github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-09-09 05:01:46 +00:00
Code Issues Projects Releases Wiki Activity

Implement UDP proxying in kube-proxy

Browse Source
This commit is contained in:
Tim Hockin
2014-09-11 09:00:06 -07:00
parent cad6122fe4
commit 38416f6a23
3 changed files with 435 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

177
pkg/proxy/proxier.go
View File

@@ -39,16 +39,22 @@ type serviceInfo struct {
active bool active bool
} }
// How long we wait for a connection to a backend.
const endpointDialTimeout = 5 * time.Second
// Abstraction over TCP/UDP sockets which are proxied. // Abstraction over TCP/UDP sockets which are proxied.
type proxySocket interface { type proxySocket interface {
// Addr gets the net.Addr for a proxySocket. // Addr gets the net.Addr for a proxySocket.
Addr() net.Addr Addr() net.Addr
// Close stops the proxySocket from accepting incoming connections. // Close stops the proxySocket from accepting incoming connections. Each implementation should comment
// on the impact of calling Close while sessions are active.
Close() error Close() error
// ProxyLoop proxies incoming connections for the specified service to the service endpoints. // ProxyLoop proxies incoming connections for the specified service to the service endpoints.
ProxyLoop(service string, proxier *Proxier) ProxyLoop(service string, proxier *Proxier)
} }
// tcpProxySocket implements proxySocket. Close() is implemented by net.Listener. When Close() is called,
// no new connections are allowed but existing connections are left untouched.
type tcpProxySocket struct { type tcpProxySocket struct {
net.Listener net.Listener
} }
@@ -73,7 +79,7 @@ func (tcp *tcpProxySocket) ProxyLoop(service string, proxier *Proxier) {
glog.Errorf("Accept failed: %v", err) glog.Errorf("Accept failed: %v", err)
continue continue
} }
glog.Infof("Accepted connection from %v to %v", inConn.RemoteAddr(), inConn.LocalAddr()) glog.Infof("Accepted TCP connection from %v to %v", inConn.RemoteAddr(), inConn.LocalAddr())
endpoint, err := proxier.loadBalancer.NextEndpoint(service, inConn.RemoteAddr()) endpoint, err := proxier.loadBalancer.NextEndpoint(service, inConn.RemoteAddr())
if err != nil { if err != nil {
glog.Errorf("Couldn't find an endpoint for %s %v", service, err) glog.Errorf("Couldn't find an endpoint for %s %v", service, err)
@@ -83,7 +89,7 @@ func (tcp *tcpProxySocket) ProxyLoop(service string, proxier *Proxier) {
glog.Infof("Mapped service %s to endpoint %s", service, endpoint) glog.Infof("Mapped service %s to endpoint %s", service, endpoint)
// TODO: This could spin up a new goroutine to make the outbound connection, // TODO: This could spin up a new goroutine to make the outbound connection,
// and keep accepting inbound traffic. // and keep accepting inbound traffic.
outConn, err := net.DialTimeout("tcp", endpoint, time.Duration(5)*time.Second) outConn, err := net.DialTimeout("tcp", endpoint, endpointDialTimeout)
if err != nil { if err != nil {
// TODO: Try another endpoint? // TODO: Try another endpoint?
glog.Errorf("Dial failed: %v", err) glog.Errorf("Dial failed: %v", err)
@@ -103,15 +109,160 @@ func proxyTCP(in, out *net.TCPConn) {
go copyBytes(out, in) go copyBytes(out, in)
} }
func newProxySocket(protocol string, addr string, port int) (proxySocket, error) { // udpProxySocket implements proxySocket. Close() is implemented by net.UDPConn. When Close() is called,
// no new connections are allowed and existing connections are broken.
