github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-08-09 03:57:41 +00:00
Code Issues Projects Releases Wiki Activity

Merge pull request #118408 from danwinship/local-detector

Browse Source 
kube-proxy local traffic detector single-vs-dual-stack cleanup
This commit is contained in:
Kubernetes Prow Robot 2023-07-11 21:19:11 -07:00 committed by GitHub
commit 5130dad2cf
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
5 changed files with 156 additions and 207 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

133
cmd/kube-proxy/app/server_others.go
View File

@ -50,10 +50,10 @@ import (
utilipset "k8s.io/kubernetes/pkg/proxy/ipvs/ipset" utilipset "k8s.io/kubernetes/pkg/proxy/ipvs/ipset"
utilipvs "k8s.io/kubernetes/pkg/proxy/ipvs/util" utilipvs "k8s.io/kubernetes/pkg/proxy/ipvs/util"
proxymetrics "k8s.io/kubernetes/pkg/proxy/metrics" proxymetrics "k8s.io/kubernetes/pkg/proxy/metrics"
proxyutil "k8s.io/kubernetes/pkg/proxy/util"
proxyutiliptables "k8s.io/kubernetes/pkg/proxy/util/iptables" proxyutiliptables "k8s.io/kubernetes/pkg/proxy/util/iptables"
utiliptables "k8s.io/kubernetes/pkg/util/iptables" utiliptables "k8s.io/kubernetes/pkg/util/iptables"
"k8s.io/utils/exec" "k8s.io/utils/exec"
netutils "k8s.io/utils/net"
"k8s.io/klog/v2" "k8s.io/klog/v2"
) )
@ -154,7 +154,7 @@ func (s *ProxyServer) createProxier(config *proxyconfigapi.KubeProxyConfiguratio
if dualStack { if dualStack {
// Always ordered to match []ipt // Always ordered to match []ipt
var localDetectors [2]proxyutiliptables.LocalTrafficDetector var localDetectors [2]proxyutiliptables.LocalTrafficDetector
localDetectors, err = getDualStackLocalDetectorTuple(config.DetectLocalMode, config, ipt, s.podCIDRs) localDetectors, err = getDualStackLocalDetectorTuple(config.DetectLocalMode, config, s.podCIDRs)
if err != nil { if err != nil {
return nil, fmt.Errorf("unable to create proxier: %v", err) return nil, fmt.Errorf("unable to create proxier: %v", err)
} }
@ -179,7 +179,7 @@ func (s *ProxyServer) createProxier(config *proxyconfigapi.KubeProxyConfiguratio
} else { } else {
// Create a single-stack proxier if and only if the node does not support dual-stack (i.e, no iptables support). // Create a single-stack proxier if and only if the node does not support dual-stack (i.e, no iptables support).
var localDetector proxyutiliptables.LocalTrafficDetector var localDetector proxyutiliptables.LocalTrafficDetector
localDetector, err = getLocalDetector(config.DetectLocalMode, config, iptInterface, s.podCIDRs) localDetector, err = getLocalDetector(s.PrimaryIPFamily, config.DetectLocalMode, config, s.podCIDRs)
if err != nil { if err != nil {
return nil, fmt.Errorf("unable to create proxier: %v", err) return nil, fmt.Errorf("unable to create proxier: %v", err)
} }
@ -219,7 +219,7 @@ func (s *ProxyServer) createProxier(config *proxyconfigapi.KubeProxyConfiguratio
if dualStack { if dualStack {
// Always ordered to match []ipt // Always ordered to match []ipt
var localDetectors [2]proxyutiliptables.LocalTrafficDetector var localDetectors [2]proxyutiliptables.LocalTrafficDetector
localDetectors, err = getDualStackLocalDetectorTuple(config.DetectLocalMode, config, ipt, s.podCIDRs) localDetectors, err = getDualStackLocalDetectorTuple(config.DetectLocalMode, config, s.podCIDRs)
if err != nil { if err != nil {
return nil, fmt.Errorf("unable to create proxier: %v", err) return nil, fmt.Errorf("unable to create proxier: %v", err)
} }
@ -250,7 +250,7 @@ func (s *ProxyServer) createProxier(config *proxyconfigapi.KubeProxyConfiguratio
) )
} else { } else {
var localDetector proxyutiliptables.LocalTrafficDetector var localDetector proxyutiliptables.LocalTrafficDetector
localDetector, err = getLocalDetector(config.DetectLocalMode, config, iptInterface, s.podCIDRs) localDetector, err = getLocalDetector(s.PrimaryIPFamily, config.DetectLocalMode, config, s.podCIDRs)
if err != nil { if err != nil {
return nil, fmt.Errorf("unable to create proxier: %v", err) return nil, fmt.Errorf("unable to create proxier: %v", err)
} }
@ -402,123 +402,58 @@ func detectNumCPU() int {
return numCPU return numCPU
} }
func getLocalDetector(mode proxyconfigapi.LocalMode, config *proxyconfigapi.KubeProxyConfiguration, ipt utiliptables.Interface, nodePodCIDRs []string) (proxyutiliptables.LocalTrafficDetector, error) { func getLocalDetector(ipFamily v1.IPFamily, mode proxyconfigapi.LocalMode, config *proxyconfigapi.KubeProxyConfiguration, nodePodCIDRs []string) (proxyutiliptables.LocalTrafficDetector, error) {
switch mode { switch mode {
case proxyconfigapi.LocalModeClusterCIDR: case proxyconfigapi.LocalModeClusterCIDR:
// LocalModeClusterCIDR is the default if --detect-local-mode wasn't passed, // LocalModeClusterCIDR is the default if --detect-local-mode wasn't passed,
// but --cluster-cidr is optional. // but --cluster-cidr is optional.
