Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Port API: support specifying IP version explicitly ("tcp4", "tcp6") #232

Merged
merged 4 commits into from
Mar 2, 2021
Merged

Port API: support specifying IP version explicitly ("tcp4", "tcp6") #232

merged 4 commits into from
Mar 2, 2021

Conversation

AkihiroSuda
Copy link
Member

@AkihiroSuda AkihiroSuda commented Mar 1, 2021
edited
Loading

Commit 1: API: support GET /info

e.g.

$ rootlessctl info -json
{
    "apiVersion": "1.1.0",
    "version": "0.13.2+dev",
    "stateDir": "/tmp/rootlesskit751356081",
    "childPID": 163654,
    "networkDriver": {
        "driver": "slirp4netns",
        "dns": [
            "10.0.2.3"
        ]
    },
    "portDriver": {
        "driver": "builtin",
        "protos": [
            "tcp",
            "udp"
        ]
    }
}

Inspecting .portDriver.protos is required for implementing #231 (comment)

Commit 2: Port API: support specifying IP version explicitly ("tcp4", "tcp6")

Fix #231

See ./docs.port.md

Specifying `0.0.0.0:8080:80/tcp` may cause listening on IPv6 as well as on IPv4.
Same applies to `[::]:8080:80/tcp`.

This behavior may sound weird but corresponds to [Go's behavior](https://github.com/golang/go/commit/071908f3d809245eda
42bf6eab071c323c67b7d2),
so this is not a bug.

To specify IPv4 explicitly, use `tcp4` instead of `tcp`, e.g., `0.0.0.0:8080:80/tcp4`.
To specify IPv6 explicitly, use `tcp6`, e.g., `[::]:8080:80/tcp6`.

The `tcp4` and `tcp6` forms were introduced in RootlessKit v0.14.0.
The `tcp6` is currently supported only for `builtin` port driver.

Commit 3: rootlesskit-docker-proxy: support libnetwork >= 20201216 convention

The -proto argument of docker-proxy is like "tcp", but we need to convert it to "tcp4" or "tcp6" explicitly when calling RootlessKit API, for libnetwork >= 20201216.

If the port driver does not support "tcp6" (especially when the port driver is slirp4netns), rootlesskit-docker-proxy skips exposing the port via RootlessKit API, without showing an error.

(We can't raise an error here, because docker run -p 8080:80 always causes rootlesskit-docker-proxy -host-ip :: as well as r-d-p -h-i 0.0.0.0)

See https://github.com/moby/libnetwork/pull/2604/files#diff-8fa48beed55dd033bf8e4f8c40b31cf69d0b2cc5d4bb53cde8594670ea6c938aR20

See also #231

Using this version of rootlesskit-docker-proxy with libnetwork < 20201216 is also fine, because Rootless Docker had never officially supported IPv6.

@AkihiroSuda
API: support GET /info
9a9958b 
Signed-off-by: Akihiro Suda <[email protected]>
@AkihiroSuda AkihiroSuda marked this pull request as draft March 1, 2021 15:04
@AkihiroSuda AkihiroSuda force-pushed the dev branch 2 times, most recently from d64a282 to 17f4357 Compare March 1, 2021 15:33
@AkihiroSuda
Port API: support specifying IP version explicitly ("tcp4", "tcp6")
1034dbf 
Fix rootless-containers#231

Signed-off-by: Akihiro Suda <[email protected]>
@AkihiroSuda
rootlesskit-docker-proxy: support libnetwork >= 20201216 convention
0aa4165 
The `-proto` argument of `docker-proxy` is like "tcp", but we need to convert it to "tcp4" or "tcp6" explicitly
when calling RootlessKit API, for libnetwork >= 20201216.

If the port driver does not support "tcp6" (especially when the port driver is slirp4netns),
`rootlesskit-docker-proxy` skips exposing the port via RootlessKit API,
without showing an error.

(We can't raise an error here, because `docker run -p 8080:80` always causes
`rootlesskit-docker-proxy -host-ip ::` as well as `r-d-p -h-i 0.0.0.0`)

See https://github.com/moby/libnetwork/pull/2604/files#diff-8fa48beed55dd033bf8e4f8c40b31cf69d0b2cc5d4bb53cde8594670ea6c938aR20

See also rootless-containers#231

Using this version of `rootlesskit-docker-proxy` with libnetwork < 20201216 is also fine,
because Rootless Docker had never officially supported IPv6.

Signed-off-by: Akihiro Suda <[email protected]>
@AkihiroSuda AkihiroSuda marked this pull request as ready for review March 1, 2021 16:39
@AkihiroSuda AkihiroSuda mentioned this pull request Mar 1, 2021
Merged
5 tasks
@AkihiroSuda AkihiroSuda marked this pull request as draft March 1, 2021 16:45
@AkihiroSuda AkihiroSuda changed the title API: support GET /info API: support GET /info + support specifying IP version explicitly ("tcp4", "tcp6") + ... Mar 1, 2021
@AkihiroSuda AkihiroSuda changed the title API: support GET /info + support specifying IP version explicitly ("tcp4", "tcp6") + ... Port API: support specifying IP version explicitly ("tcp4", "tcp6") Mar 1, 2021
@AkihiroSuda AkihiroSuda mentioned this pull request Mar 1, 2021
Closed
@AkihiroSuda AkihiroSuda marked this pull request as ready for review March 1, 2021 17:06
arkodg
arkodg approved these changes Mar 1, 2021
View reviewed changes
Copy link

@arkodg arkodg left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

thaJeztah
thaJeztah reviewed Mar 1, 2021
View reviewed changes
Copy link
Contributor

@thaJeztah thaJeztah left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

SGTM; should we open a 'WIP' pull request against moby "master" to verify (and then in combination with the libnetwork bump?)

.github/workflows/main.yaml
@@ -27,6 +27,9 @@ jobs:
run: docker run --rm --privileged rootlesskit:test-integration sh -exc "sudo mount --make-rshared / && ./integration-propagation.sh"
- name: "Integration test: restart"
run: docker run --rm --privileged rootlesskit:test-integration ./integration-restart.sh
- name: "Integration test: port"
# NOTE: "--net=host" is a bad hack to enable IPv6
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

❤️

@AkihiroSuda AkihiroSuda mentioned this pull request Mar 1, 2021
Closed
@AkihiroSuda
Copy link
Member Author

SGTM; should we open a 'WIP' pull request against moby "master" to verify (and then in combination with the libnetwork bump?)

Opened moby/moby#42102

@AkihiroSuda AkihiroSuda merged commit be5b901 into rootless-containers:master Mar 2, 2021
@dependabot dependabot bot mentioned this pull request Mar 18, 2021
Closed
@thaJeztah thaJeztah mentioned this pull request Mar 25, 2021
Merged
5 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@thaJeztah thaJeztah thaJeztah left review comments

@arkodg arkodg arkodg approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Port API: support specifying IP version explicitly ("tcp4", "tcp6")
3 participants
@AkihiroSuda @thaJeztah @arkodg