From mboxrd@z Thu Jan 1 00:00:00 1970 From: Stefano Brivio To: passt-dev@passt.top Subject: [PATCH 1/7] contrib: Rebase Podman patch to latest upstream Date: Thu, 21 Jul 2022 14:06:31 +0200 Message-ID: <20220721120637.232914-2-sbrivio@redhat.com> In-Reply-To: <20220721120637.232914-1-sbrivio@redhat.com> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============1923228787500724963==" --===============1923228787500724963== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable A few trivial conflicts came up. No semantic changes. Signed-off-by: Stefano Brivio --- ...001-libpod-Add-pasta-networking-mode.patch | 91 +++++++++---------- 1 file changed, 41 insertions(+), 50 deletions(-) diff --git a/contrib/podman/0001-libpod-Add-pasta-networking-mode.patch b/con= trib/podman/0001-libpod-Add-pasta-networking-mode.patch index c190c81..cb1bab9 100644 --- a/contrib/podman/0001-libpod-Add-pasta-networking-mode.patch +++ b/contrib/podman/0001-libpod-Add-pasta-networking-mode.patch @@ -1,4 +1,4 @@ -From 657f20a4e57ec0deada4c6d02810e52c81c37cf1 Mon Sep 17 00:00:00 2001 +From 3aa86f0fd0d420c11d328c673e8162300172925a Mon Sep 17 00:00:00 2001 From: Stefano Brivio Date: Mon, 2 May 2022 16:12:07 +0200 Subject: [PATCH] libpod: Add pasta networking mode @@ -50,16 +50,16 @@ SPDX-License-Identifier: Apache-2.0 pkg/namespaces/namespaces.go | 6 ++ pkg/specgen/generate/namespaces.go | 10 ++ pkg/specgen/generate/pod_create.go | 6 ++ - pkg/specgen/namespaces.go | 18 +++- + pkg/specgen/namespaces.go | 16 ++- pkg/specgen/podspecgen.go | 2 +- - 11 files changed, 288 insertions(+), 14 deletions(-) + 11 files changed, 286 insertions(+), 14 deletions(-) create mode 100644 libpod/networking_pasta.go =20 diff --git a/docs/source/markdown/podman-create.1.md b/docs/source/markdown/= podman-create.1.md -index c63e8814b..9ffb5fff0 100644 +index 67bb573e2..3b96de4d7 100644 --- a/docs/source/markdown/podman-create.1.md +++ b/docs/source/markdown/podman-create.1.md -@@ -712,10 +712,15 @@ Valid _mode_ values are: +@@ -717,10 +717,15 @@ Valid _mode_ values are: - **interface_name**: Specify a name for the created network interface in= side the container. =20 For example to set a static ipv4 address and a static mac address, use `-= -network bridge:ip=3D10.88.0.10,mac=3D44:33:22:11:00:99`. @@ -75,7 +75,7 @@ index c63e8814b..9ffb5fff0 100644 - **ns:**_path_: Path to a network namespace to join. - **private**: Create a new namespace for the container. This will use the = **bridge** mode for rootful containers and **slirp4netns** for rootless ones. - **slirp4netns[:OPTIONS,...]**: use **slirp4netns**(1) to create a user ne= twork stack. This is the default for rootless containers. It is possible to s= pecify these additional options, they can also be set with `network_cmd_optio= ns` in containers.conf: -@@ -731,6 +736,40 @@ Valid _mode_ values are: +@@ -736,6 +741,40 @@ Valid _mode_ values are: Note: Rootlesskit changes the source IP address of incoming packets to an= IP address in the container network namespace, usually `10.0.2.100`. If your= application requires the real source IP address, e.g. web server logs, use t= he slirp4netns port handler. The rootlesskit port handler is also used for ro= otless containers when connected to user-defined networks. - **port_handler=3Dslirp4netns**: Use the slirp4netns port forwarding, it= is slower than rootlesskit but preserves the correct source