Summary
rootlesskit v3.0.0 with --port-driver=builtin fails to forward UDP responses when the client source IP is non-loopback. Requests are successfully forwarded to the container, but responses are never delivered back to the client.
Environment
- rootlesskit: v3.0.0
- Also tested with Docker: 29.5.1 (rootless mode)
- Network driver:
slirp4netns
- Port driver:
builtin
- OS: Ubuntu 24.04.4 LTS, kernel 6.17.0-29-generic
- Architecture: x86_64
Reproduction
Test Script
rootlesskit \
--state-dir=/tmp/test \
--net=slirp4netns \
--disable-host-loopback \
--port-driver=builtin \
-p 0.0.0.0:9000:8000/udp \
bash -c 'python3 -c "
import socket, sys
s = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
s.bind((\"0.0.0.0\", 8000))
while True:
data, addr = s.recvfrom(1024)
sys.stderr.write(f\"Received: {data.decode().strip()} from {addr}\n\")
s.sendto(b\"OK\", addr)
"'Test Results
| Client Address |
Request Received by Server |
Response Received by Client |
127.0.0.1:9000 |
Yes |
Yes (OK) |
192.168.50.203:9000 |
Yes |
No (timeout) |
The server receives and processes requests from both addresses, but only loopback clients receive the response.
Summary
rootlesskit v3.0.0 with
--port-driver=builtinfails to forward UDP responses when the client source IP is non-loopback. Requests are successfully forwarded to the container, but responses are never delivered back to the client.Environment
slirp4netnsbuiltinReproduction
Test Script
rootlesskit \ --state-dir=/tmp/test \ --net=slirp4netns \ --disable-host-loopback \ --port-driver=builtin \ -p 0.0.0.0:9000:8000/udp \ bash -c 'python3 -c " import socket, sys s = socket.socket(socket.AF_INET, socket.SOCK_DGRAM) s.bind((\"0.0.0.0\", 8000)) while True: data, addr = s.recvfrom(1024) sys.stderr.write(f\"Received: {data.decode().strip()} from {addr}\n\") s.sendto(b\"OK\", addr) "'Test Results
127.0.0.1:9000OK)192.168.50.203:9000The server receives and processes requests from both addresses, but only loopback clients receive the response.