IPv6: #259 #253 #276

pfandl · 2021-09-11T18:09:13Z

implement forwarding
implement random CIDR

Signed-off-by: fassl [email protected]

pfandl · 2021-09-11T23:09:52Z

@AkihiroSuda can you enable ipv6 for the Docker containers?

README.md

AkihiroSuda · 2021-09-12T03:48:43Z

api.c

@@ -41,9 +41,13 @@ int api_bindlisten(const char *api_socket)
 struct api_hostfwd {
    int id;
    int is_udp;
-    struct in_addr host_addr;
+    int is_ipv4;
+    int is_ipv6;


We shouldn’t need is_ipv4.
Checking !is_ipv6 should be enough.

We can pass tcp6/4 as proto to explicitly just enable either.
If we pass tcp as proto, ipv6 is enabled and the host address
is either 0.0.0.0 or ::0, both are enabled.

api.c

configure.ac

main.c

slirp4netns.1.md

tests/test-slirp4netns-api-socket.sh

AkihiroSuda · 2021-09-12T04:00:39Z

slirp4netns.1.md

@@ -224,7 +238,7 @@ If `guest_addr` is not specified, then it will be set to the default address tha
 ```console
 (namespace)$ json='{"execute": "list_hostfwd"}'
 (namespace)$ echo -n $json | nc -U /tmp/slirp4netns.sock
-{"return": {"entries": [{"id": 42, "proto": "tcp", "host_addr": "0.0.0.0", "host_port": 8080, "guest_addr": "10.0.2.100", "guest_port": 80}]}}
+{"return": {"entries": [{"id": 42, "proto": "tcp", "host_addr": "0.0.0.0", "host_addr6": "::", "host_port": 8080, "guest_addr": "10.0.2.100", "guest_addr6": "fd00::100", "guest_port": 80}]}}


I’m not sure we should mix up v4 and v6 in a single entry.

What should we return in api_handle_req_add_hostfwd when we add both tcp4 and tcp6? An array of IDs?

Avoid adding tcp4 and tcp6 in a single request/response.

Mixing up them in a single request/response makes it hard to implement RootlessKit integration.
https://github.com/rootless-containers/rootlesskit/blob/c5481c1cfd6f6c42c8ec1868fbc543f2b0a916a5/pkg/api/openapi.yaml#L70-L90

I tried to implement it like Go's net listen, which does listen on both 4 and 6 if you set tcp with global ip 0.0.0.0 or :: if I understood it correctly.

If we don't need that I can change it like that?

host_addr: 0.0.0.0, proto: tcp -> v4

host_addr: 0.0.0.0, proto: tcp6 -> error

host_addr: ::, proto: tcp -> v6

host_addr: ::, proto: tcp4 -> error

AkihiroSuda · 2021-09-12T04:02:45Z

Thanks for working on this.

Could you use real name for signing?

can you enable ipv6 for the Docker containers?

Do you mean Docker containers on the CI? I don’t think we have IPv6 there.

AkihiroSuda · 2021-09-12T04:03:33Z

Cc @giuseppe @Luap99 @rhatdan

- implement forwarding - implement random CIDR Signed-off-by: Jasmin Fazlic <[email protected]>

pfandl · 2021-09-12T13:08:44Z

Do you mean Docker containers on the CI? I don’t think we have IPv6 there.

Yes, ok too bad, I guess we can then test the port forwarding in the vagrant box.
Does it actually work? For me the tests seem to randomly fail, was this working
before?

giuseppe

left some comments.

Could you please describe what you are doing in the commit message?

giuseppe · 2021-09-13T10:29:00Z

api.c

@@ -119,16 +123,59 @@ static int api_handle_req_add_hostfwd(Slirp *slirp, int fd, struct api_ctx *ctx,
        free(fwd);
        goto finish;
    }
+#if SLIRP_CONFIG_VERSION_MAX >= 3
+    int flags = (fwd->is_udp ? SLIRP_HOSTFWD_UDP : 0);


could we also check that SLIRP_HOSTFWD_UDP is defined?

giuseppe · 2021-09-13T10:44:10Z

api.c

+            free(fwd);
+            goto finish;
+        }
+        flags |= SLIRP_HOSTFWD_V6ONLY;


SLIRP_HOSTFWD_V6ONLY might not be defined

giuseppe · 2021-09-13T10:44:55Z

api.c

+            goto finish;
+        }
+        flags |= SLIRP_HOSTFWD_V6ONLY;
+        if (slirp_add_hostxfwd(slirp, (const struct sockaddr *)&fwd->host6,


we need to check for slirp_add_hostxfwd at configure time

giuseppe · 2021-09-13T10:45:11Z

api.c

-            wrc = write(fd, api_ok, strlen(api_ok));
+        if (fwd->is_ipv4) {
+#if SLIRP_CONFIG_VERSION_MAX >= 3
+            if (slirp_remove_hostxfwd(slirp,


same for slirp_remove_hostxfwd

Edit: nevermind

Checking for SLIRP_HOSTFWD_V6ONLY at the moment would imply SLIRP_HOSTFWD_UDP and the xfwd functions. Can we just check for that to enable the IPv6 code path?

sure, that should work as well

AkihiroSuda · 2021-11-08T08:17:53Z

What's current status?

pfandl · 2021-11-08T14:31:10Z

What's current status?

Sorry, I'm out.

sachk · 2021-11-25T07:41:27Z

I've been running this branch built with libslirp from master for well over a month now and I'm yet to experience any issues.

lel-amri · 2022-12-04T11:10:38Z

I'm interested in working on this. Can I hijack this PR and @pfandl's work ?

AkihiroSuda · 2022-12-20T04:28:29Z

I'm interested in working on this. Can I hijack this PR and @pfandl's work ?

Yes, please

AkihiroSuda · 2023-09-20T02:46:52Z

I'm interested in working on this. Can I hijack this PR and @pfandl's work ?

Do you still plan this?

pfandl force-pushed the pr2 branch from 880471f to ca1aee3 Compare September 11, 2021 23:06

pfandl force-pushed the pr2 branch from ca1aee3 to 57c3ee9 Compare September 12, 2021 00:11