setup/teardown: also go through port forwarding when no mapping

Use an empty vec if port_bindings is None, so we can always go through port binding setup and teardown as long as an IP is set. This is a requirement to setup port forwarding for DNS requests when binding aardvark-dns to an ephemeral port as that defines its own port forwarding. Signed-off-by: Dominique Martinet <[email protected]>
martinetd · Jul 6, 2022 · 097068c · 097068c
1 parent e772cf3
commit 097068c
Show file tree

Hide file tree

Showing 3 changed files with 12 additions and 25 deletions.
diff --git a/src/commands/setup.rs b/src/commands/setup.rs
@@ -142,21 +142,14 @@ impl Setup {
                         isolation: isolation_config,
                     };
                     firewall_driver.setup_network(sn)?;
-                    let port_bindings = network_options.port_mappings.clone();
-                    match port_bindings {
+                    match per_network_opts.static_ips.as_ref() {
                         None => {}
-                        Some(i) => {
-                            let container_ips =
-                                per_network_opts.static_ips.as_ref().ok_or_else(|| {
-                                    std::io::Error::new(
-                                        std::io::ErrorKind::Other,
-                                        "no container ip provided",
-                                    )
-                                })?;
+                        Some(container_ips) => {
+                            let port_bindings = network_options.port_mappings.clone();
                             let networks = network.subnets.as_ref().ok_or_else(|| {
                                 std::io::Error::new(
                                     std::io::ErrorKind::Other,
-                                    "no network address provided",
+                                    "IP assigned but no network address provided",
                                 )
                             })?;
                             let mut has_ipv4 = false;
@@ -186,7 +179,7 @@ impl Setup {
                             let spf = PortForwardConfig {
                                 net: network.clone(),
                                 container_id: network_options.container_id.clone(),
-                                port_mappings: i.clone(),
+                                port_mappings: port_bindings.unwrap_or_default(),
                                 network_name: (*net_name).clone(),
                                 network_hash_name: id_network_hash.clone(),
                                 container_ip_v4: addr_v4,

diff --git a/src/commands/teardown.rs b/src/commands/teardown.rs
@@ -99,21 +99,14 @@ impl Teardown {
                     );
 
                     if !network.internal {
-                        let port_bindings = network_options.port_mappings.clone();
-                        match port_bindings {
+                        match per_network_opts.static_ips.as_ref() {
                             None => {}
-                            Some(i) => {
-                                let container_ips =
-                                    per_network_opts.static_ips.as_ref().ok_or_else(|| {
-                                        std::io::Error::new(
-                                            std::io::ErrorKind::Other,
-                                            "no container ip provided",
-                                        )
-                                    })?;
+                            Some(container_ips) => {
+                                let port_bindings = network_options.port_mappings.clone();
                                 let networks = network.subnets.as_ref().ok_or_else(|| {
                                     std::io::Error::new(
                                         std::io::ErrorKind::Other,
-                                        "no network address provided",
+                                        "IP assigned but no network address provided",
                                     )
                                 })?;
 
@@ -144,7 +137,7 @@ impl Teardown {
                                 let spf = PortForwardConfig {
                                     net: network.clone(),
                                     container_id: network_options.container_id.clone(),
-                                    port_mappings: i.clone(),
+                                    port_mappings: port_bindings.unwrap_or_default(),
                                     network_name: (*net_name).clone(),
                                     network_hash_name: id_network_hash.clone(),
                                     container_ip_v4: addr_v4,

diff --git a/test/100-bridge-iptables.bats b/test/100-bridge-iptables.bats
@@ -66,7 +66,8 @@ fw_driver=iptables
 
     # check iptables POSTROUTING chain
     run_in_host_netns iptables -S POSTROUTING -t nat
-    assert "${lines[1]}" =~ "-A POSTROUTING -s 10.88.0.0/16 -j NETAVARK-1D8721804F16F" "POSTROUTING container rule"
+    assert "${lines[1]}" =~ "-A POSTROUTING -j NETAVARK-HOSTPORT-MASQ" "POSTROUTING HOSTPORT-MASQ rule"
+    assert "${lines[2]}" =~ "-A POSTROUTING -s 10.88.0.0/16 -j NETAVARK-1D8721804F16F" "POSTROUTING container rule"
 
     # check iptables NETAVARK-1D8721804F16F chain
     run_in_host_netns iptables -S NETAVARK-1D8721804F16F -t nat