Add an option 'allow-all-hosts' to permit lldb debugging inside a Docker container

Authored by labath on Feb 2 2018, 7:59 AM.



This patch facilitates the debugging of processes inside a Docker container using an lldb client outside the container.

Depending on how the Docker container is set up, the network IP address that is known inside the container is not visible to the host outside the Docker container. For example, the Docker host may have the IP address but inside the Docker container it may report a host Although processes inside the Docker container believe that they are running locally on, that IP address range may not be routable from the Docker host (whose IP address is

Using the lldb-server platform for remote debugging spawns an lldb-server gdbserver child process, in which it hard-codes the address of the machine that the lldb-server is running on. This restricts the child process programmatically to only accept connections from that address.

However, connecting an lldb client from outside the Docker host will have a different source IP address, and therefore the lldb-server gdbserver will reject the connection. Although the command has the ability to allow connections from any host, this isn't exposed from the launching process.

This adds a variable to set whether the spawned lldb-server gdbserver can accept connections from any host, so as to disable this particular check. Since the Docker container itself is running on the local host, and provides the networking firewall necessary to prevent access by other machines, this does not alter the behaviour.

The default is to be backwardly compatible; that is, connections running normally will still behave as before, and only invocations of the program running with the lldb-server platform --allow-all-hosts argument allow the source IP address to be side-stepped. No attempt to automatically detect or set this is used.

This patch has been built and tested against SVN revision 323981 and has been used successfully to permit debugging between a host and a container process.

Diff Detail

alblue created this revision.Feb 2 2018, 7:59 AM

I should add that I don't have commit rights to the llvm repository, so should this be accepted I will have to ask someone else to do the honours for me.

alblue added a reviewer: labath.
labath added a comment.Feb 7 2018, 6:22 AM

I'm confused here. Can you share the exact commands you use to setup the debug session?

The address we pass to llgs is based on the getpeername(2) of the platform connection. Presumably the second connection is going to come through the same kind of NAT as the first one so LLGS should see the same address as the platform instance does. But then you wouldn't need this switch, so I must be misunderstanding something, and I'd like to know what it is.

labath commandeered this revision.Sat, Mar 3, 5:44 PM
labath edited reviewers, added: alblue; removed: labath.

I take it this approach was abandoned. Comandeering, so I can close the revision.

labath abandoned this revision.Sat, Mar 3, 5:44 PM