On a Hyper-V system we can only register one listening endpoint (with
a GUID), so we need to accept connections, read a header and then
start the proxy.
If the binary has argv[0] == "proxy-vsockd" then run this new frontend.
Signed-off-by: David Scott <dave.scott@docker.com>
Previously the proxy would listen only on the vsock port, which is
fine for accessing the port on the host, but if a container also wants
to access the port (e.g. via `--net=host` and using the Moby IP) then
we need to listen on the IP too.
Related to [docker/pinata#2854]
Signed-off-by: David Scott <dave.scott@docker.com>
The 9P operations tell the host to connect to the vsock port in the
UDP case, so always listen before sending the 9P request.
Signed-off-by: David Scott <dave.scott@docker.com>
- don't try to create a `FileConn` because the Go library sees through
the scam and rejects it
- explicitly keep a reference to the `ctl` file just in case the GC
decides its dead and should be closed.
Signed-off-by: David Scott <dave.scott@docker.com>
The port will be automatically removed when the fd/fid is closed by
a process exit/crash, or by a hypervisor crash.
Signed-off-by: David Scott <dave.scott@docker.com>
Note there is a slight name clash between the final binary 'proxy'
and the library formerly known as 'proxy'. Resolve this by calling
the library 'libproxy'.
Signed-off-by: David Scott <dave.scott@docker.com>
A future version of the 9P server will shutdown the forward on 9P
clunk, so if this process crashes the forward will be cleaned up
properly.
Signed-off-by: David Scott <dave.scott@docker.com>
When requesting a port forward we currently need to know the VM's
address from the point of view of the port forwarder. The easiest way to
discover this is to read it from the existing "docker" port forward.
Note this should all be revamped once we have vsock support.
Signed-off-by: David Scott <dave.scott@docker.com>
This patch removes `proxyForever` and adds `sendError` and `sendOK` for
signalling to the parent process. The main function now sequences these
functions and calls stub functions `exposePort` and `unexposePort` which
will be hooked up in a later patch.
Signed-off-by: David Scott <dave.scott@docker.com>
Previously the proxy.go would directly call `os.Exit`. This patch
causes control to return to `main` where we can tear down any port
forward.
Signed-off-by: David Scott <dave.scott@docker.com>
Previously `execProxy` would
- create the proxy
- signal success/failure to the parent
- run forever (until signalled)
Since we want to add more proxy setup and teardown, this patch
removes the proxy creation from `execProxy` and renames it to
`proxyForever`. Later patches will be able to perform the necessary
side-effects before signalling success to the parent.
Signed-off-by: David Scott <dave.scott@docker.com>
