port_handler=slirp4netns not publishing multiple ports anymore #13643

lolllpop · 2022-03-24T13:55:15Z

Is this a BUG REPORT or FEATURE REQUEST? (leave only one on its own line)

/kind bug

Description

Using port_handler=slirp4netns to preserve the src IPs, podman v4.0.2 does not publish multiple ports anymore, only the first port seems to be forwarded. On v.3.4.4, publishing multiple ports does work.

Steps to reproduce the issue:

podman run -p 2379-2380:2379-2380 --network slirp4netns:port_handler=slirp4netns -it alpine /bin/sh
verify open ports, e.g. using netstat -tnl | grep :23

Describe the results you received:

tcp 0 0 0.0.0.0:2379 0.0.0.0:* LISTEN 1024868/slirp4netns

Describe the results you expected:

tcp 0 0 0.0.0.0:2379 0.0.0.0:* LISTEN 1024868/slirp4netns
tcp 0 0 0.0.0.0:2380 0.0.0.0:* LISTEN 1024868/slirp4netns

Additional information you deem important (e.g. issue happens only occasionally):

podman ps correctly shows: 0.0.0.0:2379-2380->2379-2380/tcp

It works on podman 3.4.4

Output of podman version:

Client:       Podman Engine
Version:      4.0.2
API Version:  4.0.2
Go Version:   go1.17.8
Git Commit:   342c8259381b63296e96ad29519bd4b9c7afbf97
Built:        Wed Mar 23 13:27:40 2022
OS/Arch:      linux/amd64

Output of podman info --debug:

host:
  arch: amd64
  buildahVersion: 1.24.1
  cgroupControllers:
  - cpuset
  - cpu
  - io
  - memory
  - pids
  cgroupManager: systemd
  cgroupVersion: v2
  conmon:
    package: app-containers/conmon-2.1.0
    path: /usr/libexec/podman/conmon
    version: 'conmon version 2.1.0, commit: v2.1.0'
  cpus: 2
  distribution:
    distribution: gentoo
    version: unknown
  eventLogger: file
  hostname: infra02
  idMappings:
    gidmap:
    - container_id: 0
      host_id: 990
      size: 1
    - container_id: 1
      host_id: 99000001
      size: 65536
    uidmap:
    - container_id: 0
      host_id: 990
      size: 1
    - container_id: 1
      host_id: 99000001
      size: 65536
  kernel: 5.15.11-gentoo
  linkmode: dynamic
  logDriver: k8s-file
  memFree: 411598848
  memTotal: 2075975680
  networkBackend: cni
  ociRuntime:
    name: crun
    package: app-containers/crun-1.4.2
    path: /usr/bin/crun
    version: |-
      crun version 1.4.2
      commit: f6fbc8f840df1a414f31a60953ae514fa497c748
      spec: 1.0.0
      +SYSTEMD +SELINUX +APPARMOR +CAP +SECCOMP +EBPF +YAJL
  os: linux
  remoteSocket:
    path: /run/user/990/podman/podman.sock
  security:
    apparmorEnabled: false
    capabilities: CAP_AUDIT_WRITE,CAP_CHOWN,CAP_DAC_OVERRIDE,CAP_FOWNER,CAP_FSETID,CAP_KILL,CAP_MKNOD,CAP_NET_BIND_SERVICE,CAP_NET_RAW,CAP_SETFCAP,CAP_SETGID,CAP_SETPCAP,CAP_SETUID,CAP_SYS_CHROOT
    rootless: true
    seccompEnabled: true
    seccompProfilePath: /usr/share/containers/seccomp.json
    selinuxEnabled: false
  serviceIsRemote: false
  slirp4netns:
    executable: /usr/bin/slirp4netns
    package: app-containers/slirp4netns-1.1.12
    version: |-
      slirp4netns version 1.1.12
      commit: 7a104a101aa3278a2152351a082a6df71f57c9a3
      libslirp: 4.6.1
      SLIRP_CONFIG_VERSION_MAX: 3
      libseccomp: 2.5.3
  swapFree: 921157632
  swapTotal: 921694208
  uptime: 22h 38m 6.69s (Approximately 0.92 days)
plugins:
  log:
  - k8s-file
  - none
  - passthrough
  network:
  - bridge
  - macvlan
  - ipvlan
  volume:
  - local
registries:
  search:
  - docker.io
  - quay.io
  - registry.fedoraproject.org
store:
  configFile: /home/inf/.config/containers/storage.conf
  containerStore:
    number: 9
    paused: 0
    running: 8
    stopped: 1
  graphDriverName: overlay
  graphOptions:
    overlay.mount_program:
      Executable: /usr/bin/fuse-overlayfs
      Package: sys-fs/fuse-overlayfs-1.8.2
      Version: |-
        fusermount3 version: 3.10.5
        fuse-overlayfs: version 1.8.2
        FUSE library version 3.10.5
        using FUSE kernel interface version 7.31
  graphRoot: /home/inf/.local/share/containers/storage
  graphStatus:
    Backing Filesystem: xfs
    Native Overlay Diff: "false"
    Supports d_type: "true"
    Using metacopy: "false"
  imageCopyTmpDir: /var/tmp
  imageStore:
    number: 7
  runRoot: /run/user/990/containers
  volumePath: /home/inf/.local/share/containers/storage/volumes
version:
  APIVersion: 4.0.2
  Built: 1648038460
  BuiltTime: Wed Mar 23 13:27:40 2022
  GitCommit: 342c8259381b63296e96ad29519bd4b9c7afbf97
  GoVersion: go1.17.8
  OsArch: linux/amd64
  Version: 4.0.2

