podman ps: output unreadable with many exposed ports

Issue Description

After a recent upgrade from 5.0.3 to 5.1.0, I noticed that podman ps is unreadable. This is due to my FreeSWITCH container, which uses a macvlan network and has many exposed ports (see here). Prior to 5.1, this and other containers using macvlan networks would not list any ports at all.

This appears to be intended behaviour introduced by PR https://github.com/containers/podman/pull/22319 Is it possible to add a flag to mute port information for macvlan containers?

Steps to reproduce the issue

Steps to reproduce the issue...using adguardhome as an example:

$ sudo podman network create -d macvlan adguard
$ sudo podman run -d --network adguard docker.io/adguard/adguardhome:latest
$ sudo podman ps
CONTAINER ID  IMAGE                                 COMMAND               CREATED         STATUS         PORTS                                                                                                                         NAMES
55463e58fa91  docker.io/adguard/adguardhome:latest  --no-check-update...  26 minutes ago  Up 26 minutes  53/udp, 53/tcp, 67/udp, 68/udp, 80/tcp, 443/tcp, 443/udp, 853/tcp, 853/udp, 3000/tcp, 3000/udp, 5443/udp, 5443/tcp, 6060/tcp  adguardhome

Describe the results you received

$ sudo podman ps
CONTAINER ID  IMAGE                                 COMMAND               CREATED         STATUS         PORTS                                                                                                                         NAMES
55463e58fa91  docker.io/adguard/adguardhome:latest  --no-check-update...  26 minutes ago  Up 26 minutes  53/udp, 53/tcp, 67/udp, 68/udp, 80/tcp, 443/tcp, 443/udp, 853/tcp, 853/udp, 3000/tcp, 3000/udp, 5443/udp, 5443/tcp, 6060/tcp  adguardhome

Describe the results you expected

$ sudo podman ps
CONTAINER ID  IMAGE                                 COMMAND               CREATED         STATUS         PORTS         NAMES
55463e58fa91  docker.io/adguard/adguardhome:latest  --no-check-update...  26 minutes ago  Up 26 minutes                adguardhome

