Richfr/ Add windowsAddress support to WslcCreateContainer() API (#40037)

1wizkid · richfr · web-flow · commit 630929d3d1cd · 2026-04-14T12:02:20.000-07:00
* Portmapping: add windowsAddress support

* Portmapping: add windowsAddress support

* Addressing PR feedback: update wslcsdk.cpp

* Addressing clang formatting error

* Providing default values for port bindings: wslcsdk.cpp

* Added new function InetNtopToHresult() to map inet result error values to the correct HRESULTS

* return family name if socket address is invalid

* Removed unnecessasry variable bindingAddressStrings. Also, commented that convertedPorts must stay in same scope as containerOptions and moved the declaration to be with that var

* Fixed clang formatting errors

* Added WSLC Sdk API tests for WslcContainerPortMapping.windowsAddress for Ipv4 and Ipv6 local host.

* Add unique name to containerSettings var to make test debugging from log reports easier.

* Adjust AF_UNIX portmapping test so that it fails if value accepted

* Return more accurate strncpy_s error result

* Improved error return value of IP address verification

* Provide better error reporting

* Respond to misc copilot feedback

* Resolving merge after syncing with origin

* Adjusted error messages

* Removed 2 unnecessary lines of code

* Mark internal function as static to avoid external linkage

---------

Co-authored-by: Richard Fricks &lt;richfr@microsoft.com&gt;
diff --git a/.gitignore b/.gitignore
@@ -67,4 +67,5 @@ doc/site/
 directory.build.targets
 test-storage/
 *.vhdx
-*.tar
+*.tar
+*.etl
diff --git a/src/windows/WslcSDK/wslcsdk.cpp b/src/windows/WslcSDK/wslcsdk.cpp
@@ -200,6 +200,14 @@ void EnsureAbsolutePath(const std::filesystem::path& path, bool containerPath)
         THROW_HR_IF(E_INVALIDARG, path.is_relative());
     }
 }
+static HRESULT InetNtopToHresult(int af, const void* src, char* dst, size_t dstCount)
+{
+    if (inet_ntop(af, src, dst, dstCount) == nullptr)
+    {
+        return HRESULT_FROM_WIN32(WSAGetLastError());
+    }
+    return S_OK;
+}
 
 bool CopyProcessSettingsToRuntime(WSLCProcessOptions& runtimeOptions, const WslcContainerProcessOptionsInternal* initProcessOptions)
 {
@@ -617,6 +625,8 @@ try
     auto result = std::make_unique<WslcContainerImpl>();
 
     WSLCContainerOptions containerOptions{};
+    std::unique_ptr<WSLCPortMapping[]> convertedPorts; // this must stay in same scope as containerOptions since containerOptions.Ports is getting a raw pointer to the array owned by convertedPorts.
+
     containerOptions.Image = internalContainerSettings->image;
     containerOptions.Name = internalContainerSettings->runtimeName;
     containerOptions.HostName = internalContainerSettings->HostName;
@@ -659,7 +669,6 @@ try
         containerOptions.NamedVolumesCount = static_cast<ULONG>(internalContainerSettings->namedVolumesCount);
     }
 
-    std::unique_ptr<WSLCPortMapping[]> convertedPorts;
     if (internalContainerSettings->ports && internalContainerSettings->portsCount)
     {
         convertedPorts = std::make_unique<WSLCPortMapping[]>(internalContainerSettings->portsCount);
@@ -671,14 +680,58 @@ try
             convertedPort.HostPort = internalPort.windowsPort;
             convertedPort.ContainerPort = internalPort.containerPort;
 
