Merge pull request #7308 from hamzadis/slirp4netns-cidr

Add support for setting the CIDR when using slirp4netns

4 files changed, 42 insertions, 3 deletions

diff --git a/docs/source/markdown/podman-create.1.md b/docs/source/markdown/podman-create.1.md
index f65c52e29..9df76e48e 100644
--- a/docs/source/markdown/podman-create.1.md
+++ b/docs/source/markdown/podman-create.1.md
@@ -563,6 +563,7 @@ Valid values are:
 - `private`: create a new namespace for the container (default)
 - `slirp4netns[:OPTIONS,...]`: use slirp4netns to create a user network stack.  This is the default for rootless containers.  It is possible to specify these additional options:
   - **allow_host_loopback=true|false**: Allow the slirp4netns to reach the host loopback IP (`10.0.2.2`). Default is false.
+  - **cidr=CIDR**: Specify ip range to use for this network. (Default is `10.0.2.0/24`).
   - **enable_ipv6=true|false**: Enable IPv6. Default is false. (Required for `outbound_addr6`).
   - **outbound_addr=INTERFACE**: Specify the outbound interface slirp should bind to (ipv4 traffic only).
   - **outbound_addr=IPv4**: Specify the outbound ipv4 address slirp should bind to.
diff --git a/docs/source/markdown/podman-run.1.md b/docs/source/markdown/podman-run.1.md
index 976cdd88b..799cd1408 100644
--- a/docs/source/markdown/podman-run.1.md
+++ b/docs/source/markdown/podman-run.1.md
@@ -570,9 +570,15 @@ Valid _mode_ values are:
 - **ns:**_path_: path to a network namespace to join;
 - `private`: create a new namespace for the container (default)
 - **slirp4netns[:OPTIONS,...]**: use **slirp4netns**(1) to create a user network stack.  This is the default for rootless containers.  It is possible to specify these additional options:
-  **port_handler=rootlesskit**: Use rootlesskit for port forwarding.  Default.
-  **port_handler=slirp4netns**: Use the slirp4netns port forwarding.
-  **allow_host_loopback=true|false**: Allow the slirp4netns to reach the host loopback IP (`10.0.2.2`).  Default to false.
+  - **allow_host_loopback=true|false**: Allow the slirp4netns to reach the host loopback IP (`10.0.2.2`). Default is false.
+  - **cidr=CIDR**: Specify ip range to use for this network. (Default is `10.0.2.0/24`).
+  - **enable_ipv6=true|false**: Enable IPv6. Default is false. (Required for `outbound_addr6`).
+  - **outbound_addr=INTERFACE**: Specify the outbound interface slirp should bind to (ipv4 traffic only).
+  - **outbound_addr=IPv4**: Specify the outbound ipv4 address slirp should bind to.
+  - **outbound_addr6=INTERFACE**: Specify the outbound interface slirp should bind to (ipv6 traffic only).
+  - **outbound_addr6=IPv6**: Specify the outbound ipv6 address slirp should bind to.
+  - **port_handler=rootlesskit**: Use rootlesskit for port forwarding. Default.
+  - **port_handler=slirp4netns**: Use the slirp4netns port forwarding.
 
 **--network-alias**=*alias*
 
diff --git a/libpod/networking_linux.go b/libpod/networking_linux.go
index ed8f82c46..6f266e5d6 100644
--- a/libpod/networking_linux.go
+++ b/libpod/networking_linux.go
@@ -171,6 +171,7 @@ type slirpFeatures struct {
 	HasMTU                 bool
 	HasEnableSandbox       bool
 	HasEnableSeccomp       bool
+	HasCIDR                bool
 	HasOutboundAddr        bool
 	HasIPv6                bool
 }
@@ -199,6 +200,7 @@ func checkSlirpFlags(path string) (*slirpFeatures, error) {
 		HasMTU:                 strings.Contains(string(out), "--mtu"),
 		HasEnableSandbox:       strings.Contains(string(out), "--enable-sandbox"),
 		HasEnableSeccomp:       strings.Contains(string(out), "--enable-seccomp"),
+		HasCIDR:                strings.Contains(string(out), "--cidr"),
 		HasOutboundAddr:        strings.Contains(string(out), "--outbound-addr"),
 		HasIPv6:                strings.Contains(string(out), "--enable-ipv6"),
 	}, nil
@@ -227,6 +229,7 @@ func (r *Runtime) setupRootlessNetNS(ctr *Container) error {
 	havePortMapping := len(ctr.Config().PortMappings) > 0
 	logPath := filepath.Join(ctr.runtime.config.Engine.TmpDir, fmt.Sprintf("slirp4netns-%s.log", ctr.config.ID))
 
+	cidr := ""
 	isSlirpHostForward := false
 	disableHostLoopback := true
 	enableIPv6 := false
@@ -240,6 +243,12 @@ func (r *Runtime) setupRootlessNetNS(ctr *Container) error {
 			option, value := parts[0], parts[1]
 
 			switch option {
+			case "cidr":
+				ipv4, _, err := net.ParseCIDR(value)
+				if err != nil || ipv4.To4() == nil {
+					return errors.Errorf("invalid cidr %q", value)
+				}
+				cidr = value
 			case "port_handler":
 				switch value {
 				case "slirp4netns":
@@ -309,6 +318,13 @@ func (r *Runtime) setupRootlessNetNS(ctr *Container) error {
 		cmdArgs = append(cmdArgs, "--enable-seccomp")
 	}
 
+	if cidr != "" {
+		if !slirpFeatures.HasCIDR {
+			return errors.Errorf("cidr not supported")
+		}
+		cmdArgs = append(cmdArgs, fmt.Sprintf("--cidr=%s", cidr))
+	}
+
 	if enableIPv6 {
 		if !slirpFeatures.HasIPv6 {
 			return errors.Errorf("enable_ipv6 not supported")
diff --git a/test/e2e/run_networking_test.go b/test/e2e/run_networking_test.go
index d735217d6..83befe730 100644
--- a/test/e2e/run_networking_test.go
+++ b/test/e2e/run_networking_test.go
@@ -293,6 +293,22 @@ var _ = Describe("Podman run networking", func() {
 		Expect(session.ExitCode()).To(Equal(0))
 	})
 
+	It("podman run slirp4netns network with different cidr", func() {
+		slirp4netnsHelp := SystemExec("slirp4netns", []string{"--help"})
+		Expect(slirp4netnsHelp.ExitCode()).To(Equal(0))
+
+		networkConfiguration := "slirp4netns:cidr=192.168.0.0/24,allow_host_loopback=true"
+		session := podmanTest.Podman([]string{"run", "--network", networkConfiguration, ALPINE, "ping", "-c1", "192.168.0.2"})
+		session.Wait(30)
+
+		if strings.Contains(slirp4netnsHelp.OutputToString(), "cidr") {
+			Expect(session.ExitCode()).To(Equal(0))
+		} else {
+			Expect(session.ExitCode()).ToNot(Equal(0))
+			Expect(session.ErrorToString()).To(ContainSubstring("cidr not supported"))
+		}
+	})
+
 	It("podman run network bind to 127.0.0.1", func() {
 		slirp4netnsHelp := SystemExec("slirp4netns", []string{"--help"})
 		Expect(slirp4netnsHelp.ExitCode()).To(Equal(0))