Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

wsl: usernet: Don't always bind to port 2222 #24070

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

wsl: usernet: Don't always bind to port 2222 #24070

wants to merge 1 commit into from

Conversation

cfergeau
Copy link
Contributor

@cfergeau cfergeau commented Sep 25, 2024
edited
Loading

podman-machine starts gvproxy without specifying -ssh-port.
This means it will always bind port 2222 (see
containers/gvisor-tap-vsock#402), effectively
bypassing the dynamic ssh port allocation.

I don't think wsl needs this port to be opened/bound on the host, but
this commit starts gvproxy with -ssh-port set to the dynamic SSH port to
avoid port conflicts with crc.
When gvproxy allows to disable this port forwarding entirely, we can
revise this.

This should fix #20327

Does this PR introduce a user-facing change?

Using podman-machine with wsl and user-mode networking will no longer result in port 2222 being always opened on the host.

@openshift-ci openshift-ci bot added the do-not-merge/release-note-label-needed Enforce release-note requirement, even if just None label Sep 25, 2024
@openshift-ci openshift-ci bot added release-note and removed do-not-merge/release-note-label-needed Enforce release-note requirement, even if just None labels Sep 25, 2024
@packit-as-a-service Packit-as-a-Service
Copy link

Ephemeral COPR build failed. @containers/packit-build please check.

@cfergeau
wsl: usernet: Don't always bind to port 2222
af1270b 
podman-machine starts gvproxy without specifying -ssh-port.
This means it will always bind port 2222 (see
containers/gvisor-tap-vsock#402), effectively
bypassing the dynamic ssh port allocation.

I don't think wsl needs this port to be opened/bound on the host, but
this commit starts gvproxy with -ssh-port set to the dynamic SSH port to
avoid port conflicts with crc.
When gvproxy allows to disable this port forwarding entirely, we can
revise this.

This should fix containers#20327

Signed-off-by: Christophe Fergeau <cfergeau@redhat.com>
@baude
Copy link
Member

baude commented Sep 26, 2024

/approve

@baude baude added the No New Tests Allow PR to proceed without adding regression tests label Sep 26, 2024
@openshift-ci OpenShift CI
Copy link
Contributor

openshift-ci bot commented Sep 26, 2024

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: baude, cfergeau

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@openshift-ci openshift-ci bot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Sep 26, 2024
@baude
Copy link
Member

baude commented Sep 26, 2024

LGTM, @l0rd wdyt?

@cfergeau cfergeau mentioned this pull request Sep 26, 2024
Open
jeffmaury
jeffmaury reviewed Sep 26, 2024
View reviewed changes
pkg/machine/wsl/usermodenet.go
@@ -99,7 +99,7 @@ func startUserModeNetworking(mc *vmconfigs.MachineConfig) error {

// Start or reuse
if !running {
if err := launchUserModeNetDist(exe); err != nil {
if err := launchUserModeNetDist(exe, mc.SSH.Port); err != nil {
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If you are using the machine SSH port there I'm afraid there will be a conflict between gvproxy and win-sshproxy

@l0rd
Copy link
Member

l0rd commented Sep 26, 2024

LGTM, @l0rd wdyt?

looking at it

@l0rd
Copy link
Member

l0rd commented Sep 26, 2024
edited
Loading

I confirm that, as anticipated by @jeffmaury, this unfortunately doesn't work.
Executing podman run fails with error:

> podman run hello
Cannot connect to Podman. Please verify your connection to the Linux system using `podman system connection list`, or try `podman machine init` and `podman machine start` to manage a new Linux VM
Error: unable to connect to Podman socket: failed to connect: ssh: handshake failed: read tcp 127.0.0.1:63020->127.0.0.1:62172: wsarecv: An existing connection was forcibly closed by the remote host.

> Get-Process -Id (Get-NetTCPConnection -LocalPort 62172).OwningProcess

 NPM(K)    PM(M)      WS(M)     CPU(s)      Id  SI ProcessName
 ------    -----      -----     ------      --  -- -----------
     17    28.04      24.77       0.34   21428   1 gvproxy
     17     2.27       8.91       0.09   20460   1 wslrelay

@cfergeau
Copy link
Contributor Author

cfergeau commented Sep 27, 2024
edited
Loading

The WSL podman-machine-default instance sets up its ssh server to listen on mc.SSH.Port ( https://github.com/containers/podman/blob/main/pkg/machine/wsl/stubber.go#L274-L282 ), so binding it in gvproxy as well will cause issue :-/
Let's delay this until containers/gvisor-tap-vsock#402 is implemented, then we can more easily fix this.

@cfergeau cfergeau mentioned this pull request Oct 11, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jeffmaury jeffmaury jeffmaury left review comments

Assignees
No one assigned
Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. machine No New Tests Allow PR to proceed without adding regression tests release-note
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Port conflict of WSL2 with CRC for SSH (usermode networking)
4 participants
@cfergeau @baude @l0rd @jeffmaury