Add static bool field for static port forwarding

Horiodino · Horiodino · commit 34f00b030f20 · 2025-07-11T18:56:36.000+05:30
Signed-off-by: Praful Khanduri &lt;holiodin@gmail.com&gt;
diff --git a/cmd/limactl/editflags/editflags.go b/cmd/limactl/editflags/editflags.go
@@ -97,9 +97,13 @@ func RegisterCreate(cmd *cobra.Command, commentPrefix string) {
 
 	flags.Bool("plain", false, commentPrefix+"Plain mode. Disables mounts, port forwarding, containerd, etc.")
 
-	flags.StringSlice("port-forward", nil, commentPrefix+"Port forwards (host:guest), works even in plain mode, e.g., '8080:80,2222:22'")
+	flags.StringSlice("port-forward", nil, commentPrefix+"Port forwards (host:guest), e.g., '8080:80,2222:22'")
 	_ = cmd.RegisterFlagCompletionFunc("port-forward", func(*cobra.Command, []string, string) ([]string, cobra.ShellCompDirective) {
-		return []string{"8080:80", "2222:22", "3000:3000"}, cobra.ShellCompDirectiveNoFileComp
+		return []string{"8080:80", "3000:3000"}, cobra.ShellCompDirectiveNoFileComp
+	})
+	flags.StringSlice("static-port-forward", nil, commentPrefix+"Static port forwards (host:guest), works even in plain mode, e.g., '8080:80,2222:22'")
+	_ = cmd.RegisterFlagCompletionFunc("static-port-forward", func(*cobra.Command, []string, string) ([]string, cobra.ShellCompDirective) {
+		return []string{"8080:80", "3000:3000"}, cobra.ShellCompDirectiveNoFileComp
 	})
 }
 
@@ -268,25 +272,25 @@ func YQExpressions(flags *flag.FlagSet, newInstance bool) ([]string, error) {
 		{"vm-type", d(".vmType = %q"), true, false},
 		{"plain", d(".plain = %s"), true, false},
 		{
-			"port-forward",
+			"static-port-forward",
 			func(_ *flag.Flag) (string, error) {
-				ss, err := flags.GetStringSlice("port-forward")
+				ss, err := flags.GetStringSlice("static-port-forward")
 				if err != nil {
 					return "", err
 				}
 				if len(ss) == 0 {
 					return "", nil
 				}
 
-				expr := `.portForwards = [`
+				expr := `.portForwards += [`
 				for i, s := range ss {
 					parts := strings.Split(s, ":")
 					if len(parts) != 2 {
-						return "", fmt.Errorf("invalid port forward format %q, expected HOST:GUEST", s)
+						return "", fmt.Errorf("invalid static port forward format %q, expected HOST:GUEST", s)
 					}
 					hostPort := strings.TrimSpace(parts[0])
 					guestPort := strings.TrimSpace(parts[1])
-					expr += fmt.Sprintf(`{"hostPort": %s, "guestPort": %s}`, hostPort, guestPort)
+					expr += fmt.Sprintf(`{"hostPort": %s, "guestPort": %s, "static": true}`, hostPort, guestPort)
 					if i < len(ss)-1 {
 						expr += ","
 					}
diff --git a/pkg/hostagent/hostagent.go b/pkg/hostagent/hostagent.go
@@ -420,11 +420,7 @@ func (a *HostAgent) Info(_ context.Context) (*hostagentapi.Info, error) {
 
 func (a *HostAgent) startHostAgentRoutines(ctx context.Context) error {
 	if *a.instConfig.Plain {
-		if len(a.instConfig.PortForwards) > 0 {
-			logrus.Info("Running in plain mode. Mounts, containerd, etc. will be ignored. Guest agent will not be running. Port forwarding is enabled via static SSH tunnels.")
-		} else {
-			logrus.Info("Running in plain mode. Mounts, port forwarding, containerd, etc. will be ignored. Guest agent will not be running.")
-		}
+		logrus.Info("Running in plain mode. Mounts, dynamic port forwarding, containerd, etc. will be ignored. Guest agent will not be running. Static port forwarding is allowed.")
 	}
 	a.onClose = append(a.onClose, func() error {
 		logrus.Debugf("shutting down the SSH master")
@@ -482,9 +478,14 @@ sudo chown -R "${USER}" /run/host-services`
 			return errors.Join(unlockErrs...)
 		})
 	}
-	if !*a.instConfig.Plain || len(a.instConfig.PortForwards) > 0 && *a.instConfig.Plain {
+
+	if !*a.instConfig.Plain {
 		go a.watchGuestAgentEvents(ctx)
+	} else {
+		logrus.Info("Running in plain mode, skipping guest agent events watcher")
+		a.addStaticPortForwards(ctx)
 	}
+
 	if err := a.waitForRequirements("optional", a.optionalRequirements()); err != nil {
 		errs = append(errs, err)
 	}
@@ -547,25 +548,7 @@ func (a *HostAgent) watchGuestAgentEvents(ctx context.Context) {
 		}
 	}
 
