diff options
Diffstat (limited to 'vendor/github.com/rootless-containers/rootlesskit')
3 files changed, 110 insertions, 41 deletions
diff --git a/vendor/github.com/rootless-containers/rootlesskit/pkg/port/builtin/parent/tcp/tcp.go b/vendor/github.com/rootless-containers/rootlesskit/pkg/port/builtin/parent/tcp/tcp.go index b9f2d1802..9fb801162 100644 --- a/vendor/github.com/rootless-containers/rootlesskit/pkg/port/builtin/parent/tcp/tcp.go +++ b/vendor/github.com/rootless-containers/rootlesskit/pkg/port/builtin/parent/tcp/tcp.go @@ -5,6 +5,7 @@ import ( "io" "net" "os" + "strconv" "sync" "github.com/rootless-containers/rootlesskit/pkg/port" @@ -12,7 +13,7 @@ import ( ) func Run(socketPath string, spec port.Spec, stopCh <-chan struct{}, logWriter io.Writer) error { - ln, err := net.Listen("tcp", fmt.Sprintf("%s:%d", spec.ParentIP, spec.ParentPort)) + ln, err := net.Listen("tcp", net.JoinHostPort(spec.ParentIP, strconv.Itoa(spec.ParentPort))) if err != nil { fmt.Fprintf(logWriter, "listen: %v\n", err) return err diff --git a/vendor/github.com/rootless-containers/rootlesskit/pkg/port/builtin/parent/udp/udp.go b/vendor/github.com/rootless-containers/rootlesskit/pkg/port/builtin/parent/udp/udp.go index d8f646b5d..fbff2b081 100644 --- a/vendor/github.com/rootless-containers/rootlesskit/pkg/port/builtin/parent/udp/udp.go +++ b/vendor/github.com/rootless-containers/rootlesskit/pkg/port/builtin/parent/udp/udp.go @@ -1,10 +1,10 @@ package udp import ( - "fmt" "io" "net" "os" + "strconv" "github.com/pkg/errors" @@ -14,7 +14,7 @@ import ( ) func Run(socketPath string, spec port.Spec, stopCh <-chan struct{}, logWriter io.Writer) error { - addr, err := net.ResolveUDPAddr("udp", fmt.Sprintf("%s:%d", spec.ParentIP, spec.ParentPort)) + addr, err := net.ResolveUDPAddr("udp", net.JoinHostPort(spec.ParentIP, strconv.Itoa(spec.ParentPort))) if err != nil { return err } diff --git a/vendor/github.com/rootless-containers/rootlesskit/pkg/port/portutil/portutil.go b/vendor/github.com/rootless-containers/rootlesskit/pkg/port/portutil/portutil.go index 1c531cac8..a885a76ca 100644 --- a/vendor/github.com/rootless-containers/rootlesskit/pkg/port/portutil/portutil.go +++ b/vendor/github.com/rootless-containers/rootlesskit/pkg/port/portutil/portutil.go @@ -4,76 +4,135 @@ import ( "net" "strconv" "strings" + "text/scanner" "github.com/pkg/errors" "github.com/rootless-containers/rootlesskit/pkg/port" ) -// ParsePortSpec parses a Docker-like representation of PortSpec. +// ParsePortSpec parses a Docker-like representation of PortSpec, but with +// support for both "parent IP" and "child IP" (optional); // e.g. "127.0.0.1:8080:80/tcp", or "127.0.0.1:8080:10.0.2.100:80/tcp" -func ParsePortSpec(s string) (*port.Spec, error) { - splitBySlash := strings.SplitN(s, "/", 2) - if len(splitBySlash) != 2 { - return nil, errors.Errorf("unexpected PortSpec string: %q", s) +// +// Format is as follows: +// +// <parent IP>:<parent port>[:<child IP>]:<child port>/<proto> +// +// Note that (child IP being optional) the format can either contain 5 or 4 +// components. When using IPv6 IP addresses, addresses must use square brackets +// to prevent the colons being mistaken for delimiters. For example: +// +// [::1]:8080:[::2]:80/udp +func ParsePortSpec(portSpec string) (*port.Spec, error) { + const ( + parentIP = iota + parentPort = iota + childIP = iota + childPort = iota + proto = iota + ) + + var ( + s scanner.Scanner + err error + parts = make([]string, 5) + index = parentIP + delimiter = ':' + ) + + // First get the "proto" and "parent-port" at the end. These parts are + // required, whereas "ParentIP" is optional. Removing them first makes + // it easier to parse the remaining parts, as otherwise the third part + // could be _either_ an IP-address _or_ a Port. + + // Get the proto + protoPos := strings.LastIndex(portSpec, "/") + if protoPos < 0 { + return nil, errors.Errorf("missing proto in PortSpec string: %q", portSpec) } - proto := splitBySlash[1] - switch proto { - case "tcp", "udp", "sctp": - default: - return nil, errors.Errorf("unexpected Proto in PortSpec string: %q", s) + parts[proto] = portSpec[protoPos+1:] + err = validateProto(parts[proto]) + if err != nil { + return nil, errors.Wrapf(err, "invalid PortSpec string: %q", portSpec) } - splitByColon := strings.SplitN(splitBySlash[0], ":", 4) - switch len(splitByColon) { - case 3, 4: - default: - return nil, errors.Errorf("unexpected PortSpec string: %q", s) + // Get the parent port + portPos := strings.LastIndex(portSpec, ":") + if portPos < 0 { + return nil, errors.Errorf("unexpected PortSpec string: %q", portSpec) } + parts[childPort] = portSpec[portPos+1 : protoPos] + + // Scan the remainder "<IP-address>:<port>[:<IP-address>]" + s.Init(strings.NewReader(portSpec[:portPos])) + + for tok := s.Scan(); tok != scanner.EOF; tok = s.Scan() { + if index > childPort { + return nil, errors.Errorf("unexpected PortSpec string: %q", portSpec) + } - parentIP := splitByColon[0] - if net.IP(parentIP) == nil { - return nil, errors.Errorf("unexpected ParentIP in PortSpec string: %q", s) + switch tok { + case '[': + // Start of IPv6 IP-address; value ends at closing bracket (]) + delimiter = ']' + continue + case delimiter: + if delimiter == ']' { + // End of IPv6 IP-address + delimiter = ':' + // Skip the next token, which should be a colon delimiter (:) + tok = s.Scan() + } + index++ + continue + default: + parts[index] += s.TokenText() + } } - parentPort, err := strconv.Atoi(splitByColon[1]) - if err != nil { - return nil, errors.Wrapf(err, "unexpected ParentPort in PortSpec string: %q", s) + if parts[parentIP] != "" && net.ParseIP(parts[parentIP]) == nil { + return nil, errors.Errorf("unexpected ParentIP in PortSpec string: %q", portSpec) + } + if parts[childIP] != "" && net.ParseIP(parts[childIP]) == nil { + return nil, errors.Errorf("unexpected ParentIP in PortSpec string: %q", portSpec) } - var childIP string - if len(splitByColon) == 4 { - childIP = splitByColon[2] - if net.IP(childIP) == nil { - return nil, errors.Errorf("unexpected ChildIP in PortSpec string: %q", s) - } + ps := &port.Spec{ + Proto: parts[proto], + ParentIP: parts[parentIP], + ChildIP: parts[childIP], } - childPort, err := strconv.Atoi(splitByColon[len(splitByColon)-1]) + ps.ParentPort, err = strconv.Atoi(parts[parentPort]) if err != nil { - return nil, errors.Wrapf(err, "unexpected ChildPort in PortSpec string: %q", s) + return nil, errors.Wrapf(err, "unexpected ChildPort in PortSpec string: %q", portSpec) } - return &port.Spec{ - Proto: proto, - ParentIP: parentIP, - ParentPort: parentPort, - ChildIP: childIP, - ChildPort: childPort, - }, nil + ps.ChildPort, err = strconv.Atoi(parts[childPort]) + if err != nil { + return nil, errors.Wrapf(err, "unexpected ParentPort in PortSpec string: %q", portSpec) + } + + return ps, nil } // ValidatePortSpec validates *port.Spec. // existingPorts can be optionally passed for detecting conflicts. func ValidatePortSpec(spec port.Spec, existingPorts map[int]*port.Status) error { - if spec.Proto != "tcp" && spec.Proto != "udp" { - return errors.Errorf("unknown proto: %q", spec.Proto) + if err := validateProto(spec.Proto); err != nil { + return err } if spec.ParentIP != "" { if net.ParseIP(spec.ParentIP) == nil { return errors.Errorf("invalid ParentIP: %q", spec.ParentIP) } } + if spec.ChildIP != "" { + if net.ParseIP(spec.ChildIP) == nil { + return errors.Errorf("invalid ChildIP: %q", spec.ChildIP) + } + } if spec.ParentPort <= 0 || spec.ParentPort > 65535 { return errors.Errorf("invalid ParentPort: %q", spec.ParentPort) } @@ -90,3 +149,12 @@ func ValidatePortSpec(spec port.Spec, existingPorts map[int]*port.Status) error } return nil } + +func validateProto(proto string) error { + switch proto { + case "tcp", "udp", "sctp": + return nil + default: + return errors.Errorf("unknown proto: %q", proto) + } +} |