docker itself seems to bind to the port globally inside Moby, so we
get an EADDRINUSE if we try to do it too.
Signed-off-by: David Scott <dave.scott@docker.com>
This allows the proxy to be run easily from a terminal or other script
without requiring fd 3 to be open and writable.
Signed-off-by: David Scott <dave.scott@docker.com>
The proxy process command-line arguments assume we're exposing TCP
or UDP ports on Moby's public IPs. Instead we're forwarding over vsock
where we must map the Moby ports onto vsock ports. Normally TCP and
UDP ports are different, but with vsock there is only one space of
port numbers so we have to map them into different ranges.
This patch maps Moby ports as follows:
- TCP port x onto vsock port 0x10000 + x
- UDP port x onto vsock port 0x20000 + x
Signed-off-by: David Scott <dave.scott@docker.com>
This seems to be a difference between the AF_VSOCK and AF_INET
implementations. We work around it by exiting the proxy process
immediately, which will clean up resources anyway.
Signed-off-by: David Scott <dave.scott@docker.com>
Note there is a slight name clash between the final binary 'proxy'
and the library formerly known as 'proxy'. Resolve this by calling
the library 'libproxy'.
Signed-off-by: David Scott <dave.scott@docker.com>
When requesting a port forward we currently need to know the VM's
address from the point of view of the port forwarder. The easiest way to
discover this is to read it from the existing "docker" port forward.
Note this should all be revamped once we have vsock support.
Signed-off-by: David Scott <dave.scott@docker.com>
This patch removes `proxyForever` and adds `sendError` and `sendOK` for
signalling to the parent process. The main function now sequences these
functions and calls stub functions `exposePort` and `unexposePort` which
will be hooked up in a later patch.
Signed-off-by: David Scott <dave.scott@docker.com>
Previously the proxy.go would directly call `os.Exit`. This patch
causes control to return to `main` where we can tear down any port
forward.
Signed-off-by: David Scott <dave.scott@docker.com>
Previously `execProxy` would
- create the proxy
- signal success/failure to the parent
- run forever (until signalled)
Since we want to add more proxy setup and teardown, this patch
removes the proxy creation from `execProxy` and renames it to
`proxyForever`. Later patches will be able to perform the necessary
side-effects before signalling success to the parent.
Signed-off-by: David Scott <dave.scott@docker.com>