podman info output

host:
  arch: amd64
  buildahVersion: 1.36.0
  cgroupControllers:
  - cpu
  - memory
  - pids
  cgroupManager: systemd
  cgroupVersion: v2
  conmon:
    package: conmon-2.1.10-1.fc40.x86_64
    path: /usr/bin/conmon
    version: 'conmon version 2.1.10, commit: '
  cpuUtilization:
    idlePercent: 98.77
    systemPercent: 0.61
    userPercent: 0.61
  cpus: 4
  databaseBackend: boltdb
  distribution:
    distribution: fedora
    variant: coreos
    version: "40"
  eventLogger: journald
  freeLocks: 2045
  hostname: falcon
  idMappings:
    gidmap:
    - container_id: 0
      host_id: 1000
      size: 1
    - container_id: 1
      host_id: 100000
      size: 65536
    uidmap:
    - container_id: 0
      host_id: 1000
      size: 1
    - container_id: 1
      host_id: 100000
      size: 65536
  kernel: 6.8.11-300.fc40.x86_64
  linkmode: dynamic
  logDriver: journald
  memFree: 9361956864
  memTotal: 12185284608
  networkBackend: netavark
  networkBackendInfo:
    backend: netavark
    dns:
      package: aardvark-dns-1.11.0-1.fc40.x86_64
      path: /usr/libexec/podman/aardvark-dns
      version: aardvark-dns 1.11.0
    package: netavark-1.11.0-1.fc40.x86_64
    path: /usr/libexec/podman/netavark
    version: netavark 1.11.0
  ociRuntime:
    name: crun
    package: crun-1.15-1.fc40.x86_64
    path: /usr/bin/crun
    version: |-
      crun version 1.15
      commit: e6eacaf4034e84185fd8780ac9262bbf57082278
      rundir: /run/user/1000/crun
      spec: 1.0.0
      +SYSTEMD +SELINUX +APPARMOR +CAP +SECCOMP +EBPF +CRIU +LIBKRUN +WASM:wasmedge +YAJL
  os: linux
  pasta:
    executable: /usr/bin/pasta
    package: passt-0^20240510.g7288448-1.fc40.x86_64
    version: |
      pasta 0^20240510.g7288448-1.fc40.x86_64
      Copyright Red Hat
      GNU General Public License, version 2 or later
        <https://www.gnu.org/licenses/old-licenses/gpl-2.0.html>
      This is free software: you are free to change and redistribute it.
      There is NO WARRANTY, to the extent permitted by law.
  remoteSocket:
    exists: false
    path: /run/user/1000/podman/podman.sock
  rootlessNetworkCmd: pasta
  security:
    apparmorEnabled: false
    capabilities: CAP_CHOWN,CAP_DAC_OVERRIDE,CAP_FOWNER,CAP_FSETID,CAP_KILL,CAP_NET_BIND_SERVICE,CAP_SETFCAP,CAP_SETGID,CAP_SETPCAP,CAP_SETUID,CAP_SYS_CHROOT
    rootless: true
    seccompEnabled: true
    seccompProfilePath: /usr/share/containers/seccomp.json
    selinuxEnabled: true
  serviceIsRemote: false
  slirp4netns:
    executable: /usr/bin/slirp4netns
    package: slirp4netns-1.2.2-2.fc40.x86_64
    version: |-
      slirp4netns version 1.2.2
      commit: 0ee2d87523e906518d34a6b423271e4826f71faf
      libslirp: 4.7.0
      SLIRP_CONFIG_VERSION_MAX: 4
      libseccomp: 2.5.5
  swapFree: 0
  swapTotal: 0
  uptime: 22h 45m 49.00s (Approximately 0.92 days)
  variant: ""
plugins:
  authorization: null
  log:
  - k8s-file
  - none
  - passthrough
  - journald
  network:
  - bridge
  - macvlan
  - ipvlan
  volume:
  - local
registries:
  search:
  - registry.fedoraproject.org
  - registry.access.redhat.com
  - docker.io
store:
  configFile: /var/home/core/.config/containers/storage.conf
  containerStore:
    number: 2
    paused: 0
    running: 2
    stopped: 0
  graphDriverName: overlay
  graphOptions: {}
  graphRoot: /var/home/core/.local/share/containers/storage
  graphRootAllocated: 511561764864
  graphRootUsed: 21785911296
  graphStatus:
    Backing Filesystem: xfs
    Native Overlay Diff: "true"
    Supports d_type: "true"
    Supports shifting: "false"
    Supports volatile: "true"
    Using metacopy: "false"
  imageCopyTmpDir: /var/tmp
  imageStore:
    number: 5
  runRoot: /run/user/1000/containers
  transientStore: false
  volumePath: /var/home/core/.local/share/containers/storage/volumes
version:
  APIVersion: 5.1.0
  Built: 1716940800
  BuiltTime: Wed May 29 00:00:00 2024
  GitCommit: ""
  GoVersion: go1.22.3
  Os: linux
  OsArch: linux/amd64
  Version: 5.1.0

Podman in a container

Privileged Or Rootless

Privileged

Upstream Latest Release

Additional environment details

Additional information

Additional information like issue happens only occasionally or issue happens with a particular architecture or on a particular setting

Yeah it doesn't look very nice, to be honest I still don't understand why this is shown at all in docker... Adding a new cli options seems awkward (would you actual remember to type this?). Having to use a special option every time is not great. Also why should this be specific to macvlan? This effects all modes in the same way. Maybe we should add a containers.conf to turn this off? This way it would only need to be set once on the host.

One other option is to trim off ports when the result string length is greater than 20 (or some other number?). This is already done for the command field. But that would not be fully compatible with docker.

I noticed one other problem though we do not merge ranges for exposed ports, docker does. That is certainly something that has to be fixed.

Yeah it doesn't look very nice, to be honest I still don't understand why this is shown at all in docker... Adding a new cli options seems awkward (would you actual remember to type this?). Having to use a special option every time is not great. Also why should this be specific to macvlan? This effects all modes in the same way. Maybe we should add a containers.conf to turn this off? This way it would only need to be set once on the host.

