fix: Expose only selected ports with Passt

readme.md

@@ -242,7 +242,7 @@ kubectl apply -f https://raw.githubusercontent.com/qemus/qemu/refs/heads/master/
 
 ### How do I expose network ports?
 
-  You can expose ports just by adding them to your compose file. If you want to be able to connect to the SSH service of the machine for example, you would add it like this:
+  When using bridge networking, you can expose ports by adding them to your compose file. If you want to be able to connect to the SSH service of the machine for example, you would add it like this:
 
   ```yaml
   ports:
@@ -251,6 +251,13 @@ kubectl apply -f https://raw.githubusercontent.com/qemus/qemu/refs/heads/master/
 
   This will make port 2222 on your host redirect to port 22 of the virtual machine.
 
+  When using user-mode networking (for example when running under Podman), you will also need to add those ports to the `USER_PORTS` variable like this:
+
+  ```yaml
+  environment:
+    USER_PORTS: "22,80,443"
+  ```
+
 ### How do I assign an individual IP address to the container?
 
   By default, the container uses bridge networking, which shares the IP address with the host.

src/network.sh

@@ -181,35 +181,26 @@ configureDNS() {
   return 0
 }
 
-getUserPorts() {
-
-  local args=""
-  local list=$1
-  local ssh="22"
-
-  [[ "${BOOT_MODE:-}" == "windows"* ]] && ssh="3389"
-  [ -z "$list" ] && list="$ssh" || list+=",$ssh"
+compat() {
 
-  list="${list//,/ }"
-  list="${list## }"
-  list="${list%% }"
+  local gateway="$1"
+  local interface="$2"
+  local samba="20.20.20.1"
 
-  for port in $list; do
-    proto="tcp"
-    num="$port"
+  [[ "$samba" == "$gateway" ]] && return 0
+  [[ "${BOOT_MODE:-}" != "windows"* ]] && return 0
 
-    if [[ "$port" == */udp ]]; then
-      proto="udp"
-      num="${port%/udp}"
-    elif [[ "$port" == */tcp ]]; then
-      proto="tcp"
-      num="${port%/tcp}"
-    fi
+  if [[ "$interface" != "${interface:0:8}" ]]; then
+    error "Bridge name too long!" && return 1
+  fi
 
-    args+="hostfwd=$proto::$num-$VM_NET_IP:$num,"
-  done
+  # Backwards compatibility with old installations
+  if ip address add dev "$interface" "$samba/24" label "$interface:compat"; then
+    SAMBA_INTERFACE="$samba"
+  else
+    warn "failed to configure IP alias!"
+  fi
 
-  echo "${args%?}"
   return 0
 }
 
@@ -233,47 +224,52 @@ getHostPorts() {
     [ -z "$list" ] && list="$WSD_PORT" || list+=",$WSD_PORT"
   fi
 
-  if [[ "${NETWORK,,}" == "passt" ]]; then
-
-    local DNS_PORT="53"
-    local SAMBA_PORT="445"
+  echo "$list"
+  return 0
+}
 
-    if [[ "${DNSMASQ_DISABLE:-}" != [Yy1]* ]]; then
-      [ -z "$list" ] && list="$DNS_PORT" || list+=",$DNS_PORT"
-    fi
+getUserPorts() {
 
-    if [[ "${BOOT_MODE:-}" == "windows"* ]]; then
-      if [[ "${SAMBA:-}" != [Nn]* ]]; then
-        [ -z "$list" ] && list="$SAMBA_PORT" || list+=",$SAMBA_PORT"
-      fi
-    fi
+  local args=""
+  local list=$1
+  list=$(echo "${list// /}" | sed 's/,*$//g')
 
-  fi
+  local ssh="22"
+  [[ "${BOOT_MODE:-}" == "windows"* ]] && ssh="3389"
+  [ -z "$list" ] && list="$ssh" || list+=",$ssh"
 
   echo "$list"
   return 0
 }
 
-compat() {
+getSlirp() {
 
-  local gateway="$1"
-  local interface="$2"
-  local samba="20.20.20.1"
+  local args=""
+  local list=""
 
-  [[ "$samba" == "$gateway" ]] && return 0
-  [[ "${BOOT_MODE:-}" != "windows"* ]] && return 0
+  list=$(getUserPorts)
