Merge pull request #441 from cpick/fix-proxy-check

Fix `PortsForwarder.Expose()` proxy check
containers · Jan 14, 2025 · 5086dbc · 5086dbc
2 parents 56369d1 + 233ecd8
commit 5086dbc
Show file tree

Hide file tree

Showing 2 changed files with 18 additions and 5 deletions.
diff --git a/pkg/services/forwarder/ports.go b/pkg/services/forwarder/ports.go
@@ -25,11 +25,13 @@ import (
 	"gvisor.dev/gvisor/pkg/tcpip/stack"
 )
 
+type ProxyKey string
+
 type PortsForwarder struct {
 	stack *stack.Stack
 
 	proxiesLock sync.Mutex
-	proxies     map[string]proxy
+	proxies     map[ProxyKey]proxy
 }
 
 type proxy struct {
@@ -61,14 +63,14 @@ func (w CloseWrapper) Close() error {
 func NewPortsForwarder(s *stack.Stack) *PortsForwarder {
 	return &PortsForwarder{
 		stack:   s,
-		proxies: make(map[string]proxy),
+		proxies: make(map[ProxyKey]proxy),
 	}
 }
 
 func (f *PortsForwarder) Expose(protocol types.TransportProtocol, local, remote string) error {
 	f.proxiesLock.Lock()
 	defer f.proxiesLock.Unlock()
-	if _, ok := f.proxies[local]; ok {
+	if _, ok := f.proxies[key(protocol, local)]; ok {
 		return errors.New("proxy already running")
 	}
 
@@ -256,8 +258,8 @@ func (f *PortsForwarder) Expose(protocol types.TransportProtocol, local, remote
 	return nil
 }
 
-func key(protocol types.TransportProtocol, local string) string {
-	return fmt.Sprintf("%s/%s", protocol, local)
+func key(protocol types.TransportProtocol, local string) ProxyKey {
+	return ProxyKey(fmt.Sprintf("%s/%s", protocol, local))
 }
 
 func (f *PortsForwarder) Unexpose(protocol types.TransportProtocol, local string) error {

diff --git a/test-qemu/port_forwarding_test.go b/test-qemu/port_forwarding_test.go
@@ -226,6 +226,17 @@ var _ = ginkgo.Describe("port forwarding", func() {
 			g.Expect(err).ShouldNot(gomega.HaveOccurred())
 			g.Expect(resp.StatusCode).To(gomega.Equal(http.StatusOK))
 		}).Should(gomega.Succeed())
+
+		gomega.Eventually(func(g gomega.Gomega) {
+			// exposing the port again should return an error
+			out, _ = sshExec(`curl http://gateway.containers.internal/services/forwarder/expose -X POST -d'{"protocol":"unix","local":"` + unix2tcpfwdsock + `","remote":"tcp://192.168.127.2:8080"}'`)
+			g.Expect(string(out)).Should(gomega.ContainSubstring("proxy already running"))
+
+			// unexpose the port
+			out, err = sshExec(`curl http://gateway.containers.internal/services/forwarder/unexpose -X POST -d'{"protocol":"unix","local":"` + unix2tcpfwdsock + `","remote":"tcp://192.168.127.2:8080"}'`)
+			g.Expect(err).ShouldNot(gomega.HaveOccurred())
+			g.Expect(string(out)).Should(gomega.Equal(""))
+		}).Should(gomega.Succeed())
 	})
 
 	ginkgo.It("should expose and reach rootless podman API using unix to unix forwarding over ssh", func() {