// TODO: We could lame-duck this ourselves, if it becomes important.
type udpProxySocket struct {
*net.UDPConn
}
func (udp *udpProxySocket) Addr() net.Addr {
return udp.LocalAddr()
}
// Holds all the known UDP clients that have not timed out.
type clientCache struct {
mu sync.Mutex
clients map[string]net.Conn // addr string -> connection
}
func newClientCache() *clientCache {
return &clientCache{clients: map[string]net.Conn{}}
}
// How long we leave idle UDP connections open.
const udpIdleTimeout = 1 * time.Minute
func (udp *udpProxySocket) ProxyLoop(service string, proxier *Proxier) {
info, found := proxier.getServiceInfo(service)
if !found {
glog.Errorf("Failed to find service: %s", service)
return
}
activeClients := newClientCache()
var buffer [4096]byte // 4KiB should be enough for most whole-packets
for {
info.mu.Lock()
if !info.active {
info.mu.Unlock()
break
}
info.mu.Unlock()
// Block until data arrives.
// TODO: Accumulate a histogram of n or something, to fine tune the buffer size.
n, cliAddr, err := udp.ReadFrom(buffer[0:])
if err != nil {
if e, ok := err.(net.Error); ok {
if e.Temporary() {
glog.Infof("ReadFrom had a temporary failure: %v", err)
continue
}
}
glog.Errorf("ReadFrom failed, exiting ProxyLoop: %v", err)
break
}
// If this is a client we know already, reuse the connection and goroutine.
activeClients.mu.Lock()
svrConn, found := activeClients.clients[cliAddr.String()]
if !found {
// TODO: This could spin up a new goroutine to make the outbound connection,
// and keep accepting inbound traffic.
glog.Infof("New UDP connection from %s", cliAddr)
endpoint, err := proxier.loadBalancer.NextEndpoint(service, cliAddr)
if err != nil {
glog.Errorf("Couldn't find an endpoint for %s %v", service, err)
activeClients.mu.Unlock()
continue
}
glog.Infof("Mapped service %s to endpoint %s", service, endpoint)
svrConn, err = net.DialTimeout("udp", endpoint, endpointDialTimeout)
if err != nil {
// TODO: Try another endpoint?
glog.Errorf("Dial failed: %v", err)
activeClients.mu.Unlock()
continue
}
activeClients.clients[cliAddr.String()] = svrConn
go udp.proxyClient(cliAddr, svrConn, activeClients)
}
activeClients.mu.Unlock()
// TODO: It would be nice to let the goroutine handle this write, but we don't
// really want to copy the buffer. We could do a pool of buffers or something.
_, err = svrConn.Write(buffer[0:n])
if err != nil {
if !logTimeout(err) {
glog.Errorf("Write failed: %v", err)
// TODO: Maybe tear down the goroutine for this client/server pair?
}
continue
}
svrConn.SetDeadline(time.Now().Add(udpIdleTimeout))
if err != nil {
glog.Errorf("SetDeadline failed: %v", err)
continue
}
}
}
// This function is expected to be called as a goroutine.
