Skip to content

Add pesto support for dynamic port forwarding via pasta control socket#755

Draft
Honny1 wants to merge 1 commit intocontainers:mainfrom
Honny1:pesto-support
Draft

Add pesto support for dynamic port forwarding via pasta control socket#755
Honny1 wants to merge 1 commit intocontainers:mainfrom
Honny1:pesto-support

Conversation

@Honny1
Copy link
Copy Markdown
Member

@Honny1 Honny1 commented Apr 9, 2026

  • Add a pesto client (pesto_linux.go) that invokes the pesto binary to dynamically update pasta's port forwarding table via a UNIX domain socket, enabling rootless bridge containers to add/remove port mappings without restarting pasta.
  • Start pasta with -c <socketPath> to enable the pesto control channel and expose PestoSocketPath in RootlessNetnsInfo.
  • Set route_localnet=1 inside the rootless netns so that pesto+pasta's kernel splice localhost traffic (src=127.0.0.1) is accepted by netavark's bridge DNAT rules.

Fixes: https://redhat.atlassian.net/browse/RUN-2214
Fixes: containers/podman#8193
Fixes: https://redhat.atlassian.net/browse/RUN-3587

@github-actions github-actions bot added the common Related to "common" package label Apr 9, 2026
@Honny1 Honny1 mentioned this pull request Apr 9, 2026
Draft
6 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

common Related to "common" package

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Alternate port_handler that keeps the source ip for user-defined rootless networks

1 participant

@Honny1