Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add iptables4nattemplate chain element, refactor routelocalnet chain element #467

Merged
merged 2 commits into from
May 13, 2022
Merged

Add iptables4nattemplate chain element, refactor routelocalnet chain element #467

merged 2 commits into from
May 13, 2022

Conversation

rejmond
Copy link

@rejmond rejmond commented May 10, 2022
edited
Loading

Signed-off-by: Sergey Shlyanin sergey.shlyanin@xored.com

Description

  • Add iptables4nattemplate chain client element that apply iptables nat rules on Request and restore them on Close. iptables4nattemplate is as a part of connectioncontextkernel client chain
  • Turn routelocalnet to a client chain element and move it to connectioncontextkernel client chain
  • Add setroutelocalnet chain server element for setting a flag to kernel mechanism

Issue

#463
#464

denis-tingaikin
denis-tingaikin reviewed May 10, 2022
View reviewed changes
Copy link
Member

@denis-tingaikin denis-tingaikin left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think you could be instrested in this

sdk-kernel/pkg/kernel/tools/nshandle/ns_handle.go

Lines 37 to 53 in 0125eaf

func FromURL(urlString string) (handle netns.NsHandle, err error) {
var netNSURL *url.URL
netNSURL, err = url.Parse(urlString)
if err != nil || netNSURL.Scheme != "file" {
return -1, errors.Wrapf(err, "invalid url: %v", urlString)
}
handle, err = netns.GetFromPath(netNSURL.Path)
if err != nil {
return -1, errors.Wrapf(err, "failed to obtain network NS handle")
}
return handle, nil
}
// RunIn runs runner in the given net NS
func RunIn(current, target netns.NsHandle, runner func() error) error {

@rejmond rejmond force-pushed the issue-463 branch 2 times, most recently from a1aedda to 21c1649 Compare May 10, 2022 14:58
@rejmond rejmond marked this pull request as draft May 10, 2022 15:13
@rejmond rejmond marked this pull request as ready for review May 10, 2022 15:14
denis-tingaikin
denis-tingaikin reviewed May 10, 2022
View reviewed changes
pkg/kernel/networkservice/applyiptables4nattemplate/server.go Outdated

// NewServer - returns a new networkservice.NetworkServiceServer that modify IPTables rules
// by mechanism provided template on Request and rollbacks rules changes on Close
func NewServer(options ...Option) networkservice.NetworkServiceServer {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do we really need options if dont have tests for this moment?

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I left it for the future. I agree, it is better to remove unused feature it for now. Done.

@denis-tingaikin
Copy link
Member

@edwarnicke , @rejmond Could we use this https://github.com/coreos/go-iptables/blob/master/iptables/iptables.go?

@edwarnicke
Copy link
Member

@denis-tingaikin Does it simply anything? In the background I think its still just calling iptables, right?

@denis-tingaikin
Copy link
Member

denis-tingaikin commented May 10, 2022
edited
Loading

@edwarnicke yeah, you're right. I looked quickly and didnt check that. Exechelper is looking better to me here.

@edwarnicke
Copy link
Member

@denis-tingaikin I had exactly the same thought you did and looked at this module over the weekend :) . But sometimes you notice details I miss, thus my question :)

@rejmond rejmond force-pushed the issue-463 branch 8 times, most recently from eb7f421 to 279e41b Compare May 10, 2022 17:20
@rejmond rejmond requested a review from edwarnicke May 10, 2022 17:45
denis-tingaikin
denis-tingaikin reviewed May 10, 2022
View reviewed changes
Copy link
Member

@denis-tingaikin denis-tingaikin left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@rejmond Did we test this in real world?

pkg/kernel/networkservice/applyiptables4nattemplate/common.go Outdated
//go:build linux
// +build linux

package applyiptables4nattemplate
Copy link
Member

@denis-tingaikin denis-tingaikin May 10, 2022
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
package applyiptables4nattemplate
package applyiptables

or

Suggested change
package applyiptables4nattemplate
package iptables

I think it could be better.

