Merge pull request #9367 from containers/dependabot/go_modules/github.com/rootless-containers/rootlesskit-0.13.1

Bump github.com/rootless-containers/rootlesskit from 0.13.0 to 0.13.1

go.mod

@@ -50,7 +50,7 @@ require (
 	github.com/opentracing/opentracing-go v1.2.0
 	github.com/pkg/errors v0.9.1
 	github.com/pmezard/go-difflib v1.0.0
-	github.com/rootless-containers/rootlesskit v0.13.0
+	github.com/rootless-containers/rootlesskit v0.13.1
 	github.com/sirupsen/logrus v1.7.0
 	github.com/spf13/cobra v1.1.3
 	github.com/spf13/pflag v1.0.5

go.sum

@@ -528,8 +528,8 @@ github.com/prometheus/procfs v0.0.3/go.mod h1:4A/X28fw3Fc593LaREMrKMqOKvUAntwMDa
 github.com/prometheus/tsdb v0.7.1/go.mod h1:qhTCs0VvXwvX/y3TZrWD7rabWM+ijKTux40TwIPHuXU=
 github.com/rogpeppe/fastuuid v0.0.0-20150106093220-6724a57986af/go.mod h1:XWv6SoW27p1b0cqNHllgS5HIMJraePCO15w5zCzIWYg=
 github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4=
-github.com/rootless-containers/rootlesskit v0.13.0 h1:41nnfB7yFxtHSeQHYupSvVxAJWh/hjmn03w6UjH7nv8=
+github.com/rootless-containers/rootlesskit v0.13.1 h1:QIMHxf00SaUinpJ2r9vwD4z6E3Yq8kk/aZ6ItNXIPHA=
-github.com/rootless-containers/rootlesskit v0.13.0/go.mod h1:DwE/9ASct8sj7bueOXqKiwcdzyZ+yV6qhTAtJUO7988=
+github.com/rootless-containers/rootlesskit v0.13.1/go.mod h1:DwE/9ASct8sj7bueOXqKiwcdzyZ+yV6qhTAtJUO7988=
 github.com/russross/blackfriday/v2 v2.0.1/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
 github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
 github.com/ryanuber/columnize v0.0.0-20160712163229-9b3edd62028f/go.mod h1:sm1tb6uqfes/u+d4ooFouqFdy9/2g9QGwK3SQygK0Ts=

vendor/github.com/rootless-containers/rootlesskit/pkg/port/builtin/parent/tcp/tcp.go

@@ -5,6 +5,7 @@ import (
 	"io"
 	"net"
 	"os"
+	"strconv"
 	"sync"
 
 	"github.com/rootless-containers/rootlesskit/pkg/port"
@@ -12,7 +13,7 @@ import (
 )
 
 func Run(socketPath string, spec port.Spec, stopCh <-chan struct{}, logWriter io.Writer) error {
-	ln, err := net.Listen("tcp", fmt.Sprintf("%s:%d", spec.ParentIP, spec.ParentPort))
+	ln, err := net.Listen("tcp", net.JoinHostPort(spec.ParentIP, strconv.Itoa(spec.ParentPort)))
 	if err != nil {
 		fmt.Fprintf(logWriter, "listen: %v\n", err)
 		return err

vendor/github.com/rootless-containers/rootlesskit/pkg/port/builtin/parent/udp/udp.go

@@ -1,10 +1,10 @@
 package udp
 
 import (
-	"fmt"
 	"io"
 	"net"
 	"os"
+	"strconv"
 
 	"github.com/pkg/errors"
 
@@ -14,7 +14,7 @@ import (
 )
 
 func Run(socketPath string, spec port.Spec, stopCh <-chan struct{}, logWriter io.Writer) error {
-	addr, err := net.ResolveUDPAddr("udp", fmt.Sprintf("%s:%d", spec.ParentIP, spec.ParentPort))
+	addr, err := net.ResolveUDPAddr("udp", net.JoinHostPort(spec.ParentIP, strconv.Itoa(spec.ParentPort)))
 	if err != nil {
 		return err
 	}

vendor/github.com/rootless-containers/rootlesskit/pkg/port/portutil/portutil.go

@@ -4,76 +4,135 @@ import (
 	"net"
 	"strconv"
 	"strings"
+	"text/scanner"
 
