pythonclinuxnetwork-programmingcontainers

getpeername in containerised environment (podman)


When running getpeername inside a rootless podman container in a bridged network, the return value is different than if I directly use the host's networking stack (in this case, getpeername returns the expected value). Is this to be expected in a rootless bridge network? I have tried with both C and Python and they both exhibit the same behaviour.


Solution

  • It seems it has to do with the mechanism by which podman implements rootless networking, see e.g. these GitHub threads:

    So the getpeername() API behaves correctly (in that it reports the address recorded in the socket) – it's outside factors that prevent the network stack from seeing the actual source IP address in the first place. (Kind of similar to the "NAT hairpinning" issue in regular home-network port forwarding.)

    Quote from the GitHub issue:

    you can set network_mode: pasta or network_mode: port_handler=slirp4netns but this is incompatible with named (user-defined) networks, so it is a either or situation for now.

    Fixing this is not trivial at all [...]