From 54a33ecf452996e5aefb3985e7a84dcf719ece29 Mon Sep 17 00:00:00 2001 From: Jack Ma Date: Thu, 11 Sep 2025 12:47:35 -0700 Subject: [PATCH] fix: use iifname for input interface name matches add tests to cover nftables; also fix NewDetectLocalByBridgeInterface --- pkg/proxy/util/localdetector.go | 8 ++-- pkg/proxy/util/localdetector_test.go | 64 ++++++++++++++++++++++++++++ 2 files changed, 68 insertions(+), 4 deletions(-) diff --git a/pkg/proxy/util/localdetector.go b/pkg/proxy/util/localdetector.go index 6e296b0c71b..9e579e88761 100644 --- a/pkg/proxy/util/localdetector.go +++ b/pkg/proxy/util/localdetector.go @@ -98,8 +98,8 @@ func NewDetectLocalByBridgeInterface(interfaceName string) LocalTrafficDetector return &detectLocal{ ifLocal: []string{"-i", interfaceName}, ifNotLocal: []string{"!", "-i", interfaceName}, - ifLocalNFT: []string{"iif", interfaceName}, - ifNotLocalNFT: []string{"iif", "!=", interfaceName}, + ifLocalNFT: []string{"iifname", interfaceName}, + ifNotLocalNFT: []string{"iifname", "!=", interfaceName}, } } @@ -110,7 +110,7 @@ func NewDetectLocalByInterfaceNamePrefix(interfacePrefix string) LocalTrafficDet return &detectLocal{ ifLocal: []string{"-i", interfacePrefix + "+"}, ifNotLocal: []string{"!", "-i", interfacePrefix + "+"}, - ifLocalNFT: []string{"iif", interfacePrefix + "*"}, - ifNotLocalNFT: []string{"iif", "!=", interfacePrefix + "*"}, + ifLocalNFT: []string{"iifname", interfacePrefix + "*"}, + ifNotLocalNFT: []string{"iifname", "!=", interfacePrefix + "*"}, } } diff --git a/pkg/proxy/util/localdetector_test.go b/pkg/proxy/util/localdetector_test.go index 473aaeb8ce4..0fb36934262 100644 --- a/pkg/proxy/util/localdetector_test.go +++ b/pkg/proxy/util/localdetector_test.go @@ -105,6 +105,37 @@ func TestDetectLocalByBridgeInterface(t *testing.T) { } } +func TestDetectLocalNFTByBridgeInterface(t *testing.T) { + cases := []struct { + ifaceName string + expectedJumpIfOutput []string + expectedJumpIfNotOutput []string + }{ + { + ifaceName: "eth0", + expectedJumpIfOutput: []string{"iifname", "eth0"}, + expectedJumpIfNotOutput: []string{"iifname", "!=", "eth0"}, + }, + } + for _, c := range cases { + localDetector := NewDetectLocalByBridgeInterface(c.ifaceName) + if !localDetector.IsImplemented() { + t.Error("DetectLocalByBridgeInterface returns false for IsImplemented") + } + + ifLocal := localDetector.IfLocalNFT() + ifNotLocal := localDetector.IfNotLocalNFT() + + if !reflect.DeepEqual(ifLocal, c.expectedJumpIfOutput) { + t.Errorf("IfLocalNFT, expected: '%v', but got: '%v'", c.expectedJumpIfOutput, ifLocal) + } + + if !reflect.DeepEqual(ifNotLocal, c.expectedJumpIfNotOutput) { + t.Errorf("IfNotLocalNFT, expected: '%v', but got: '%v'", c.expectedJumpIfNotOutput, ifNotLocal) + } + } +} + func TestDetectLocalByInterfaceNamePrefix(t *testing.T) { cases := []struct { ifacePrefix string @@ -137,3 +168,36 @@ func TestDetectLocalByInterfaceNamePrefix(t *testing.T) { } } } + +func TestDetectLocalNFTByInterfaceNamePrefix(t *testing.T) { + cases := []struct { + ifacePrefix string + chain string + args []string + expectedJumpIfOutput []string + expectedJumpIfNotOutput []string + }{ + { + ifacePrefix: "eth", + expectedJumpIfOutput: []string{"iifname", "eth*"}, + expectedJumpIfNotOutput: []string{"iifname", "!=", "eth*"}, + }, + } + for _, c := range cases { + localDetector := NewDetectLocalByInterfaceNamePrefix(c.ifacePrefix) + if !localDetector.IsImplemented() { + t.Error("DetectLocalByInterfaceNamePrefix returns false for IsImplemented") + } + + ifLocal := localDetector.IfLocalNFT() + ifNotLocal := localDetector.IfNotLocalNFT() + + if !reflect.DeepEqual(ifLocal, c.expectedJumpIfOutput) { + t.Errorf("IfLocalNFT, expected: '%v', but got: '%v'", c.expectedJumpIfOutput, ifLocal) + } + + if !reflect.DeepEqual(ifNotLocal, c.expectedJumpIfNotOutput) { + t.Errorf("IfNotLocalNFT, expected: '%v', but got: '%v'", c.expectedJumpIfNotOutput, ifNotLocal) + } + } +}