-	if *a.instConfig.Plain {
-		logrus.Debugf("Setting up static TCP port forwarding for plain mode")
-		for _, rule := range a.instConfig.PortForwards {
-			if rule.GuestSocket == "" {
-				guest := &guestagentapi.IPPort{
-					Ip:       rule.GuestIP.String(),
-					Port:     int32(rule.GuestPort),
-					Protocol: rule.Proto,
-				}
-				local, remote := a.portForwarder.forwardingAddresses(guest)
-				if local != "" {
-					logrus.Infof("Setting up static TCP forwarding from %s to %s", remote, local)
-					if err := forwardTCP(ctx, a.sshConfig, a.sshLocalPort, local, remote, verbForward); err != nil {
-						logrus.WithError(err).Warnf("failed to set up static TCP forwarding %s -> %s", remote, local)
-					}
-				}
-			}
-		}
-	}
+	a.addStaticPortForwards(ctx)
 
 	localUnix := filepath.Join(a.instDir, filenames.GuestAgentSock)
 	remoteUnix := "/run/lima-guestagent.sock"
@@ -630,6 +613,27 @@ func (a *HostAgent) watchGuestAgentEvents(ctx context.Context) {
 	}
 }
 
+func (a *HostAgent) addStaticPortForwards(ctx context.Context) {
+	for _, rule := range a.instConfig.PortForwards {
+		if rule.Static {
+			if rule.GuestSocket == "" {
+				guest := &guestagentapi.IPPort{
+					Ip:       rule.GuestIP.String(),
+					Port:     int32(rule.GuestPort),
+					Protocol: rule.Proto,
+				}
+				local, remote := a.portForwarder.forwardingAddresses(guest)
+				if local != "" {
+					logrus.Infof("Setting up static TCP forwarding from %s to %s", remote, local)
+					if err := forwardTCP(ctx, a.sshConfig, a.sshLocalPort, local, remote, verbForward); err != nil {
+						logrus.WithError(err).Warnf("failed to set up static TCP forwarding %s -> %s", remote, local)
+					}
+				}
+			}
+		}
+	}
+}
+
 func isGuestAgentSocketAccessible(ctx context.Context, client *guestagentclient.GuestAgentClient) bool {
 	_, err := client.Info(ctx)
 	return err == nil
diff --git a/pkg/limayaml/defaults.go b/pkg/limayaml/defaults.go
@@ -915,6 +915,7 @@ func fixUpForPlainMode(y *LimaYAML) {
 	if !*y.Plain {
 		return
 	}
+	deleteNonStaticPortForwards(&y.PortForwards)
 	y.Mounts = nil
 	y.Containerd.System = ptr.Of(false)
 	y.Containerd.User = ptr.Of(false)
@@ -923,6 +924,17 @@ func fixUpForPlainMode(y *LimaYAML) {
 	y.TimeZone = ptr.Of("")
 }
 
