When running getpeername
inside a rootless podman container in a bridged network, the return value is different than if I directly use the host's networking stack (in this case, getpeername
returns the expected value). Is this to be expected in a rootless bridge network? I have tried with both C and Python and they both exhibit the same behaviour.
It seems it has to do with the mechanism by which podman implements rootless networking, see e.g. these GitHub threads:
So the getpeername()
API behaves correctly (in that it reports the address recorded in the socket) – it's outside factors that prevent the network stack from seeing the actual source IP address in the first place. (Kind of similar to the "NAT hairpinning" issue in regular home-network port forwarding.)
Quote from the GitHub issue:
you can set
network_mode: pasta
ornetwork_mode: port_handler=slirp4netns
but this is incompatible with named (user-defined) networks, so it is a either or situation for now.Fixing this is not trivial at all [...]