-            // TODO: Ipv6 & custom binding address support.
-            convertedPort.Family = AF_INET;
-
             // TODO: Consider using standard protocol numbers instead of our own enum.
-            convertedPort.Protocol = internalPort.protocol == WSLC_PORT_PROTOCOL_TCP ? IPPROTO_TCP : IPPROTO_UDP;
-            strcpy_s(convertedPort.BindingAddress, "127.0.0.1");
+            switch (internalPort.protocol)
+            {
+            case WSLC_PORT_PROTOCOL_TCP:
+                convertedPort.Protocol = IPPROTO_TCP;
+                break;
+            case WSLC_PORT_PROTOCOL_UDP:
+                convertedPort.Protocol = IPPROTO_UDP;
+                break;
+            default:
+                THROW_HR_MSG(E_INVALIDARG, "Unsupported port protocol: %u", internalPort.protocol);
+            }
+            // Validate IP address if provided and if valid, copy to runtime structure.
+            if (internalPort.windowsAddress != nullptr)
+            {
+                switch (internalPort.windowsAddress->ss_family)
+                {
+                case AF_INET:
+                {
+                    const auto* addr4 = reinterpret_cast<const sockaddr_in*>(internalPort.windowsAddress);
+                    HRESULT hr = InetNtopToHresult(AF_INET, &addr4->sin_addr, convertedPort.BindingAddress, sizeof(convertedPort.BindingAddress));
+                    if (FAILED(hr))
+                    {
+                        THROW_HR_MSG(hr, "inet_ntop() failed for AF_INET address");
+                    }
+                    convertedPort.Family = AF_INET;
+                    break;
+                }
+
+                case AF_INET6:
+                {
+                    const auto* addr6 = reinterpret_cast<const sockaddr_in6*>(internalPort.windowsAddress);
+                    HRESULT hr = InetNtopToHresult(AF_INET6, &addr6->sin6_addr, convertedPort.BindingAddress, sizeof(convertedPort.BindingAddress));
+                    if (FAILED(hr))
+                    {
+                        THROW_HR_MSG(hr, "inet_ntop() failed for AF_INET6 address");
+                    }
+                    convertedPort.Family = AF_INET6;
+                    break;
+                }
+
+                default:
+                    THROW_HR_MSG(E_INVALIDARG, "Unsupported address family: %d", internalPort.windowsAddress->ss_family);
+                }
+            }
+            else
+            {
+                convertedPort.Family = AF_INET;
+                strcpy_s(convertedPort.BindingAddress, "127.0.0.1");
+            }
         }
-        containerOptions.Ports = convertedPorts.get();
+        containerOptions.Ports = convertedPorts.get(); // Make sure convertedPorts stays in scope for life of containerOptions
         containerOptions.PortsCount = static_cast<ULONG>(internalContainerSettings->portsCount);
     }
 
@@ -808,10 +861,15 @@ try
 
     for (uint32_t i = 0; i < portMappingCount; ++i)
     {
-        RETURN_HR_IF(E_NOTIMPL, portMappings[i].windowsAddress != nullptr);
-        RETURN_HR_IF(E_NOTIMPL, portMappings[i].protocol != 0);
+        if (portMappings[i].windowsAddress != nullptr)
+        {
+            const auto family = portMappings[i].windowsAddress->ss_family;
+            RETURN_HR_IF_MSG(
+                E_INVALIDARG, family != AF_INET && family != AF_INET6, "Unsupported address family: %d at port mapping index %u", family, i);
+        }
+        RETURN_HR_IF_MSG(
+            E_NOTIMPL, portMappings[i].protocol != 0, "Unsupported protocol: %d at port mapping index %u", portMappings[i].protocol, i);
     }
-
     internalType->ports = portMappings;
     internalType->portsCount = portMappingCount;
 
diff --git a/test/windows/WslcSdkTests.cpp b/test/windows/WslcSdkTests.cpp
@@ -775,18 +775,18 @@ class WslcSdkTests
 
         // Negative: port mappings with NONE networking must fail at container creation.
         {
-            WslcContainerSettings containerSettings;
-            VERIFY_SUCCEEDED(WslcInitContainerSettings("debian:latest", &containerSettings));
-            VERIFY_SUCCEEDED(WslcSetContainerSettingsNetworkingMode(&containerSettings, WSLC_CONTAINER_NETWORKING_MODE_NONE));
+            WslcContainerSettings containerSettings1;
+            VERIFY_SUCCEEDED(WslcInitContainerSettings("debian:latest", &containerSettings1));
+            VERIFY_SUCCEEDED(WslcSetContainerSettingsNetworkingMode(&containerSettings1, WSLC_CONTAINER_NETWORKING_MODE_NONE));
 
             WslcContainerPortMapping mapping{};
             mapping.windowsPort = 12342;
             mapping.containerPort = 8000;
             mapping.protocol = WSLC_PORT_PROTOCOL_TCP;
-            VERIFY_SUCCEEDED(WslcSetContainerSettingsPortMappings(&containerSettings, &mapping, 1));
+            VERIFY_SUCCEEDED(WslcSetContainerSettingsPortMappings(&containerSettings1, &mapping, 1));
 
             WslcContainer rawContainer = nullptr;
-            VERIFY_ARE_EQUAL(WslcCreateContainer(m_defaultSession, &containerSettings, &rawContainer, nullptr), E_INVALIDARG);
+            VERIFY_ARE_EQUAL(WslcCreateContainer(m_defaultSession, &containerSettings1, &rawContainer, nullptr), E_INVALIDARG);
             VERIFY_IS_NULL(rawContainer);
         }
 