IP address. This= port handler cannot be used for user-defined networks. =20 @@ -116,7 +116,7 @@ index c63e8814b..9ffb5fff0 100644 #### **--network-alias**=3D*alias* =20 Add a network-scoped alias for the container, setting the alias for all net= works that the container joins. To set a name only for a specific network, us= e the alias option as described under the **--network** option. -@@ -1583,8 +1622,9 @@ In order for users to run rootless, there must be an e= ntry for their username in +@@ -1592,8 +1631,9 @@ In order for users to run rootless, there must be an e= ntry for their username in =20 Rootless Podman works better if the fuse-overlayfs and slirp4netns packages= are installed. The fuse-overlayfs package provides a userspace overlay storage driver, oth= erwise users need to use @@ -128,7 +128,7 @@ index c63e8814b..9ffb5fff0 100644 =20 ## ENVIRONMENT =20 -@@ -1633,7 +1673,9 @@ page. +@@ -1642,7 +1682,9 @@ page. NOTE: Use the environment variable `TMPDIR` to change the temporary storage= location of downloaded container images. Podman defaults to use `/var/tmp`. =20 ## SEE ALSO @@ -140,10 +140,10 @@ index c63e8814b..9ffb5fff0 100644 ## HISTORY October 2017, converted from Docker documentation to Podman by Dan Walsh fo= r Podman `` diff --git a/docs/source/markdown/podman-pod-create.1.md b/docs/source/markd= own/podman-pod-create.1.md -index 714909b98..2b82d9380 100644 +index de9a34bfa..e711d6823 100644 --- a/docs/source/markdown/podman-pod-create.1.md +++ b/docs/source/markdown/podman-pod-create.1.md -@@ -164,10 +164,15 @@ Valid _mode_ values are: +@@ -193,10 +193,15 @@ Valid _mode_ values are: - **interface_name**: Specify a name for the created network interface in= side the container. =20 For example to set a static ipv4 address and a static mac address, use `-= -network bridge:ip=3D10.88.0.10,mac=3D44:33:22:11:00:99`. @@ -159,7 +159,7 @@ index 714909b98..2b82d9380 100644 - **ns:**_path_: Path to a network namespace to join. - **private**: Create a new namespace for the container. This will use the = **bridge** mode for rootful containers and **slirp4netns** for rootless ones. - **slirp4netns[:OPTIONS,...]**: use **slirp4netns**(1) to create a user ne= twork stack. This is the default for rootless containers. It is possible to s= pecify these additional options, they can also be set with `network_cmd_optio= ns` in containers.conf: -@@ -183,6 +188,43 @@ Valid _mode_ values are: +@@ -212,6 +217,43 @@ Valid _mode_ values are: Note: Rootlesskit changes the source IP address of incoming packets to an= IP address in the container network namespace, usually `10.0.2.100`. If your= application requires the real source IP address, e.g. web server logs, use t= he slirp4netns port handler. The rootlesskit port handler is also used for ro= otless containers when connected to user-defined networks. - **port_handler=3Dslirp4netns**: Use the slirp4netns port forwarding, it= is slower than rootlesskit but preserves the correct source IP address. This= port handler cannot be used for user-defined networks. =20 @@ -203,7 +203,7 @@ index 714909b98..2b82d9380 100644 #### **--network-alias**=3D*alias* =20 Add a network-scoped alias for the pod, setting the alias for all networks = that the pod joins. To set a name only for a specific network, use the alias = option as described under the **--network** option. -@@ -550,6 +592,8 @@ $ podman pod create --network