Yes. An option in containers.conf to default to the Podman ps output prior to 5.1 would be an excellent idea.

Regarding macvlan. It's just where I noticed the change the most, seeing how the output went from nothing to a wall of text.

One other option is to trim off ports when the result string length is greater than 20 (or some other number?). This is already done for the command field. But that would not be fully compatible with docker.

I noticed one other problem though we do not merge ranges for exposed ports, docker does. That is certainly something that has to be fixed.

This would clean things up substantially. I don't use Docker, so I didn't realize it grouped ports into ranges.

I noticed one other problem though we do not merge ranges for exposed ports, docker does. That is certainly something that has to be fixed.

This would clean things up substantially. I don't use Docker, so I didn't realize it grouped ports into ranges.

Well given you example this would not help much only 67/udp, 68/udp would be grouped into 67-68/udp

Well given you example this would not help much only 67/udp, 68/udp would be grouped into 67-68/udp

True, that wasn't the best example. The FreeSWITCH example I referenced first was much better. It's just that I couldn't link to a public image for demo purposes.

This is just a small sample of the wall of text I was referring to:

65235/udp, 65236/udp, 65237/udp, 65238/udp, 65239/udp, 65240/udp, 65241/udp, 65242/udp, 65243/udp, 65244/udp, 65245/udp, 65246/udp, 65247/udp, 65248/udp, 65249/udp, 65250/udp, 65251/udp, 65252/udp, 65253/udp, 65254/udp, 65255/udp, 65256/udp, 65257/udp, 65258/udp, 65259/udp, 65260/udp, 65261/udp, 65262/udp, 65263/udp, 65264/udp, 65265/udp, 65266/udp, 65267/udp, 65268/udp, 65269/udp, 65270/udp, 65271/udp, 65272/udp, 65273/udp, 65274/udp, 65275/udp, 65276/udp, 65277/udp, 65278/udp, 65279/udp, 65280/udp, 65281/udp, 65282/udp, 65283/udp, 65284/udp, 65285/udp, 65286/udp, 65287/udp, 65288/udp, 65289/udp, 65290/udp, 65291/udp, 65292/udp, 65293/udp, 65294/udp, 65295/udp, 65296/udp, 65297/udp, 65298/udp, 65299/udp, 65300/udp, 65301/udp, 65302/udp, 65303/udp, 65304/udp, 65305/udp, 65306/udp, 65307/udp, 65308/udp, 65309/udp, 65310/udp, 65311/udp, 65312/udp, 65313/udp, 65314/udp, 65315/udp, 65316/udp, 65317/udp, 65318/udp, 65319/udp, 65320/udp, 65321/udp, 65322/udp, 65323/udp, 65324/udp, 65325/udp, 65326/udp, 65327/udp, 65328/udp, 65329/udp, 65330/udp, 65331/udp, 65332/udp, 65333/udp, 65334/udp, 65335/udp, 65336/udp, 65337/udp, 65338/udp, 65339/udp, 65340/udp, 65341/udp, 65342/udp, 65343/udp, 65344/udp, 65345/udp, 65346/udp, 65347/udp, 65348/udp, 65349/udp, 65350/udp, 65351/udp, 65352/udp, 65353/udp, 65354/udp, 65355/udp, 65356/udp, 65357/udp, 65358/udp, 65359/udp, 65360/udp, 65361/udp, 65362/udp, 65363/udp, 65364/udp, 65365/udp, 65366/udp, 65367/udp, 65368/udp, 65369/udp, 65370/udp, 65371/udp, 65372/udp, 65373/udp, 65374/udp, 65375/udp, 65376/udp, 65377/udp, 65378/udp, 65379/udp, 65380/udp, 65381/udp, 65382/udp, 65383/udp, 65384/udp, 65385/udp, 65386/udp, 65387/udp, 65388/udp, 65389/udp, 65390/udp, 65391/udp, 65392/udp, 65393/udp, 65394/udp, 65395/udp, 65396/udp, 65397/udp, 65398/udp, 65399/udp, 65400/udp, 65401/udp, 65402/udp, 65403/udp, 65404/udp, 65405/udp, 65406/udp, 65407/udp, 65408/udp, 65409/udp, 65410/udp, 65411/udp, 65412/udp, 65413/udp, 65414/udp, 65415/udp, 65416/udp, 65417/udp, 65418/udp, 65419/udp, 65420/udp, 65421/udp, 65422/udp, 65423/udp, 65424/udp, 65425/udp, 65426/udp, 65427/udp, 65428/udp, 65429/udp, 65430/udp, 65431/udp, 65432/udp, 65433/udp, 65434/udp, 65435/udp, 65436/udp, 65437/udp, 65438/udp, 65439/udp, 65440/udp, 65441/udp, 65442/udp, 65443/udp, 65444/udp, 65445/udp, 65446/udp, 65447/udp, 65448/udp, 65449/udp, 65450/udp, 65451/udp, 65452/udp, 65453/udp, 65454/udp, 65455/udp, 65456/udp, 65457/udp, 65458/udp, 65459/udp, 65460/udp, 65461/udp, 65462/udp, 65463/udp, 65464/udp, 65465/udp, 65466/udp, 65467/udp, 65468/udp, 65469/udp, 65470/udp, 65471/udp, 65472/udp, 65473/udp, 65474/udp, 65475/udp, 65476/udp, 65477/udp, 65478/udp, 65479/udp, 65480/udp, 65481/udp, 65482/udp, 65483/udp, 65484/udp, 65485/udp, 65486/udp, 65487/udp, 65488/udp, 65489/udp, 65490/udp, 65491/udp, 65492/udp, 65493/udp, 65494/udp, 65495/udp, 65496/udp, 65497/udp, 65498/udp, 65499/udp, 65500/udp, 65501/udp, 65502/udp, 65503/udp, 65504/udp, 65505/udp, 65506/udp, 65507/udp, 65508/udp, 65509/udp, 65510/udp, 65511/udp, 65512/udp, 65513/udp, 65514/udp, 65515/udp, 65516/udp, 65517/udp, 65518/udp, 65519/udp, 65520/udp, 65521/udp, 65522/udp, 65523/udp, 65524/udp, 65525/udp, 65526/udp, 65527/udp, 65528/udp, 65529/udp, 65530/udp, 65531/udp, 65532/udp, 65533/udp, 65534/udp, 65535/udp systemd-freeswitch

