Add gateway to docker inspect output

Signed-off-by: Mustaeen Ahmed <contact@mustaeen.dev>

add test TestContainerInspectGateway

Signed-off-by: Mustaeen Ahmed <contact@mustaeen.dev>

Fix test issues

Signed-off-by: Mustaeen Ahmed <contact@mustaeen.dev>

Remove container.test

Signed-off-by: Mustaeen Ahmed <contact@mustaeen.dev>

Resolve review and tests

Signed-off-by: Mustaeen Ahmed <contact@mustaeen.dev>

feature: populate NetworkSettings.Gateway and add e2e coverage
Signed-off-by: Mustaeen Ahmed <contact@mustaeen.dev>

Resolve test issues

Signed-off-by: Mustaeen Ahmed <contact@mustaeen.dev>

feature: populate NetworkSettings.Gateway and add e2e coverage
Signed-off-by: Mustaeen Ahmed <contact@mustaeen.dev>

drop unrelated hostsstore changes

Signed-off-by: Mustaeen Ahmed <contact@mustaeen.dev>

Change testing

feature: populate NetworkSettings.Gateway and add e2e coverage

Resolve breaking tests

Add gateway to docker inspect output

Signed-off-by: Mustaeen Ahmed <contact@mustaeen.dev>

Author: must108

cmd/nerdctl/container/container_inspect_linux_test.go

@@ -23,12 +23,14 @@ import (
 	"slices"
 	"strings"
 	"testing"
+	"time"
 
 	"github.com/docker/go-connections/nat"
 	"gotest.tools/v3/assert"
 
 	"github.com/containerd/continuity/testutil/loopback"
 	"github.com/containerd/nerdctl/mod/tigron/expect"
+	"github.com/containerd/nerdctl/mod/tigron/require"
 	"github.com/containerd/nerdctl/mod/tigron/test"
 	"github.com/containerd/nerdctl/mod/tigron/tig"
 
@@ -586,6 +588,83 @@ USER test
 	testCase.Run(t)
 }
 
+func TestContainerInspectGateway(t *testing.T) {
+	testCase := nerdtest.Setup()
+
+	// This test validates nerdctl's inspect conversion path
+	// Running this against Docker would not use this code path
+	testCase.Require = require.All(
+		require.Not(require.Windows),
+		require.Not(nerdtest.Docker),
+		nerdtest.Rootful,
+	)
+
+	// isolated test
+	testCase.NoParallel = true
+
+	testCase.Setup = func(data test.Data, helpers test.Helpers) {
+		helpers.Ensure("network", "create", data.Identifier("net"))
+
+		helpers.Ensure("run", "-d",
+			"--name", data.Identifier("ctr"),
+			"--network", data.Identifier("net"),
+			testutil.CommonImage, "sleep", nerdtest.Infinity)
+
+		nerdtest.EnsureContainerStarted(helpers, data.Identifier("ctr"))
+	}
+
+	testCase.Cleanup = func(data test.Data, helpers test.Helpers) {
+		helpers.Anyhow("rm", "-f", data.Identifier("ctr"))
+		helpers.Anyhow("network", "rm", data.Identifier("net"))
+	}
+
+	testCase.Command = func(data test.Data, helpers test.Helpers) test.TestableCommand {
+		return helpers.Command("container", "inspect", data.Identifier("ctr"))
+	}
+
+	testCase.Expected = func(data test.Data, helpers test.Helpers) *test.Expected {
+		return &test.Expected{
+			ExitCode: 0,
+			Output: func(_ string, t tig.T) {
+				const (
+					maxAttempts = 60
+					wait        = 500 * time.Millisecond
+				)
+
+				// if network metadata lags, resolve expected gateway with retries
+				expectedGateway := ""
+				for i := 0; i < maxAttempts; i++ {
+					netInspect := nerdtest.InspectNetwork(helpers, data.Identifier("net"))
+					if len(netInspect.IPAM.Config) > 0 && netInspect.IPAM.Config[0].Gateway != "" {
+						expectedGateway = netInspect.IPAM.Config[0].Gateway
+						break
+					}
+
+					time.Sleep(wait)
+				}
+				assert.Assert(t, expectedGateway != "")
+
+				lastGateway := ""
+				for i := 0; i < maxAttempts; i++ {
+					ctrInspect := nerdtest.InspectContainer(helpers, data.Identifier("ctr"))
+					assert.Assert(t, ctrInspect.NetworkSettings != nil)
+
+					lastGateway = ctrInspect.NetworkSettings.Gateway
+					if lastGateway == expectedGateway {
+						return
+					}
+
+					time.Sleep(wait)
+				}
+
+				assert.Equal(t, lastGateway, expectedGateway)
+			},
+		}
+	}
+
+	testCase.Run(t)
+}
+
 type hostConfigValues struct {
 	Driver       string
 	ShmSize      int64

pkg/containerinspector/containerinspector_linux.go

@@ -23,6 +23,7 @@ import (
 	"strings"
 
