Skip to content

[Bugfix] Check if port is used in publish flag [duplicate of #2190] #4097

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

[Bugfix] Check if port is used in publish flag [duplicate of #2190] #4097

wants to merge 1 commit into from

Conversation

swagatbora90
Copy link
Contributor

This PR continues the work from #2190 (originally by @vsiravar) which checks for used ports while allocating host port in -p/--publish. The original PR is already approved and was just waiting for a rebase form the author. Most of the comments have already been addressed.

Addressing port cleanup on stop:

The original PR had some open discussion around handling port cleanups on container stop

I concur with it, but hold reservations about merging this PR. I believe we should first have nerdctl stop manage the release of ports.
The rest LGTM.

cc vsiravar, could you please fix the stop ( it can be a different PR) so we can merge this accordingly? Thanks

This is now already being addressed with this PR #2839 as network cleanup is part of both container stop and kill

Verified the fix:

 % sudo ./_output/nerdctl run -p 8080:80 --name=test -d nginx
57a24f8da7127aeacee8b888a90e0e4eda866b35513844620de4ad1d28200547

 % sudo ./_output/nerdctl run -p 8080:80  -d nginx
FATA[0000] failed to load networking flags: bind for :8080 failed: port is already allocated 

 % sudo nerdctl stop test
test

% sudo ./_output/nerdctl run -p 8080:80  -d nginx
4ad5ca030355b1eb537c3caa91dfd5a9944dd36e8dea1756a4334a986f96c682

Fixes: #2179

cc @fahedouch @vsiravar

@swagatbora90 swagatbora90 changed the title Check if port is used in publish flag [Bugfix] Check if port is used in publish flag [duplicate of #2190] Apr 9, 2025
@swagatbora90 swagatbora90 mentioned this pull request Apr 9, 2025
Open
@swagatbora90 swagatbora90 reopened this Apr 9, 2025
@swagatbora90 swagatbora90 force-pushed the fix-port-check-vsiravar branch from aaeb6ce to af654a8 Compare April 10, 2025 17:16
@swagatbora90 swagatbora90 force-pushed the fix-port-check-vsiravar branch 3 times, most recently from 4e10732 to 65feab1 Compare April 18, 2025 22:24
@vsiravar @swagatbora90
Check if port is used in publish flag
002c0d4 
Signed-off-by: Vishwas Siravara <vsiravara@gmail.com>
@swagatbora90 swagatbora90 force-pushed the fix-port-check-vsiravar branch from 65feab1 to 002c0d4 Compare April 25, 2025 21:37
@swagatbora90
Copy link
Contributor Author

The current implementation breaks in rootless mode which is resulting in the test failures. I am guessing this is mainly due to how Rootlesskit uses slirp4netns to create a separate net ns and possibly the port allocation information is no longer visible in /proc/net/*.

We can either implement some mechanism to track the rootless state or may be add a generic port store to track all port usage.

@fahedouch
Copy link
Member

The current implementation breaks in rootless mode which is resulting in the test failures. I am guessing this is mainly due to how Rootlesskit uses slirp4netns to create a separate net ns and possibly the port allocation information is no longer visible in /proc/net/*.

We can either implement some mechanism to track the rootless state or may be add a generic port store to track all port usage.

Rootless > 2.0 starts with a detached network namespace by default. You need to nsenter into the child network namespace, where the container's network is managed, and the ports should be checked there. You have several ways to nsenter, either by executing a child process or using the library https://pkg.go.dev/github.com/containernetworking/plugins/pkg/ns#WithNetNSPath (I prefer the containernetworking library)

fahedouch
fahedouch reviewed Apr 26, 2025
View reviewed changes
pkg/portutil/port_allocate_linux.go
@@ -42,24 +42,56 @@ func filter(ss []procnet.NetworkDetail, filterFunc func(detail procnet.NetworkDe
}

func portAllocate(protocol string, ip string, count uint64) (uint64, uint64, error) {
netprocData, err := procnet.ReadStatsFileData(protocol)
usedPort, err := getUsedPorts(ip, protocol)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
usedPort, err := getUsedPorts(ip, protocol)
usedPorts, err := getUsedPorts(ip, protocol)

pkg/portutil/port_allocate_linux.go
if err != nil {
return 0, 0, err
}
netprocItems := procnet.Parse(netprocData)

start := uint64(allocateStart)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

to make things simpler please declare allocateStart and allocateEnd with uint64 type

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@manugupt1 manugupt1 manugupt1 left review comments

@fahedouch fahedouch fahedouch left review comments

@apostasie apostasie apostasie left review comments

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
area/network
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

nerdctl run -p <host-port>:<container port> <image> does not check if user defined host port is in use.
5 participants
@swagatbora90 @fahedouch @manugupt1 @apostasie @vsiravar