proxy_linux.go 2.9 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123
  1. package portmapper
  2. import (
  3. "fmt"
  4. "io"
  5. "net"
  6. "os"
  7. "os/exec"
  8. "runtime"
  9. "strconv"
  10. "syscall"
  11. "time"
  12. )
  13. const userlandProxyCommandName = "docker-proxy"
  14. func newProxyCommand(proto string, hostIP net.IP, hostPort int, containerIP net.IP, containerPort int, proxyPath string) (userlandProxy, error) {
  15. path := proxyPath
  16. if proxyPath == "" {
  17. cmd, err := exec.LookPath(userlandProxyCommandName)
  18. if err != nil {
  19. return nil, err
  20. }
  21. path = cmd
  22. }
  23. args := []string{
  24. path,
  25. "-proto", proto,
  26. "-host-ip", hostIP.String(),
  27. "-host-port", strconv.Itoa(hostPort),
  28. "-container-ip", containerIP.String(),
  29. "-container-port", strconv.Itoa(containerPort),
  30. }
  31. return &proxyCommand{
  32. cmd: &exec.Cmd{
  33. Path: path,
  34. Args: args,
  35. SysProcAttr: &syscall.SysProcAttr{
  36. Pdeathsig: syscall.SIGTERM, // send a sigterm to the proxy if the creating thread in the daemon process dies (https://go.dev/issue/27505)
  37. },
  38. },
  39. wait: make(chan error, 1),
  40. }, nil
  41. }
  42. // proxyCommand wraps an exec.Cmd to run the userland TCP and UDP
  43. // proxies as separate processes.
  44. type proxyCommand struct {
  45. cmd *exec.Cmd
  46. wait chan error
  47. }
  48. func (p *proxyCommand) Start() error {
  49. r, w, err := os.Pipe()
  50. if err != nil {
  51. return fmt.Errorf("proxy unable to open os.Pipe %s", err)
  52. }
  53. defer r.Close()
  54. p.cmd.ExtraFiles = []*os.File{w}
  55. // As p.cmd.SysProcAttr.Pdeathsig is set, the signal will be sent to the
  56. // process when the OS thread on which p.cmd.Start() was executed dies.
  57. // If the thread is allowed to be released back into the goroutine
  58. // thread pool, the thread could get terminated at any time if a
  59. // goroutine gets scheduled onto it which calls runtime.LockOSThread()
  60. // and exits without a matching number of runtime.UnlockOSThread()
  61. // calls. Ensure that the thread from which Start() is called stays
  62. // alive until the proxy or the daemon process exits to prevent the
  63. // proxy from getting terminated early. See https://go.dev/issue/27505
  64. // for more details.
  65. started := make(chan error)
  66. go func() {
  67. runtime.LockOSThread()
  68. defer runtime.UnlockOSThread()
  69. err := p.cmd.Start()
  70. started <- err
  71. if err != nil {
  72. return
  73. }
  74. p.wait <- p.cmd.Wait()
  75. }()
  76. if err := <-started; err != nil {
  77. return err
  78. }
  79. w.Close()
  80. errchan := make(chan error, 1)
  81. go func() {
  82. buf := make([]byte, 2)
  83. r.Read(buf)
  84. if string(buf) != "0\n" {
  85. errStr, err := io.ReadAll(r)
  86. if err != nil {
  87. errchan <- fmt.Errorf("Error reading exit status from userland proxy: %v", err)
  88. return
  89. }
  90. errchan <- fmt.Errorf("Error starting userland proxy: %s", errStr)
  91. return
  92. }
  93. errchan <- nil
  94. }()
  95. select {
  96. case err := <-errchan:
  97. return err
  98. case <-time.After(16 * time.Second):
  99. return fmt.Errorf("Timed out proxy starting the userland proxy")
  100. }
  101. }
  102. func (p *proxyCommand) Stop() error {
  103. if p.cmd.Process != nil {
  104. if err := p.cmd.Process.Signal(os.Interrupt); err != nil {
  105. return err
  106. }
  107. return <-p.wait
  108. }
  109. return nil
  110. }