mirror of
https://github.com/containers/podman.git
synced 2025-07-15 03:02:52 +08:00
Merge pull request #7308 from hamzadis/slirp4netns-cidr
Add support for setting the CIDR when using slirp4netns
This commit is contained in:
docs/source/markdown
libpod
test/e2e
@ -563,6 +563,7 @@ Valid values are:
|
|||||||
- `private`: create a new namespace for the container (default)
|
- `private`: create a new namespace for the container (default)
|
||||||
- `slirp4netns[:OPTIONS,...]`: use slirp4netns to create a user network stack. This is the default for rootless containers. It is possible to specify these additional options:
|
- `slirp4netns[:OPTIONS,...]`: use slirp4netns to create a user network stack. This is the default for rootless containers. It is possible to specify these additional options:
|
||||||
- **allow_host_loopback=true|false**: Allow the slirp4netns to reach the host loopback IP (`10.0.2.2`). Default is false.
|
- **allow_host_loopback=true|false**: Allow the slirp4netns to reach the host loopback IP (`10.0.2.2`). Default is false.
|
||||||
|
- **cidr=CIDR**: Specify ip range to use for this network. (Default is `10.0.2.0/24`).
|
||||||
- **enable_ipv6=true|false**: Enable IPv6. Default is false. (Required for `outbound_addr6`).
|
- **enable_ipv6=true|false**: Enable IPv6. Default is false. (Required for `outbound_addr6`).
|
||||||
- **outbound_addr=INTERFACE**: Specify the outbound interface slirp should bind to (ipv4 traffic only).
|
- **outbound_addr=INTERFACE**: Specify the outbound interface slirp should bind to (ipv4 traffic only).
|
||||||
- **outbound_addr=IPv4**: Specify the outbound ipv4 address slirp should bind to.
|
- **outbound_addr=IPv4**: Specify the outbound ipv4 address slirp should bind to.
|
||||||
|
@ -570,9 +570,15 @@ Valid _mode_ values are:
|
|||||||
- **ns:**_path_: path to a network namespace to join;
|
- **ns:**_path_: path to a network namespace to join;
|
||||||
- `private`: create a new namespace for the container (default)
|
- `private`: create a new namespace for the container (default)
|
||||||
- **slirp4netns[:OPTIONS,...]**: use **slirp4netns**(1) to create a user network stack. This is the default for rootless containers. It is possible to specify these additional options:
|
- **slirp4netns[:OPTIONS,...]**: use **slirp4netns**(1) to create a user network stack. This is the default for rootless containers. It is possible to specify these additional options:
|
||||||
**port_handler=rootlesskit**: Use rootlesskit for port forwarding. Default.
|
- **allow_host_loopback=true|false**: Allow the slirp4netns to reach the host loopback IP (`10.0.2.2`). Default is false.
|
||||||
**port_handler=slirp4netns**: Use the slirp4netns port forwarding.
|
- **cidr=CIDR**: Specify ip range to use for this network. (Default is `10.0.2.0/24`).
|
||||||
**allow_host_loopback=true|false**: Allow the slirp4netns to reach the host loopback IP (`10.0.2.2`). Default to false.
|
- **enable_ipv6=true|false**: Enable IPv6. Default is false. (Required for `outbound_addr6`).
|
||||||
|
- **outbound_addr=INTERFACE**: Specify the outbound interface slirp should bind to (ipv4 traffic only).
|
||||||
|
- **outbound_addr=IPv4**: Specify the outbound ipv4 address slirp should bind to.
|
||||||
|
- **outbound_addr6=INTERFACE**: Specify the outbound interface slirp should bind to (ipv6 traffic only).
|
||||||
|
- **outbound_addr6=IPv6**: Specify the outbound ipv6 address slirp should bind to.
|
||||||
|
- **port_handler=rootlesskit**: Use rootlesskit for port forwarding. Default.
|
||||||
|
- **port_handler=slirp4netns**: Use the slirp4netns port forwarding.