func (udp *udpProxySocket) proxyClient(cliAddr net.Addr, svrConn net.Conn, activeClients *clientCache) {
defer svrConn.Close()
var buffer [4096]byte
for {
n, err := svrConn.Read(buffer[0:])
if err != nil {
if !logTimeout(err) {
glog.Errorf("Read failed: %v", err)
}
break
}
svrConn.SetDeadline(time.Now().Add(udpIdleTimeout))
if err != nil {
glog.Errorf("SetDeadline failed: %v", err)
break
}
n, err = udp.WriteTo(buffer[0:n], cliAddr)
if err != nil {
if !logTimeout(err) {
glog.Errorf("WriteTo failed: %v", err)
}
break
}
}
activeClients.mu.Lock()
delete(activeClients.clients, cliAddr.String())
activeClients.mu.Unlock()
}
func logTimeout(err error) bool {
if e, ok := err.(net.Error); ok {
if e.Timeout() {
glog.Infof("connection to endpoint closed due to inactivity")
return true
}
}
return false
}
func newProxySocket(protocol string, host string, port int) (proxySocket, error) {
switch strings.ToUpper(protocol) { switch strings.ToUpper(protocol) {
case "TCP": case "TCP":
listener, err := net.Listen("tcp", net.JoinHostPort(addr, strconv.Itoa(port))) listener, err := net.Listen("tcp", net.JoinHostPort(host, strconv.Itoa(port)))
if err != nil { if err != nil {
return nil, err return nil, err
} }
return &tcpProxySocket{listener}, nil return &tcpProxySocket{listener}, nil
//TODO: add UDP support case "UDP":
addr, err := net.ResolveUDPAddr("udp", net.JoinHostPort(host, strconv.Itoa(port)))
if err != nil {
return nil, err
}
conn, err := net.ListenUDP("udp", addr)
if err != nil {
return nil, err
}
return &udpProxySocket{conn}, nil
} }
return nil, fmt.Errorf("Unknown protocol %q", protocol) return nil, fmt.Errorf("Unknown protocol %q", protocol)
} }
@@ -162,7 +313,6 @@ func (proxier *Proxier) stopProxyInternal(info *serviceInfo) error {
return nil return nil
} }
glog.Infof("Removing service: %s", info.name) glog.Infof("Removing service: %s", info.name)
info.active = false
return info.socket.Close() return info.socket.Close()
} }
@@ -211,7 +361,7 @@ func (proxier *Proxier) addServiceOnUnusedPort(service, protocol string) (string
} }
func (proxier *Proxier) startAccepting(service string, sock proxySocket) { func (proxier *Proxier) startAccepting(service string, sock proxySocket) {
glog.Infof("Listening for %s on %s", service, sock.Addr().String()) glog.Infof("Listening for %s on %s:%s", service, sock.Addr().Network(), sock.Addr().String())
go sock.ProxyLoop(service, proxier) go sock.ProxyLoop(service, proxier)
} }
@@ -224,11 +374,15 @@ func (proxier *Proxier) OnUpdate(services []api.Service) {
for _, service := range services { for _, service := range services {
activeServices.Insert(service.ID) activeServices.Insert(service.ID)
info, exists := proxier.getServiceInfo(service.ID) info, exists := proxier.getServiceInfo(service.ID)
// TODO: check health of the socket? What if ProxyLoop exited?
if exists && info.active && info.port == service.Port { if exists && info.active && info.port == service.Port {
continue continue
} }
if exists && info.port != service.Port { if exists && info.port != service.Port {
proxier.StopProxy(service.ID) err := proxier.stopProxyInternal(info)
if err != nil {
glog.Errorf("error stopping %s: %v", info.name, err)
}
} }
glog.Infof("Adding a new service %s on %s port %d", service.ID, service.Protocol, service.Port) glog.Infof("Adding a new service %s on %s port %d", service.ID, service.Protocol, service.Port)
sock, err := newProxySocket(service.Protocol, proxier.address, service.Port) sock, err := newProxySocket(service.Protocol, proxier.address, service.Port)
@@ -248,7 +402,10 @@ func (proxier *Proxier) OnUpdate(services []api.Service) {
defer proxier.mu.Unlock() defer proxier.mu.Unlock()
for name, info := range proxier.serviceMap { for name, info := range proxier.serviceMap {
if !activeServices.Has(name) { if !activeServices.Has(name) {
proxier.stopProxyInternal(info) err := proxier.stopProxyInternal(info)
if err != nil {
glog.Errorf("error stopping %s: %v", info.name, err)
}
} }
} }
} }

217
pkg/proxy/proxier_test.go
View File

@@ -32,23 +32,53 @@ import (
func waitForClosedPortTCP(p *Proxier, proxyPort string) error { func waitForClosedPortTCP(p *Proxier, proxyPort string) error {
for i := 0; i < 50; i++ { for i := 0; i < 50; i++ {
_, err := net.Dial("tcp", net.JoinHostPort("127.0.0.1", proxyPort)) conn, err := net.Dial("tcp", net.JoinHostPort("127.0.0.1", proxyPort))
if err != nil { if err != nil {
return nil return nil
} }
conn.Close()
time.Sleep(1 * time.Millisecond)
}
return fmt.Errorf("port %s still open", proxyPort)
}
func waitForClosedPortUDP(p *Proxier, proxyPort string) error {
for i := 0; i < 50; i++ {
conn, err := net.Dial("udp", net.JoinHostPort("127.0.0.1", proxyPort))
if err != nil {
return nil
}
conn.SetReadDeadline(time.Now().Add(10 * time.Millisecond))
// To detect a closed UDP port write, then read.
