Merge pull request #482 from AkihiroSuda/dev2

AkihiroSuda · web-flow · commit 7aef506f9bba · 2025-01-20T09:08:27.000+09:00
pasta: set `--host-lo-to-ns-lo`; CI: update pasta
diff --git a/Dockerfile b/Dockerfile
@@ -3,7 +3,7 @@ ARG UBUNTU_VERSION=24.04
 ARG SHADOW_VERSION=4.16.0
 ARG SLIRP4NETNS_VERSION=v1.3.1
 ARG VPNKIT_VERSION=0.5.0
-ARG PASST_VERSION=2024_08_14.61c0b0d
+ARG PASST_VERSION=2024_12_11.09478d5
 ARG DOCKER_VERSION=27.1.2
 ARG DOCKER_CHANNEL=stable
 
diff --git a/pkg/network/pasta/pasta.go b/pkg/network/pasta/pasta.go
@@ -19,6 +19,36 @@ import (
 	"github.com/rootless-containers/rootlesskit/v2/pkg/network/iputils"
 )
 
+type Features struct {
+	// Has `--host-lo-to-ns-lo` (introduced in passt 2024_10_30.ee7d0b6)
+	// https://passt.top/passt/commit/?id=b4dace8f462b346ae2135af1f8d681a99a849a5f
+	HasHostLoToNsLo bool
+}
+
+func DetectFeatures(binary string) (*Features, error) {
+	if binary == "" {
+		return nil, errors.New("got empty pasta binary")
+	}
+	realBinary, err := exec.LookPath(binary)
+	if err != nil {
+		return nil, fmt.Errorf("pasta binary %q is not installed: %w", binary, err)
+	}
+	cmd := exec.Command(realBinary, "--version")
+	b, err := cmd.CombinedOutput()
+	if err != nil {
+		return nil, fmt.Errorf(`command "%s --version" failed, make sure pasta is installed: %q: %w`,
+			realBinary, string(b), err)
+	}
+	f := Features{
+		HasHostLoToNsLo: false,
+	}
+	cmd = exec.Command(realBinary, "--host-lo-to-ns-lo", "--version")
+	if cmd.Run() == nil {
+		f.HasHostLoToNsLo = true
+	}
+	return &f, nil
+}
+
 // NewParentDriver instantiates new parent driver.
 func NewParentDriver(logWriter io.Writer, binary string, mtu int, ipnet *net.IPNet, ifname string,
 	disableHostLoopback, enableIPv6, implicitPortForwarding bool) (network.ParentDriver, error) {
@@ -44,6 +74,11 @@ func NewParentDriver(logWriter io.Writer, binary string, mtu int, ipnet *net.IPN
 		ifname = "tap0"
 	}
 
+	feat, err := DetectFeatures(binary)
+	if err != nil {
+		return nil, err
+	}
+
 	return &parentDriver{
 		logWriter:              logWriter,
 		binary:                 binary,
@@ -53,6 +88,7 @@ func NewParentDriver(logWriter io.Writer, binary string, mtu int, ipnet *net.IPN
 		enableIPv6:             enableIPv6,
 		ifname:                 ifname,
 		implicitPortForwarding: implicitPortForwarding,
+		feat:                   feat,
 	}, nil
 }
 
@@ -67,6 +103,7 @@ type parentDriver struct {
 	infoMu                 sync.RWMutex
 	implicitPortForwarding bool
 	info                   func() *api.NetworkDriverInfo
+	feat                   *Features
 }
 
 const DriverName = "pasta"
@@ -129,6 +166,15 @@ func (d *parentDriver) ConfigureNetwork(childPID int, stateDir, detachedNetNSPat
 		opts = append(opts, "--tcp-ports=none",
 			"--udp-ports=none")
 	}
+	if d.feat != nil {
+		if d.feat.HasHostLoToNsLo {
+			// Needed to keep `docker run -p 127.0.0.1:8080:80` functional with
+			// passt >= 2024_10_30.ee7d0b6
+			//
+			// https://github.com/rootless-containers/rootlesskit/pull/482#issuecomment-2591798590
+			opts = append(opts, "--host-lo-to-ns-lo")
+		}
+	}
 	if detachedNetNSPath == "" {
 		opts = append(opts, strconv.Itoa(childPID))
 	} else {
