Host networking causes an explosion of Docker processes

[allsey87]

When I create a devcontainer with host networking and try to connect to a forwarded port, I am getting an explosion of Docker processes that keeps increasing until all memory has been consumed. I think this might be the underlying issue behind #4079 and microsoft/vscode-docker#2875 too.

Setup information

$uname -a
Linux isengard 6.9.5-zen1-1-zen #1 ZEN SMP PREEMPT_DYNAMIC Sun, 16 Jun 2024 19:06:18 +0000 x86_64 GNU/Linux
$ docker --version
Docker version 26.1.4, build 5650f9b102
$code --version
1.90.2
5437499feb04f7a586f677b155b039bc2b3669eb
x64

And my version of the devcontainers extension is v0.369.0.

Minimum reproducible example

1. Create an folder with the following content

$ tree -a
.
└── .devcontainer
    ├── devcontainer.json
    └── Dockerfile

devcontainer.json:

{
   "name": "temp",
   "build": { "dockerfile": "Dockerfile" },
   "runArgs": [
      "--network=host"
   ]
}

Dockerfile:

FROM python:3.11.6-slim-bookworm

2. Forward a port such as 1234
3. Outside of the container, connect to that port using the browser or curl https://localhost:1234/
4. Watch the explosion of Docker processes until you shutdown curl or run out of memory and have to reboot.

[mallwright@isengard ~]$ ps -x | grep docker | wc -l
8
# started curl
[mallwright@isengard ~]$ ps -x | grep docker | wc -l
39
[mallwright@isengard ~]$ ps -x | grep docker | wc -l
51
[mallwright@isengard ~]$ ps -x | grep docker | wc -l
63
[mallwright@isengard ~]$ ps -x | grep docker | wc -l
74
[mallwright@isengard ~]$ ps -x | grep docker | wc -l
97
[mallwright@isengard ~]$ ps -x | grep docker | wc -l
108
# stopped curl
[mallwright@isengard ~]$ ps -x | grep docker | wc -l
8
[mallwright@isengard ~]$ ps -x | grep docker | wc -l
8

Regarding how fast this is happening, I would say around 10 new processes are being created every second, consuming an additional 300 MB per second. I have 24 GB of RAM on my system so everything comes to a halt after about 10-15 seconds.

[allsey87]

As a side note, this issue has emerged somewhat recently (in the past 2-3 months). Before that I had no problem using host networking.

[chrmarti]

I guess the port forwarding just keeps connecting to itself. The Dev Containers extension would need a way to tell VS Code that no port forwarding should be done to avoid this.

Workaround is to not forward any ports.

[alexr00]

@chrmarti do you have an idea about why this only started a few months ago? We do have a way for the Dev Containers extension to VS Code that. Several options:

1. Don't enable port forwarding with the setContext of forwardedPortsViewEnabled. This will not work if there's another extension, like Dev Tunnels, which also supports port forwarding installed.
2. Register a tunnel provider that does nothing. Your tunnel provider will be used instead of VS Code's port fowarding:

https://github.com/microsoft/vscode/blob/0354163c1c66b950b0762364f5b4cd37937b624a/src/vscode-dts/vscode.proposed.tunnelFactory.d.ts#L45-L46

3. Register a ports attributes provider and for each port return PortAutoForwardAction.Ignore:

https://github.com/microsoft/vscode/blob/fa74810f958f5896c87d538860b46a9d644e4ba3/src/vscode-dts/vscode.proposed.portsAttributes.d.ts#L98-L99

I think 2 is probably the best bet.