Skip to content

Add validations to Egress router script #15249

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Jul 29, 2017
Merged

Add validations to Egress router script #15249

merged 2 commits into from
Jul 29, 2017

Conversation

pravisankar
Copy link

  • In case of multiple destinations, ensure unique local port is redirected to each destination
  • Early port validation instead of implicitly depending on iptables

@pravisankar
Copy link
Author

@openshift/networking PTAL

@pravisankar
Copy link
Author

[test]

@pravisankar pravisankar requested review from danwinship and dcbw July 17, 2017 22:17
danwinship
danwinship reviewed Jul 18, 2017
View reviewed changes
Copy link
Contributor

@danwinship danwinship left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, just some minor comments.

images/egress/router/egress-router.sh Outdated
if [[ "${dest}" =~ ^${IP_REGEX}$ ]]; then
# single IP address: do fallback "all ports to same IP"
echo -A PREROUTING -i eth0 -j DNAT --to-destination "${dest}"
did_fallback=1

elif [[ "${dest}" =~ ^${PORT_REGEX}\ +${PROTO_REGEX}\ +${IP_REGEX}$ ]]; then
read localport proto destip <<< "${dest}"
localport_set=1
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

meh... can see here that there's tabs-vs-spaces inconsistency in this file. maybe add another commit fully untabifying?

images/egress/router/egress-router.sh Outdated

fi

if [[ "${localport_set}" == "1" ]]; then
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

you don't really need localport_set; if you just set localport="" at the top of the loop, you could check [[ -n "${localport}" ]] here

images/egress/router/egress-router.sh Outdated
if [[ "${localport_set}" == "1" ]]; then
validate_port ${localport}

if [[ "${used_ports[${localport}]:-x}" == "x" ]]; then
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

you can remove both xs in this line

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Removing x in this line returns used_ports[${localport}]: unbound variable, I guess this is needed because we are using strict mode(set -o nounset).

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Did you remove the :- too? [[ "${used_ports[${localport}]:-}" = "" ]] should work.

[[ -z "${used_ports[${localport}]:-}" ]] would be more idiomatic.

@pravisankar pravisankar force-pushed the egress-router-validations branch from 8e1beba to 8af5df6 Compare July 18, 2017 19:47
@openshift-bot
Copy link
Contributor

Evaluated for origin test up to 8af5df6

@openshift-bot
Copy link
Contributor

continuous-integration/openshift-jenkins/test SUCCESS (https://ci.openshift.redhat.com/jenkins/job/test_pull_request_origin/3242/) (Base Commit: 20e72f7) (PR Branch Commit: 8af5df6)

@pravisankar pravisankar mentioned this pull request Jul 21, 2017
Merged
@openshift-merge-robot openshift-merge-robot added the size/L Denotes a PR that changes 100-499 lines, ignoring generated files. label Jul 24, 2017
@pravisankar pravisankar force-pushed the egress-router-validations branch from 8af5df6 to f4a3e3b Compare July 26, 2017 19:21
@openshift-merge-robot openshift-merge-robot added approved Indicates a PR has been approved by an approver from all required OWNERS files. and removed approved Indicates a PR has been approved by an approver from all required OWNERS files. labels Jul 28, 2017
Ravi Sankar Penta added 2 commits July 28, 2017 15:55
Add validations to Egress router script
0a987e7 
- In case of multiple destinations, ensure unique local port is redirected to each destination
- Early port validation instead of implicitly depending on iptables
Indent egress-router.sh: consistent spacing, convert all tabs to spaces
0dc3ee0
@pravisankar pravisankar force-pushed the egress-router-validations branch from f4a3e3b to 0dc3ee0 Compare July 28, 2017 23:00
@0xmichalis 0xmichalis assigned danwinship and unassigned 0xmichalis Jul 29, 2017
@0xmichalis
Copy link
Contributor

/retest

@0xmichalis 0xmichalis added the lgtm Indicates that a PR is ready to be merged. label Jul 29, 2017
@openshift-merge-robot
Copy link
Contributor

Automatic merge from submit-queue

@openshift-merge-robot openshift-merge-robot merged commit bf18fdb into openshift:master Jul 29, 2017
@0xmichalis 0xmichalis added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Jul 30, 2017
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@danwinship danwinship danwinship left review comments

@Miciah Miciah Miciah left review comments

@dcbw dcbw Awaiting requested review from dcbw

Assignees

@danwinship danwinship

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. component/networking lgtm Indicates that a PR is ready to be merged. size/L Denotes a PR that changes 100-499 lines, ignoring generated files.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
6 participants
@pravisankar @openshift-bot @0xmichalis @openshift-merge-robot @danwinship @Miciah