+  list="${list//,/ }"
+  list="${list## }"
+  list="${list%% }"
 
-  if [[ "$interface" != "${interface:0:8}" ]]; then
-    error "Bridge name too long!" && return 1
-  fi
+  for port in $list; do
 
-  # Backwards compatibility with old installations
-  if ip address add dev "$interface" "$samba/24" label "$interface:compat"; then
-    SAMBA_INTERFACE="$samba"
-  else
-    warn "failed to configure IP alias!"
-  fi
+    proto="tcp"
+    num="${port%/tcp}"
 
+    if [[ "$port" == *"/udp" ]]; then
+      proto="udp"
+      num="${port%/udp}"
+    elif [[ "$port" != *"/tcp" ]]; then
+      args+="hostfwd=$proto::$num-$VM_NET_IP:$num,"
+      proto="udp"
+      num="${port%/udp}"
+    fi
+
+    args+="hostfwd=$proto::$num-$VM_NET_IP:$num,"
+  done
+
+  echo "${args%?}"
   return 0
 }
 
@@ -295,14 +291,14 @@ configureSlirp() {
 
   NET_OPTS="-netdev user,id=hostnet0,ipv4=on,host=$gateway,net=${gateway%.*}.0/24,dhcpstart=$ip,${ipv6}hostname=$VM_NET_HOST"
 
-  local forward
+  local forward=""
   forward=$(getUserPorts "${USER_PORTS:-}")
   [ -n "$forward" ] && NET_OPTS+=",$forward"
 
   if [[ "${DNSMASQ_DISABLE:-}" != [Yy1]* ]]; then
     cp /etc/resolv.conf /etc/resolv.dnsmasq
-    echo -e "nameserver 127.0.0.1\nsearch .\noptions ndots:0" >/etc/resolv.conf
     configureDNS "lo" "$ip" "$VM_NET_MAC" "$VM_NET_HOST" "$VM_NET_MASK" "$gateway" || return 1
+    echo -e "nameserver 127.0.0.1\nsearch .\noptions ndots:0" >/etc/resolv.conf
   fi
 
   VM_NET_IP="$ip"
@@ -340,16 +336,17 @@ configurePasst() {
   PASST_OPTS+=" -n $VM_NET_MASK"
   [ -n "$PASST_MTU" ] && PASST_OPTS+=" -m $PASST_MTU"
 
-  exclude=$(getHostPorts "$HOST_PORTS")
+  local forward=""
+  forward=$(getUserPorts "${USER_PORTS:-}")
+  forward="${forward///tcp}"
+  forward="${forward///udp}"
 
-  if [ -z "$exclude" ]; then
-    exclude="%${VM_NET_DEV}/all"
-  else
-    exclude="%${VM_NET_DEV}/~${exclude//,/,~}"
+  if [ -n "$forward" ]; then
+    forward="%${VM_NET_DEV}/$forward"
+    PASST_OPTS+=" -t $forward"
+    PASST_OPTS+=" -u $forward"
   fi
 
-  PASST_OPTS+=" -t $exclude"
-  PASST_OPTS+=" -u $exclude"
   PASST_OPTS+=" -H $VM_NET_HOST"
   PASST_OPTS+=" -M $GATEWAY_MAC"
   PASST_OPTS+=" -P /var/run/passt.pid"
@@ -701,11 +698,6 @@ getInfo() {
   [ -z "$MTU" ] && MTU="$mtu"
   [ -z "$MTU" ] && MTU="0"
 
-  if [ "$MTU" -gt "1500" ]; then
-    [[ "$DEBUG" == [Yy1]* ]] && echo "MTU size is too large: $MTU, ignoring..."
-    MTU="0"
-  fi
-
   if [[ "${ADAPTER,,}" != "virtio-net-pci" ]]; then
     if [[ "$MTU" != "0" && "$MTU" != "1500" ]]; then
       warn "MTU size is $MTU, but cannot be set for $ADAPTER adapters!" && MTU="0"
@@ -821,16 +813,21 @@ else
       if ! configureSlirp; then
         error "Failed to configure user-mode networking!"
         exit 24
-      fi
-
-      if [ -z "$USER_PORTS" ]; then
-        info "Notice: slirp networking is active, so when you want to expose ports, you will need to map them using this variable: \"USER_PORTS=80,443\"."
       fi ;;
 
     *)
       error "Unrecognized NETWORK value: \"$NETWORK\"" && exit 24 ;;
   esac
 
+  case "${NETWORK,,}" in
+    "passt" | "slirp" )
+
+      if [ -z "$USER_PORTS" ]; then
+        info "Notice: because user-mode networking is active, if you need to expose ports, add them to the \"USER_PORTS\" variable."
+      fi ;;
+
+  esac
+
 fi
 
 NET_OPTS+=" -device $ADAPTER,id=net0,netdev=hostnet0,romfile=,mac=$VM_NET_MAC"