First address of non-internal MACVLAN network not allocatable

[iBug]

Description

The first address of a MACVLAN network is not allocatable to containers, unless the network was created with --internal. This doesn't make sense, as external connectivity is provided by the parent interface, and so reserving the first address for some sort of "gateway" is wrong.

I suspect the same problem occues with IPVLAN, though I have yet to test it.

Reproduce

docker network create -d macvlan -o parent=eth0 --subnet=172.18.0.0/24 test
docker run --rm -it --net=test --ip=172.18.0.1 alpine

In particular, in docker network inspect test, there's no Gateway.

Expected behavior

An Alpine Linux container launches with IP address 172.18.0.1.

Instead Docker says:

docker: Error response from daemon: Address already in use.

and the container was not created.

docker version

Three Docker Engine instances tested:

<details>
<summary>1. Debian-provided `docker.io` on Trixie (26.1.5)</summary>

Client:
 Version:           26.1.5+dfsg1
 API version:       1.45
 Go version:        go1.24.4
 Git commit:        a72d7cd
 Built:             Wed Jul 30 19:37:00 2025
 OS/Arch:           linux/amd64
 Context:           default

Server:
 Engine:
  Version:          26.1.5+dfsg1
  API version:      1.45 (minimum version 1.24)
  Go version:       go1.24.4
  Git commit:       411e817
  Built:            Wed Jul 30 19:37:00 2025
  OS/Arch:          linux/amd64
  Experimental:     false
 containerd:
  Version:          1.7.24~ds1
  GitCommit:        1.7.24~ds1-6+b4
 runc:
  Version:          1.1.15+ds1
  GitCommit:        1.1.15+ds1-2+b4
 docker-init:
  Version:          0.19.0
  GitCommit:

</details>

<details>
<summary>2. Ubuntu-provided `docker.io` on Noble (27.5.1)</summary>

Client:
 Version:           27.5.1
 API version:       1.47
 Go version:        go1.22.2
 Git commit:        27.5.1-0ubuntu3~24.04.2
 Built:             Mon Jun  2 11:51:53 2025
 OS/Arch:           linux/amd64
 Context:           default

Server:
 Engine:
  Version:          27.5.1
  API version:      1.47 (minimum version 1.24)
  Go version:       go1.22.2
  Git commit:       27.5.1-0ubuntu3~24.04.2
  Built:            Mon Jun  2 11:51:53 2025
  OS/Arch:          linux/amd64
  Experimental:     false
 containerd:
  Version:          1.7.27
  GitCommit:
 runc:
  Version:          1.2.5-0ubuntu1~24.04.1
  GitCommit:
 docker-init:
  Version:          0.19.0
  GitCommit:

</details>

<details>
<summary>3. Docker-provided `docker-ce` on Trixie (28.3.3)</summary>

Client: Docker Engine - Community
 Version:           28.3.3
 API version:       1.51
 Go version:        go1.24.5
 Git commit:        980b856
 Built:             Fri Jul 25 11:34:13 2025
 OS/Arch:           linux/amd64
 Context:           default

Server: Docker Engine - Community
 Engine:
  Version:          28.3.3
  API version:      1.51 (minimum version 1.24)
  Go version:       go1.24.5
  Git commit:       bea959c
  Built:            Fri Jul 25 11:34:13 2025
  OS/Arch:          linux/amd64
  Experimental:     false
 containerd:
  Version:          1.7.27
  GitCommit:        05044ec0a9a75232cad458027ca83437aae3f4da
 runc:
  Version:          1.2.5
  GitCommit:        v1.2.5-0-g59923ef
 docker-init:
  Version:          0.19.0
  GitCommit:        de40ad0

</details>

docker info

Three Docker Engine instances tested:

<details>
<summary>1. Debian-provided `docker.io` on Trixie (26.1.5)</summary>

Client:
 Version:    26.1.5+dfsg1
 Context:    default
 Debug Mode: false

Server:
 Containers: 0
  Running: 0
  Paused: 0
  Stopped: 0
 Images: 1
 Server Version: 26.1.5+dfsg1
 Storage Driver: overlay2
  Backing Filesystem: extfs
  Supports d_type: true
  Using metacopy: false
  Native Overlay Diff: true
  userxattr: false
 Logging Driver: json-file
 Cgroup Driver: systemd
 Cgroup Version: 2
 Plugins:
  Volume: local
  Network: bridge host ipvlan macvlan null overlay
  Log: awslogs fluentd gcplogs gelf journald json-file local splunk syslog
 Swarm: inactive
 Runtimes: io.containerd.runc.v2 runc
 Default Runtime: runc
 Init Binary: docker-init
 containerd version: 1.7.24~ds1-6+b4
 runc version: 1.1.15+ds1-2+b4
 init version:
 Security Options:
  apparmor
  seccomp
   Profile: builtin
  cgroupns
 Kernel Version: 6.12.41+deb13-cloud-amd64
 Operating System: Debian GNU/Linux 13 (trixie)
 OSType: linux
 Architecture: x86_64
 CPUs: 8
 Total Memory: 15.36GiB
 Name: localhost
 ID: be2238d2-6081-4408-9aed-fb7e556153ac
 Docker Root Dir: /var/lib/docker
 Debug Mode: false
 Experimental: false
 Insecure Registries:
  127.0.0.0/8
 Live Restore Enabled: true

