5fbc9e45cc
The following changes are proposed for the iptables proxier:
* There are three places where a string specifying IP:port is parsed
using something like this:
if index := strings.Index(e.endpoint, ":"); index != -1 {
This will fail for IPv6 since V6 addresses contain colons. Also,
the V6 address is expected to be surrounded by square brackets
(i.e. []:). Fix this by replacing call to Index with
call to LastIndex() and stripping out square brackets.
* The String() method for the localPort struct should put square brackets
around IPv6 addresses.
* The logging in the merge() method for proxyServiceMap should put brackets
around IPv6 addresses.
* There are several places where filterRules destination is hardcoded to
/32. This should be a /128 for IPv6 case.
* Add IPv6 unit test cases
fixes #48550
68 lines
2.0 KiB
Go
68 lines
2.0 KiB
Go
/*
|
|
Copyright 2017 The Kubernetes Authors.
|
|
|
|
Licensed under the Apache License, Version 2.0 (the "License");
|
|
you may not use this file except in compliance with the License.
|
|
You may obtain a copy of the License at
|
|
|
|
http://www.apache.org/licenses/LICENSE-2.0
|
|
|
|
Unless required by applicable law or agreed to in writing, software
|
|
distributed under the License is distributed on an "AS IS" BASIS,
|
|
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
See the License for the specific language governing permissions and
|
|
limitations under the License.
|
|
*/
|
|
|
|
package util
|
|
|
|
import (
|
|
"fmt"
|
|
"net"
|
|
"strconv"
|
|
|
|
"github.com/golang/glog"
|
|
)
|
|
|
|
// LocalPort describes a port on specific IP address and protocol
|
|
type LocalPort struct {
|
|
// Description is the identity message of a given local port.
|
|
Description string
|
|
// IP is the IP address part of a given local port.
|
|
// If this string is empty, the port binds to all local IP addresses.
|
|
IP string
|
|
// Port is the port part of a given local port.
|
|
Port int
|
|
// Protocol is the protocol part of a given local port.
|
|
// The value is assumed to be lower-case. For example, "udp" not "UDP", "tcp" not "TCP".
|
|
Protocol string
|
|
}
|
|
|
|
func (lp *LocalPort) String() string {
|
|
ipPort := net.JoinHostPort(lp.IP, strconv.Itoa(lp.Port))
|
|
return fmt.Sprintf("%q (%s/%s)", lp.Description, ipPort, lp.Protocol)
|
|
}
|
|
|
|
// Closeable is an interface around closing an port.
|
|
type Closeable interface {
|
|
Close() error
|
|
}
|
|
|
|
// PortOpener is an interface around port opening/closing.
|
|
// Abstracted out for testing.
|
|
type PortOpener interface {
|
|
OpenLocalPort(lp *LocalPort) (Closeable, error)
|
|
}
|
|
|
|
// RevertPorts is closing ports in replacementPortsMap but not in originalPortsMap. In other words, it only
|
|
// closes the ports opened in this sync.
|
|
func RevertPorts(replacementPortsMap, originalPortsMap map[LocalPort]Closeable) {
|
|
for k, v := range replacementPortsMap {
|
|
// Only close newly opened local ports - leave ones that were open before this update
|
|
if originalPortsMap[k] == nil {
|
|
glog.V(2).Infof("Closing local port %s", k.String())
|
|
v.Close()
|
|
}
|
|
}
|
|
}
|