if len(strings.TrimSpace(config.ClusterCIDR)) == 0 { clusterCIDRs := strings.TrimSpace(config.ClusterCIDR)
if len(clusterCIDRs) == 0 {
klog.InfoS("Detect-local-mode set to ClusterCIDR, but no cluster CIDR defined") klog.InfoS("Detect-local-mode set to ClusterCIDR, but no cluster CIDR defined")
break break
} }
return proxyutiliptables.NewDetectLocalByCIDR(config.ClusterCIDR, ipt)
case proxyconfigapi.LocalModeNodeCIDR: cidrsByFamily := proxyutil.MapCIDRsByIPFamily(strings.Split(clusterCIDRs, ","))
if len(nodePodCIDRs) == 0 { if len(cidrsByFamily[ipFamily]) != 0 {
klog.InfoS("Detect-local-mode set to NodeCIDR, but no PodCIDR defined at node") return proxyutiliptables.NewDetectLocalByCIDR(cidrsByFamily[ipFamily][0])
break
} }
return proxyutiliptables.NewDetectLocalByCIDR(nodePodCIDRs[0], ipt)
klog.InfoS("Detect-local-mode set to ClusterCIDR, but no cluster CIDR for family", "ipFamily", ipFamily)
case proxyconfigapi.LocalModeNodeCIDR:
cidrsByFamily := proxyutil.MapCIDRsByIPFamily(nodePodCIDRs)
if len(cidrsByFamily[ipFamily]) != 0 {
return proxyutiliptables.NewDetectLocalByCIDR(cidrsByFamily[ipFamily][0])
}
klog.InfoS("Detect-local-mode set to NodeCIDR, but no PodCIDR defined at node for family", "ipFamily", ipFamily)
case proxyconfigapi.LocalModeBridgeInterface: case proxyconfigapi.LocalModeBridgeInterface:
return proxyutiliptables.NewDetectLocalByBridgeInterface(config.DetectLocal.BridgeInterface) return proxyutiliptables.NewDetectLocalByBridgeInterface(config.DetectLocal.BridgeInterface)
case proxyconfigapi.LocalModeInterfaceNamePrefix: case proxyconfigapi.LocalModeInterfaceNamePrefix:
return proxyutiliptables.NewDetectLocalByInterfaceNamePrefix(config.DetectLocal.InterfaceNamePrefix) return proxyutiliptables.NewDetectLocalByInterfaceNamePrefix(config.DetectLocal.InterfaceNamePrefix)
} }
klog.InfoS("Defaulting to no-op detect-local", "detectLocalMode", string(mode))
klog.InfoS("Defaulting to no-op detect-local")
return proxyutiliptables.NewNoOpLocalDetector(), nil return proxyutiliptables.NewNoOpLocalDetector(), nil
} }
func getDualStackLocalDetectorTuple(mode proxyconfigapi.LocalMode, config *proxyconfigapi.KubeProxyConfiguration, ipt [2]utiliptables.Interface, nodePodCIDRs []string) ([2]proxyutiliptables.LocalTrafficDetector, error) { func getDualStackLocalDetectorTuple(mode proxyconfigapi.LocalMode, config *proxyconfigapi.KubeProxyConfiguration, nodePodCIDRs []string) ([2]proxyutiliptables.LocalTrafficDetector, error) {
var localDetectors [2]proxyutiliptables.LocalTrafficDetector
var err error var err error
localDetectors := [2]proxyutiliptables.LocalTrafficDetector{proxyutiliptables.NewNoOpLocalDetector(), proxyutiliptables.NewNoOpLocalDetector()}
switch mode {
case proxyconfigapi.LocalModeClusterCIDR:
// LocalModeClusterCIDR is the default if --detect-local-mode wasn't passed,
// but --cluster-cidr is optional.
if len(strings.TrimSpace(config.ClusterCIDR)) == 0 {
klog.InfoS("Detect-local-mode set to ClusterCIDR, but no cluster CIDR defined")
break
}
clusterCIDRs := cidrTuple(config.ClusterCIDR) localDetectors[0], err = getLocalDetector(v1.IPv4Protocol, mode, config, nodePodCIDRs)
if err != nil {
if len(strings.TrimSpace(clusterCIDRs[0])) == 0 { return localDetectors, err
klog.InfoS("Detect-local-mode set to ClusterCIDR, but no IPv4 cluster CIDR defined, defaulting to no-op detect-local for IPv4") }
} else { localDetectors[1], err = getLocalDetector(v1.IPv6Protocol, mode, config, nodePodCIDRs)
localDetectors[0], err = proxyutiliptables.NewDetectLocalByCIDR(clusterCIDRs[0], ipt[0]) if err != nil {
if err != nil { // don't loose the original error
return localDetectors, err
}
}
if len(strings.TrimSpace(clusterCIDRs[1])) == 0 {
klog.InfoS("Detect-local-mode set to ClusterCIDR, but no IPv6 cluster CIDR defined, defaulting to no-op detect-local for IPv6")
} else {
localDetectors[1], err = proxyutiliptables.NewDetectLocalByCIDR(clusterCIDRs[1], ipt[1])
}
return localDetectors, err return localDetectors, err
case proxyconfigapi.LocalModeNodeCIDR:
if len(nodePodCIDRs) == 0 {
klog.InfoS("No node info available to configure detect-local-mode NodeCIDR")
break
}
// localDetectors, like ipt, need to be of the order [IPv4, IPv6], but PodCIDRs is setup so that PodCIDRs[0] == PodCIDR.
// so have to handle the case where PodCIDR can be IPv6 and set that to localDetectors[1]
if netutils.IsIPv6CIDRString(nodePodCIDRs[0]) {
localDetectors[1], err = proxyutiliptables.NewDetectLocalByCIDR(nodePodCIDRs[0], ipt[1])
if err != nil {
return localDetectors, err
}
if len(nodePodCIDRs) > 1 {
localDetectors[0], err = proxyutiliptables.NewDetectLocalByCIDR(nodePodCIDRs[1], ipt[0])
}
} else {
localDetectors[0], err = proxyutiliptables.NewDetectLocalByCIDR(nodePodCIDRs[0], ipt[0])
if err != nil {
return localDetectors, err
}
if len(nodePodCIDRs) > 1 {
localDetectors[1], err = proxyutiliptables.NewDetectLocalByCIDR(nodePodCIDRs[1], ipt[1])
}
}
return localDetectors, err
case proxyconfigapi.LocalModeBridgeInterface, proxyconfigapi.LocalModeInterfaceNamePrefix:
localDetector, err := getLocalDetector(mode, config, ipt[0], nodePodCIDRs)
if err == nil {
localDetectors[0] = localDetector
localDetectors[1] = localDetector
}
return localDetectors, err
default:
klog.InfoS("Unknown detect-local-mode", "detectLocalMode", mode)
} }
klog.InfoS("Defaulting to no-op detect-local", "detectLocalMode", string(mode))
return localDetectors, nil return localDetectors, nil
} }
// cidrTuple takes a comma separated list of CIDRs and return a tuple (ipv4cidr,ipv6cidr)
// The returned tuple is guaranteed to have the order (ipv4,ipv6) and if no cidr from a family is found an
// empty string "" is inserted.
