Check if port is used in publish flag

vsiravar · vsiravar · commit 984ffc5e3b75 · 2023-05-23T15:07:32.000-07:00
Signed-off-by: Vishwas Siravara &lt;vsiravara@gmail.com&gt;
diff --git a/cmd/nerdctl/container_run_network_linux_test.go b/cmd/nerdctl/container_run_network_linux_test.go
@@ -302,6 +302,99 @@ func TestUniqueHostPortAssignement(t *testing.T) {
 	}
 }
 
+func TestHostPortAlreadyInUse(t *testing.T) {
+	testCases := []struct {
+		hostPort      string
+		containerPort string
+	}{
+		{
+			hostPort:      "5000",
+			containerPort: "80/tcp",
+		},
+		{
+			hostPort:      "5000",
+			containerPort: "80/tcp",
+		},
+		{
+			hostPort:      "5000",
+			containerPort: "80/udp",
+		},
+	}
+
+	tID := testutil.Identifier(t)
+
+	for i, tc := range testCases {
+
+		i := i
+		tc := tc
+		tcName := fmt.Sprintf("%+v", tc)
+		t.Run(tcName, func(t *testing.T) {
+			testContainerName1 := fmt.Sprintf("%s-%d-1", tID, i)
+			testContainerName2 := fmt.Sprintf("%s-%d-2", tID, i)
+			base := testutil.NewBase(t)
+			defer base.Cmd("rm", "-f", testContainerName1, testContainerName2).Run()
+
+			pFlag := fmt.Sprintf("%s:%s", tc.hostPort, tc.containerPort)
+			cmd1 := base.Cmd("run", "-d",
+				"--name", testContainerName1, "-p",
+				pFlag,
+				testutil.NginxAlpineImage)
+
+			cmd2 := base.Cmd("run", "-d",
+				"--name", testContainerName2, "-p",
+				pFlag,
+				testutil.NginxAlpineImage)
+
+			cmd1.AssertOK()
+			cmd2.AssertFail()
+		})
+	}
+}
+
+func TestHostPortAlreadyInUseForSctp(t *testing.T) {
+	if rootlessutil.IsRootless() {
+		t.Skip("sctp is not supported rootless mode")
+	}
+	testCases := []struct {
+		hostPort      string
+		containerPort string
+	}{
+		{
+			hostPort:      "5000",
+			containerPort: "80/sctp",
+		},
+	}
+
+	tID := testutil.Identifier(t)
+
+	for i, tc := range testCases {
+
+		i := i
+		tc := tc
+		tcName := fmt.Sprintf("%+v", tc)
+		t.Run(tcName, func(t *testing.T) {
+			testContainerName1 := fmt.Sprintf("%s-%d-1", tID, i)
+			testContainerName2 := fmt.Sprintf("%s-%d-2", tID, i)
+			base := testutil.NewBase(t)
+			defer base.Cmd("rm", "-f", testContainerName1, testContainerName2).Run()
+
+			pFlag := fmt.Sprintf("%s:%s", tc.hostPort, tc.containerPort)
+			cmd1 := base.Cmd("run", "-d",
+				"--name", testContainerName1, "-p",
+				pFlag,
+				testutil.NginxAlpineImage)
+
+			cmd2 := base.Cmd("run", "-d",
+				"--name", testContainerName2, "-p",
+				pFlag,
+				testutil.NginxAlpineImage)
+
+			cmd1.AssertOK()
+			cmd2.AssertFail()
+		})
+	}
+}
+
 func TestRunPort(t *testing.T) {
 	baseTestRunPort(t, testutil.NginxAlpineImage, testutil.NginxAlpineIndexHTMLSnippet, true)
 }
diff --git a/pkg/portutil/port_allocate_linux.go b/pkg/portutil/port_allocate_linux.go
@@ -39,27 +39,60 @@ func filter(ss []procnet.NetworkDetail, filterFunc func(detail procnet.NetworkDe
 }
 
