Skip to content

Commit 7167fba

Browse files
committed
Add rootless_port_forwarder option to select port forwarding backend
Fixes: https://redhat.atlassian.net/browse/RUN-2214 Fixes: podman-container-tools/podman#8193 Fixes: https://redhat.atlassian.net/browse/RUN-3587 Signed-off-by: Jan Rodák <hony.com@seznam.cz>
1 parent 189cf71 commit 7167fba

2 files changed

Lines changed: 13 additions & 0 deletions

File tree

common/pkg/config/config.go

Lines changed: 12 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -630,6 +630,12 @@ type NetworkConfig struct {
630630
// If multiple IPs are specified, separate port mapping for each of the specified
631631
// IP would be created.
632632
DefaultHostIPs configfile.Slice `toml:"default_host_ips,omitempty"`
633+
634+
// RootlessPortForwarder selects the port forwarding mechanism for rootless
635+
// bridge networks. "rootlessport" (default) uses a userspace TCP/UDP proxy.
636+
// "pasta" (experimental) uses pasta's kernel splice for forwarding, which
637+
// preserves the original source IP address inside the container.
638+
RootlessPortForwarder string `toml:"rootless_port_forwarder,omitempty"`
633639
}
634640

635641
type SubnetPool struct {
@@ -933,6 +939,12 @@ func (c *NetworkConfig) Validate() error {
933939
}
934940
}
935941

942+
switch c.RootlessPortForwarder {
943+
case "", "rootlessport", "pasta":
944+
default:
945+
return fmt.Errorf("invalid rootless_port_forwarder value %q, must be \"rootlessport\" or \"pasta\"", c.RootlessPortForwarder)
946+
}
947+
936948
return nil
937949
}
938950

common/pkg/config/default.go

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -249,6 +249,7 @@ func defaultConfig() (*Config, error) {
249249
DefaultRootlessNetworkCmd: "pasta",
250250
DNSBindPort: 0,
251251
NetavarkPluginDirs: configfile.NewSlice(DefaultNetavarkPluginDirs),
252+
RootlessPortForwarder: "rootlessport",
252253
},
253254
Engine: *defaultEngineConfig,
254255
Secrets: defaultSecretConfig(),

0 commit comments

Comments
 (0)