|
||||||
|
|
||||||
**--network-alias**=*alias*
|
**--network-alias**=*alias*
|
||||||
|
|
||||||
|
@ -171,6 +171,7 @@ type slirpFeatures struct {
|
|||||||
HasMTU bool
|
HasMTU bool
|
||||||
HasEnableSandbox bool
|
HasEnableSandbox bool
|
||||||
HasEnableSeccomp bool
|
HasEnableSeccomp bool
|
||||||
|
HasCIDR bool
|
||||||
HasOutboundAddr bool
|
HasOutboundAddr bool
|
||||||
HasIPv6 bool
|
HasIPv6 bool
|
||||||
}
|
}
|
||||||
@ -199,6 +200,7 @@ func checkSlirpFlags(path string) (*slirpFeatures, error) {
|
|||||||
HasMTU: strings.Contains(string(out), "--mtu"),
|
HasMTU: strings.Contains(string(out), "--mtu"),
|
||||||
HasEnableSandbox: strings.Contains(string(out), "--enable-sandbox"),
|
HasEnableSandbox: strings.Contains(string(out), "--enable-sandbox"),
|
||||||
HasEnableSeccomp: strings.Contains(string(out), "--enable-seccomp"),
|
HasEnableSeccomp: strings.Contains(string(out), "--enable-seccomp"),
|
||||||
|
HasCIDR: strings.Contains(string(out), "--cidr"),
|
||||||
HasOutboundAddr: strings.Contains(string(out), "--outbound-addr"),
|
HasOutboundAddr: strings.Contains(string(out), "--outbound-addr"),
|
||||||
HasIPv6: strings.Contains(string(out), "--enable-ipv6"),
|
HasIPv6: strings.Contains(string(out), "--enable-ipv6"),
|
||||||
}, nil
|
}, nil
|
||||||
@ -227,6 +229,7 @@ func (r *Runtime) setupRootlessNetNS(ctr *Container) error {
|
|||||||
havePortMapping := len(ctr.Config().PortMappings) > 0
|
havePortMapping := len(ctr.Config().PortMappings) > 0
|
||||||
logPath := filepath.Join(ctr.runtime.config.Engine.TmpDir, fmt.Sprintf("slirp4netns-%s.log", ctr.config.ID))
|
logPath := filepath.Join(ctr.runtime.config.Engine.TmpDir, fmt.Sprintf("slirp4netns-%s.log", ctr.config.ID))
|
||||||
|
|
||||||
|
cidr := ""
|
||||||
isSlirpHostForward := false
|
isSlirpHostForward := false
|
||||||
disableHostLoopback := true
|
disableHostLoopback := true
|
||||||
enableIPv6 := false
|
enableIPv6 := false
|
||||||
@ -240,6 +243,12 @@ func (r *Runtime) setupRootlessNetNS(ctr *Container) error {
|
|||||||
option, value := parts[0], parts[1]
|
option, value := parts[0], parts[1]
|
||||||
|
|
||||||
switch option {
|
switch option {
|
||||||
|
case "cidr":
|
||||||
|
ipv4, _, err := net.ParseCIDR(value)
|
||||||
|
if err != nil || ipv4.To4() == nil {
|
||||||
|
return errors.Errorf("invalid cidr %q", value)
|
||||||
|
}
|
||||||
|
cidr = value
|
||||||
case "port_handler":
|
case "port_handler":
|
||||||
switch value {
|
switch value {
|
||||||
case "slirp4netns":
|
case "slirp4netns":
|
||||||
@ -309,6 +318,13 @@ func (r *Runtime) setupRootlessNetNS(ctr *Container) error {
|
|||||||
cmdArgs = append(cmdArgs, "--enable-seccomp")
|
cmdArgs = append(cmdArgs, "--enable-seccomp")
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if cidr != "" {
|
||||||
|
if !slirpFeatures.HasCIDR {
|
||||||
|
return errors.Errorf("cidr not supported")
|
||||||
|
}
|
||||||
|
cmdArgs = append(cmdArgs, fmt.Sprintf("--cidr=%s", cidr))
|
||||||
|
}
|
||||||
|
|
||||||
if enableIPv6 {
|
if enableIPv6 {
|
||||||
if !slirpFeatures.HasIPv6 {
|
if !slirpFeatures.HasIPv6 {
|
||||||
return errors.Errorf("enable_ipv6 not supported")
|
return errors.Errorf("enable_ipv6 not supported")
|
||||||
|
@ -293,6 +293,22 @@ var _ = Describe("Podman run networking", func() {
|
|||||||
Expect(session.ExitCode()).To(Equal(0))
|
Expect(session.ExitCode()).To(Equal(0))
|
||||||
})
|
})
|
||||||
|
|
||||||
|
It("podman run slirp4netns network with different cidr", func() {
|
||||||
|
slirp4netnsHelp := SystemExec("slirp4netns", []string{"--help"})
|
||||||
|
Expect(slirp4netnsHelp.ExitCode()).To(Equal(0))
|
||||||
|
|
||||||
|
networkConfiguration := "slirp4netns:cidr=192.168.0.0/24,allow_host_loopback=true"
|
||||||
|
session := podmanTest.Podman([]string{"run", "--network", networkConfiguration, ALPINE, "ping", "-c1", "192.168.0.2"})
|
||||||
|
session.Wait(30)
|
||||||
|
|
||||||
|
if strings.Contains(slirp4netnsHelp.OutputToString(), "cidr") {
|
||||||
|
Expect(session.ExitCode()).To(Equal(0))
|
||||||
|
} else {
|
||||||
|
Expect(session.ExitCode()).ToNot(Equal(0))
|
||||||
|
Expect(session.ErrorToString()).To(ContainSubstring("cidr not supported"))
|
||||||
|
}
|
||||||
|
})
|
||||||
|
|
||||||
It("podman run network bind to 127.0.0.1", func() {
|
It("podman run network bind to 127.0.0.1", func() {
|
||||||
slirp4netnsHelp := SystemExec("slirp4netns", []string{"--help"})
|
slirp4netnsHelp := SystemExec("slirp4netns", []string{"--help"})
|
||||||
Expect(slirp4netnsHelp.ExitCode()).To(Equal(0))
|
Expect(slirp4netnsHelp.ExitCode()).To(Equal(0))
|
||||||
|
Reference in New Issue
Block a user