do-not-merge: virtionet port mapping POC

[OneBlue]

Summary of the Pull Request

PR Checklist

• Closes: Link to issue #xxx
• Communication: I've discussed this with core contributors already. If work hasn't been agreed, this work might be rejected
• Tests: Added/updated if needed and all pass
• Localization: All end user facing strings can be localized
• Dev docs: Added/updated if needed
• Documentation updated: If checked, please file a pull request on our docs repo and link it here: #xxx

Detailed Description of the Pull Request / Additional comments

Validation Steps Performed

[Copilot]

Pull request overview

This PR extends WSLC’s VirtioProxy networking path to support mapping/unmapping ports via the VirtioNetworking engine (including anonymous/ephemeral host ports), and wires container port publishing to use the richer mapping parameters (family/protocol/bind address).

Changes:

• Added new IWSLCVirtualMachine::{MapVirtioNetPort,UnmapVirtioNetPort} APIs and a WSLC_EPHEMERAL_PORT constant.
• Switched WSLC session port mapping in VirtioProxy mode from relay-based mapping to VirtioNetworking-backed mapping (with allocated-port writeback for ephemeral binds).
• Updated container creation to allow UDP, host-IP binds, and ephemeral host ports when publishing ports.

Reviewed changes

Copilot reviewed 8 out of 8 changed files in this pull request and generated 4 comments.

Show a summary per file

File	Description
src/windows/wslcsession/WSLCVirtualMachine.h	Adds VMPortMapping::SetHostPort for allocated-port writeback.
src/windows/wslcsession/WSLCVirtualMachine.cpp	Uses new VirtioNet port mapping APIs in VirtioProxy mode and writes back allocated ephemeral host ports.
src/windows/wslc/services/ContainerService.cpp	Enables UDP/host-IP/ephemeral host port publishing by passing family/protocol/bind address to the launcher.
src/windows/service/inc/wslc.idl	Introduces WSLC_EPHEMERAL_PORT and new IWSLCVirtualMachine virtio port mapping methods.
src/windows/service/exe/HcsVirtualMachine.h	Declares COM method implementations for virtio port mapping/unmapping.
src/windows/service/exe/HcsVirtualMachine.cpp	Implements the new COM methods by delegating to wsl::core::VirtioNetworking.
src/windows/common/VirtioNetworking.h	Adds MapPort/UnmapPort and refactors ModifyOpenPorts to return allocated ports.
src/windows/common/VirtioNetworking.cpp	Implements virtio-backed port map/unmap and ephemeral host port allocation handling.

[Copilot]

VirtioNetworking::UnmapPort ignores the provided ListenAddress (it converts it to wide but then never uses it) and calls ModifyOpenPorts with hostAddress=nullptr. This produces a portString with an empty listen_addr, which is unlikely to match the mapping created by MapPort and may cause unmap to fail or leak the mapping. Pass the same ListenAddress through to ModifyOpenPorts (or, if listen_addr should not be present for allocate=false, update ModifyOpenPorts to omit listen_addr when isOpen==false and ensure unmap uses the expected format).

Suggested change

	ModifyOpenPorts(c_eth0DeviceName, nullptr, HostPort, GuestPort, Protocol, false);
	ModifyOpenPorts(c_eth0DeviceName, listenAddrW.c_str(), HostPort, GuestPort, Protocol, false);

[Copilot]

ModifyOpenPorts always includes a listen_addr field in the options string ("...;listen_addr={}") even when isOpen==false (allocate=false). The comment above indicates listen_addr and allocate=false are mutually exclusive; emitting both (or emitting listen_addr with an empty value) risks breaking close/unmap behavior. Build the options string so listen_addr is only included for open mappings, and use allocate=false without listen_addr for closes if that’s what the guest expects.

[benhillis]

Seems legit

[Copilot]

For ephemeral binds, this interprets IPlan9FileSystem::AddShare's HRESULT success code as S_OK + allocatedPort. This is a nonstandard encoding for HRESULT and could misbehave for success codes like S_FALSE or other non-zero successes. Consider returning the allocated port through an explicit out-param/response channel, or at least range-check that addShareResult is within [S_OK, S_OK + 65535] before decoding.

Suggested change

	if (HostPort == WSLC_EPHEMERAL_PORT && isOpen && SUCCEEDED(addShareResult))
	{
	if (HostPort == WSLC_EPHEMERAL_PORT && isOpen)
	{
	THROW_IF_FAILED_MSG(addShareResult, "Failed to set virtionet port mapping: %ls", portString.c_str());
	constexpr HRESULT c_maxEncodedEphemeralPortResult = S_OK + UINT16_MAX;
	THROW_HR_IF_MSG(
	E_UNEXPECTED,
	addShareResult < S_OK || addShareResult > c_maxEncodedEphemeralPortResult,
	"Unexpected AddShare success code for ephemeral port mapping: 0x%08x (%ls)",
	static_cast<unsigned int>(addShareResult),
	portString.c_str());

[Copilot]

listen_addr is interpolated into a semicolon-delimited options string that gets parsed on the guest side. Since MapVirtioNetPort’s ListenAddress ultimately comes from a caller-supplied string, it would be safer to validate/normalize it to a real IPv4/IPv6 address (e.g., via inet_pton/InetPton) and reject values containing ';' or other delimiters so a malformed address can’t perturb option parsing.

