fixup! cmd: implement changes to iptables.TrafficRedirectionSpec

error out if attempting to target localhost in transparent mode to prevent redirection loop
grafana · Jul 10, 2023 · 703c4ab · 703c4ab
1 parent 0495c9b
commit 703c4ab
Show file tree

Hide file tree

Showing 2 changed files with 16 additions and 0 deletions.
diff --git a/cmd/agent/commands/grpc.go b/cmd/agent/commands/grpc.go
@@ -15,6 +15,8 @@ import (
 )
 
 // BuildGrpcCmd returns a cobra command with the specification of the grpc command
+//
+//nolint:funlen
 func BuildGrpcCmd(env runtime.Environment, config *agent.Config) *cobra.Command {
 	disruption := grpc.Disruption{}
 	var duration time.Duration
@@ -34,6 +36,12 @@ func BuildGrpcCmd(env runtime.Environment, config *agent.Config) *cobra.Command
 				return fmt.Errorf("target port for fault injection is required")
 			}
 
+			if transparent && (upstreamHost == "localhost" || upstreamHost == "127.0.0.1") {
+				// When running in transparent mode, the Redirector will also redirect traffic directed to 127.0.0.1 to
+				// the proxy. Using 127.0.0.1 as the proxy upstream would cause a redirection loop.
+				return fmt.Errorf("upstream host cannot be localhost when running in transparent mode")
+			}
+
 			listenAddress := net.JoinHostPort("", fmt.Sprint(port))
 			upstreamAddress := net.JoinHostPort(upstreamHost, fmt.Sprint(targetPort))
 

diff --git a/cmd/agent/commands/http.go b/cmd/agent/commands/http.go
@@ -14,6 +14,8 @@ import (
 )
 
 // BuildHTTPCmd returns a cobra command with the specification of the http command
+//
+//nolint:funlen
 func BuildHTTPCmd(env runtime.Environment, config *agent.Config) *cobra.Command {
 	disruption := http.Disruption{}
 	var duration time.Duration
@@ -33,6 +35,12 @@ func BuildHTTPCmd(env runtime.Environment, config *agent.Config) *cobra.Command
 				return fmt.Errorf("target port for fault injection is required")
 			}
 
+			if transparent && (upstreamHost == "localhost" || upstreamHost == "127.0.0.1") {
+				// When running in transparent mode, the Redirector will also redirect traffic directed to 127.0.0.1 to
+				// the proxy. Using 127.0.0.1 as the proxy upstream would cause a redirection loop.
+				return fmt.Errorf("upstream host cannot be localhost when running in transparent mode")
+			}
+
 			listenAddress := net.JoinHostPort("", fmt.Sprint(port))
 			upstreamAddress := "http://" + net.JoinHostPort(upstreamHost, fmt.Sprint(targetPort))