From 59345a41b7bdb76eb1a32b1890d4ddc917869b18 Mon Sep 17 00:00:00 2001 From: Roberto Santalla Date: Mon, 10 Jul 2023 13:08:02 +0200 Subject: [PATCH] iptables: rename ProxyPort -> ToPort and TargetPort -> FromPort --- cmd/agent/commands/grpc.go | 4 ++-- cmd/agent/commands/http.go | 4 ++-- pkg/iptables/iptables.go | 32 +++++++++++++++++--------------- pkg/iptables/iptables_test.go | 24 ++++++++++++------------ 4 files changed, 33 insertions(+), 31 deletions(-) diff --git a/cmd/agent/commands/grpc.go b/cmd/agent/commands/grpc.go index 334dfab4..9bc2e4ba 100644 --- a/cmd/agent/commands/grpc.go +++ b/cmd/agent/commands/grpc.go @@ -51,8 +51,8 @@ func BuildGrpcCmd(env runtime.Environment, config *agent.Config) *cobra.Command var redirector protocol.TrafficRedirector if transparent { tr := &iptables.TrafficRedirectionSpec{ - TargetPort: targetPort, - ProxyPort: port, + FromPort: targetPort, // Redirect traffic from the application (target) port... + ToPort: port, // to the proxy port. } redirector, err = iptables.NewTrafficRedirector(tr, env.Executor()) diff --git a/cmd/agent/commands/http.go b/cmd/agent/commands/http.go index 6675ae95..f57ac6c2 100644 --- a/cmd/agent/commands/http.go +++ b/cmd/agent/commands/http.go @@ -50,8 +50,8 @@ func BuildHTTPCmd(env runtime.Environment, config *agent.Config) *cobra.Command var redirector protocol.TrafficRedirector if transparent { tr := &iptables.TrafficRedirectionSpec{ - TargetPort: targetPort, - ProxyPort: port, + FromPort: targetPort, // Redirect traffic from the application (target) port... + ToPort: port, // to the proxy port. } redirector, err = iptables.NewTrafficRedirector(tr, env.Executor()) diff --git a/pkg/iptables/iptables.go b/pkg/iptables/iptables.go index 6e78b242..78d0b41c 100644 --- a/pkg/iptables/iptables.go +++ b/pkg/iptables/iptables.go @@ -87,10 +87,12 @@ const resetProxyRule = "INPUT " + // Traffic flowing through the INPUT chain // TrafficRedirectionSpec specifies the redirection of traffic to a destination type TrafficRedirectionSpec struct { - // ProxyPort is the port where the proxy is listening at. - ProxyPort uint - // TargetPort is the port of for the upstream application. - TargetPort uint + // ToPort is the port where the traffic should be redirected to. + // Typically, this would be where a transparent proxy is listening. + ToPort uint + // FromPort is the port of for the upstream application. + // Typically, this would be the original port where the application is listening. + FromPort uint } // trafficRedirect defines an instance of a TrafficRedirector @@ -104,12 +106,12 @@ func NewTrafficRedirector( tr *TrafficRedirectionSpec, executor runtime.Executor, ) (protocol.TrafficRedirector, error) { - if tr.TargetPort == 0 || tr.ProxyPort == 0 { - return nil, fmt.Errorf("TargetPort and ProxyPort must be specified") + if tr.FromPort == 0 || tr.ToPort == 0 { + return nil, fmt.Errorf("FromPort and ToPort must be specified") } - if tr.TargetPort == tr.ProxyPort { - return nil, fmt.Errorf("TargetPort (%d) and ProxyPort (%d) must be different", tr.TargetPort, tr.ProxyPort) + if tr.FromPort == tr.ToPort { + return nil, fmt.Errorf("FromPort (%d) and ToPort (%d) must be different", tr.FromPort, tr.ToPort) } return &redirector{ @@ -122,13 +124,13 @@ func (tr *redirector) redirectRules() []string { return []string{ fmt.Sprintf( redirectLocalRule, - tr.TargetPort, - tr.ProxyPort, + tr.FromPort, + tr.ToPort, ), fmt.Sprintf( redirectExternalRule, - tr.TargetPort, - tr.ProxyPort, + tr.FromPort, + tr.ToPort, ), } } @@ -137,17 +139,17 @@ func (tr *redirector) resetRules() []string { return []string{ fmt.Sprintf( resetLocalRule, - tr.TargetPort, + tr.FromPort, ), fmt.Sprintf( resetExternalRule, - tr.TargetPort, + tr.FromPort, ), } } func (tr *redirector) resetProxyRule() string { - return fmt.Sprintf(resetProxyRule, tr.ProxyPort) + return fmt.Sprintf(resetProxyRule, tr.ToPort) } // execIptables runs performs the specified action ("-A" or "-D") for the supplied rule. diff --git a/pkg/iptables/iptables_test.go b/pkg/iptables/iptables_test.go index 96b6efe9..b0761e1d 100644 --- a/pkg/iptables/iptables_test.go +++ b/pkg/iptables/iptables_test.go @@ -20,16 +20,16 @@ func Test_validateTrafficRedirect(t *testing.T) { { title: "Valid redirect", redirect: TrafficRedirectionSpec{ - TargetPort: 80, - ProxyPort: 8080, + FromPort: 80, + ToPort: 8080, }, expectError: false, }, { title: "Same target and proxy port", redirect: TrafficRedirectionSpec{ - TargetPort: 8080, - ProxyPort: 8080, + FromPort: 8080, + ToPort: 8080, }, expectError: true, }, @@ -77,8 +77,8 @@ func Test_Commands(t *testing.T) { { title: "Start valid redirect", redirect: TrafficRedirectionSpec{ - TargetPort: 80, - ProxyPort: 8080, + FromPort: 80, + ToPort: 8080, }, testFunction: func(tr protocol.TrafficRedirector) error { return tr.Start() @@ -97,8 +97,8 @@ func Test_Commands(t *testing.T) { { title: "Stop active redirect", redirect: TrafficRedirectionSpec{ - TargetPort: 80, - ProxyPort: 8080, + FromPort: 80, + ToPort: 8080, }, testFunction: func(tr protocol.TrafficRedirector) error { return tr.Stop() @@ -117,8 +117,8 @@ func Test_Commands(t *testing.T) { { title: "Error invoking iptables command in Start", redirect: TrafficRedirectionSpec{ - TargetPort: 80, - ProxyPort: 8080, + FromPort: 80, + ToPort: 8080, }, testFunction: func(tr protocol.TrafficRedirector) error { return tr.Start() @@ -131,8 +131,8 @@ func Test_Commands(t *testing.T) { { title: "Error invoking iptables command in Stop", redirect: TrafficRedirectionSpec{ - TargetPort: 80, - ProxyPort: 8080, + FromPort: 80, + ToPort: 8080, }, testFunction: func(tr protocol.TrafficRedirector) error { return tr.Stop()