func cidrTuple(cidrList string) [2]string {
cidrs := [2]string{"", ""}
foundIPv4 := false
foundIPv6 := false
for _, cidr := range strings.Split(cidrList, ",") {
if netutils.IsIPv6CIDRString(cidr) && !foundIPv6 {
cidrs[1] = cidr
foundIPv6 = true
} else if !foundIPv4 {
cidrs[0] = cidr
foundIPv4 = true
}
if foundIPv6 && foundIPv4 {
break
}
}
return cidrs
}
// cleanupAndExit remove iptables rules and ipset/ipvs rules // cleanupAndExit remove iptables rules and ipset/ipvs rules
func cleanupAndExit() error { func cleanupAndExit() error {
execer := exec.New() execer := exec.New()

195
cmd/kube-proxy/app/server_others_test.go
View File

@ -38,8 +38,6 @@ import (
clientgotesting "k8s.io/client-go/testing" clientgotesting "k8s.io/client-go/testing"
proxyconfigapi "k8s.io/kubernetes/pkg/proxy/apis/config" proxyconfigapi "k8s.io/kubernetes/pkg/proxy/apis/config"
proxyutiliptables "k8s.io/kubernetes/pkg/proxy/util/iptables" proxyutiliptables "k8s.io/kubernetes/pkg/proxy/util/iptables"
utiliptables "k8s.io/kubernetes/pkg/util/iptables"
utiliptablestest "k8s.io/kubernetes/pkg/util/iptables/testing"
netutils "k8s.io/utils/net" netutils "k8s.io/utils/net"
"k8s.io/utils/pointer" "k8s.io/utils/pointer"
) )
@ -109,255 +107,295 @@ func Test_platformApplyDefaults(t *testing.T) {
func Test_getLocalDetector(t *testing.T) { func Test_getLocalDetector(t *testing.T) {
cases := []struct { cases := []struct {
name string
mode proxyconfigapi.LocalMode mode proxyconfigapi.LocalMode
config *proxyconfigapi.KubeProxyConfiguration config *proxyconfigapi.KubeProxyConfiguration
ipt utiliptables.Interface family v1.IPFamily
expected proxyutiliptables.LocalTrafficDetector expected proxyutiliptables.LocalTrafficDetector
nodePodCIDRs []string nodePodCIDRs []string
errExpected bool errExpected bool
}{ }{
// LocalModeClusterCIDR // LocalModeClusterCIDR
{ {
name: "LocalModeClusterCIDR, IPv4 cluster",
mode: proxyconfigapi.LocalModeClusterCIDR, mode: proxyconfigapi.LocalModeClusterCIDR,
config: &proxyconfigapi.KubeProxyConfiguration{ClusterCIDR: "10.0.0.0/14"}, config: &proxyconfigapi.KubeProxyConfiguration{ClusterCIDR: "10.0.0.0/14"},
ipt: utiliptablestest.NewFake(), family: v1.IPv4Protocol,
expected: resolveLocalDetector(t)(proxyutiliptables.NewDetectLocalByCIDR("10.0.0.0/14", utiliptablestest.NewFake())), expected: resolveLocalDetector(t)(proxyutiliptables.NewDetectLocalByCIDR("10.0.0.0/14")),
errExpected: false, errExpected: false,
}, },
{ {
name: "LocalModeClusterCIDR, IPv6 cluster",
mode: proxyconfigapi.LocalModeClusterCIDR, mode: proxyconfigapi.LocalModeClusterCIDR,
config: &proxyconfigapi.KubeProxyConfiguration{ClusterCIDR: "2002::1234:abcd:ffff:c0a8:101/64"}, config: &proxyconfigapi.KubeProxyConfiguration{ClusterCIDR: "2002::1234:abcd:ffff:c0a8:101/64"},
ipt: utiliptablestest.NewIPv6Fake(), family: v1.IPv6Protocol,
expected: resolveLocalDetector(t)(proxyutiliptables.NewDetectLocalByCIDR("2002::1234:abcd:ffff:c0a8:101/64", utiliptablestest.NewIPv6Fake())), expected: resolveLocalDetector(t)(proxyutiliptables.NewDetectLocalByCIDR("2002::1234:abcd:ffff:c0a8:101/64")),
errExpected: false, errExpected: false,
}, },
{ {
name: "LocalModeClusterCIDR, IPv6 cluster with IPv6 config",
mode: proxyconfigapi.LocalModeClusterCIDR, mode: proxyconfigapi.LocalModeClusterCIDR,
config: &proxyconfigapi.KubeProxyConfiguration{ClusterCIDR: "10.0.0.0/14"}, config: &proxyconfigapi.KubeProxyConfiguration{ClusterCIDR: "10.0.0.0/14"},
ipt: utiliptablestest.NewIPv6Fake(), family: v1.IPv6Protocol,
expected: nil, expected: proxyutiliptables.NewNoOpLocalDetector(),
errExpected: true, errExpected: false,
}, },
{ {
name: "LocalModeClusterCIDR, IPv4 cluster with IPv6 config",
mode: proxyconfigapi.LocalModeClusterCIDR, mode: proxyconfigapi.LocalModeClusterCIDR,
config: &proxyconfigapi.KubeProxyConfiguration{ClusterCIDR: "2002::1234:abcd:ffff:c0a8:101/64"}, config: &proxyconfigapi.KubeProxyConfiguration{ClusterCIDR: "2002::1234:abcd:ffff:c0a8:101/64"},
ipt: utiliptablestest.NewFake(), family: v1.IPv4Protocol,
expected: nil, expected: proxyutiliptables.NewNoOpLocalDetector(),
errExpected: true, errExpected: false,
}, },
{ {
name: "LocalModeClusterCIDR, IPv4 kube-proxy in dual-stack IPv6-primary cluster",
mode: proxyconfigapi.LocalModeClusterCIDR,
config: &proxyconfigapi.KubeProxyConfiguration{ClusterCIDR: "2002::1234:abcd:ffff:c0a8:101/64,10.0.0.0/14"},
family: v1.IPv4Protocol,
expected: resolveLocalDetector(t)(proxyutiliptables.NewDetectLocalByCIDR("10.0.0.0/14")),
errExpected: false,
},
{
name: "LocalModeClusterCIDR, no ClusterCIDR",
mode: proxyconfigapi.LocalModeClusterCIDR, mode: proxyconfigapi.LocalModeClusterCIDR,
config: &proxyconfigapi.KubeProxyConfiguration{ClusterCIDR: ""}, config: &proxyconfigapi.KubeProxyConfiguration{ClusterCIDR: ""},
ipt: utiliptablestest.NewFake(), family: v1.IPv4Protocol,
expected: proxyutiliptables.NewNoOpLocalDetector(), expected: proxyutiliptables.NewNoOpLocalDetector(),
errExpected: false, errExpected: false,
}, },
// LocalModeNodeCIDR // LocalModeNodeCIDR
{ {
name: "LocalModeNodeCIDR, IPv4 cluster",
mode: proxyconfigapi.LocalModeNodeCIDR, mode: proxyconfigapi.LocalModeNodeCIDR,