slirp4netns:outbound_addr= =3D127.0.0.1,allow_host_loo +@@ -599,6 +641,8 @@ $ podman pod create --network slirp4netns:outbound_addr= =3D127.0.0.1,allow_host_loo =20 $ podman pod create --network slirp4netns:cidr=3D192.168.0.0/24 =20 @@ -213,10 +213,10 @@ index 714909b98..2b82d9380 100644 ``` =20 diff --git a/docs/source/markdown/podman-run.1.md b/docs/source/markdown/pod= man-run.1.md -index 9d9394020..1143284bf 100644 +index 4566a73d0..8f8b5b4c1 100644 --- a/docs/source/markdown/podman-run.1.md +++ b/docs/source/markdown/podman-run.1.md -@@ -738,10 +738,15 @@ Valid _mode_ values are: +@@ -734,10 +734,15 @@ Valid _mode_ values are: - **interface_name**: Specify a name for the created network interface in= side the container. =20 For example to set a static ipv4 address and a static mac address, use `-= -network bridge:ip=3D10.88.0.10,mac=3D44:33:22:11:00:99`. @@ -232,7 +232,7 @@ index 9d9394020..1143284bf 100644 - **ns:**_path_: Path to a network namespace to join. - **private**: Create a new namespace for the container. This will use the = **bridge** mode for rootful containers and **slirp4netns** for rootless ones. - **slirp4netns[:OPTIONS,...]**: use **slirp4netns**(1) to create a user ne= twork stack. This is the default for rootless containers. It is possible to s= pecify these additional options, they can also be set with `network_cmd_optio= ns` in containers.conf: -@@ -757,6 +762,43 @@ Valid _mode_ values are: +@@ -753,6 +758,43 @@ Valid _mode_ values are: Note: Rootlesskit changes the source IP address of incoming packets to an= IP address in the container network namespace, usually `10.0.2.100`. If your= application requires the real source IP address, e.g. web server logs, use t= he slirp4netns port handler. The rootlesskit port handler is also used for ro= otless containers when connected to user-defined networks. - **port_handler=3Dslirp4netns**: Use the slirp4netns port forwarding, it= is slower than rootlesskit but preserves the correct source IP address. This= port handler cannot be used for user-defined networks. =20 @@ -276,7 +276,7 @@ index 9d9394020..1143284bf 100644 #### **--network-alias**=3D*alias* =20 Add a network-scoped alias for the container, setting the alias for all net= works that the container joins. To set a name only for a specific network, us= e the alias option as described under the **--network** option. -@@ -1963,8 +2005,9 @@ In order for users to run rootless, there must be an e= ntry for their username in +@@ -1964,8 +2006,9 @@ In order for users to run rootless, there must be an e= ntry for their username in =20 Rootless Podman works better if the fuse-overlayfs and slirp4netns packages= are installed. The **fuse-overlayfs** package provides a userspace overlay storage driver,= otherwise users need to use @@ -288,7 +288,7 @@ index 9d9394020..1143284bf 100644 =20 ## ENVIRONMENT =20 -@@ -2011,7 +2054,7 @@ page. +@@ -2012,7 +2055,7 @@ page. NOTE: Use the environment variable `TMPDIR` to change the temporary storage= location of downloaded container images. Podman defaults to use `/var/tmp`. =20 ## SEE ALSO @@ -298,7 +298,7 @@ index 9d9394020..1143284bf 100644 ## HISTORY September 2018, updated by Kunal Kushwaha `` diff --git a/docs/source/markdown/podman.1.md b/docs/source/markdown/podman.