moby: [1.7.0-rc2] Connection reset from published ports

TL;DR

Most of the comments here are just me narrowing this down to a root cause.

The root cause is that there was a stale arp table entry for 172.17.0.2, the IP of the container in question.

Also, there are duplicate iptables entries

The stale arp may be related to docker crashing earlier while I was strace’ing it.

---

This problem doesn’t occur all of the time, as I have another host running 1.7.0 in a less demanding role with no issues. The problem may be related to a process unsuccessfully attempting to create a couple containers every second overnight (1.6.0 handles that fine).

TL;DR of below: port 5000 is bound in and outside of the container. The service responds correctly inside the container, but I just get econnreset from outside.

I don’t have much time this week but I’ll gather more information if I have some free moments.

burke@borg2.ash:~ 56$ docker ps | grep 5000
b6aad66a24a5        10186dca14f8a7373019edf1c049c50c10d2d40db75452fb1ee431ff55a45092   "registry cmd/regist   12 hours ago        Up 12 hours         0.0.0.0:5000->5000/tcp    borg-registry-docker-registry-1-6177
burke@borg2.ash:~ $ borg-enter b6a
root@borg-registry-docker-registry-1:/# curl localhost:5000/v2/
{}
root@borg-registry-docker-registry-1:/# logout
burke@borg2.ash:~ $ curl -vvv localhost:5000/v2/
* Hostname was NOT found in DNS cache
*   Trying 127.0.0.1...
* Connected to localhost (127.0.0.1) port 5000 (#0)
> GET /v2/ HTTP/1.1
> User-Agent: curl/7.35.0
> Host: localhost:5000
> Accept: */*
>
* Recv failure: Connection reset by peer
* Closing connection 0
curl: (56) Recv failure: Connection reset by peer
burke@borg2.ash:~ 56$

docker info/version/uname