_, err = conn.Write([]byte("x"))
if err != nil {
if e, ok := err.(net.Error); ok && !e.Timeout() {
return nil
}
}
var buf [4]byte
_, err = conn.Read(buf[0:])
if err != nil {
if e, ok := err.(net.Error); ok && !e.Timeout() {
return nil
}
}
conn.Close()
time.Sleep(1 * time.Millisecond) time.Sleep(1 * time.Millisecond)
} }
return fmt.Errorf("port %s still open", proxyPort) return fmt.Errorf("port %s still open", proxyPort)
} }
var tcpServerPort string var tcpServerPort string
var udpServerPort string
func init() { func init() {
ts := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { // TCP setup.
tcp := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
w.WriteHeader(http.StatusOK) w.WriteHeader(http.StatusOK)
w.Write([]byte(r.URL.Path[1:])) w.Write([]byte(r.URL.Path[1:]))
})) }))
u, err := url.Parse(ts.URL) u, err := url.Parse(tcp.URL)
if err != nil { if err != nil {
panic(fmt.Sprintf("failed to parse: %v", err)) panic(fmt.Sprintf("failed to parse: %v", err))
} }
@@ -56,6 +86,17 @@ func init() {
if err != nil { if err != nil {
panic(fmt.Sprintf("failed to parse: %v", err)) panic(fmt.Sprintf("failed to parse: %v", err))
} }
// UDP setup.
udp, err := newUDPEchoServer()
if err != nil {
panic(fmt.Sprintf("failed to make a UDP server: %v", err))
}
_, udpServerPort, err = net.SplitHostPort(udp.LocalAddr().String())
if err != nil {
panic(fmt.Sprintf("failed to parse: %v", err))
}
go udp.Loop()
} }
func testEchoTCP(t *testing.T, address, port string) { func testEchoTCP(t *testing.T, address, port string) {
@@ -74,6 +115,26 @@ func testEchoTCP(t *testing.T, address, port string) {
} }
} }
func testEchoUDP(t *testing.T, address, port string) {
data := "abc123"
conn, err := net.Dial("udp", net.JoinHostPort(address, port))
if err != nil {
t.Fatalf("error connecting to server: %v", err)
}
if _, err := conn.Write([]byte(data)); err != nil {
t.Fatalf("error sending to server: %v", err)
}
var resp [1024]byte
n, err := conn.Read(resp[0:])
if err != nil {
t.Errorf("error receiving data: %v", err)
}
if string(resp[0:n]) != data {
t.Errorf("expected: %s, got %s", data, string(resp[0:n]))
}
}
func TestTCPProxy(t *testing.T) { func TestTCPProxy(t *testing.T) {
lb := NewLoadBalancerRR() lb := NewLoadBalancerRR()
lb.OnUpdate([]api.Endpoints{ lb.OnUpdate([]api.Endpoints{
@@ -92,6 +153,24 @@ func TestTCPProxy(t *testing.T) {
testEchoTCP(t, "127.0.0.1", proxyPort) testEchoTCP(t, "127.0.0.1", proxyPort)
} }
func TestUDPProxy(t *testing.T) {
lb := NewLoadBalancerRR()
lb.OnUpdate([]api.Endpoints{
{
JSONBase: api.JSONBase{ID: "echo"},
Endpoints: []string{net.JoinHostPort("127.0.0.1", udpServerPort)},
},
})
p := NewProxier(lb, "127.0.0.1")
proxyPort, err := p.addServiceOnUnusedPort("echo", "UDP")
