Podman when running in rootless mode gets stuck in splice system call when OOB packet is received

[pushpi55]

Podman is running in rootless mode and a server is listening on a port and using splice call to read the message.
When OOB message is being received the process inside the container is stuck forever in splice call.
Attached the strace of the container running the process
strace_podman_linux_image.txt

Steps to reproduce:

• Pull a RHEL8 image from repo.
• Install gcc and run the following program to start the server and start a client to send OOB message
• Run the server program inside container which is using splice system call

#include <stdio.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <netdb.h>
#include <unistd.h>
#include <errno.h>
#include <fcntl.h>
#include <string.h>

main() {
struct sockaddr_in sockaddr_serv;
int pipefd[2];
int sock=0;
int sockfd = 0;
socklen_t size_addr = 0;
char buf[1024];
 sock = socket(PF_INET, SOCK_STREAM, 0);
memset(&sockaddr_serv, 0, sizeof(sockaddr_serv));
sockaddr_serv.sin_family = PF_INET;
sockaddr_serv.sin_addr.s_addr = htonl(INADDR_ANY);
sockaddr_serv.sin_port = htons(9999);

if(bind(sock, (struct sockaddr*) &sockaddr_serv, sizeof(sockaddr_serv))<0) {
  printf("error in binding \n");
 return 1;
}
listen(sock, 5);
pipe(pipefd);
 sockfd = accept(sock, (struct sockaddr*) &sockaddr_serv, &size_addr);
  if(splice(sockfd,0, pipefd[1],0,100,SPLICE_F_MOVE | SPLICE_F_MORE) <0) {
    perror("Error in splice");
    close(sockfd);
    close(sock);
}
 printf("return from recv is %d\n",read(pipefd[0], buf, 50 ));
}

• Start the client and send OOB message

import socket

HOST='127.0.0.1'
PORT=44957
with socket.socket(socket.AF_INET, socket.SOCK_STREAM) as s:
    s.connect((HOST, PORT))
    s.send(b'!',socket.MSG_OOB)
    s.sendall(b'Hello, world')
    data = s.recv(1024)

print('Received', repr(data))

Started a server inside container and it is stuck in splice system call

(gdb) bt
#0  0x00007f30452764e8 in accept () from /lib64/libc.so.6
#1  0x0000000000400a28 in main () at serv.c:30
(gdb) n
Single stepping until exit from function accept,
which has no line number information.
main () at serv.c:31
31	  if(splice(sockfd,0, pipefd[1],0,100,SPLICE_F_MOVE | SPLICE_F_MORE) <0) {
(gdb)

[Luap99]

Thanks for the report. Please provide the info that is requested in the issue template.
Also make sure to format it accordingly, the output is rendered as markdown. Make sure to use three backticks (```) to create code blocks so the code is readable. https://www.markdownguide.org/extended-syntax/#fenced-code-blocks

Also note that there are currently at least three ways to do port forwarding in rootless podman:

• --network slirp4netns:port_handler=slirp4netns
• --network slirp4netns:port_handler=rootlesskit (default)
• --network pasta

Which one are you using? And please try if it works with the others. Does it works as root?

[pushpi55]

Hi @Luap99
I have corrected the code format in the previous message.

This problem is seen only with rootless and default Network mode (--network slirp4netns:port_handler=rootlesskit)

I didn't see the problem in --network slirp4netns:port_handler=slirp4netns. Attached the strace of the process running as container. I don't see any splice call being used when we change the port_handler to slirp4netns.

Ran the same program in rootfull mode and didn't observed any issue there.
strace_port_handler_slirp4netns.txt

[Luap99]

I reported this in the correct repository for the port forwarder: rootless-containers/rootlesskit#363. Please follow there.
For now I think using --network slirp4netns:port_handler=slirp4netns is the best option.