 	"github.com/pkg/errors"
 
 	"github.com/rootless-containers/rootlesskit/pkg/port"
 )
 
-// ParsePortSpec parses a Docker-like representation of PortSpec.
+// ParsePortSpec parses a Docker-like representation of PortSpec, but with
+// support for both "parent IP" and "child IP" (optional);
 // e.g. "127.0.0.1:8080:80/tcp", or "127.0.0.1:8080:10.0.2.100:80/tcp"
-func ParsePortSpec(s string) (*port.Spec, error) {
+//
-	splitBySlash := strings.SplitN(s, "/", 2)
+// Format is as follows:
-	if len(splitBySlash) != 2 {
+//
-		return nil, errors.Errorf("unexpected PortSpec string: %q", s)
+//     <parent IP>:<parent port>[:<child IP>]:<child port>/<proto>
-	}
+//
-	proto := splitBySlash[1]
+// Note that (child IP being optional) the format can either contain 5 or 4
-	switch proto {
+// components. When using IPv6 IP addresses, addresses must use square brackets
-	case "tcp", "udp", "sctp":
+// to prevent the colons being mistaken for delimiters. For example:
-	default:
+//
-		return nil, errors.Errorf("unexpected Proto in PortSpec string: %q", s)
+//     [::1]:8080:[::2]:80/udp
-	}
+func ParsePortSpec(portSpec string) (*port.Spec, error) {
+	const (
+		parentIP   = iota
+		parentPort = iota
+		childIP    = iota
+		childPort  = iota
+		proto      = iota
+	)
 
-	splitByColon := strings.SplitN(splitBySlash[0], ":", 4)
+	var (
-	switch len(splitByColon) {
+		s         scanner.Scanner
-	case 3, 4:
+		err       error
-	default:
+		parts     = make([]string, 5)
-		return nil, errors.Errorf("unexpected PortSpec string: %q", s)
+		index     = parentIP
-	}
+		delimiter = ':'
+	)
 
-	parentIP := splitByColon[0]
+	// First get the "proto" and "parent-port" at the end. These parts are
-	if net.IP(parentIP) == nil {
+	// required, whereas "ParentIP" is optional. Removing them first makes
-		return nil, errors.Errorf("unexpected ParentIP in PortSpec string: %q", s)
+	// it easier to parse the remaining parts, as otherwise the third part
-	}
+	// could be _either_ an IP-address _or_ a Port.
 
-	parentPort, err := strconv.Atoi(splitByColon[1])
+	// Get the proto
+	protoPos := strings.LastIndex(portSpec, "/")
+	if protoPos < 0 {
+		return nil, errors.Errorf("missing proto in PortSpec string: %q", portSpec)
+	}
+	parts[proto] = portSpec[protoPos+1:]
+	err = validateProto(parts[proto])
 	if err != nil {
-		return nil, errors.Wrapf(err, "unexpected ParentPort in PortSpec string: %q", s)
+		return nil, errors.Wrapf(err, "invalid PortSpec string: %q", portSpec)
 	}
 
-	var childIP string
+	// Get the parent port
-	if len(splitByColon) == 4 {
+	portPos := strings.LastIndex(portSpec, ":")
-		childIP = splitByColon[2]
+	if portPos < 0 {
-		if net.IP(childIP) == nil {
+		return nil, errors.Errorf("unexpected PortSpec string: %q", portSpec)
-			return nil, errors.Errorf("unexpected ChildIP in PortSpec string: %q", s)
+	}
+	parts[childPort] = portSpec[portPos+1 : protoPos]
+
+	// Scan the remainder "<IP-address>:<port>[:<IP-address>]"
+	s.Init(strings.NewReader(portSpec[:portPos]))
+
+	for tok := s.Scan(); tok != scanner.EOF; tok = s.Scan() {
+		if index > childPort {
+			return nil, errors.Errorf("unexpected PortSpec string: %q", portSpec)
+		}
+
+		switch tok {
+		case '[':
+			// Start of IPv6 IP-address; value ends at closing bracket (])
+			delimiter = ']'
+			continue
+		case delimiter:
+			if delimiter == ']' {
+				// End of IPv6 IP-address
+				delimiter = ':'
+				// Skip the next token, which should be a colon delimiter (:)
+				tok = s.Scan()
+			}
+			index++
+			continue
+		default:
+			parts[index] += s.TokenText()
 		}
 	}
 
