From b2c0006706a46e74c4f4db5dd7387690e47b87e3 Mon Sep 17 00:00:00 2001 From: David Gibson Date: Fri, 2 Jun 2023 14:03:55 +1000 Subject: [PATCH 1/2] pasta: Correct handling of unknown protocols setupPasta() has logic to handle forwarding of TCP or UDP ports. It has what looks like logic to give an error if trying to forward ports of any other protocol. However, there's a straightforward error in this that it will in fact only give the error if you try to use a protocol called "default". Other unknown protocols will fall through and result in a nonsensical pasta command line which will almost certainly cause a cryptic error later on. Signed-off-by: David Gibson --- libpod/networking_pasta_linux.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libpod/networking_pasta_linux.go b/libpod/networking_pasta_linux.go index e2982fa883..dcc924454f 100644 --- a/libpod/networking_pasta_linux.go +++ b/libpod/networking_pasta_linux.go @@ -48,7 +48,7 @@ func (r *Runtime) setupPasta(ctr *Container, netns string) error { cmdArgs = append(cmdArgs, "-t") case "udp": cmdArgs = append(cmdArgs, "-u") - case "default": + default: return fmt.Errorf("can't forward protocol: %s", protocol) } From cf9bc25bbcdab34ea385210011e843ac7327630b Mon Sep 17 00:00:00 2001 From: Stefano Brivio Date: Mon, 5 Jun 2023 12:43:27 +1000 Subject: [PATCH 2/2] pasta: Test handling of unknown protocols Test that pasta generates a sensible error message if asked to forward a protocol it doesn't understand. Signed-off-by: Stefano Brivio Signed-off-by: David Gibson --- test/system/505-networking-pasta.bats | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/test/system/505-networking-pasta.bats b/test/system/505-networking-pasta.bats index 032c9b0b89..a5cdcd8444 100644 --- a/test/system/505-networking-pasta.bats +++ b/test/system/505-networking-pasta.bats @@ -681,3 +681,11 @@ function teardown() { sleep 1 ! ps -p $(cat "${pidfile}") && rm "${pidfile}" } + +### Options #################################################################### +@test "podman networking with pasta(1) - Unsupported protocol in port forwarding" { + local port=$(random_free_port "" "" tcp) + + run_podman 126 run --net=pasta -p "${port}:${port}/sctp" $IMAGE true + is "$output" "Error: .*can't forward protocol: sctp" +}