proxy: bind the IP port as well as the vsock port

Previously the proxy would listen only on the vsock port, which is fine for accessing the port on the host, but if a container also wants to access the port (e.g. via `--net=host` and using the Moby IP) then we need to listen on the IP too. Related to [docker/pinata#2854] Signed-off-by: David Scott <dave.scott@docker.com>
2025-07-22 18:41:37 +00:00 · 2016-04-29 11:55:06 +01:00 · 2016-04-29 11:55:06 +01:00 · 198dc8ba73
commit 198dc8ba73
parent d00fd8bff3
2 changed files with 37 additions and 5 deletions
--- a/alpine/packages/proxy/libproxy/proxy.go
+++ b/alpine/packages/proxy/libproxy/proxy.go
@ -25,8 +25,8 @@ type Proxy interface {
 	BackendAddr() net.Addr
 }

-// NewProxy creates a Proxy according to the specified frontendAddr and backendAddr.
-func NewProxy(frontendAddr *vsock.VsockAddr, backendAddr net.Addr) (Proxy, error) {
+// NewVsockProxy creates a Proxy listening on Vsock
+func NewVsockProxy(frontendAddr *vsock.VsockAddr, backendAddr net.Addr) (Proxy, error) {
 	switch backendAddr.(type) {
 	case *net.UDPAddr:
 		listener, err := vsock.Listen(frontendAddr.Port)
@ -44,3 +44,29 @@ func NewProxy(frontendAddr *vsock.VsockAddr, backendAddr net.Addr) (Proxy, error
 		panic(fmt.Errorf("Unsupported protocol"))
 	}
 }
+
+// NewIPProxy creates a Proxy according to the specified frontendAddr and backendAddr.
+func NewIPProxy(frontendAddr, backendAddr net.Addr) (Proxy, error) {
+        switch frontendAddr.(type) {
+        case *net.UDPAddr:
+                listener, err := net.ListenUDP("udp", frontendAddr.(*net.UDPAddr))
+                if err != nil {
+                        return nil, err
+                }
+                return NewUDPProxy(frontendAddr, listener, backendAddr.(*net.UDPAddr))
+        case *net.TCPAddr:
+                listener, err := net.Listen("tcp", frontendAddr.String())
+                if err != nil {
+                        return nil, err
+                }
+                return NewTCPProxy(listener, backendAddr.(*net.TCPAddr))
+        case *vsock.VsockAddr:
+                listener, err := vsock.Listen(frontendAddr.(*vsock.VsockAddr).Port)
+                if err != nil {
+                        return nil, err
+                }
+                return NewTCPProxy(listener, backendAddr.(*net.TCPAddr))
+        default:
+                panic(fmt.Errorf("Unsupported protocol"))
+        }
+}
--- a/alpine/packages/proxy/main.go
+++ b/alpine/packages/proxy/main.go
@ -14,19 +14,25 @@ import (
 func main() {
 	host, port, container := parseHostContainerAddrs()

-	p, err := libproxy.NewProxy(&vsock.VsockAddr{Port: uint(port)}, container)
+	vsockP, err := libproxy.NewVsockProxy(&vsock.VsockAddr{Port: uint(port)}, container)
 	if err != nil {
 		sendError(err)
 	}
+	ipP, err := libproxy.NewIPProxy(host, container)
+	if err != nil {
+		sendError(err)
+	}
+
 	ctl, err := exposePort(host, port)
 	if err != nil {
 		sendError(err)
 	}

-	go handleStopSignals(p)
+	go handleStopSignals(ipP)
 	// TODO: avoid this line if we are running in a TTY
 	sendOK()
-	p.Run()
+	go ipP.Run()
+	vsockP.Run()
 	ctl.Close() // ensure ctl remains alive and un-GCed until here
 	os.Exit(0)
 }