From 8d12f19371eb9d91139f7b982cde2926ec8c8e74 Mon Sep 17 00:00:00 2001
From: aleks-mariusz <a+git-commit@alek.cx>
Date: Tue, 16 Jun 2020 11:36:33 +0100
Subject: allow switching of port-forward approaches in rootless/using
 slirp4netns

As of podman 1.8.0, because of commit da7595a, the default approach of providing
port-forwarding in rootless mode has switched (and been hard-coded) to rootlessport,
for the purpose of providing super performance. The side-effect of this switch is
source within the container to the port-forwarded service always appears to originate
from 127.0.0.1 (see issue #5138).

This commit allows a user to specify if they want to revert to the previous approach
of leveraging slirp4netns add_hostfwd() api which, although not as stellar performance,
restores usefulness of seeing incoming traffic origin IP addresses.

The change should be transparent; when not specified, rootlessport will continue to be
used, however if specifying --net slirp4netns:slirplisten the old approach will be used.

Note: the above may imply the restored port-forwarding via slirp4netns is not as
performant as the new rootlessport approach, however the figures shared in the original
commit that introduced rootlessport are as follows:
slirp4netns: 8.3 Gbps,
RootlessKit: 27.3 Gbps,
which are more than sufficient for many use cases where the origin of traffic is more
important than limits that cannot be reached due to bottlenecks elsewhere.

Signed-off-by: Aleks Mariusz <m.k@alek.cx>
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
---
 pkg/namespaces/namespaces.go | 26 +++++++++++++++++++++++++-
 1 file changed, 25 insertions(+), 1 deletion(-)

(limited to 'pkg/namespaces')

diff --git a/pkg/namespaces/namespaces.go b/pkg/namespaces/namespaces.go
index 2ffbde977..b4ec04699 100644
--- a/pkg/namespaces/namespaces.go
+++ b/pkg/namespaces/namespaces.go
@@ -17,7 +17,9 @@ const (
 	nsType        = "ns"
 	podType       = "pod"
 	privateType   = "private"
+	rlkFwdType    = "port_handler=rootlesskit"
 	shareableType = "shareable"
+	slirpFwdType  = "port_handler=slirp4netns"
 	slirpType     = "slirp4netns"
 )
 
@@ -385,7 +387,29 @@ func (n NetworkMode) IsBridge() bool {
 
 // IsSlirp4netns indicates if we are running a rootless network stack
 func (n NetworkMode) IsSlirp4netns() bool {
-	return n == slirpType
+	return n == slirpType || strings.HasPrefix(string(n), slirpType+":")
+}
+
+// IsPortForwardViaRootlessKit indicates if we are doing rootless port-forwarding via rootlesskit/rootlessport
+func (n NetworkMode) IsPortForwardViaRootlessKit() bool {
+	if !n.IsSlirp4netns() {
+		return false
+	}
+	parts := strings.SplitN(string(n), ":", 2)
+	if len(parts) == 2 {
+		return parts[1] == rlkFwdType
+	}
+	return true
+}
+
+// IsPortForwardViaSlirpHostFwd indicates if we are doing rootless port-forwarding via slirp4netns add_hostfwd()
+func (n NetworkMode) IsPortForwardViaSlirpHostFwd() bool {
+	if !n.IsSlirp4netns() {
+		return false
+	}
+	// below here, implied IsSlirp4netns() == true
+	parts := strings.SplitN(string(n), ":", 2)
+	return len(parts) > 1 && parts[1] == slirpFwdType
 }
 
 // IsNS indicates a network namespace passed in by path (ns:<path>)
-- 
cgit v1.2.3-54-g00ecf