[benhillis]

This is a good start. When can we stop running the port relay wslrelay.exe? I didn’t see a change in configure networking.

[benhillis]

Seems legit

[benhillis]

I think for naming just MapPort and UnmapPort would be better.

[Copilot]

Pull request overview

Copilot reviewed 19 out of 19 changed files in this pull request and generated 9 comments.

[Copilot]

CreateSession’s validation now calls wcslen(Settings->DisplayName) without first validating that Settings->DisplayName is non-null and non-empty. This can AV if a caller passes a null DisplayName, and it also changes behavior by allowing empty names to reach the reserved-name check. Re-introduce a null/empty check (or guard the wcslen calls) before using DisplayName.

Suggested change

	THROW_HR_IF(E_INVALIDARG, Settings->StoragePath != nullptr && wcslen(Settings->StoragePath) == 0);
	THROW_HR_IF(E_INVALIDARG, Settings->StoragePath != nullptr && wcslen(Settings->StoragePath) == 0);
	THROW_HR_IF(E_INVALIDARG, Settings->DisplayName == nullptr || Settings->DisplayName[0] == L'\0');

[Copilot]

The new raw parameter to SessionService::Attach is never used inside the function, so the CLI --raw flag currently has no effect (and may trigger unused-parameter warnings depending on build settings). Either plumb this through to session creation/initialization (e.g., set a feature flag passed to the service) or remove the parameter/flag until it is supported.

[Copilot]

The new Raw argument description is a hard-coded English string, while the surrounding argument descriptions are localized via Localization::WSLCCLI_*. Since this string is user-facing help text, it should follow the repo’s localization pattern (add a localized resource entry and reference it here) to keep CLI help localizable.

Suggested change

	_(Raw, "raw", NO_ALIAS, Kind::Flag, L"Start the session without dockerd or container services") \
	_(Raw, "raw", NO_ALIAS, Kind::Flag, Localization::WSLCCLI_RawArgDescription()) \

[Copilot]

MapPort never populates *AllocatedHostPort for anonymous binds. ModifyOpenPorts can compute an allocated host port (return value), but MapPort currently just calls HandlePortNotification and leaves *AllocatedHostPort as 0, so callers (e.g. WSLCVirtualMachine::MapPort) can’t discover the chosen host port. Plumb the allocated host port back to AllocatedHostPort (and ensure the COM method returns it).

Suggested change

	return HandlePortNotification(ListenAddress, Protocol, GuestPort, true);
	const auto hostPort = INETADDR_PORT(reinterpret_cast<const SOCKADDR*>(&ListenAddress));
	*AllocatedHostPort = ModifyOpenPorts(c_defaultDeviceTag, ListenAddress, hostPort, GuestPort, Protocol, true);
	return S_OK;

[Copilot]

MapVirtioNetPort sets listenAddr.Ipv4.sin_port = HostPort without converting to network byte order. Callers (e.g. VMPortMapping::HostPort/SetHostPort) treat ports as host-order, and INETADDR_PORT expects the stored port to be in network order, so this will produce incorrect ports for non-zero values. Use htons(HostPort) or INETADDR_SET_PORT (and apply the same fix in UnmapVirtioNetPort).

[Copilot]

MountInit is now bind-mounting WSL init into the chroot at {target}/init. However, WSLCEnableCrashDumpCollection/CreateCaptureCrashSymlink in this file still points the crash-capture symlink at /wsl-init (not /init), while the main init path used elsewhere in the repo is /init (LX_INIT_PATH). To avoid breaking crash dump collection in the chroot, align the symlink target with the mounted init path (or ensure /wsl-init is present inside the chroot).

[Copilot]

ModifyOpenPorts always includes listen_addr=... in the options string even when isOpen is false and allocate=false is appended. The comment immediately above indicates listen_addr and allocate=false are mutually exclusive; emitting both risks breaking close/unmap behavior. Build the string so listen_addr is only included for open mappings, and for closes emit allocate=false without listen_addr (matching the expected guest contract).

[Copilot]

HandlePortNotification swallows all failures (catch-all around ModifyOpenPorts calls) and unconditionally returns S_OK. Since MapPort/UnmapPort call into this path, explicit port map/unmap requests can report success even when the guest update failed, leaving the system in an inconsistent state. Consider propagating HRESULTs for explicit operations (or splitting tracked notifications vs explicit map/unmap so explicit calls surface errors).

[Copilot]

UnmapVirtioNetPort also assigns listenAddr.Ipv4.sin_port = HostPort without converting to network byte order, which can cause unmap requests to target the wrong port and leak mappings. Set the port using htons(HostPort) / INETADDR_SET_PORT (consistent with how ports are stored in SOCKADDR_*).