@rejmond rejmond removed the request for review from edwarnicke May 11, 2022 13:44
@rejmond rejmond force-pushed the issue-463 branch 3 times, most recently from 2b53a6d to 42c13d3 Compare May 11, 2022 15:46
@rejmond rejmond changed the title Add applyiptables4nattemplate chain element Add iptables4nattemplate chain element, refactor routelocalnet chain element May 11, 2022
denis-tingaikin
denis-tingaikin reviewed May 12, 2022
View reviewed changes
pkg/kernel/networkservice/connectioncontextkernel/iptables4nattemplate/common.go Outdated
}

func (m *iptableManagerImpl) Apply(rulesTemplate string) error {
rules := strings.Split(rulesTemplate, ";")
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
rules := strings.Split(rulesTemplate, ";")
rules := strings.Split(rulesTemplate, "\n")

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Apply accepts rules []string now, spliting is no longer required.

denis-tingaikin
denis-tingaikin reviewed May 12, 2022
View reviewed changes
pkg/kernel/networkservice/connectioncontextkernel/iptables4nattemplate/common.go Outdated

for _, rule := range rules {
// Remove possible tabs and spaces from a multistring template
rule = strings.Trim(rule, "\t ")
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
rule = strings.Trim(rule, "\t ")
rule = strings.TrimSpace(rule)

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Removed Trim function at all.

denis-tingaikin
denis-tingaikin reviewed May 12, 2022
View reviewed changes
Copy link
Member

@denis-tingaikin denis-tingaikin left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Added few comments others things are fine for the first step

denis-tingaikin
denis-tingaikin reviewed May 12, 2022
View reviewed changes
pkg/kernel/networkservice/connectioncontextkernel/iptables4nattemplate/client.go Outdated
}

func (c *iptablesClient) Request(ctx context.Context, request *networkservice.NetworkServiceRequest, opts ...grpc.CallOption) (*networkservice.Connection, error) {
ctxMap := metadata.Map(ctx, metadata.IsClient(c))
Copy link
Member

@denis-tingaikin denis-tingaikin May 12, 2022
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We also should consider about closing if someting went wrong

See at example

https://github.com/networkservicemesh/sdk-kernel/blob/main/pkg/kernel/networkservice/connectioncontextkernel/ipcontext/ipaddress/client.go#L69 and https://github.com/networkservicemesh/sdk-kernel/blob/main/pkg/kernel/networkservice/connectioncontextkernel/ipcontext/ipaddress/client.go#L77-L84

@rejmond rejmond force-pushed the issue-463 branch 2 times, most recently from 9bd5e37 to 0023de2 Compare May 12, 2022 17:39
@denis-tingaikin
Copy link
Member

denis-tingaikin commented May 12, 2022
edited
Loading

@rejmond Could you please resolve conflicts? Please just run go get -u github.com/networkservicemesh/sdk@main and commit changes. Thanks.

@rejmond rejmond force-pushed the issue-463 branch 3 times, most recently from 15f1b77 to bac4bfb Compare May 12, 2022 17:58
* Add iptables4nattemplate chain client element to connectioncontextk…
5acbf94 
…ernel chain

* Turn routelocalnet chain element to a client element and move to cmnnectioncontextkernel chain

* Add setroutelocalnet chain server element

Signed-off-by: Sergey Shlyanin <sergey.shlyanin@xored.com>
@denis-tingaikin denis-tingaikin merged commit e0f2b84 into networkservicemesh:main May 13, 2022
nsmbot pushed a commit to networkservicemesh/sdk-sriov that referenced this pull request May 13, 2022
Update go.mod and go.sum to latest version from networkservicemesh/sd…
530af1f 
…k-kernel@main

PR link: networkservicemesh/sdk-kernel#467

Commit: e0f2b84
Author: Denis Tingaikin
Date: 2022-05-13 12:42:28 +0300
Message:
  - Merge pull request #467 from rejmond/issue-463
Signed-off-by: NSMBot <nsmbot@networkservicmesh.io>
nsmbot pushed a commit to networkservicemesh/sdk-vpp that referenced this pull request May 13, 2022
Update go.mod and go.sum to latest version from networkservicemesh/sd…
10965d8 
…k-kernel@main

PR link: networkservicemesh/sdk-kernel#467

Commit: e0f2b84
Author: Denis Tingaikin
Date: 2022-05-13 12:42:28 +0300
Message:
  - Merge pull request #467 from rejmond/issue-463
Signed-off-by: NSMBot <nsmbot@networkservicmesh.io>
This was referenced May 13, 2022
Merged
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@denis-tingaikin denis-tingaikin denis-tingaikin approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@rejmond @denis-tingaikin @edwarnicke