I did attempt a fix, which does work, however I'm sure the code quality is not up to par for this project: https://github.com/containers/podman/compare/main...skyblaster:podman:exposed-port-ranges-ps

This brings up another area that could benefit from grouping. Here's a snippet from podman image inspect freeswitch:

"Config": {
               "ExposedPorts": {
                    "16384-32768/udp": {},
                    "5060/tcp": {},
                    "5060/udp": {},
                    "5061/tcp": {},
                    "5061/udp": {},
                    "5066/tcp": {},
                    "5080/tcp": {},
                    "5080/udp": {},
                    "5081/tcp": {},
                    "5081/udp": {},
                    "64535-65535/udp": {},
                    "7443/tcp": {},
                    "8021/tcp": {},
                    "8081/tcp": {},
                    "8082/tcp": {}
               },

Which is very different from the non-grouped output of podman inspect systemd-freeswitch:

               "Ports": {
                    "16384/udp": null,
                    "16385/udp": null,
                    "16386/udp": null,
                    "16387/udp": null,
                    "16388/udp": null,
                    "16389/udp": null,
                    ...
                    ...
                    ...
                    "65519/udp": null,
                    "65520/udp": null,
                    "65521/udp": null,
                    "65522/udp": null,
                    "65523/udp": null,
                    "65524/udp": null,
                    "65525/udp": null,
                    "65526/udp": null,
                    "65527/udp": null,
                    "65528/udp": null,
                    "65529/udp": null,
                    "65530/udp": null,
                    "65531/udp": null,
                    "65532/udp": null,
                    "65533/udp": null,
                    "65534/udp": null,
                    "65535/udp": null,
                    "7443/tcp": null,
                    "8021/tcp": null,
                    "8081/tcp": null,
                    "8082/tcp": null
               },

I believe the podman inspect output must be that way for docker compat, they do not group port ranges there AFAIK.

containers / podman