config: &proxyconfigapi.KubeProxyConfiguration{ClusterCIDR: "10.0.0.0/14"}, config: &proxyconfigapi.KubeProxyConfiguration{ClusterCIDR: "10.0.0.0/14"},
ipt: utiliptablestest.NewFake(), family: v1.IPv4Protocol,
expected: resolveLocalDetector(t)(proxyutiliptables.NewDetectLocalByCIDR("10.0.0.0/24", utiliptablestest.NewFake())), expected: resolveLocalDetector(t)(proxyutiliptables.NewDetectLocalByCIDR("10.0.0.0/24")),
nodePodCIDRs: []string{"10.0.0.0/24"}, nodePodCIDRs: []string{"10.0.0.0/24"},
errExpected: false, errExpected: false,
}, },
{ {
name: "LocalModeNodeCIDR, IPv6 cluster",
mode: proxyconfigapi.LocalModeNodeCIDR, mode: proxyconfigapi.LocalModeNodeCIDR,
config: &proxyconfigapi.KubeProxyConfiguration{ClusterCIDR: "2002::1234:abcd:ffff:c0a8:101/64"}, config: &proxyconfigapi.KubeProxyConfiguration{ClusterCIDR: "2002::1234:abcd:ffff:c0a8:101/64"},
ipt: utiliptablestest.NewIPv6Fake(), family: v1.IPv6Protocol,
expected: resolveLocalDetector(t)(proxyutiliptables.NewDetectLocalByCIDR("2002::1234:abcd:ffff:c0a8:101/96", utiliptablestest.NewIPv6Fake())), expected: resolveLocalDetector(t)(proxyutiliptables.NewDetectLocalByCIDR("2002::1234:abcd:ffff:c0a8:101/96")),
nodePodCIDRs: []string{"2002::1234:abcd:ffff:c0a8:101/96"}, nodePodCIDRs: []string{"2002::1234:abcd:ffff:c0a8:101/96"},
errExpected: false, errExpected: false,
}, },
{ {
name: "LocalModeNodeCIDR, IPv6 cluster with IPv4 config",
mode: proxyconfigapi.LocalModeNodeCIDR, mode: proxyconfigapi.LocalModeNodeCIDR,
config: &proxyconfigapi.KubeProxyConfiguration{ClusterCIDR: "10.0.0.0/14"}, config: &proxyconfigapi.KubeProxyConfiguration{ClusterCIDR: "10.0.0.0/14"},
ipt: utiliptablestest.NewIPv6Fake(), family: v1.IPv6Protocol,
expected: nil, expected: proxyutiliptables.NewNoOpLocalDetector(),
nodePodCIDRs: []string{"10.0.0.0/24"}, nodePodCIDRs: []string{"10.0.0.0/24"},
errExpected: true, errExpected: false,
}, },
{ {
name: "LocalModeNodeCIDR, IPv4 cluster with IPv6 config",
mode: proxyconfigapi.LocalModeNodeCIDR, mode: proxyconfigapi.LocalModeNodeCIDR,
config: &proxyconfigapi.KubeProxyConfiguration{ClusterCIDR: "2002::1234:abcd:ffff:c0a8:101/64"}, config: &proxyconfigapi.KubeProxyConfiguration{ClusterCIDR: "2002::1234:abcd:ffff:c0a8:101/64"},
ipt: utiliptablestest.NewFake(), family: v1.IPv4Protocol,
expected: nil, expected: proxyutiliptables.NewNoOpLocalDetector(),
nodePodCIDRs: []string{"2002::1234:abcd:ffff:c0a8:101/96"}, nodePodCIDRs: []string{"2002::1234:abcd:ffff:c0a8:101/96"},
errExpected: true, errExpected: false,
}, },
{ {
name: "LocalModeNodeCIDR, IPv6 kube-proxy in dual-stack IPv4-primary cluster",
mode: proxyconfigapi.LocalModeNodeCIDR,
config: &proxyconfigapi.KubeProxyConfiguration{ClusterCIDR: "10.0.0.0/14,2002::1234:abcd:ffff:c0a8:101/64"},
family: v1.IPv6Protocol,
expected: resolveLocalDetector(t)(proxyutiliptables.NewDetectLocalByCIDR("2002::1234:abcd:ffff:c0a8:101/96")),
nodePodCIDRs: []string{"10.0.0.0/24", "2002::1234:abcd:ffff:c0a8:101/96"},
errExpected: false,
},
{
name: "LocalModeNodeCIDR, no PodCIDRs",
mode: proxyconfigapi.LocalModeNodeCIDR, mode: proxyconfigapi.LocalModeNodeCIDR,
config: &proxyconfigapi.KubeProxyConfiguration{ClusterCIDR: ""}, config: &proxyconfigapi.KubeProxyConfiguration{ClusterCIDR: ""},
ipt: utiliptablestest.NewFake(), family: v1.IPv4Protocol,
expected: proxyutiliptables.NewNoOpLocalDetector(), expected: proxyutiliptables.NewNoOpLocalDetector(),
nodePodCIDRs: []string{}, nodePodCIDRs: []string{},
errExpected: false, errExpected: false,
}, },
// unknown mode // unknown mode
{ {
name: "unknown LocalMode",
mode: proxyconfigapi.LocalMode("abcd"), mode: proxyconfigapi.LocalMode("abcd"),
config: &proxyconfigapi.KubeProxyConfiguration{ClusterCIDR: "10.0.0.0/14"}, config: &proxyconfigapi.KubeProxyConfiguration{ClusterCIDR: "10.0.0.0/14"},
ipt: utiliptablestest.NewFake(), family: v1.IPv4Protocol,
expected: proxyutiliptables.NewNoOpLocalDetector(), expected: proxyutiliptables.NewNoOpLocalDetector(),
errExpected: false, errExpected: false,
}, },
// LocalModeBridgeInterface // LocalModeBridgeInterface
{ {
name: "LocalModeBrideInterface",
mode: proxyconfigapi.LocalModeBridgeInterface, mode: proxyconfigapi.LocalModeBridgeInterface,
config: &proxyconfigapi.KubeProxyConfiguration{ config: &proxyconfigapi.KubeProxyConfiguration{
DetectLocal: proxyconfigapi.DetectLocalConfiguration{BridgeInterface: "eth"}, DetectLocal: proxyconfigapi.DetectLocalConfiguration{BridgeInterface: "eth"},
}, },
family: v1.IPv4Protocol,
expected: resolveLocalDetector(t)(proxyutiliptables.NewDetectLocalByBridgeInterface("eth")), expected: resolveLocalDetector(t)(proxyutiliptables.NewDetectLocalByBridgeInterface("eth")),
errExpected: false, errExpected: false,
}, },
{ {
name: "LocalModeBridgeInterface, strange bridge name",
mode: proxyconfigapi.LocalModeBridgeInterface, mode: proxyconfigapi.LocalModeBridgeInterface,
config: &proxyconfigapi.KubeProxyConfiguration{ config: &proxyconfigapi.KubeProxyConfiguration{
DetectLocal: proxyconfigapi.DetectLocalConfiguration{BridgeInterface: "1234567890123456789"}, DetectLocal: proxyconfigapi.DetectLocalConfiguration{BridgeInterface: "1234567890123456789"},
}, },
family: v1.IPv4Protocol,