@@ -800,19 +800,19 @@ class WslcSdkTests
             const char* env[] = {"PYTHONUNBUFFERED=1"};
             VERIFY_SUCCEEDED(WslcSetProcessSettingsEnvVariables(&procSettings, env, ARRAYSIZE(env)));
 
-            WslcContainerSettings containerSettings;
-            VERIFY_SUCCEEDED(WslcInitContainerSettings("python:3.12-alpine", &containerSettings));
-            VERIFY_SUCCEEDED(WslcSetContainerSettingsInitProcess(&containerSettings, &procSettings));
-            VERIFY_SUCCEEDED(WslcSetContainerSettingsNetworkingMode(&containerSettings, WSLC_CONTAINER_NETWORKING_MODE_BRIDGED));
+            WslcContainerSettings containerSettings2;
+            VERIFY_SUCCEEDED(WslcInitContainerSettings("python:3.12-alpine", &containerSettings2));
+            VERIFY_SUCCEEDED(WslcSetContainerSettingsInitProcess(&containerSettings2, &procSettings));
+            VERIFY_SUCCEEDED(WslcSetContainerSettingsNetworkingMode(&containerSettings2, WSLC_CONTAINER_NETWORKING_MODE_BRIDGED));
 
             WslcContainerPortMapping mapping{};
             mapping.windowsPort = 12341;
             mapping.containerPort = 8000;
             mapping.protocol = WSLC_PORT_PROTOCOL_TCP;
-            VERIFY_SUCCEEDED(WslcSetContainerSettingsPortMappings(&containerSettings, &mapping, 1));
+            VERIFY_SUCCEEDED(WslcSetContainerSettingsPortMappings(&containerSettings2, &mapping, 1));
 
             UniqueContainer container;
-            VERIFY_SUCCEEDED(WslcCreateContainer(m_defaultSession, &containerSettings, &container, nullptr));
+            VERIFY_SUCCEEDED(WslcCreateContainer(m_defaultSession, &containerSettings2, &container, nullptr));
             VERIFY_SUCCEEDED(WslcStartContainer(container.get(), WSLC_CONTAINER_START_FLAG_ATTACH, nullptr));
 
