge.host_binding_ipv4": "0.0.0.0",
"com.docker.network.bridge.name": "docker0",
"com.docker.network.driver.mtu": "1500"
},
"Labels": {}
}
]
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/llvm-commits/attachments/20180207/c0dacf6e/attachment.html>
More information about the llvm-commits
mailing list