 	"github.com/containernetworking/plugins/pkg/ns"
+	"github.com/vishvananda/netlink"
 
 	"github.com/containerd/nerdctl/v2/pkg/inspecttypes/native"
 )
@@ -55,6 +56,10 @@ func InspectNetNS(ctx context.Context, pid int) (*native.NetNS, error) {
 			res.Interfaces[i] = x
 		}
 		res.PrimaryInterface = determinePrimaryInterface(res.Interfaces)
+		routes, err := netlink.RouteList(nil, netlink.FAMILY_V4)
+		if err == nil {
+			res.Gateway = selectDefaultGateway(routes, res.PrimaryInterface)
+		}
 		return nil
 	}
 	if err := ns.WithNetNSPath(nsPath, fn); err != nil {
@@ -73,3 +78,27 @@ func determinePrimaryInterface(interfaces []native.NetInterface) int {
 	}
 	return 0
 }
+
+func selectDefaultGateway(routes []netlink.Route, primaryIfIndex int) string {
+	for _, route := range routes {
+		if route.Dst != nil || route.Gw == nil {
+			continue
+		}
+		if route.Gw.To4() == nil {
+			continue
+		}
+		if route.LinkIndex == primaryIfIndex {
+			return route.Gw.String()
+		}
+	}
+	for _, route := range routes {
+		if route.Dst != nil || route.Gw == nil {
+			continue
+		}
+		if route.Gw.To4() == nil {
+			continue
+		}
+		return route.Gw.String()
+	}
+	return ""
+}

pkg/inspecttypes/dockercompat/dockercompat.go

@@ -281,7 +281,7 @@ type CPUSettings struct {
 // DefaultNetworkSettings is from https://github.com/moby/moby/blob/v20.10.1/api/types/types.go#L405-L414
 type DefaultNetworkSettings struct {
 	// TODO EndpointID          string // EndpointID uniquely represents a service endpoint in a Sandbox
-	// TODO Gateway             string // Gateway holds the gateway address for the network
+	Gateway             string // Gateway holds the gateway address for the network
 	GlobalIPv6Address   string // GlobalIPv6Address holds network's global IPv6 address
 	GlobalIPv6PrefixLen int    // GlobalIPv6PrefixLen represents mask length of network's global IPv6 address
 	IPAddress           string // IPAddress holds the IPv4 address for the network
@@ -743,6 +743,7 @@ func networkSettingsFromNative(n *native.NetNS, _ *specs.Spec) (*NetworkSettings
 		}
 
 	}
+	res.DefaultNetworkSettings.Gateway = n.Gateway
 	if primary != nil {
 		res.DefaultNetworkSettings.MacAddress = primary.MacAddress
 		res.DefaultNetworkSettings.IPAddress = primary.IPAddress

pkg/inspecttypes/dockercompat/dockercompat_test.go

@@ -401,6 +401,7 @@ func TestNetworkSettingsFromNative(t *testing.T) {
 		{
 			name: "Given NetNS with single Interface with Port Annotation, Return populated NetworkSettings",
 			n: &native.NetNS{
+				Gateway: "10.0.4.1",
 				Interfaces: []native.NetInterface{
 					{
 						Interface: net.Interface{
@@ -427,6 +428,9 @@ func TestNetworkSettingsFromNative(t *testing.T) {
 				Annotations: map[string]string{},
 			},
 			expected: &NetworkSettings{
+				DefaultNetworkSettings: DefaultNetworkSettings{
+					Gateway: "10.0.4.1",
+				},
 				Ports: &nat.PortMap{
 					nat.Port("77/tcp"): []nat.PortBinding{
 						{
@@ -449,6 +453,7 @@ func TestNetworkSettingsFromNative(t *testing.T) {
 		{
 			name: "Given NetNS with single Interface without Port Annotations, Return valid NetworkSettings w/ empty Ports",
 			n: &native.NetNS{
+				Gateway: "10.0.4.1",
 				Interfaces: []native.NetInterface{
 					{
 						Interface: net.Interface{
@@ -467,6 +472,9 @@ func TestNetworkSettingsFromNative(t *testing.T) {
 				Annotations: map[string]string{},
 			},
 			expected: &NetworkSettings{
+				DefaultNetworkSettings: DefaultNetworkSettings{
+					Gateway: "10.0.4.1",
+				},
 				Ports: &nat.PortMap{},
 				Networks: map[string]*NetworkEndpointSettings{
 					"unknown-eth0.100": {

pkg/inspecttypes/native/container.go

@@ -44,6 +44,7 @@ type NetNS struct {
 	// Zero means unset.
 	PrimaryInterface int            `json:"PrimaryInterface,omitempty"`
 	Interfaces       []NetInterface `json:"Interfaces,omitempty"`
+	Gateway          string         `json:"Gateway,omitempty"`
 	PortMappings     []cni.PortMapping
 }