diff options
| author | Giuseppe Scrivano <gscrivan@redhat.com> | 2021-01-22 13:54:24 +0100 |
|---|---|---|
| committer | Giuseppe Scrivano <gscrivan@redhat.com> | 2021-01-23 18:28:56 +0100 |
| commit | 0ba1942f261158b9526310aac7ee5f183a109440 (patch) | |
| tree | 10a6160c5eb7a2cd29b6bc86e006b8ce5a881eac | |
| parent | 6cef7c78dd5f8e2e8e1fe91bd2c7d1298f7e4df9 (diff) | |
| download | podman-0ba1942f261158b9526310aac7ee5f183a109440.tar.gz podman-0ba1942f261158b9526310aac7ee5f183a109440.tar.bz2 podman-0ba1942f261158b9526310aac7ee5f183a109440.zip | |
networking: lookup child IP in networks
if a CNI network is added to the container, use the IP address in that
network instead of hard-coding the slirp4netns default.
commit 5e65f0ba30f3fca73f8c207825632afef08378c1 introduced this
regression.
Closes: https://github.com/containers/podman/issues/9065
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
| -rw-r--r-- | libpod/networking_linux.go | 14 | ||||
| -rw-r--r-- | test/system/500-networking.bats | 22 |
2 files changed, 35 insertions, 1 deletions
diff --git a/libpod/networking_linux.go b/libpod/networking_linux.go index 09fdea496..ef2f034ab 100644 --- a/libpod/networking_linux.go +++ b/libpod/networking_linux.go @@ -550,13 +550,25 @@ func (r *Runtime) setupRootlessPortMappingViaRLK(ctr *Container, netnsPath strin } } + childIP := slirp4netnsIP +outer: + for _, r := range ctr.state.NetworkStatus { + for _, i := range r.IPs { + ipv4 := i.Address.IP.To4() + if ipv4 != nil { + childIP = ipv4.String() + break outer + } + } + } + cfg := rootlessport.Config{ Mappings: ctr.config.PortMappings, NetNSPath: netnsPath, ExitFD: 3, ReadyFD: 4, TmpDir: ctr.runtime.config.Engine.TmpDir, - ChildIP: slirp4netnsIP, + ChildIP: childIP, } cfgJSON, err := json.Marshal(cfg) if err != nil { diff --git a/test/system/500-networking.bats b/test/system/500-networking.bats index bcc6737b7..0d976a6af 100644 --- a/test/system/500-networking.bats +++ b/test/system/500-networking.bats @@ -98,6 +98,7 @@ load helpers # "network create" now works rootless, with the help of a special container @test "podman network create" { skip_if_remote "FIXME: pending #7808" + myport=54322 local mynetname=testnet-$(random_string 10) local mysubnet=$(random_rfc1918_subnet) @@ -115,6 +116,27 @@ load helpers is "$output" ".* inet ${mysubnet}\.2/24 brd ${mysubnet}\.255 " \ "sdfsdf" + run_podman run --rm -d --network $mynetname -p 127.0.0.1:$myport:$myport \ + $IMAGE nc -l -n -v -p $myport + cid="$output" + + # emit random string, and check it + teststring=$(random_string 30) + echo "$teststring" | nc 127.0.0.1 $myport + + run_podman logs $cid + # Sigh. We can't check line-by-line, because 'nc' output order is + # unreliable. We usually get the 'connect to' line before the random + # string, but sometimes we get it after. So, just do substring checks. + is "$output" ".*listening on \[::\]:$myport .*" "nc -v shows right port" + + # This is the truly important check: make sure the remote IP is + # in the 172.X range, not 127.X. + is "$output" \ + ".*connect to \[::ffff:172\..*\]:$myport from \[::ffff:172\..*\]:.*" \ + "nc -v shows remote IP address in 172.X space (not 127.0.0.1)" + is "$output" ".*${teststring}.*" "test string received on container" + # Cannot create network with the same name run_podman 125 network create $mynetname is "$output" "Error: the network name $mynetname is already used" \ |