= 1.md -index 3d1578ea1..0768fd082 100644 +index 4c019ae97..4c09d4bee 100644 --- a/docs/source/markdown/podman.1.md +++ b/docs/source/markdown/podman.1.md @@ -88,7 +88,7 @@ Set libpod namespace. Namespaces are used to separate grou= ps of containers and p @@ -329,10 +329,10 @@ index 3d1578ea1..0768fd082 100644 ## HISTORY Dec 2016, Originally compiled by Dan Walsh diff --git a/libpod/networking_linux.go b/libpod/networking_linux.go -index 0c124cf0b..4d25e26f2 100644 +index c05796768..5c1f0ea35 100644 --- a/libpod/networking_linux.go +++ b/libpod/networking_linux.go -@@ -644,6 +644,9 @@ func (r *Runtime) configureNetNS(ctr *Container, ctrNS n= s.NetNS) (status map[str +@@ -640,6 +640,9 @@ func (r *Runtime) configureNetNS(ctr *Container, ctrNS n= s.NetNS) (status map[str if ctr.config.NetMode.IsSlirp4netns() { return nil, r.setupSlirp4netns(ctr, ctrNS) } @@ -342,7 +342,7 @@ index 0c124cf0b..4d25e26f2 100644 networks, err :=3D ctr.networks() if err !=3D nil { return nil, err -@@ -811,7 +814,8 @@ func (r *Runtime) teardownCNI(ctr *Container) error { +@@ -809,7 +812,8 @@ func (r *Runtime) teardownCNI(ctr *Container) error { return err } =20 @@ -466,7 +466,7 @@ index 000000000..66f81cbfc + return nil +} diff --git a/pkg/namespaces/namespaces.go b/pkg/namespaces/namespaces.go -index c95f8e275..46fa74640 100644 +index 8eacb8da7..49a6d3786 100644 --- a/pkg/namespaces/namespaces.go +++ b/pkg/namespaces/namespaces.go @@ -19,6 +19,7 @@ const ( @@ -490,10 +490,10 @@ index c95f8e275..46fa74640 100644 func (n NetworkMode) IsNS() bool { return strings.HasPrefix(string(n), nsType) diff --git a/pkg/specgen/generate/namespaces.go b/pkg/specgen/generate/names= paces.go -index 37d561ec2..3404746ee 100644 +index f0d4e9153..2c4b40509 100644 --- a/pkg/specgen/generate/namespaces.go +++ b/pkg/specgen/generate/namespaces.go -@@ -262,6 +262,16 @@ func namespaceOptions(s *specgen.SpecGenerator, rt *lib= pod.Runtime, pod *libpod. +@@ -295,6 +295,16 @@ func namespaceOptions(s *specgen.SpecGenerator, rt *lib= pod.Runtime, pod *libpod. val =3D fmt.Sprintf("slirp4netns:%s", s.NetNS.Value) } toReturn =3D append(toReturn, libpod.WithNetNS(portMappings, expose, post= ConfigureNetNS, val, nil)) @@ -507,16 +507,16 @@ index 37d561ec2..3404746ee 100644 + val =3D fmt.Sprintf("pasta:%s", s.NetNS.Value) + } + toReturn =3D append(toReturn, libpod.WithNetNS(portMappings, expose, post= ConfigureNetNS, val, nil)) - case specgen.Private: - fallthrough - case specgen.Bridge: + case specgen.Bridge, specgen.Private, specgen.Default: + portMappings, expose, err :=3D createPortMappings(s, imageData) + if err !=3D nil { diff --git a/pkg/specgen/generate/pod_create.go b/pkg/specgen/generate/pod_c= reate.go -index a3408b402..7d83e9ae1 100644 +index 212d613fe..b50fe3586 100644 --- a/pkg/specgen/generate/pod_create.go +++ b/pkg/specgen/generate/pod_create.go -@@ -233,6 +233,12 @@ func MapSpec(p *specgen.PodSpecGenerator) (*specgen.Spe= cGenerator, error) { +@@ -163,6 +163,12 @@ func MapSpec(p *specgen.PodSpecGenerator) (*specgen.Spe= cGenerator, error) { p.InfraContainerSpec.NetworkOptions =3D p.NetworkOptions - p.InfraContainerSpec.NetNS.NSMode =3D specgen.NamespaceMode("slirp4netns= ") + p.InfraContainerSpec.NetNS.NSMode =3D specgen.Slirp } + case specgen.Pasta: + logrus.Debugf("Pod will use pasta") @@ -528,7 +528,7 @@ index a3408b402..7d83e9ae1 100644 logrus.Debugf("Pod will not use networking") if len(p.InfraContainerSpec.PortMappings) > 0 || diff --git a/pkg/specgen/namespaces.go b/pkg/specgen/namespaces.go -index 7a7ca2706..861d08f89 