Package info (e.g. output of rpm -q podman or apt list podman):

[I] app-containers/podman
     Available versions:  3.4.4^st{tbz2} (~)4.0.0^st (~)4.0.1^st{tbz2} (~)4.0.2^st{tbz2} {apparmor btrfs +fuse +init +rootless selinux}
     Installed versions:  4.0.2^st{tbz2}(13:28:47 03/23/22)(fuse init rootless -apparmor -btrfs -selinux)

Have you tested with the latest version of Podman and have you checked the Podman Troubleshooting Guide? (https://github.com/containers/podman/blob/main/troubleshooting.md)

Yes

The text was updated successfully, but these errors were encountered:

Luap99 · 2022-03-24T14:01:28Z

I take a look

The slirp4netns port forwarder was not updated to make use of the new port format. This results in a problem when port ranges are used since it does not read the range field from the port. Update the logic to iterate through all ports with the range and protocols. Also added a system test for port ranges with slirp4netns, rootlesskit and the bridge network mode. Fixes containers#13643 Signed-off-by: Paul Holzinger <pholzing@redhat.com>

The slirp4netns port forwarder was not updated to make use of the new port format. This results in a problem when port ranges are used since it does not read the range field from the port. Update the logic to iterate through all ports with the range and protocols. Also added a system test for port ranges with slirp4netns, rootlesskit and the bridge network mode. Fixes containers#13643 [Fixed merge conflict] Signed-off-by: Paul Holzinger <pholzing@redhat.com>

The slirp4netns port forwarder was not updated to make use of the new port format. This results in a problem when port ranges are used since it does not read the range field from the port. Update the logic to iterate through all ports with the range and protocols. Also added a system test for port ranges with slirp4netns, rootlesskit and the bridge network mode. Fixes containers#13643 Signed-off-by: Paul Holzinger <pholzing@redhat.com>

…cations Rebase the patch for Podman on top of current upstream, and: - add support for configuration of specific addresses for forwarded ports - by default, disable port forwarding, and reflect this in the man page changes - adjust processing to a new, incompatible format for port storage, which I couldn't actually track down to a specific commit, but that resulted in containers/podman#13643 and commit eedaaf33cdbf ("fix slirp4netns port forwarding with ranges") Signed-off-by: Stefano Brivio <sbrivio@redhat.com>

openshift-ci bot added the kind/bug Categorizes issue or PR as related to a bug. label Mar 24, 2022

Luap99 added the network Networking related issue or feature label Mar 24, 2022

Luap99 self-assigned this Mar 24, 2022

Luap99 mentioned this issue Mar 24, 2022

fix slirp4netns port forwarding with ranges #13646

Merged

openshift-merge-robot closed this as completed in #13646 Mar 30, 2022

github-actions bot added the locked - please file new issue/PR Assist humans wanting to comment on an old issue or PR with locked comments. label Sep 20, 2023

github-actions bot locked as resolved and limited conversation to collaborators Sep 20, 2023

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

port_handler=slirp4netns not publishing multiple ports anymore #13643

port_handler=slirp4netns not publishing multiple ports anymore #13643

lolllpop commented Mar 24, 2022

Luap99 commented Mar 24, 2022

port_handler=slirp4netns not publishing multiple ports anymore #13643

port_handler=slirp4netns not publishing multiple ports anymore #13643

Comments

lolllpop commented Mar 24, 2022

Luap99 commented Mar 24, 2022