             UniqueProcess process;
@@ -825,6 +825,105 @@ class WslcSdkTests
 
             ExpectHttpResponse(L"http://127.0.0.1:12341", 200);
         }
+
+        // Functional: port mapping with explicit IPv4 windowsAddress (127.0.0.1).
+        {
+            WslcProcessSettings procSettings;
+            VERIFY_SUCCEEDED(WslcInitProcessSettings(&procSettings));
+            const char* argv[] = {"python3", "-m", "http.server", "8000"};
+            VERIFY_SUCCEEDED(WslcSetProcessSettingsCmdLine(&procSettings, argv, ARRAYSIZE(argv)));
+            const char* env[] = {"PYTHONUNBUFFERED=1"};
+            VERIFY_SUCCEEDED(WslcSetProcessSettingsEnvVariables(&procSettings, env, ARRAYSIZE(env)));
+
+            WslcContainerSettings containerSettings3;
+            VERIFY_SUCCEEDED(WslcInitContainerSettings("python:3.12-alpine", &containerSettings3));
+            VERIFY_SUCCEEDED(WslcSetContainerSettingsInitProcess(&containerSettings3, &procSettings));
+            VERIFY_SUCCEEDED(WslcSetContainerSettingsNetworkingMode(&containerSettings3, WSLC_CONTAINER_NETWORKING_MODE_BRIDGED));
+
+            sockaddr_storage addr4{};
+            auto* sin4 = reinterpret_cast<sockaddr_in*>(&addr4);
+            sin4->sin_family = AF_INET;
+            VERIFY_ARE_EQUAL(inet_pton(AF_INET, "127.0.0.1", &sin4->sin_addr), 1);
+
+            WslcContainerPortMapping mapping{};
+            mapping.windowsPort = 12343;
+            mapping.containerPort = 8000;
+            mapping.protocol = WSLC_PORT_PROTOCOL_TCP;
+            mapping.windowsAddress = &addr4;
+            VERIFY_SUCCEEDED(WslcSetContainerSettingsPortMappings(&containerSettings3, &mapping, 1));
+
+            UniqueContainer container;
+            VERIFY_SUCCEEDED(WslcCreateContainer(m_defaultSession, &containerSettings3, &container, nullptr));
+            VERIFY_SUCCEEDED(WslcStartContainer(container.get(), WSLC_CONTAINER_START_FLAG_ATTACH, nullptr));
+
+            UniqueProcess process;
+            VERIFY_SUCCEEDED(WslcGetContainerInitProcess(container.get(), &process));
+
+            wil::unique_handle ownedStdout;
+            VERIFY_SUCCEEDED(WslcGetProcessIOHandle(process.get(), WSLC_PROCESS_IO_HANDLE_STDOUT, &ownedStdout));
+
+            WaitForOutput(std::move(ownedStdout), "Serving HTTP on", 30s);
+
+            ExpectHttpResponse(L"http://127.0.0.1:12343", 200);
+        }
+
+        // Functional: port mapping with explicit IPv6 windowsAddress (::1).
+        {
+            WslcProcessSettings procSettings;
+            VERIFY_SUCCEEDED(WslcInitProcessSettings(&procSettings));
+            const char* argv[] = {"python3", "-m", "http.server", "8000", "--bind", "::"};
+            VERIFY_SUCCEEDED(WslcSetProcessSettingsCmdLine(&procSettings, argv, ARRAYSIZE(argv)));
+            const char* env[] = {"PYTHONUNBUFFERED=1"};
+            VERIFY_SUCCEEDED(WslcSetProcessSettingsEnvVariables(&procSettings, env, ARRAYSIZE(env)));
+
+            WslcContainerSettings containerSettings4;
+            VERIFY_SUCCEEDED(WslcInitContainerSettings("python:3.12-alpine", &containerSettings4));
+            VERIFY_SUCCEEDED(WslcSetContainerSettingsInitProcess(&containerSettings4, &procSettings));
+            VERIFY_SUCCEEDED(WslcSetContainerSettingsNetworkingMode(&containerSettings4, WSLC_CONTAINER_NETWORKING_MODE_BRIDGED));
+
+            sockaddr_storage addr6{};
+            auto* sin6 = reinterpret_cast<sockaddr_in6*>(&addr6);
+            sin6->sin6_family = AF_INET6;
+            VERIFY_ARE_EQUAL(inet_pton(AF_INET6, "::1", &sin6->sin6_addr), 1);
+
+            WslcContainerPortMapping mapping{};
+            mapping.windowsPort = 12344;
+            mapping.containerPort = 8000;
+            mapping.protocol = WSLC_PORT_PROTOCOL_TCP;
+            mapping.windowsAddress = &addr6;
+            VERIFY_SUCCEEDED(WslcSetContainerSettingsPortMappings(&containerSettings4, &mapping, 1));
+
+            UniqueContainer container;
+            VERIFY_SUCCEEDED(WslcCreateContainer(m_defaultSession, &containerSettings4, &container, nullptr));
+            VERIFY_SUCCEEDED(WslcStartContainer(container.get(), WSLC_CONTAINER_START_FLAG_ATTACH, nullptr));
+
+            UniqueProcess process;
+            VERIFY_SUCCEEDED(WslcGetContainerInitProcess(container.get(), &process));
+
+            wil::unique_handle ownedStdout;
+            VERIFY_SUCCEEDED(WslcGetProcessIOHandle(process.get(), WSLC_PROCESS_IO_HANDLE_STDOUT, &ownedStdout));
+
+            WaitForOutput(std::move(ownedStdout), "Serving HTTP on", 30s);
+
+            ExpectHttpResponse(L"http://[::1]:12344", 200);
+        }
+
+        // Negative: unsupported address family must fail when setting container portmapping values.
+        {
+            WslcContainerSettings containerSettings5;
+            VERIFY_SUCCEEDED(WslcInitContainerSettings("debian:latest", &containerSettings5));
+            VERIFY_SUCCEEDED(WslcSetContainerSettingsNetworkingMode(&containerSettings5, WSLC_CONTAINER_NETWORKING_MODE_BRIDGED));
+
+            sockaddr_storage badAddr{};
+            badAddr.ss_family = AF_UNIX; // unsupported for port mapping
+
+            WslcContainerPortMapping mapping{};
+            mapping.windowsPort = 12345;
+            mapping.containerPort = 8000;
+            mapping.protocol = WSLC_PORT_PROTOCOL_TCP;
+            mapping.windowsAddress = &badAddr;
+            VERIFY_ARE_EQUAL(WslcSetContainerSettingsPortMappings(&containerSettings5, &mapping, 1), E_INVALIDARG);
+        }
     }
 
     WSLC_TEST_METHOD(ContainerVolumeUnit)