</details>

<details>
<summary>2. Ubuntu-provided `docker.io` on Noble (27.5.1)</summary>

Client:
 Version:    27.5.1
 Context:    default
 Debug Mode: false
 Plugins:
  buildx: Docker Buildx (Docker Inc.)
    Version:  0.20.1
    Path:     /usr/libexec/docker/cli-plugins/docker-buildx
  compose: Docker Compose (Docker Inc.)
    Version:  2.33.0+ds1-0ubuntu1~24.04.1
    Path:     /usr/libexec/docker/cli-plugins/docker-compose

Server:
 Containers: 11
  Running: 10
  Paused: 0
  Stopped: 1
 Images: 48
 Server Version: 27.5.1
 Storage Driver: overlay2
  Backing Filesystem: zfs
  Supports d_type: true
  Using metacopy: false
  Native Overlay Diff: true
  userxattr: false
 Logging Driver: json-file
 Cgroup Driver: systemd
 Cgroup Version: 2
 Plugins:
  Volume: local
  Network: bridge host ipvlan macvlan null overlay
  Log: awslogs fluentd gcplogs gelf journald json-file local splunk syslog
 Swarm: inactive
 Runtimes: io.containerd.runc.v2 runc
 Default Runtime: runc
 Init Binary: docker-init
 containerd version:
 runc version:
 init version:
 Security Options:
  apparmor
  seccomp
   Profile: builtin
  cgroupns
 Kernel Version: 6.8.0-78-generic
 Operating System: Ubuntu 24.04.3 LTS
 OSType: linux
 Architecture: x86_64
 CPUs: 32
 Total Memory: 125.7GiB
 Name: localhost
 ID: 1041d153-ba77-488f-8341-9df7242429ba
 Docker Root Dir: /srv/docker
 Debug Mode: false
 Username: localhost
 Experimental: false
 Insecure Registries:
  127.0.0.0/8
 Registry Mirrors:
  https://registry-1.docker.io/
 Live Restore Enabled: true
 Default Address Pools:
   Base: 172.17.2.0/23, Size: 28
   Base: fd00::10:0:0:0/76, Size: 80

</details>

<details>
<summary>3. Docker-provided `docker-ce` on Trixie (28.3.3)</summary>

Client: Docker Engine - Community
 Version:    28.3.3
 Context:    default
 Debug Mode: false
 Plugins:
  buildx: Docker Buildx (Docker Inc.)
    Version:  v0.26.1
    Path:     /usr/libexec/docker/cli-plugins/docker-buildx
  compose: Docker Compose (Docker Inc.)
    Version:  v2.39.1
    Path:     /usr/libexec/docker/cli-plugins/docker-compose

Server:
 Containers: 0
  Running: 0
  Paused: 0
  Stopped: 0
 Images: 8
 Server Version: 28.3.3
 Storage Driver: overlay2
  Backing Filesystem: extfs
  Supports d_type: true
  Using metacopy: false
  Native Overlay Diff: true
  userxattr: false
 Logging Driver: json-file
 Cgroup Driver: systemd
 Cgroup Version: 2
 Plugins:
  Volume: local
  Network: bridge host ipvlan macvlan null overlay
  Log: awslogs fluentd gcplogs gelf journald json-file local splunk syslog
 CDI spec directories:
  /etc/cdi
  /var/run/cdi
 Swarm: inactive
 Runtimes: io.containerd.runc.v2 runc
 Default Runtime: runc
 Init Binary: docker-init
 containerd version: 05044ec0a9a75232cad458027ca83437aae3f4da
 runc version: v1.2.5-0-g59923ef
 init version: de40ad0
 Security Options:
  apparmor
  seccomp
   Profile: builtin
  cgroupns
 Kernel Version: 6.12.41+deb13-cloud-amd64
 Operating System: Debian GNU/Linux 13 (trixie)
 OSType: linux
 Architecture: x86_64
 CPUs: 32
 Total Memory: 62.64GiB
 Name: localhost
 ID: 35c95837-943f-4f19-bfe6-9b16a5b94b15
 Docker Root Dir: /data00/docker
 Debug Mode: false
 Experimental: false
 Insecure Registries:
  ::1/128
  127.0.0.0/8
 Live Restore Enabled: true

</details>

Additional Info

No response

[akerouanton]

Thanks for reporting. This will be fixed by #50929.