summaryrefslogtreecommitdiff
path: root/libpod
diff options
context:
space:
mode:
authorPaul Holzinger <paul.holzinger@web.de>2021-04-05 21:02:21 +0200
committerPaul Holzinger <paul.holzinger@web.de>2021-04-23 11:12:49 +0200
commitf99b7a314bf6d285b92a528d1a0800c35dfdc603 (patch)
treeadbce1fecd03ac2f455923369216b7227d0503c8 /libpod
parent8465626e312a582e434851e6e562974cb3e2e1f8 (diff)
downloadpodman-f99b7a314bf6d285b92a528d1a0800c35dfdc603.tar.gz
podman-f99b7a314bf6d285b92a528d1a0800c35dfdc603.tar.bz2
podman-f99b7a314bf6d285b92a528d1a0800c35dfdc603.zip
Fix rootlesskit port forwarder with custom slirp cidr
The source ip for the rootlesskit port forwarder was hardcoded to the standard slirp4netns ip. This is incorrect since users can change the subnet used by slirp4netns with `--network slirp4netns:cidr=10.5.0.0/24`. The container interface ip is always the .100 in the subnet. Only when the rootlesskit port forwarder child ip matches the container interface ip the port forwarding will work. Fixes #9828 Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
Diffstat (limited to 'libpod')
-rw-r--r--libpod/networking_linux.go2
-rw-r--r--libpod/networking_slirp4netns.go14
2 files changed, 13 insertions, 3 deletions
diff --git a/libpod/networking_linux.go b/libpod/networking_linux.go
index 6e2c2880f..cfed5a1f2 100644
--- a/libpod/networking_linux.go
+++ b/libpod/networking_linux.go
@@ -577,7 +577,7 @@ func (r *Runtime) setupRootlessNetNS(ctr *Container) error {
// set up port forwarder for CNI-in-slirp4netns
netnsPath := ctr.state.NetNS.Path()
// TODO: support slirp4netns port forwarder as well
- return r.setupRootlessPortMappingViaRLK(ctr, netnsPath)
+ return r.setupRootlessPortMappingViaRLK(ctr, netnsPath, "")
}
return nil
}
diff --git a/libpod/networking_slirp4netns.go b/libpod/networking_slirp4netns.go
index 72ab3c919..c46dc6972 100644
--- a/libpod/networking_slirp4netns.go
+++ b/libpod/networking_slirp4netns.go
@@ -312,7 +312,7 @@ func (r *Runtime) setupSlirp4netns(ctr *Container) error {
if netOptions.isSlirpHostForward {
return r.setupRootlessPortMappingViaSlirp(ctr, cmd, apiSocket)
}
- return r.setupRootlessPortMappingViaRLK(ctr, netnsPath)
+ return r.setupRootlessPortMappingViaRLK(ctr, netnsPath, netOptions.cidr)
}
return nil
}
@@ -363,7 +363,7 @@ func waitForSync(syncR *os.File, cmd *exec.Cmd, logFile io.ReadSeeker, timeout t
return nil
}
-func (r *Runtime) setupRootlessPortMappingViaRLK(ctr *Container, netnsPath string) error {
+func (r *Runtime) setupRootlessPortMappingViaRLK(ctr *Container, netnsPath, slirp4CIDR string) error {
syncR, syncW, err := os.Pipe()
if err != nil {
return errors.Wrapf(err, "failed to open pipe")
@@ -391,6 +391,16 @@ func (r *Runtime) setupRootlessPortMappingViaRLK(ctr *Container, netnsPath strin
}
childIP := slirp4netnsIP
+ // set the correct childIP when a custom cidr is set
+ if slirp4CIDR != "" {
+ _, cidr, err := net.ParseCIDR(slirp4CIDR)
+ if err != nil {
+ return errors.Wrap(err, "failed to parse slirp4netns cidr")
+ }
+ // the slirp container ip is always the hundredth ip in the subnet
+ cidr.IP[len(cidr.IP)-1] = cidr.IP[len(cidr.IP)-1] + 100
+ childIP = cidr.IP.String()
+ }
outer:
for _, r := range ctr.state.NetworkStatus {
for _, i := range r.IPs {
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2024-10-01 04:20:53 +0000