100644 +index 03a2049f6..baa113570 100644 --- a/pkg/specgen/namespaces.go +++ b/pkg/specgen/namespaces.go @@ -51,6 +51,9 @@ const ( @@ -556,19 +556,10 @@ index 7a7ca2706..861d08f89 100644 // Valid, do nothing - case NoNetwork, Bridge, Slirp: + case NoNetwork, Bridge, Slirp, Pasta: - return errors.Errorf("cannot use network modes with non-network namespace= ") + return errors.New("cannot use network modes with non-network namespace") default: - return errors.Errorf("invalid namespace type %s specified", n.NSMode) -@@ -328,6 +331,8 @@ func ParseNetworkNamespace(ns string, rootlessDefaultCNI= bool) (Namespace, map[s - switch { - case ns =3D=3D string(Slirp), strings.HasPrefix(ns, string(Slirp)+":"): - toReturn.NSMode =3D Slirp -+ case ns =3D=3D string(Pasta), strings.HasPrefix(ns, string(Pasta) + ":"): -+ toReturn.NSMode =3D Pasta - case ns =3D=3D string(FromPod): - toReturn.NSMode =3D FromPod - case ns =3D=3D "" || ns =3D=3D string(Default) || ns =3D=3D string(Private= ): -@@ -396,6 +401,13 @@ func ParseNetworkFlag(networks []string) (Namespace, ma= p[string]types.PerNetwork + return fmt.Errorf("invalid namespace type %s specified", n.NSMode) +@@ -340,6 +343,13 @@ func ParseNetworkFlag(networks []string) (Namespace, ma= p[string]types.PerNetwork networkOptions[parts[0]] =3D strings.Split(parts[1], ",") } toReturn.NSMode =3D Slirp @@ -582,20 +573,20 @@ index 7a7ca2706..861d08f89 100644 case ns =3D=3D string(FromPod): toReturn.NSMode =3D FromPod case ns =3D=3D "" || ns =3D=3D string(Default) || ns =3D=3D string(Private= ): -@@ -472,7 +484,7 @@ func ParseNetworkFlag(networks []string) (Namespace, map= [string]types.PerNetwork +@@ -410,7 +420,7 @@ func ParseNetworkFlag(networks []string) (Namespace, map= [string]types.PerNetwork if parts[0] =3D=3D "" { - return toReturn, nil, nil, errors.Wrapf(define.ErrInvalidArg, "network = name cannot be empty") + return toReturn, nil, nil, fmt.Errorf("network name cannot be empty: %w= ", define.ErrInvalidArg) } -- if util.StringInSlice(parts[0], []string{string(Bridge), string(Slirp), = string(FromPod), string(NoNetwork), -+ if util.StringInSlice(parts[0], []string{string(Bridge), string(Slirp), = string(Pasta), string(FromPod), string(NoNetwork), +- if cutil.StringInSlice(parts[0], []string{string(Bridge), string(Slirp),= string(FromPod), string(NoNetwork), ++ if cutil.StringInSlice(parts[0], []string{string(Bridge), string(Slirp),= string(Pasta), string(FromPod), string(NoNetwork), string(Default), string(Private), string(Path), string(FromContainer), = string(Host)}) { - return toReturn, nil, nil, errors.Wrapf(define.ErrInvalidArg, "can only= set extra network names, selected mode %s conflicts with bridge", parts[0]) + return toReturn, nil, nil, fmt.Errorf("can only set extra network names= , selected mode %s conflicts with bridge: %w", parts[0], define.ErrInvalidArg) } diff --git a/pkg/specgen/podspecgen.go b/pkg/specgen/podspecgen.go -index 759caa0c0..f95bbffc7 100644 +index 64a79f4ee..faeeb2ed6 100644 --- a/pkg/specgen/podspecgen.go +++ b/pkg/specgen/podspecgen.go -@@ -93,7 +93,7 @@ type PodNetworkConfig struct { +@@ -98,7 +98,7 @@ type PodNetworkConfig struct { // PortMappings is a set of ports to map into the infra container. // As, by default, containers share their network with the infra // container, this will forward the ports to the entire pod. --=20 2.35.1 --===============1923228787500724963==--