expected: resolveLocalDetector(t)(proxyutiliptables.NewDetectLocalByBridgeInterface("1234567890123456789")), expected: resolveLocalDetector(t)(proxyutiliptables.NewDetectLocalByBridgeInterface("1234567890123456789")),
errExpected: false, errExpected: false,
}, },
// LocalModeInterfaceNamePrefix // LocalModeInterfaceNamePrefix
{ {
name: "LocalModeInterfaceNamePrefix",
mode: proxyconfigapi.LocalModeInterfaceNamePrefix, mode: proxyconfigapi.LocalModeInterfaceNamePrefix,
config: &proxyconfigapi.KubeProxyConfiguration{ config: &proxyconfigapi.KubeProxyConfiguration{
DetectLocal: proxyconfigapi.DetectLocalConfiguration{InterfaceNamePrefix: "eth"}, DetectLocal: proxyconfigapi.DetectLocalConfiguration{InterfaceNamePrefix: "eth"},
}, },
family: v1.IPv4Protocol,
expected: resolveLocalDetector(t)(proxyutiliptables.NewDetectLocalByInterfaceNamePrefix("eth")), expected: resolveLocalDetector(t)(proxyutiliptables.NewDetectLocalByInterfaceNamePrefix("eth")),
errExpected: false, errExpected: false,
}, },
{ {
name: "LocalModeInterfaceNamePrefix, strange interface name",
mode: proxyconfigapi.LocalModeInterfaceNamePrefix, mode: proxyconfigapi.LocalModeInterfaceNamePrefix,
config: &proxyconfigapi.KubeProxyConfiguration{ config: &proxyconfigapi.KubeProxyConfiguration{
DetectLocal: proxyconfigapi.DetectLocalConfiguration{InterfaceNamePrefix: "1234567890123456789"}, DetectLocal: proxyconfigapi.DetectLocalConfiguration{InterfaceNamePrefix: "1234567890123456789"},
}, },
family: v1.IPv4Protocol,
expected: resolveLocalDetector(t)(proxyutiliptables.NewDetectLocalByInterfaceNamePrefix("1234567890123456789")), expected: resolveLocalDetector(t)(proxyutiliptables.NewDetectLocalByInterfaceNamePrefix("1234567890123456789")),
errExpected: false, errExpected: false,
}, },
} }
for i, c := range cases { for _, c := range cases {
r, err := getLocalDetector(c.mode, c.config, c.ipt, c.nodePodCIDRs) t.Run(c.name, func(t *testing.T) {
if c.errExpected { r, err := getLocalDetector(c.family, c.mode, c.config, c.nodePodCIDRs)
if err == nil { if c.errExpected {
t.Errorf("Case[%d] Expected error, but succeeded with %v", i, r) if err == nil {
t.Errorf("Expected error, but succeeded with %v", r)
}
return
} }
continue if err != nil {
} t.Errorf("Error resolving detect-local: %v", err)
if err != nil { return
t.Errorf("Case[%d] Error resolving detect-local: %v", i, err) }
continue if !reflect.DeepEqual(r, c.expected) {
} t.Errorf("Unexpected detect-local implementation, expected: %q, got: %q", c.expected, r)
if !reflect.DeepEqual(r, c.expected) { }
t.Errorf("Case[%d] Unexpected detect-local implementation, expected: %q, got: %q", i, c.expected, r) })
}
} }
} }
func Test_getDualStackLocalDetectorTuple(t *testing.T) { func Test_getDualStackLocalDetectorTuple(t *testing.T) {
cases := []struct { cases := []struct {
name string
mode proxyconfigapi.LocalMode mode proxyconfigapi.LocalMode
config *proxyconfigapi.KubeProxyConfiguration config *proxyconfigapi.KubeProxyConfiguration
ipt [2]utiliptables.Interface
expected [2]proxyutiliptables.LocalTrafficDetector expected [2]proxyutiliptables.LocalTrafficDetector
nodePodCIDRs []string nodePodCIDRs []string
errExpected bool errExpected bool
}{ }{
// LocalModeClusterCIDR // LocalModeClusterCIDR
{ {
name: "LocalModeClusterCIDR, dual-stack IPv4-primary cluster",
mode: proxyconfigapi.LocalModeClusterCIDR, mode: proxyconfigapi.LocalModeClusterCIDR,
config: &proxyconfigapi.KubeProxyConfiguration{ClusterCIDR: "10.0.0.0/14,2002::1234:abcd:ffff:c0a8:101/64"}, config: &proxyconfigapi.KubeProxyConfiguration{ClusterCIDR: "10.0.0.0/14,2002::1234:abcd:ffff:c0a8:101/64"},
ipt: [2]utiliptables.Interface{utiliptablestest.NewFake(), utiliptablestest.NewIPv6Fake()},
expected: resolveDualStackLocalDetectors(t)( expected: resolveDualStackLocalDetectors(t)(
proxyutiliptables.NewDetectLocalByCIDR("10.0.0.0/14", utiliptablestest.NewFake()))( proxyutiliptables.NewDetectLocalByCIDR("10.0.0.0/14"))(
proxyutiliptables.NewDetectLocalByCIDR("2002::1234:abcd:ffff:c0a8:101/64", utiliptablestest.NewIPv6Fake())), proxyutiliptables.NewDetectLocalByCIDR("2002::1234:abcd:ffff:c0a8:101/64")),
errExpected: false, errExpected: false,
}, },
{ {
name: "LocalModeClusterCIDR, dual-stack IPv6-primary cluster",
mode: proxyconfigapi.LocalModeClusterCIDR, mode: proxyconfigapi.LocalModeClusterCIDR,
config: &proxyconfigapi.KubeProxyConfiguration{ClusterCIDR: "2002::1234:abcd:ffff:c0a8:101/64,10.0.0.0/14"}, config: &proxyconfigapi.KubeProxyConfiguration{ClusterCIDR: "2002::1234:abcd:ffff:c0a8:101/64,10.0.0.0/14"},
ipt: [2]utiliptables.Interface{utiliptablestest.NewFake(), utiliptablestest.NewIPv6Fake()},
expected: resolveDualStackLocalDetectors(t)( expected: resolveDualStackLocalDetectors(t)(
proxyutiliptables.NewDetectLocalByCIDR("10.0.0.0/14", utiliptablestest.NewFake()))( proxyutiliptables.NewDetectLocalByCIDR("10.0.0.0/14"))(
proxyutiliptables.NewDetectLocalByCIDR("2002::1234:abcd:ffff:c0a8:101/64", utiliptablestest.NewIPv6Fake())), proxyutiliptables.NewDetectLocalByCIDR("2002::1234:abcd:ffff:c0a8:101/64")),
errExpected: false, errExpected: false,
}, },
{ {
name: "LocalModeClusterCIDR, single-stack IPv4 cluster",
mode: proxyconfigapi.LocalModeClusterCIDR, mode: proxyconfigapi.LocalModeClusterCIDR,