if err != nil {
t.Fatalf("error adding new service: %#v", err)
}
testEchoUDP(t, "127.0.0.1", proxyPort)
}
func TestTCPProxyStop(t *testing.T) { func TestTCPProxyStop(t *testing.T) {
lb := NewLoadBalancerRR() lb := NewLoadBalancerRR()
lb.OnUpdate([]api.Endpoints{ lb.OnUpdate([]api.Endpoints{
@@ -120,6 +199,34 @@ func TestTCPProxyStop(t *testing.T) {
} }
} }
func TestUDPProxyStop(t *testing.T) {
lb := NewLoadBalancerRR()
lb.OnUpdate([]api.Endpoints{
{
JSONBase: api.JSONBase{ID: "echo"},
Endpoints: []string{net.JoinHostPort("127.0.0.1", udpServerPort)},
},
})
p := NewProxier(lb, "127.0.0.1")
proxyPort, err := p.addServiceOnUnusedPort("echo", "UDP")
if err != nil {
t.Fatalf("error adding new service: %#v", err)
}
conn, err := net.Dial("udp", net.JoinHostPort("127.0.0.1", proxyPort))
if err != nil {
t.Fatalf("error connecting to proxy: %v", err)
}
conn.Close()
p.StopProxy("echo")
// Wait for the port to really close.
if err := waitForClosedPortUDP(p, proxyPort); err != nil {
t.Fatalf(err.Error())
}
}
func TestTCPProxyUpdateDelete(t *testing.T) { func TestTCPProxyUpdateDelete(t *testing.T) {
lb := NewLoadBalancerRR() lb := NewLoadBalancerRR()
lb.OnUpdate([]api.Endpoints{ lb.OnUpdate([]api.Endpoints{
@@ -147,6 +254,33 @@ func TestTCPProxyUpdateDelete(t *testing.T) {
} }
} }
func TestUDPProxyUpdateDelete(t *testing.T) {
lb := NewLoadBalancerRR()
lb.OnUpdate([]api.Endpoints{
{
JSONBase: api.JSONBase{ID: "echo"},
Endpoints: []string{net.JoinHostPort("127.0.0.1", udpServerPort)},
},
})
p := NewProxier(lb, "127.0.0.1")
proxyPort, err := p.addServiceOnUnusedPort("echo", "UDP")
if err != nil {
t.Fatalf("error adding new service: %#v", err)
}
conn, err := net.Dial("udp", net.JoinHostPort("127.0.0.1", proxyPort))
if err != nil {
t.Fatalf("error connecting to proxy: %v", err)
}
conn.Close()
p.OnUpdate([]api.Service{})
if err := waitForClosedPortUDP(p, proxyPort); err != nil {
t.Fatalf(err.Error())
}
}
func TestTCPProxyUpdateDeleteUpdate(t *testing.T) { func TestTCPProxyUpdateDeleteUpdate(t *testing.T) {
lb := NewLoadBalancerRR() lb := NewLoadBalancerRR()
lb.OnUpdate([]api.Endpoints{ lb.OnUpdate([]api.Endpoints{
@@ -179,6 +313,38 @@ func TestTCPProxyUpdateDeleteUpdate(t *testing.T) {
testEchoTCP(t, "127.0.0.1", proxyPort) testEchoTCP(t, "127.0.0.1", proxyPort)
} }
func TestUDPProxyUpdateDeleteUpdate(t *testing.T) {
lb := NewLoadBalancerRR()
lb.OnUpdate([]api.Endpoints{
{
JSONBase: api.JSONBase{ID: "echo"},
Endpoints: []string{net.JoinHostPort("127.0.0.1", udpServerPort)},
},
})
p := NewProxier(lb, "127.0.0.1")
proxyPort, err := p.addServiceOnUnusedPort("echo", "UDP")
if err != nil {
t.Fatalf("error adding new service: %#v", err)
}