-	childPort, err := strconv.Atoi(splitByColon[len(splitByColon)-1])
+	if parts[parentIP] != "" && net.ParseIP(parts[parentIP]) == nil {
-	if err != nil {
+		return nil, errors.Errorf("unexpected ParentIP in PortSpec string: %q", portSpec)
-		return nil, errors.Wrapf(err, "unexpected ChildPort in PortSpec string: %q", s)
+	}
+	if parts[childIP] != "" && net.ParseIP(parts[childIP]) == nil {
+		return nil, errors.Errorf("unexpected ParentIP in PortSpec string: %q", portSpec)
 	}
 
-	return &port.Spec{
+	ps := &port.Spec{
-		Proto:      proto,
+		Proto:    parts[proto],
-		ParentIP:   parentIP,
+		ParentIP: parts[parentIP],
-		ParentPort: parentPort,
+		ChildIP:  parts[childIP],
-		ChildIP:    childIP,
+	}
-		ChildPort:  childPort,
+
-	}, nil
+	ps.ParentPort, err = strconv.Atoi(parts[parentPort])
+	if err != nil {
+		return nil, errors.Wrapf(err, "unexpected ChildPort in PortSpec string: %q", portSpec)
+	}
+
+	ps.ChildPort, err = strconv.Atoi(parts[childPort])
+	if err != nil {
+		return nil, errors.Wrapf(err, "unexpected ParentPort in PortSpec string: %q", portSpec)
+	}
+
+	return ps, nil
 }
 
 // ValidatePortSpec validates *port.Spec.
 // existingPorts can be optionally passed for detecting conflicts.
 func ValidatePortSpec(spec port.Spec, existingPorts map[int]*port.Status) error {
-	if spec.Proto != "tcp" && spec.Proto != "udp" {
+	if err := validateProto(spec.Proto); err != nil {
-		return errors.Errorf("unknown proto: %q", spec.Proto)
+		return err
 	}
 	if spec.ParentIP != "" {
 		if net.ParseIP(spec.ParentIP) == nil {
 			return errors.Errorf("invalid ParentIP: %q", spec.ParentIP)
 		}
 	}
+	if spec.ChildIP != "" {
+		if net.ParseIP(spec.ChildIP) == nil {
+			return errors.Errorf("invalid ChildIP: %q", spec.ChildIP)
+		}
+	}
 	if spec.ParentPort <= 0 || spec.ParentPort > 65535 {
 		return errors.Errorf("invalid ParentPort: %q", spec.ParentPort)
 	}
@@ -90,3 +149,12 @@ func ValidatePortSpec(spec port.Spec, existingPorts map[int]*port.Status) error
 	}
 	return nil
 }
+
+func validateProto(proto string) error {
+	switch proto {
+	case "tcp", "udp", "sctp":
+		return nil
+	default:
+		return errors.Errorf("unknown proto: %q", proto)
+	}
+}

vendor/modules.txt

@@ -515,7 +515,7 @@ github.com/prometheus/common/model
 # github.com/prometheus/procfs v0.0.3
 github.com/prometheus/procfs
 github.com/prometheus/procfs/internal/fs
-# github.com/rootless-containers/rootlesskit v0.13.0
+# github.com/rootless-containers/rootlesskit v0.13.1
 github.com/rootless-containers/rootlesskit/pkg/msgutil
 github.com/rootless-containers/rootlesskit/pkg/port
 github.com/rootless-containers/rootlesskit/pkg/port/builtin