config: &proxyconfigapi.KubeProxyConfiguration{ClusterCIDR: "10.0.0.0/14"}, config: &proxyconfigapi.KubeProxyConfiguration{ClusterCIDR: "10.0.0.0/14"},
ipt: [2]utiliptables.Interface{utiliptablestest.NewFake(), utiliptablestest.NewIPv6Fake()},
expected: [2]proxyutiliptables.LocalTrafficDetector{ expected: [2]proxyutiliptables.LocalTrafficDetector{
resolveLocalDetector(t)(proxyutiliptables.NewDetectLocalByCIDR("10.0.0.0/14", utiliptablestest.NewFake())), resolveLocalDetector(t)(proxyutiliptables.NewDetectLocalByCIDR("10.0.0.0/14")),
proxyutiliptables.NewNoOpLocalDetector()}, proxyutiliptables.NewNoOpLocalDetector()},
errExpected: false, errExpected: false,
}, },
{ {
name: "LocalModeClusterCIDR, single-stack IPv6 cluster",
mode: proxyconfigapi.LocalModeClusterCIDR, mode: proxyconfigapi.LocalModeClusterCIDR,
config: &proxyconfigapi.KubeProxyConfiguration{ClusterCIDR: "2002::1234:abcd:ffff:c0a8:101/64"}, config: &proxyconfigapi.KubeProxyConfiguration{ClusterCIDR: "2002::1234:abcd:ffff:c0a8:101/64"},
ipt: [2]utiliptables.Interface{utiliptablestest.NewFake(), utiliptablestest.NewIPv6Fake()},
expected: [2]proxyutiliptables.LocalTrafficDetector{ expected: [2]proxyutiliptables.LocalTrafficDetector{
proxyutiliptables.NewNoOpLocalDetector(), proxyutiliptables.NewNoOpLocalDetector(),
resolveLocalDetector(t)(proxyutiliptables.NewDetectLocalByCIDR("2002::1234:abcd:ffff:c0a8:101/64", utiliptablestest.NewIPv6Fake()))}, resolveLocalDetector(t)(proxyutiliptables.NewDetectLocalByCIDR("2002::1234:abcd:ffff:c0a8:101/64"))},
errExpected: false, errExpected: false,
}, },
{ {
name: "LocalModeClusterCIDR, no ClusterCIDR",
mode: proxyconfigapi.LocalModeClusterCIDR, mode: proxyconfigapi.LocalModeClusterCIDR,
config: &proxyconfigapi.KubeProxyConfiguration{ClusterCIDR: ""}, config: &proxyconfigapi.KubeProxyConfiguration{ClusterCIDR: ""},
ipt: [2]utiliptables.Interface{utiliptablestest.NewFake(), utiliptablestest.NewIPv6Fake()},
expected: [2]proxyutiliptables.LocalTrafficDetector{proxyutiliptables.NewNoOpLocalDetector(), proxyutiliptables.NewNoOpLocalDetector()}, expected: [2]proxyutiliptables.LocalTrafficDetector{proxyutiliptables.NewNoOpLocalDetector(), proxyutiliptables.NewNoOpLocalDetector()},
errExpected: false, errExpected: false,
}, },
// LocalModeNodeCIDR // LocalModeNodeCIDR
{ {
name: "LocalModeNodeCIDR, dual-stack IPv4-primary cluster",
mode: proxyconfigapi.LocalModeNodeCIDR, mode: proxyconfigapi.LocalModeNodeCIDR,
config: &proxyconfigapi.KubeProxyConfiguration{ClusterCIDR: "10.0.0.0/14,2002::1234:abcd:ffff:c0a8:101/64"}, config: &proxyconfigapi.KubeProxyConfiguration{ClusterCIDR: "10.0.0.0/14,2002::1234:abcd:ffff:c0a8:101/64"},
ipt: [2]utiliptables.Interface{utiliptablestest.NewFake(), utiliptablestest.NewIPv6Fake()},
expected: resolveDualStackLocalDetectors(t)( expected: resolveDualStackLocalDetectors(t)(
proxyutiliptables.NewDetectLocalByCIDR("10.0.0.0/24", utiliptablestest.NewFake()))( proxyutiliptables.NewDetectLocalByCIDR("10.0.0.0/24"))(
proxyutiliptables.NewDetectLocalByCIDR("2002::1234:abcd:ffff:c0a8:101/96", utiliptablestest.NewIPv6Fake())), proxyutiliptables.NewDetectLocalByCIDR("2002::1234:abcd:ffff:c0a8:101/96")),
nodePodCIDRs: []string{"10.0.0.0/24", "2002::1234:abcd:ffff:c0a8:101/96"}, nodePodCIDRs: []string{"10.0.0.0/24", "2002::1234:abcd:ffff:c0a8:101/96"},
errExpected: false, errExpected: false,
}, },
{ {
name: "LocalModeNodeCIDR, dual-stack IPv6-primary cluster",
mode: proxyconfigapi.LocalModeNodeCIDR, mode: proxyconfigapi.LocalModeNodeCIDR,
config: &proxyconfigapi.KubeProxyConfiguration{ClusterCIDR: "2002::1234:abcd:ffff:c0a8:101/64,10.0.0.0/14"}, config: &proxyconfigapi.KubeProxyConfiguration{ClusterCIDR: "2002::1234:abcd:ffff:c0a8:101/64,10.0.0.0/14"},
ipt: [2]utiliptables.Interface{utiliptablestest.NewFake(), utiliptablestest.NewIPv6Fake()},
expected: resolveDualStackLocalDetectors(t)( expected: resolveDualStackLocalDetectors(t)(
proxyutiliptables.NewDetectLocalByCIDR("10.0.0.0/24", utiliptablestest.NewFake()))( proxyutiliptables.NewDetectLocalByCIDR("10.0.0.0/24"))(
proxyutiliptables.NewDetectLocalByCIDR("2002::1234:abcd:ffff:c0a8:101/96", utiliptablestest.NewIPv6Fake())), proxyutiliptables.NewDetectLocalByCIDR("2002::1234:abcd:ffff:c0a8:101/96")),
nodePodCIDRs: []string{"2002::1234:abcd:ffff:c0a8:101/96", "10.0.0.0/24"}, nodePodCIDRs: []string{"2002::1234:abcd:ffff:c0a8:101/96", "10.0.0.0/24"},
errExpected: false, errExpected: false,
}, },
{ {
name: "LocalModeNodeCIDR, single-stack IPv4 cluster",
mode: proxyconfigapi.LocalModeNodeCIDR, mode: proxyconfigapi.LocalModeNodeCIDR,
config: &proxyconfigapi.KubeProxyConfiguration{ClusterCIDR: "10.0.0.0/14"}, config: &proxyconfigapi.KubeProxyConfiguration{ClusterCIDR: "10.0.0.0/14"},
ipt: [2]utiliptables.Interface{utiliptablestest.NewFake(), utiliptablestest.NewIPv6Fake()},
expected: [2]proxyutiliptables.LocalTrafficDetector{ expected: [2]proxyutiliptables.LocalTrafficDetector{
resolveLocalDetector(t)(proxyutiliptables.NewDetectLocalByCIDR("10.0.0.0/24", utiliptablestest.NewFake())), resolveLocalDetector(t)(proxyutiliptables.NewDetectLocalByCIDR("10.0.0.0/24")),
proxyutiliptables.NewNoOpLocalDetector()}, proxyutiliptables.NewNoOpLocalDetector()},