 func portAllocate(protocol string, ip string, count uint64) (uint64, uint64, error) {
-	netprocData, err := procnet.ReadStatsFileData(protocol)
+	usedPort, err := getUsedPorts(ip, protocol)
+
 	if err != nil {
 		return 0, 0, err
 	}
-	netprocItems := procnet.Parse(netprocData)
+
+	start := uint64(allocateStart)
+	if count > uint64(allocateEnd-allocateStart+1) {
+		return 0, 0, fmt.Errorf("can not allocate %d ports", count)
+	}
+	for start < allocateEnd {
+		needReturn := true
+		for i := start; i < start+count; i++ {
+			if _, ok := usedPort[i]; ok {
+				needReturn = false
+				break
+			}
+		}
+		if needReturn {
+			return start, start + count - 1, nil
+		}
+		start += count
+	}
+	return 0, 0, fmt.Errorf("there is not enough %d free ports", count)
+}
+
+func getUsedPorts(ip string, protocol string) (map[uint64]bool, error) {
+	netprocItems := []procnet.NetworkDetail{}
+
+	if protocol == "tcp" || protocol == "udp" {
+		netprocData, err := procnet.ReadStatsFileData(protocol)
+		if err != nil {
+			return nil, err
+		}
+		netprocItems = append(netprocItems, procnet.Parse(netprocData)...)
+	}
+
 	// In some circumstances, when we bind address like "0.0.0.0:80", we will get the formation of ":::80" in /proc/net/tcp6.
 	// So we need some trick to process this situation.
 	if protocol == "tcp" {
 		tempTCPV6Data, err := procnet.ReadStatsFileData("tcp6")
 		if err != nil {
-			return 0, 0, err
+			return nil, err
 		}
 		netprocItems = append(netprocItems, procnet.Parse(tempTCPV6Data)...)
 	}
 	if protocol == "udp" {
 		tempUDPV6Data, err := procnet.ReadStatsFileData("udp6")
 		if err != nil {
-			return 0, 0, err
+			return nil, err
 		}
 		netprocItems = append(netprocItems, procnet.Parse(tempUDPV6Data)...)
 	}
+
 	if ip != "" {
 		netprocItems = filter(netprocItems, func(s procnet.NetworkDetail) bool {
 			// In some circumstances, when we bind address like "0.0.0.0:80", we will get the formation of ":::80" in /proc/net/tcp6.
@@ -75,30 +108,13 @@ func portAllocate(protocol string, ip string, count uint64) (uint64, uint64, err
 
 	ipTableItems, err := iptable.ReadIPTables("nat")
 	if err != nil {
-		return 0, 0, err
+		return nil, err
 	}
 	destinationPorts := iptable.ParseIPTableRules(ipTableItems)
 
 	for _, port := range destinationPorts {
 		usedPort[port] = true
 	}
 
-	start := uint64(allocateStart)
-	if count > uint64(allocateEnd-allocateStart+1) {
-		return 0, 0, fmt.Errorf("can not allocate %d ports", count)
-	}
-	for start < allocateEnd {
-		needReturn := true
-		for i := start; i < start+count; i++ {
-			if _, ok := usedPort[i]; ok {
-				needReturn = false
-				break
-			}
-		}
-		if needReturn {
-			return start, start + count - 1, nil
-		}
-		start += count
-	}
-	return 0, 0, fmt.Errorf("there is not enough %d free ports", count)
+	return usedPort, nil
 }
diff --git a/pkg/portutil/port_allocate_others.go b/pkg/portutil/port_allocate_others.go
@@ -23,3 +23,7 @@ import "fmt"
 func portAllocate(protocol string, ip string, count uint64) (uint64, uint64, error) {
 	return 0, 0, fmt.Errorf("auto port allocate are not support Non-Linux platform yet")
 }
+
+func getUsedPorts(ip string, protocol string) (map[uint64]bool, error) {
+	return nil, nil
+}
diff --git a/pkg/portutil/portutil.go b/pkg/portutil/portutil.go
@@ -58,6 +58,7 @@ func ParseFlagP(s string) ([]gocni.PortMapping, error) {
 	case 2:
 		proto = strings.ToLower(splitBySlash[1])
 		switch proto {
+		// sctp is not a supported protocol
 		case "tcp", "udp", "sctp":
 		default:
 			return nil, fmt.Errorf("invalid protocol %q", splitBySlash[1])
@@ -100,7 +101,17 @@ func ParseFlagP(s string) ([]gocni.PortMapping, error) {
 		if err != nil {
 			return nil, fmt.Errorf("invalid hostPort: %s", hostPort)
 		}
+		usedPorts, err := getUsedPorts(ip, proto)
+		if err != nil {
+			return nil, err
+		}
+		for i := startHostPort; i <= endHostPort; i++ {
+			if usedPorts[i] {
+				return nil, fmt.Errorf("bind for %s:%d failed: port is already allocated", ip, i)
+			}
+		}
 	}
+
 	if hostPort != "" && (endPort-startPort) != (endHostPort-startHostPort) {
 		if endPort != startPort {
 			return nil, fmt.Errorf("invalid ranges specified for container and host Ports: %s and %s", containerPort, hostPort)

Original file line number	Diff line number	Diff line change
`@@ -23,3 +23,7 @@ import "fmt"`
`23`	`23`	`func portAllocate(protocol string, ip string, count uint64) (uint64, uint64, error) {`
`24`	`24`	`return 0, 0, fmt.Errorf("auto port allocate are not support Non-Linux platform yet")`
`25`	`25`	`}`
	`26`	`+`
	`27`	`+func getUsedPorts(ip string, protocol string) (map[uint64]bool, error) {`
	`28`	`+ return nil, nil`
	`29`	`+}`