From 703c4ab274b2671b9fee877302e4375d847e216c Mon Sep 17 00:00:00 2001
From: Roberto Santalla <roberto@santalla.io>
Date: Mon, 10 Jul 2023 14:47:15 +0200
Subject: [PATCH] fixup! cmd: implement changes to
 iptables.TrafficRedirectionSpec error out if attempting to target localhost
 in transparent mode to prevent redirection loop

---
 cmd/agent/commands/grpc.go | 8 ++++++++
 cmd/agent/commands/http.go | 8 ++++++++
 2 files changed, 16 insertions(+)

diff --git a/cmd/agent/commands/grpc.go b/cmd/agent/commands/grpc.go
index 9bc2e4ba..6257ea83 100644
--- a/cmd/agent/commands/grpc.go
+++ b/cmd/agent/commands/grpc.go
@@ -15,6 +15,8 @@ import (
 )
 
 // BuildGrpcCmd returns a cobra command with the specification of the grpc command
+//
+//nolint:funlen
 func BuildGrpcCmd(env runtime.Environment, config *agent.Config) *cobra.Command {
 	disruption := grpc.Disruption{}
 	var duration time.Duration
@@ -34,6 +36,12 @@ func BuildGrpcCmd(env runtime.Environment, config *agent.Config) *cobra.Command
 				return fmt.Errorf("target port for fault injection is required")
 			}
 
+			if transparent && (upstreamHost == "localhost" || upstreamHost == "127.0.0.1") {
+				// When running in transparent mode, the Redirector will also redirect traffic directed to 127.0.0.1 to
+				// the proxy. Using 127.0.0.1 as the proxy upstream would cause a redirection loop.
+				return fmt.Errorf("upstream host cannot be localhost when running in transparent mode")
+			}
+
 			listenAddress := net.JoinHostPort("", fmt.Sprint(port))
 			upstreamAddress := net.JoinHostPort(upstreamHost, fmt.Sprint(targetPort))
 
diff --git a/cmd/agent/commands/http.go b/cmd/agent/commands/http.go
index f57ac6c2..2d11f68a 100644
--- a/cmd/agent/commands/http.go
+++ b/cmd/agent/commands/http.go
@@ -14,6 +14,8 @@ import (
 )
 
 // BuildHTTPCmd returns a cobra command with the specification of the http command
+//
+//nolint:funlen
 func BuildHTTPCmd(env runtime.Environment, config *agent.Config) *cobra.Command {
 	disruption := http.Disruption{}
 	var duration time.Duration
@@ -33,6 +35,12 @@ func BuildHTTPCmd(env runtime.Environment, config *agent.Config) *cobra.Command
 				return fmt.Errorf("target port for fault injection is required")
 			}
 
+			if transparent && (upstreamHost == "localhost" || upstreamHost == "127.0.0.1") {
+				// When running in transparent mode, the Redirector will also redirect traffic directed to 127.0.0.1 to
+				// the proxy. Using 127.0.0.1 as the proxy upstream would cause a redirection loop.
+				return fmt.Errorf("upstream host cannot be localhost when running in transparent mode")
+			}
+
 			listenAddress := net.JoinHostPort("", fmt.Sprint(port))
 			upstreamAddress := "http://" + net.JoinHostPort(upstreamHost, fmt.Sprint(targetPort))