nodePodCIDRs: []string{"10.0.0.0/24"}, nodePodCIDRs: []string{"10.0.0.0/24"},
errExpected: false, errExpected: false,
}, },
{ {
name: "LocalModeNodeCIDR, single-stack IPv6 cluster",
mode: proxyconfigapi.LocalModeNodeCIDR, mode: proxyconfigapi.LocalModeNodeCIDR,
config: &proxyconfigapi.KubeProxyConfiguration{ClusterCIDR: "2002::1234:abcd:ffff:c0a8:101/64"}, config: &proxyconfigapi.KubeProxyConfiguration{ClusterCIDR: "2002::1234:abcd:ffff:c0a8:101/64"},
ipt: [2]utiliptables.Interface{utiliptablestest.NewFake(), utiliptablestest.NewIPv6Fake()},
expected: [2]proxyutiliptables.LocalTrafficDetector{ expected: [2]proxyutiliptables.LocalTrafficDetector{
proxyutiliptables.NewNoOpLocalDetector(), proxyutiliptables.NewNoOpLocalDetector(),
resolveLocalDetector(t)(proxyutiliptables.NewDetectLocalByCIDR("2002::1234:abcd:ffff:c0a8:101/96", utiliptablestest.NewIPv6Fake()))}, resolveLocalDetector(t)(proxyutiliptables.NewDetectLocalByCIDR("2002::1234:abcd:ffff:c0a8:101/96"))},
nodePodCIDRs: []string{"2002::1234:abcd:ffff:c0a8:101/96"}, nodePodCIDRs: []string{"2002::1234:abcd:ffff:c0a8:101/96"},
errExpected: false, errExpected: false,
}, },
{ {
name: "LocalModeNodeCIDR, no PodCIDRs",
mode: proxyconfigapi.LocalModeNodeCIDR, mode: proxyconfigapi.LocalModeNodeCIDR,
config: &proxyconfigapi.KubeProxyConfiguration{ClusterCIDR: ""}, config: &proxyconfigapi.KubeProxyConfiguration{ClusterCIDR: ""},
ipt: [2]utiliptables.Interface{utiliptablestest.NewFake(), utiliptablestest.NewIPv6Fake()},
expected: [2]proxyutiliptables.LocalTrafficDetector{proxyutiliptables.NewNoOpLocalDetector(), proxyutiliptables.NewNoOpLocalDetector()}, expected: [2]proxyutiliptables.LocalTrafficDetector{proxyutiliptables.NewNoOpLocalDetector(), proxyutiliptables.NewNoOpLocalDetector()},
nodePodCIDRs: []string{}, nodePodCIDRs: []string{},
errExpected: false, errExpected: false,
}, },
// LocalModeBridgeInterface // LocalModeBridgeInterface
{ {
name: "LocalModeBridgeInterface",
mode: proxyconfigapi.LocalModeBridgeInterface, mode: proxyconfigapi.LocalModeBridgeInterface,
config: &proxyconfigapi.KubeProxyConfiguration{ config: &proxyconfigapi.KubeProxyConfiguration{
DetectLocal: proxyconfigapi.DetectLocalConfiguration{BridgeInterface: "eth"}, DetectLocal: proxyconfigapi.DetectLocalConfiguration{BridgeInterface: "eth"},
@ -369,6 +407,7 @@ func Test_getDualStackLocalDetectorTuple(t *testing.T) {
}, },
// LocalModeInterfaceNamePrefix // LocalModeInterfaceNamePrefix
{ {
name: "LocalModeInterfaceNamePrefix",
mode: proxyconfigapi.LocalModeInterfaceNamePrefix, mode: proxyconfigapi.LocalModeInterfaceNamePrefix,
config: &proxyconfigapi.KubeProxyConfiguration{ config: &proxyconfigapi.KubeProxyConfiguration{
DetectLocal: proxyconfigapi.DetectLocalConfiguration{InterfaceNamePrefix: "veth"}, DetectLocal: proxyconfigapi.DetectLocalConfiguration{InterfaceNamePrefix: "veth"},
@ -379,21 +418,23 @@ func Test_getDualStackLocalDetectorTuple(t *testing.T) {
errExpected: false, errExpected: false,
}, },
} }
for i, c := range cases { for _, c := range cases {
r, err := getDualStackLocalDetectorTuple(c.mode, c.config, c.ipt, c.nodePodCIDRs) t.Run(c.name, func(t *testing.T) {
if c.errExpected { r, err := getDualStackLocalDetectorTuple(c.mode, c.config, c.nodePodCIDRs)
if err == nil { if c.errExpected {
t.Errorf("Case[%d] expected error, but succeeded with %q", i, r) if err == nil {
t.Errorf("Expected error, but succeeded with %q", r)
}
return
} }
continue if err != nil {
} t.Errorf("Error resolving detect-local: %v", err)
if err != nil { return
t.Errorf("Case[%d] Error resolving detect-local: %v", i, err) }
continue if !reflect.DeepEqual(r, c.expected) {
} t.Errorf("Unexpected detect-local implementation, expected: %q, got: %q", c.expected, r)
if !reflect.DeepEqual(r, c.expected) { }
t.Errorf("Case[%d] Unexpected detect-local implementation, expected: %q, got: %q", i, c.expected, r) })
}
} }
} }

2
pkg/proxy/iptables/proxier_test.go
View File

@ -291,7 +291,7 @@ func NewFakeProxier(ipt utiliptables.Interface) *Proxier {
ipfamily = v1.IPv6Protocol ipfamily = v1.IPv6Protocol
podCIDR = "fd00::/64" podCIDR = "fd00::/64"
} }
detectLocal, _ := proxyutiliptables.NewDetectLocalByCIDR(podCIDR, ipt) detectLocal, _ := proxyutiliptables.NewDetectLocalByCIDR(podCIDR)
networkInterfacer := proxyutiltest.NewFakeNetwork() networkInterfacer := proxyutiltest.NewFakeNetwork()
itf := net.Interface{Index: 0, MTU: 0, Name: "lo", HardwareAddr: nil, Flags: 0} itf := net.Interface{Index: 0, MTU: 0, Name: "lo", HardwareAddr: nil, Flags: 0}

6
pkg/proxy/util/iptables/traffic.go
View File

@ -19,7 +19,6 @@ package iptables
import ( import (
"fmt" "fmt"
utiliptables "k8s.io/kubernetes/pkg/util/iptables"
netutils "k8s.io/utils/net" netutils "k8s.io/utils/net"
) )
@ -62,10 +61,7 @@ type detectLocalByCIDR struct {
// NewDetectLocalByCIDR implements the LocalTrafficDetector interface using a CIDR. This can be used when a single CIDR // NewDetectLocalByCIDR implements the LocalTrafficDetector interface using a CIDR. This can be used when a single CIDR
// range can be used to capture the notion of local traffic. // range can be used to capture the notion of local traffic.