conn, err := net.Dial("udp", net.JoinHostPort("127.0.0.1", proxyPort))
if err != nil {
t.Fatalf("error connecting to proxy: %v", err)
}
conn.Close()
p.OnUpdate([]api.Service{})
if err := waitForClosedPortUDP(p, proxyPort); err != nil {
t.Fatalf(err.Error())
}
proxyPortNum, _ := strconv.Atoi(proxyPort)
p.OnUpdate([]api.Service{
{JSONBase: api.JSONBase{ID: "echo"}, Port: proxyPortNum, Protocol: "UDP"},
})
testEchoUDP(t, "127.0.0.1", proxyPort)
}
func TestTCPProxyUpdatePort(t *testing.T) { func TestTCPProxyUpdatePort(t *testing.T) {
lb := NewLoadBalancerRR() lb := NewLoadBalancerRR()
lb.OnUpdate([]api.Endpoints{ lb.OnUpdate([]api.Endpoints{
@@ -223,3 +389,48 @@ func TestTCPProxyUpdatePort(t *testing.T) {
} }
l.Close() l.Close()
} }
func TestUDPProxyUpdatePort(t *testing.T) {
lb := NewLoadBalancerRR()
lb.OnUpdate([]api.Endpoints{
{
JSONBase: api.JSONBase{ID: "echo"},
Endpoints: []string{net.JoinHostPort("127.0.0.1", udpServerPort)},
},
})
p := NewProxier(lb, "127.0.0.1")
proxyPort, err := p.addServiceOnUnusedPort("echo", "UDP")
if err != nil {
t.Fatalf("error adding new service: %#v", err)
}
// add a new dummy listener in order to get a port that is free
pc, _ := net.ListenPacket("udp", ":0")
_, newPort, _ := net.SplitHostPort(pc.LocalAddr().String())
newPortNum, _ := strconv.Atoi(newPort)
pc.Close()
// Wait for the socket to actually get free.
if err := waitForClosedPortUDP(p, newPort); err != nil {
t.Fatalf(err.Error())
}
if proxyPort == newPort {
t.Errorf("expected difference, got %s %s", newPort, proxyPort)
}
p.OnUpdate([]api.Service{
{JSONBase: api.JSONBase{ID: "echo"}, Port: newPortNum, Protocol: "UDP"},
})
if err := waitForClosedPortUDP(p, proxyPort); err != nil {
t.Fatalf(err.Error())
}
testEchoUDP(t, "127.0.0.1", newPort)
// Ensure the old port is released and re-usable.
pc, err = net.ListenPacket("udp", net.JoinHostPort("", proxyPort))
if err != nil {
t.Fatalf("can't claim released port: %s", err)
}
pc.Close()
}

54
pkg/proxy/udp_server.go Normal file
View File

@@ -0,0 +1,54 @@
/*
Copyright 2014 Google Inc. All rights reserved.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package proxy
import (
"fmt"
"net"
)
// udpEchoServer is a simple echo server in UDP, intended for testing the proxy.
type udpEchoServer struct {
net.PacketConn
}
func (r *udpEchoServer) Loop() {
var buffer [4096]byte
for {
n, cliAddr, err := r.ReadFrom(buffer[0:])
if err != nil {
fmt.Printf("ReadFrom failed: %#v\n", err)
continue
}
r.WriteTo(buffer[0:n], cliAddr)
}
}
func newUDPEchoServer() (*udpEchoServer, error) {
packetconn, err := net.ListenPacket("udp", ":0")
if err != nil {
return nil, err
}
return &udpEchoServer{packetconn}, nil
}
/*
func main() {
r,_ := newUDPEchoServer()
r.Loop()
}
*/