+// deleteNonStaticPortForwards removes all non-static port forwarding rules in case of Plain mode.
+func deleteNonStaticPortForwards(portForwards *[]PortForward) {
+	staticPortForwards := make([]PortForward, 0, len(*portForwards))
+	for _, rule := range *portForwards {
+		if rule.Static {
+			staticPortForwards = append(staticPortForwards, rule)
+		}
+	}
+	*portForwards = staticPortForwards
+}
+
 func executeGuestTemplate(format, instDir string, user User, param map[string]string) (bytes.Buffer, error) {
 	tmpl, err := template.New("").Parse(format)
 	if err == nil {
diff --git a/pkg/limayaml/defaults_test.go b/pkg/limayaml/defaults_test.go
@@ -762,3 +762,120 @@ func TestContainerdDefault(t *testing.T) {
 	archives := defaultContainerdArchives()
 	assert.Assert(t, len(archives) > 0)
 }
+
+func TestStaticPortForwarding(t *testing.T) {
+	tests := []struct {
+		name     string
+		config   LimaYAML
+		expected []PortForward
+	}{
+		{
+			name: "plain mode with static port forwards",
+			config: LimaYAML{
+				Plain: ptr.Of(true),
+				PortForwards: []PortForward{
+					{
+						GuestPort: 8080,
+						HostPort:  8080,
+						Static:    true,
+					},
+					{
+						GuestPort: 9000,
+						HostPort:  9000,
+						Static:    false,
+					},
+					{
+						GuestPort: 8081,
+						HostPort:  8081,
+					},
+				},
+			},
+			expected: []PortForward{
+				{
+					GuestPort: 8080,
+					HostPort:  8080,
+					Static:    true,
+				},
+			},
+		},
+		{
+			name: "non-plain mode with static port forwards",
+			config: LimaYAML{
+				Plain: ptr.Of(false),
+				PortForwards: []PortForward{
+					{
+						GuestPort: 8080,
+						HostPort:  8080,
+						Static:    true,
+					},
+					{
+						GuestPort: 9000,
+						HostPort:  9000,
+						Static:    false,
+					},
+				},
+			},
+			expected: []PortForward{
+				{
+					GuestPort: 8080,
+					HostPort:  8080,
+					Static:    true,
+				},
+				{
+					GuestPort: 9000,
+					HostPort:  9000,
+					Static:    false,
+				},
+			},
+		},
+		{
+			name: "plain mode with no static port forwards",
+			config: LimaYAML{
+				Plain: ptr.Of(true),
+				PortForwards: []PortForward{
+					{
+						GuestPort: 8080,
+						HostPort:  8080,
+						Static:    false,
+					},
+					{
+						GuestPort: 9000,
+						HostPort:  9000,
+					},
+				},
+			},
+			expected: []PortForward{},
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			fixUpForPlainMode(&tt.config)
+
+			if *tt.config.Plain {
+				for _, pf := range tt.config.PortForwards {
+					if !pf.Static {
+						t.Errorf("Non-static port forward found in plain mode: %+v", pf)
+					}
+				}
+			}
+
+			assert.Equal(t, len(tt.config.PortForwards), len(tt.expected),
+				"Expected %d port forwards, got %d", len(tt.expected), len(tt.config.PortForwards))
+
+			for i, expected := range tt.expected {
+				if i >= len(tt.config.PortForwards) {
+					t.Errorf("Missing port forward at index %d", i)
+					continue
+				}
+				actual := tt.config.PortForwards[i]
+				assert.Equal(t, expected.Static, actual.Static,
+					"Port forward %d: expected Static=%v, got %v", i, expected.Static, actual.Static)
+				assert.Equal(t, expected.GuestPort, actual.GuestPort,
+					"Port forward %d: expected GuestPort=%d, got %d", i, expected.GuestPort, actual.GuestPort)
+				assert.Equal(t, expected.HostPort, actual.HostPort,
+					"Port forward %d: expected HostPort=%d, got %d", i, expected.HostPort, actual.HostPort)
+			}
+		})
+	}
+}
diff --git a/pkg/limayaml/limayaml.go b/pkg/limayaml/limayaml.go
@@ -285,6 +285,7 @@ type PortForward struct {
 	Proto             Proto  `yaml:"proto,omitempty" json:"proto,omitempty"`
 	Reverse           bool   `yaml:"reverse,omitempty" json:"reverse,omitempty"`
 	Ignore            bool   `yaml:"ignore,omitempty" json:"ignore,omitempty"`
+	Static            bool   `yaml:"static,omitempty" json:"static,omitempty"` // if true, the port forward is static and will not be removed when the instance is stopped
 }
 
 type CopyToHost struct {
diff --git a/templates/default.yaml b/templates/default.yaml
@@ -422,7 +422,7 @@ networks:
 
 # Port forwarding rules. Forwarding between ports 22 and ssh.localPort cannot be overridden.
 # Rules are checked sequentially until the first one matches.
-portForwards: null
+#portForwards: null
 # - guestPort: 443
 #   hostIP: "0.0.0.0" # overrides the default value "127.0.0.1"; allows privileged port forwarding
 # # default: hostPort: 443 (same as guestPort)

Original file line number	Diff line number	Diff line change
`@@ -285,6 +285,7 @@ type PortForward struct {`
`285`	`285`	Proto Proto `yaml:"proto,omitempty" json:"proto,omitempty"`
`286`	`286`	Reverse bool `yaml:"reverse,omitempty" json:"reverse,omitempty"`
`287`	`287`	Ignore bool `yaml:"ignore,omitempty" json:"ignore,omitempty"`
	`288`	+ Static bool `yaml:"static,omitempty" json:"static,omitempty"` // if true, the port forward is static and will not be removed when the instance is stopped
`288`	`289`	`}`
`289`	`290`
`290`	`291`	`type CopyToHost struct {`