func NewDetectLocalByCIDR(cidr string, ipt utiliptables.Interface) (LocalTrafficDetector, error) { func NewDetectLocalByCIDR(cidr string) (LocalTrafficDetector, error) {
if netutils.IsIPv6CIDRString(cidr) != ipt.IsIPv6() {
return nil, fmt.Errorf("CIDR %s has incorrect IP version: expect isIPv6=%t", cidr, ipt.IsIPv6())
}
_, _, err := netutils.ParseCIDRSloppy(cidr) _, _, err := netutils.ParseCIDRSloppy(cidr)
if err != nil { if err != nil {
return nil, err return nil, err

27
pkg/proxy/util/iptables/traffic_test.go
View File

@ -19,9 +19,6 @@ package iptables
import ( import (
"reflect" "reflect"
"testing" "testing"
utiliptables "k8s.io/kubernetes/pkg/util/iptables"
iptablestest "k8s.io/kubernetes/pkg/util/iptables/testing"
) )
func TestNoOpLocalDetector(t *testing.T) { func TestNoOpLocalDetector(t *testing.T) {
@ -44,52 +41,35 @@ func TestNoOpLocalDetector(t *testing.T) {
func TestNewDetectLocalByCIDR(t *testing.T) { func TestNewDetectLocalByCIDR(t *testing.T) {
cases := []struct { cases := []struct {
cidr string cidr string
ipt utiliptables.Interface
errExpected bool errExpected bool
}{ }{
{ {
cidr: "10.0.0.0/14", cidr: "10.0.0.0/14",
ipt: iptablestest.NewFake(),
errExpected: false, errExpected: false,
}, },
{ {
cidr: "2002::1234:abcd:ffff:c0a8:101/64", cidr: "2002::1234:abcd:ffff:c0a8:101/64",
ipt: iptablestest.NewIPv6Fake(),
errExpected: false, errExpected: false,
}, },
{
cidr: "10.0.0.0/14",
ipt: iptablestest.NewIPv6Fake(),
errExpected: true,
},
{
cidr: "2002::1234:abcd:ffff:c0a8:101/64",
ipt: iptablestest.NewFake(),
errExpected: true,
},
{ {
cidr: "10.0.0.0", cidr: "10.0.0.0",
ipt: iptablestest.NewFake(),
errExpected: true, errExpected: true,
}, },
{ {
cidr: "2002::1234:abcd:ffff:c0a8:101", cidr: "2002::1234:abcd:ffff:c0a8:101",
ipt: iptablestest.NewIPv6Fake(),
errExpected: true, errExpected: true,
}, },
{ {
cidr: "", cidr: "",
ipt: iptablestest.NewFake(),
errExpected: true, errExpected: true,
}, },
{ {
cidr: "", cidr: "",
ipt: iptablestest.NewIPv6Fake(),
errExpected: true, errExpected: true,
}, },
} }
for i, c := range cases { for i, c := range cases {
r, err := NewDetectLocalByCIDR(c.cidr, c.ipt) r, err := NewDetectLocalByCIDR(c.cidr)
if c.errExpected { if c.errExpected {
if err == nil { if err == nil {
t.Errorf("Case[%d] expected error, but succeeded with: %q", i, r) t.Errorf("Case[%d] expected error, but succeeded with: %q", i, r)
@ -105,25 +85,22 @@ func TestNewDetectLocalByCIDR(t *testing.T) {
func TestDetectLocalByCIDR(t *testing.T) { func TestDetectLocalByCIDR(t *testing.T) {
cases := []struct { cases := []struct {
cidr string cidr string
ipt utiliptables.Interface
expectedIfLocalOutput []string expectedIfLocalOutput []string
expectedIfNotLocalOutput []string expectedIfNotLocalOutput []string
}{ }{
{ {
cidr: "10.0.0.0/14", cidr: "10.0.0.0/14",
ipt: iptablestest.NewFake(),
expectedIfLocalOutput: []string{"-s", "10.0.0.0/14"}, expectedIfLocalOutput: []string{"-s", "10.0.0.0/14"},
expectedIfNotLocalOutput: []string{"!", "-s", "10.0.0.0/14"}, expectedIfNotLocalOutput: []string{"!", "-s", "10.0.0.0/14"},
}, },
{ {
cidr: "2002::1234:abcd:ffff:c0a8:101/64", cidr: "2002::1234:abcd:ffff:c0a8:101/64",
ipt: iptablestest.NewIPv6Fake(),
expectedIfLocalOutput: []string{"-s", "2002::1234:abcd:ffff:c0a8:101/64"}, expectedIfLocalOutput: []string{"-s", "2002::1234:abcd:ffff:c0a8:101/64"},
expectedIfNotLocalOutput: []string{"!", "-s", "2002::1234:abcd:ffff:c0a8:101/64"}, expectedIfNotLocalOutput: []string{"!", "-s", "2002::1234:abcd:ffff:c0a8:101/64"},
}, },
} }
for _, c := range cases { for _, c := range cases {
localDetector, err := NewDetectLocalByCIDR(c.cidr, c.ipt) localDetector, err := NewDetectLocalByCIDR(c.cidr)
if err != nil { if err != nil {
t.Errorf("Error initializing localDetector: %v", err) t.Errorf("Error initializing localDetector: %v", err)
continue continue