From 37da906db24ad3573163e2a927f25130ceb2bf9e Mon Sep 17 00:00:00 2001 From: Tim Hockin Date: Thu, 9 Apr 2020 12:02:14 -0700 Subject: [PATCH 1/6] kube-proxy: more logging at startup --- pkg/proxy/iptables/proxier.go | 25 ++++++++++++++++++++++--- pkg/proxy/ipvs/proxier.go | 18 +++++++++++++++++- 2 files changed, 39 insertions(+), 4 deletions(-) diff --git a/pkg/proxy/iptables/proxier.go b/pkg/proxy/iptables/proxier.go index b7e3dc0f4e1..248b2fc2e8b 100644 --- a/pkg/proxy/iptables/proxier.go +++ b/pkg/proxy/iptables/proxier.go @@ -273,6 +273,7 @@ func NewProxier(ipt utiliptables.Interface, if err := sysctl.SetSysctl(sysctlRouteLocalnet, 1); err != nil { return nil, fmt.Errorf("can't set sysctl %s: %v", sysctlRouteLocalnet, err) } + klog.V(1).Infof("Set sysctl %q to 1", sysctlRouteLocalnet) } // Proxy needs br_netfilter and bridge-nf-call-iptables=1 when containers @@ -285,6 +286,7 @@ func NewProxier(ipt utiliptables.Interface, // Generate the masquerade mark to use for SNAT rules. masqueradeValue := 1 << uint(masqueradeBit) masqueradeMark := fmt.Sprintf("%#08x/%#08x", masqueradeValue, masqueradeValue) + klog.V(2).Infof("iptables(%s) masquerade mark: %s", ipVersion(ipt.IsIpv6()), masqueradeMark) endpointSlicesEnabled := utilfeature.DefaultFeatureGate.Enabled(features.EndpointSliceProxying) @@ -319,18 +321,35 @@ func NewProxier(ipt utiliptables.Interface, nodePortAddresses: nodePortAddresses, networkInterfacer: utilproxy.RealNetwork{}, } + burstSyncs := 2 - klog.V(3).Infof("minSyncPeriod: %v, syncPeriod: %v, burstSyncs: %d", minSyncPeriod, syncPeriod, burstSyncs) + klog.V(2).Infof("iptables(%s) sync params: minSyncPeriod=%v, syncPeriod=%v, burstSyncs=%d", + ipVersion(ipt.IsIpv6()), minSyncPeriod, syncPeriod, burstSyncs) // We pass syncPeriod to ipt.Monitor, which will call us only if it needs to. // We need to pass *some* maxInterval to NewBoundedFrequencyRunner anyway though. // time.Hour is arbitrary. proxier.syncRunner = async.NewBoundedFrequencyRunner("sync-runner", proxier.syncProxyRules, minSyncPeriod, time.Hour, burstSyncs) + go ipt.Monitor(utiliptables.Chain("KUBE-PROXY-CANARY"), []utiliptables.Table{utiliptables.TableMangle, utiliptables.TableNAT, utiliptables.TableFilter}, proxier.syncProxyRules, syncPeriod, wait.NeverStop) + + if ipt.HasRandomFully() { + klog.V(2).Infof("iptables(%s) supports --random-fully", ipVersion(ipt.IsIpv6())) + } else { + klog.V(2).Infof("iptables(%s) does not support --random-fully", ipVersion(ipt.IsIpv6())) + } + return proxier, nil } +func ipVersion(isIPv6 bool) string { + if isIPv6 { + return "ipv6" + } + return "ipv4" +} + // NewDualStackProxier creates a MetaProxier instance, with IPv4 and IPv6 proxies. func NewDualStackProxier( ipt [2]utiliptables.Interface, @@ -787,7 +806,7 @@ func (proxier *Proxier) syncProxyRules() { start := time.Now() defer func() { metrics.SyncProxyRulesLatency.Observe(metrics.SinceInSeconds(start)) - klog.V(4).Infof("syncProxyRules took %v", time.Since(start)) + klog.V(2).Infof("syncProxyRules took %v", time.Since(start)) }() localAddrs, err := utilproxy.GetLocalAddrs() @@ -818,7 +837,7 @@ func (proxier *Proxier) syncProxyRules() { } } - klog.V(3).Info("Syncing iptables rules") + klog.V(2).Info("Syncing iptables rules") success := false defer func() { diff --git a/pkg/proxy/ipvs/proxier.go b/pkg/proxy/ipvs/proxier.go index 47c544c61b1..67305b8cf11 100644 --- a/pkg/proxy/ipvs/proxier.go +++ b/pkg/proxy/ipvs/proxier.go @@ -351,6 +351,7 @@ func NewProxier(ipt utiliptables.Interface, if err := sysctl.SetSysctl(sysctlRouteLocalnet, 1); err != nil { return nil, fmt.Errorf("can't set sysctl %s: %v", sysctlRouteLocalnet, err) } + klog.V(1).Infof("Set sysctl %q to 1", sysctlRouteLocalnet) } // Proxy needs br_netfilter and bridge-nf-call-iptables=1 when containers @@ -365,6 +366,7 @@ func NewProxier(ipt utiliptables.Interface, if err := sysctl.SetSysctl(sysctlVSConnTrack, 1); err != nil { return nil, fmt.Errorf("can't set sysctl %s: %v", sysctlVSConnTrack, err) } + klog.V(1).Infof("Set sysctl %q to 1", sysctlVSConnTrack) } kernelVersionStr, err := kernelHandler.GetKernelVersion() @@ -383,6 +385,7 @@ func NewProxier(ipt utiliptables.Interface, if err := sysctl.SetSysctl(sysctlConnReuse, 0); err != nil { return nil, fmt.Errorf("can't set sysctl %s: %v", sysctlConnReuse, err) } + klog.V(1).Infof("Set sysctl %q to 0", sysctlConnReuse) } } @@ -391,6 +394,7 @@ func NewProxier(ipt utiliptables.Interface, if err := sysctl.SetSysctl(sysctlExpireNoDestConn, 1); err != nil { return nil, fmt.Errorf("can't set sysctl %s: %v", sysctlExpireNoDestConn, err) } + klog.V(1).Infof("Set sysctl %q to 1", sysctlExpireNoDestConn) } // Set the expire_quiescent_template sysctl we need for @@ -398,6 +402,7 @@ func NewProxier(ipt utiliptables.Interface, if err := sysctl.SetSysctl(sysctlExpireQuiescentTemplate, 1); err != nil { return nil, fmt.Errorf("can't set sysctl %s: %v", sysctlExpireQuiescentTemplate, err) } + klog.V(1).Infof("Set sysctl %q to 1", sysctlExpireQuiescentTemplate) } // Set the ip_forward sysctl we need for @@ -405,6 +410,7 @@ func NewProxier(ipt utiliptables.Interface, if err := sysctl.SetSysctl(sysctlForward, 1); err != nil { return nil, fmt.Errorf("can't set sysctl %s: %v", sysctlForward, err) } + klog.V(1).Infof("Set sysctl %q to 1", sysctlForward) } if strictARP { @@ -413,6 +419,7 @@ func NewProxier(ipt utiliptables.Interface, if err := sysctl.SetSysctl(sysctlArpIgnore, 1); err != nil { return nil, fmt.Errorf("can't set sysctl %s: %v", sysctlArpIgnore, err) } + klog.V(1).Infof("Set sysctl %q to 1", sysctlArpIgnore) } // Set the arp_announce sysctl we need for @@ -420,6 +427,7 @@ func NewProxier(ipt utiliptables.Interface, if err := sysctl.SetSysctl(sysctlArpAnnounce, 2); err != nil { return nil, fmt.Errorf("can't set sysctl %s: %v", sysctlArpAnnounce, err) } + klog.V(1).Infof("Set sysctl %q to 2", sysctlArpAnnounce) } } @@ -490,12 +498,20 @@ func NewProxier(ipt utiliptables.Interface, proxier.ipsetList[is.name] = NewIPSet(ipset, is.name, is.setType, isIPv6, is.comment) } burstSyncs := 2 - klog.V(3).Infof("minSyncPeriod: %v, syncPeriod: %v, burstSyncs: %d", minSyncPeriod, syncPeriod, burstSyncs) + klog.V(2).Infof("ipvs(%s) sync params: minSyncPeriod=%v, syncPeriod=%v, burstSyncs=%d", + ipVersion(ipt.IsIpv6()), minSyncPeriod, syncPeriod, burstSyncs) proxier.syncRunner = async.NewBoundedFrequencyRunner("sync-runner", proxier.syncProxyRules, minSyncPeriod, syncPeriod, burstSyncs) proxier.gracefuldeleteManager.Run() return proxier, nil } +func ipVersion(isIPv6 bool) string { + if isIPv6 { + return "ipv6" + } + return "ipv4" +} + // NewDualStackProxier returns a new Proxier for dual-stack operation func NewDualStackProxier( ipt [2]utiliptables.Interface, From 341022f8d1361992f5c462d31cd0159a7c2e5a9f Mon Sep 17 00:00:00 2001 From: Tim Hockin Date: Thu, 9 Apr 2020 13:56:34 -0700 Subject: [PATCH 2/6] kube-proxy: log service and endpoint updates --- pkg/proxy/endpoints.go | 4 ++++ pkg/proxy/iptables/proxier_test.go | 30 +++++++++++++++--------------- pkg/proxy/service.go | 2 ++ pkg/proxy/types.go | 9 ++++++++- 4 files changed, 29 insertions(+), 16 deletions(-) diff --git a/pkg/proxy/endpoints.go b/pkg/proxy/endpoints.go index 35c2fc58893..6ebd4f90d2f 100644 --- a/pkg/proxy/endpoints.go +++ b/pkg/proxy/endpoints.go @@ -176,6 +176,10 @@ func (ect *EndpointChangeTracker) Update(previous, current *v1.Endpoints) bool { // there will be no network programming for them and thus no network programming latency metric // should be exported. delete(ect.lastChangeTriggerTimes, namespacedName) + } else { + for spn, eps := range change.current { + klog.V(2).Infof("Service port %s updated: %d endpoints", spn, len(eps)) + } } metrics.EndpointChangesPending.Set(float64(len(ect.items))) diff --git a/pkg/proxy/iptables/proxier_test.go b/pkg/proxy/iptables/proxier_test.go index 196cd3a3d75..a37de4cf163 100644 --- a/pkg/proxy/iptables/proxier_test.go +++ b/pkg/proxy/iptables/proxier_test.go @@ -2427,23 +2427,23 @@ COMMIT :KUBE-NODEPORTS - [0:0] :KUBE-POSTROUTING - [0:0] :KUBE-MARK-MASQ - [0:0] -:KUBE-SVC-AHZNAGK3SCETOS2T - [0:0] -:KUBE-SEP-PXD6POUVGD2I37UY - [0:0] -:KUBE-SEP-SOKZUIT7SCEVIP33 - [0:0] -:KUBE-SEP-WVE3FAB34S7NZGDJ - [0:0] +:KUBE-SVC-AQI2S6QIMU7PVVRP - [0:0] +:KUBE-SEP-3JOIVZTXZZRGORX4 - [0:0] +:KUBE-SEP-IO5XOSKPAXIFQXAJ - [0:0] +:KUBE-SEP-XGJFVO3L2O5SRFNT - [0:0] -A KUBE-POSTROUTING -m comment --comment "kubernetes service traffic requiring SNAT" -m mark --mark -j MASQUERADE -A KUBE-MARK-MASQ -j MARK --set-xmark --A KUBE-SERVICES -m comment --comment "ns1/svc1: cluster IP" -m tcp -p tcp -d 172.20.1.1/32 --dport 0 ! -s 10.0.0.0/24 -j KUBE-MARK-MASQ --A KUBE-SERVICES -m comment --comment "ns1/svc1: cluster IP" -m tcp -p tcp -d 172.20.1.1/32 --dport 0 -j KUBE-SVC-AHZNAGK3SCETOS2T --A KUBE-SVC-AHZNAGK3SCETOS2T -m comment --comment ns1/svc1: -m statistic --mode random --probability 0.3333333333 -j KUBE-SEP-PXD6POUVGD2I37UY --A KUBE-SEP-PXD6POUVGD2I37UY -m comment --comment ns1/svc1: -s 10.0.1.1/32 -j KUBE-MARK-MASQ --A KUBE-SEP-PXD6POUVGD2I37UY -m comment --comment ns1/svc1: -m tcp -p tcp -j DNAT --to-destination 10.0.1.1:80 --A KUBE-SVC-AHZNAGK3SCETOS2T -m comment --comment ns1/svc1: -m statistic --mode random --probability 0.5000000000 -j KUBE-SEP-SOKZUIT7SCEVIP33 --A KUBE-SEP-SOKZUIT7SCEVIP33 -m comment --comment ns1/svc1: -s 10.0.1.2/32 -j KUBE-MARK-MASQ --A KUBE-SEP-SOKZUIT7SCEVIP33 -m comment --comment ns1/svc1: -m tcp -p tcp -j DNAT --to-destination 10.0.1.2:80 --A KUBE-SVC-AHZNAGK3SCETOS2T -m comment --comment ns1/svc1: -j KUBE-SEP-WVE3FAB34S7NZGDJ --A KUBE-SEP-WVE3FAB34S7NZGDJ -m comment --comment ns1/svc1: -s 10.0.1.3/32 -j KUBE-MARK-MASQ --A KUBE-SEP-WVE3FAB34S7NZGDJ -m comment --comment ns1/svc1: -m tcp -p tcp -j DNAT --to-destination 10.0.1.3:80 +-A KUBE-SERVICES -m comment --comment "ns1/svc1 cluster IP" -m tcp -p tcp -d 172.20.1.1/32 --dport 0 ! -s 10.0.0.0/24 -j KUBE-MARK-MASQ +-A KUBE-SERVICES -m comment --comment "ns1/svc1 cluster IP" -m tcp -p tcp -d 172.20.1.1/32 --dport 0 -j KUBE-SVC-AQI2S6QIMU7PVVRP +-A KUBE-SVC-AQI2S6QIMU7PVVRP -m comment --comment ns1/svc1 -m statistic --mode random --probability 0.3333333333 -j KUBE-SEP-3JOIVZTXZZRGORX4 +-A KUBE-SEP-3JOIVZTXZZRGORX4 -m comment --comment ns1/svc1 -s 10.0.1.1/32 -j KUBE-MARK-MASQ +-A KUBE-SEP-3JOIVZTXZZRGORX4 -m comment --comment ns1/svc1 -m tcp -p tcp -j DNAT --to-destination 10.0.1.1:80 +-A KUBE-SVC-AQI2S6QIMU7PVVRP -m comment --comment ns1/svc1 -m statistic --mode random --probability 0.5000000000 -j KUBE-SEP-IO5XOSKPAXIFQXAJ +-A KUBE-SEP-IO5XOSKPAXIFQXAJ -m comment --comment ns1/svc1 -s 10.0.1.2/32 -j KUBE-MARK-MASQ +-A KUBE-SEP-IO5XOSKPAXIFQXAJ -m comment --comment ns1/svc1 -m tcp -p tcp -j DNAT --to-destination 10.0.1.2:80 +-A KUBE-SVC-AQI2S6QIMU7PVVRP -m comment --comment ns1/svc1 -j KUBE-SEP-XGJFVO3L2O5SRFNT +-A KUBE-SEP-XGJFVO3L2O5SRFNT -m comment --comment ns1/svc1 -s 10.0.1.3/32 -j KUBE-MARK-MASQ +-A KUBE-SEP-XGJFVO3L2O5SRFNT -m comment --comment ns1/svc1 -m tcp -p tcp -j DNAT --to-destination 10.0.1.3:80 -A KUBE-SERVICES -m comment --comment "kubernetes service nodeports; NOTE: this must be the last rule in this chain" -m addrtype --dst-type LOCAL -j KUBE-NODEPORTS COMMIT ` diff --git a/pkg/proxy/service.go b/pkg/proxy/service.go index 7fb28b52808..5901dd81ff1 100644 --- a/pkg/proxy/service.go +++ b/pkg/proxy/service.go @@ -263,6 +263,8 @@ func (sct *ServiceChangeTracker) Update(previous, current *v1.Service) bool { // if change.previous equal to change.current, it means no change if reflect.DeepEqual(change.previous, change.current) { delete(sct.items, namespacedName) + } else { + klog.V(2).Infof("Service %s updated: %d ports", namespacedName, len(change.current)) } metrics.ServiceChangesPending.Set(float64(len(sct.items))) return len(sct.items) > 0 diff --git a/pkg/proxy/types.go b/pkg/proxy/types.go index fae2c549ce3..2d0f9e42856 100644 --- a/pkg/proxy/types.go +++ b/pkg/proxy/types.go @@ -49,7 +49,14 @@ type ServicePortName struct { } func (spn ServicePortName) String() string { - return fmt.Sprintf("%s:%s", spn.NamespacedName.String(), spn.Port) + return fmt.Sprintf("%s%s", spn.NamespacedName.String(), fmtPortName(spn.Port)) +} + +func fmtPortName(in string) string { + if in == "" { + return "" + } + return fmt.Sprintf(":%s", in) } // ServicePort is an interface which abstracts information about a service. From b874f7c626df4e571802eb96ee2f0065ee281173 Mon Sep 17 00:00:00 2001 From: Tim Hockin Date: Fri, 10 Apr 2020 08:47:03 -0700 Subject: [PATCH 3/6] Encapsulate sysctl test and log --- pkg/proxy/iptables/proxier.go | 7 ++--- pkg/proxy/ipvs/proxier.go | 56 ++++++++++------------------------- pkg/proxy/util/BUILD | 1 + pkg/proxy/util/utils.go | 12 ++++++++ 4 files changed, 31 insertions(+), 45 deletions(-) diff --git a/pkg/proxy/iptables/proxier.go b/pkg/proxy/iptables/proxier.go index 248b2fc2e8b..1aafe9e1ce7 100644 --- a/pkg/proxy/iptables/proxier.go +++ b/pkg/proxy/iptables/proxier.go @@ -269,11 +269,8 @@ func NewProxier(ipt utiliptables.Interface, nodePortAddresses []string, ) (*Proxier, error) { // Set the route_localnet sysctl we need for - if val, _ := sysctl.GetSysctl(sysctlRouteLocalnet); val != 1 { - if err := sysctl.SetSysctl(sysctlRouteLocalnet, 1); err != nil { - return nil, fmt.Errorf("can't set sysctl %s: %v", sysctlRouteLocalnet, err) - } - klog.V(1).Infof("Set sysctl %q to 1", sysctlRouteLocalnet) + if err := utilproxy.EnsureSysctl(sysctl, sysctlRouteLocalnet, 1); err != nil { + return nil, err } // Proxy needs br_netfilter and bridge-nf-call-iptables=1 when containers diff --git a/pkg/proxy/ipvs/proxier.go b/pkg/proxy/ipvs/proxier.go index 67305b8cf11..1b22f8b0cda 100644 --- a/pkg/proxy/ipvs/proxier.go +++ b/pkg/proxy/ipvs/proxier.go @@ -347,11 +347,8 @@ func NewProxier(ipt utiliptables.Interface, kernelHandler KernelHandler, ) (*Proxier, error) { // Set the route_localnet sysctl we need for - if val, _ := sysctl.GetSysctl(sysctlRouteLocalnet); val != 1 { - if err := sysctl.SetSysctl(sysctlRouteLocalnet, 1); err != nil { - return nil, fmt.Errorf("can't set sysctl %s: %v", sysctlRouteLocalnet, err) - } - klog.V(1).Infof("Set sysctl %q to 1", sysctlRouteLocalnet) + if err := utilproxy.EnsureSysctl(sysctl, sysctlRouteLocalnet, 1); err != nil { + return nil, err } // Proxy needs br_netfilter and bridge-nf-call-iptables=1 when containers @@ -362,11 +359,8 @@ func NewProxier(ipt utiliptables.Interface, } // Set the conntrack sysctl we need for - if val, _ := sysctl.GetSysctl(sysctlVSConnTrack); val != 1 { - if err := sysctl.SetSysctl(sysctlVSConnTrack, 1); err != nil { - return nil, fmt.Errorf("can't set sysctl %s: %v", sysctlVSConnTrack, err) - } - klog.V(1).Infof("Set sysctl %q to 1", sysctlVSConnTrack) + if err := utilproxy.EnsureSysctl(sysctl, sysctlVSConnTrack, 1); err != nil { + return nil, err } kernelVersionStr, err := kernelHandler.GetKernelVersion() @@ -381,53 +375,35 @@ func NewProxier(ipt utiliptables.Interface, klog.Errorf("can't set sysctl %s, kernel version must be at least %s", sysctlConnReuse, connReuseMinSupportedKernelVersion) } else { // Set the connection reuse mode - if val, _ := sysctl.GetSysctl(sysctlConnReuse); val != 0 { - if err := sysctl.SetSysctl(sysctlConnReuse, 0); err != nil { - return nil, fmt.Errorf("can't set sysctl %s: %v", sysctlConnReuse, err) - } - klog.V(1).Infof("Set sysctl %q to 0", sysctlConnReuse) + if err := utilproxy.EnsureSysctl(sysctl, sysctlConnReuse, 0); err != nil { + return nil, err } } // Set the expire_nodest_conn sysctl we need for - if val, _ := sysctl.GetSysctl(sysctlExpireNoDestConn); val != 1 { - if err := sysctl.SetSysctl(sysctlExpireNoDestConn, 1); err != nil { - return nil, fmt.Errorf("can't set sysctl %s: %v", sysctlExpireNoDestConn, err) - } - klog.V(1).Infof("Set sysctl %q to 1", sysctlExpireNoDestConn) + if err := utilproxy.EnsureSysctl(sysctl, sysctlExpireNoDestConn, 1); err != nil { + return nil, err } // Set the expire_quiescent_template sysctl we need for - if val, _ := sysctl.GetSysctl(sysctlExpireQuiescentTemplate); val != 1 { - if err := sysctl.SetSysctl(sysctlExpireQuiescentTemplate, 1); err != nil { - return nil, fmt.Errorf("can't set sysctl %s: %v", sysctlExpireQuiescentTemplate, err) - } - klog.V(1).Infof("Set sysctl %q to 1", sysctlExpireQuiescentTemplate) + if err := utilproxy.EnsureSysctl(sysctl, sysctlExpireQuiescentTemplate, 1); err != nil { + return nil, err } // Set the ip_forward sysctl we need for - if val, _ := sysctl.GetSysctl(sysctlForward); val != 1 { - if err := sysctl.SetSysctl(sysctlForward, 1); err != nil { - return nil, fmt.Errorf("can't set sysctl %s: %v", sysctlForward, err) - } - klog.V(1).Infof("Set sysctl %q to 1", sysctlForward) + if err := utilproxy.EnsureSysctl(sysctl, sysctlForward, 1); err != nil { + return nil, err } if strictARP { // Set the arp_ignore sysctl we need for - if val, _ := sysctl.GetSysctl(sysctlArpIgnore); val != 1 { - if err := sysctl.SetSysctl(sysctlArpIgnore, 1); err != nil { - return nil, fmt.Errorf("can't set sysctl %s: %v", sysctlArpIgnore, err) - } - klog.V(1).Infof("Set sysctl %q to 1", sysctlArpIgnore) + if err := utilproxy.EnsureSysctl(sysctl, sysctlArpIgnore, 1); err != nil { + return nil, err } // Set the arp_announce sysctl we need for - if val, _ := sysctl.GetSysctl(sysctlArpAnnounce); val != 2 { - if err := sysctl.SetSysctl(sysctlArpAnnounce, 2); err != nil { - return nil, fmt.Errorf("can't set sysctl %s: %v", sysctlArpAnnounce, err) - } - klog.V(1).Infof("Set sysctl %q to 2", sysctlArpAnnounce) + if err := utilproxy.EnsureSysctl(sysctl, sysctlArpAnnounce, 2); err != nil { + return nil, err } } diff --git a/pkg/proxy/util/BUILD b/pkg/proxy/util/BUILD index 8f17dea73f8..a7164fc0e00 100644 --- a/pkg/proxy/util/BUILD +++ b/pkg/proxy/util/BUILD @@ -12,6 +12,7 @@ go_library( visibility = ["//visibility:public"], deps = [ "//pkg/apis/core/v1/helper:go_default_library", + "//pkg/util/sysctl:go_default_library", "//staging/src/k8s.io/api/core/v1:go_default_library", "//staging/src/k8s.io/apimachinery/pkg/types:go_default_library", "//staging/src/k8s.io/apimachinery/pkg/util/rand:go_default_library", diff --git a/pkg/proxy/util/utils.go b/pkg/proxy/util/utils.go index b4f1b4304c1..70d392ac9ef 100644 --- a/pkg/proxy/util/utils.go +++ b/pkg/proxy/util/utils.go @@ -29,6 +29,7 @@ import ( "k8s.io/apimachinery/pkg/util/sets" "k8s.io/client-go/tools/record" helper "k8s.io/kubernetes/pkg/apis/core/v1/helper" + utilsysctl "k8s.io/kubernetes/pkg/util/sysctl" utilnet "k8s.io/utils/net" "k8s.io/klog" @@ -288,3 +289,14 @@ func ShuffleStrings(s []string) []string { } return shuffled } + +// EnsureSysctl sets a kernel sysctl to a given numeric value. +func EnsureSysctl(sysctl utilsysctl.Interface, name string, newVal int) error { + if oldVal, _ := sysctl.GetSysctl(name); oldVal != newVal { + if err := sysctl.SetSysctl(name, newVal); err != nil { + return fmt.Errorf("can't set sysctl %s to %d: %v", name, newVal, err) + } + klog.V(1).Infof("Changed sysctl %q: %d -> %d", name, oldVal, newVal) + } + return nil +} From ef934a2c5ecd02d5ab9eba4f2e1992a1a36ce37d Mon Sep 17 00:00:00 2001 From: Tim Hockin Date: Thu, 9 Apr 2020 16:26:29 -0700 Subject: [PATCH 4/6] Add Protocol() method to iptables Enables simpler printing of which IP family the iptables interface is managing. --- .../network/hostport/fake_iptables.go | 10 ++- .../network/hostport/hostport_manager_test.go | 2 +- .../network/hostport/hostport_syncer_test.go | 2 +- pkg/proxy/iptables/proxier.go | 15 ++--- pkg/proxy/ipvs/proxier.go | 9 +-- pkg/util/iptables/iptables.go | 14 ++-- pkg/util/iptables/iptables_test.go | 64 ++++++++----------- pkg/util/iptables/testing/fake.go | 13 ++-- 8 files changed, 59 insertions(+), 70 deletions(-) diff --git a/pkg/kubelet/dockershim/network/hostport/fake_iptables.go b/pkg/kubelet/dockershim/network/hostport/fake_iptables.go index 0c96e7a78b8..1f15170bdcb 100644 --- a/pkg/kubelet/dockershim/network/hostport/fake_iptables.go +++ b/pkg/kubelet/dockershim/network/hostport/fake_iptables.go @@ -40,7 +40,7 @@ type fakeTable struct { type fakeIPTables struct { tables map[string]*fakeTable builtinChains map[string]sets.String - ipv6 bool + protocol utiliptables.Protocol } func NewFakeIPTables() *fakeIPTables { @@ -51,7 +51,7 @@ func NewFakeIPTables() *fakeIPTables { string(utiliptables.TableNAT): sets.NewString("PREROUTING", "INPUT", "OUTPUT", "POSTROUTING"), string(utiliptables.TableMangle): sets.NewString("PREROUTING", "INPUT", "FORWARD", "OUTPUT", "POSTROUTING"), }, - ipv6: false, + protocol: utiliptables.ProtocolIpv4, } } @@ -224,7 +224,11 @@ func (f *fakeIPTables) DeleteRule(tableName utiliptables.Table, chainName utilip } func (f *fakeIPTables) IsIpv6() bool { - return f.ipv6 + return f.protocol == utiliptables.ProtocolIpv6 +} + +func (f *fakeIPTables) Protocol() utiliptables.Protocol { + return f.protocol } func saveChain(chain *fakeChain, data *bytes.Buffer) { diff --git a/pkg/kubelet/dockershim/network/hostport/hostport_manager_test.go b/pkg/kubelet/dockershim/network/hostport/hostport_manager_test.go index b0bafe322c8..cb18e1d9180 100644 --- a/pkg/kubelet/dockershim/network/hostport/hostport_manager_test.go +++ b/pkg/kubelet/dockershim/network/hostport/hostport_manager_test.go @@ -387,7 +387,7 @@ func TestGetHostportChain(t *testing.T) { func TestHostportManagerIPv6(t *testing.T) { iptables := NewFakeIPTables() - iptables.ipv6 = true + iptables.protocol = utiliptables.ProtocolIpv6 portOpener := NewFakeSocketManager() manager := &hostportManager{ hostPortMap: make(map[hostport]closeable), diff --git a/pkg/kubelet/dockershim/network/hostport/hostport_syncer_test.go b/pkg/kubelet/dockershim/network/hostport/hostport_syncer_test.go index 6af21e806b2..3179b3782e8 100644 --- a/pkg/kubelet/dockershim/network/hostport/hostport_syncer_test.go +++ b/pkg/kubelet/dockershim/network/hostport/hostport_syncer_test.go @@ -244,7 +244,7 @@ func matchRule(chain *fakeChain, match string) bool { func TestOpenPodHostportsIPv6(t *testing.T) { fakeIPTables := NewFakeIPTables() - fakeIPTables.ipv6 = true + fakeIPTables.protocol = utiliptables.ProtocolIpv6 fakeOpener := NewFakeSocketManager() h := &hostportSyncer{ diff --git a/pkg/proxy/iptables/proxier.go b/pkg/proxy/iptables/proxier.go index 1aafe9e1ce7..67c22a4c3f2 100644 --- a/pkg/proxy/iptables/proxier.go +++ b/pkg/proxy/iptables/proxier.go @@ -283,7 +283,7 @@ func NewProxier(ipt utiliptables.Interface, // Generate the masquerade mark to use for SNAT rules. masqueradeValue := 1 << uint(masqueradeBit) masqueradeMark := fmt.Sprintf("%#08x/%#08x", masqueradeValue, masqueradeValue) - klog.V(2).Infof("iptables(%s) masquerade mark: %s", ipVersion(ipt.IsIpv6()), masqueradeMark) + klog.V(2).Infof("iptables(%s) masquerade mark: %s", ipt.Protocol(), masqueradeMark) endpointSlicesEnabled := utilfeature.DefaultFeatureGate.Enabled(features.EndpointSliceProxying) @@ -321,7 +321,7 @@ func NewProxier(ipt utiliptables.Interface, burstSyncs := 2 klog.V(2).Infof("iptables(%s) sync params: minSyncPeriod=%v, syncPeriod=%v, burstSyncs=%d", - ipVersion(ipt.IsIpv6()), minSyncPeriod, syncPeriod, burstSyncs) + ipt.Protocol(), minSyncPeriod, syncPeriod, burstSyncs) // We pass syncPeriod to ipt.Monitor, which will call us only if it needs to. // We need to pass *some* maxInterval to NewBoundedFrequencyRunner anyway though. // time.Hour is arbitrary. @@ -332,21 +332,14 @@ func NewProxier(ipt utiliptables.Interface, proxier.syncProxyRules, syncPeriod, wait.NeverStop) if ipt.HasRandomFully() { - klog.V(2).Infof("iptables(%s) supports --random-fully", ipVersion(ipt.IsIpv6())) + klog.V(2).Infof("iptables(%s) supports --random-fully", ipt.Protocol()) } else { - klog.V(2).Infof("iptables(%s) does not support --random-fully", ipVersion(ipt.IsIpv6())) + klog.V(2).Infof("iptables(%s) does not support --random-fully", ipt.Protocol()) } return proxier, nil } -func ipVersion(isIPv6 bool) string { - if isIPv6 { - return "ipv6" - } - return "ipv4" -} - // NewDualStackProxier creates a MetaProxier instance, with IPv4 and IPv6 proxies. func NewDualStackProxier( ipt [2]utiliptables.Interface, diff --git a/pkg/proxy/ipvs/proxier.go b/pkg/proxy/ipvs/proxier.go index 1b22f8b0cda..b2b5c6bb5fb 100644 --- a/pkg/proxy/ipvs/proxier.go +++ b/pkg/proxy/ipvs/proxier.go @@ -475,19 +475,12 @@ func NewProxier(ipt utiliptables.Interface, } burstSyncs := 2 klog.V(2).Infof("ipvs(%s) sync params: minSyncPeriod=%v, syncPeriod=%v, burstSyncs=%d", - ipVersion(ipt.IsIpv6()), minSyncPeriod, syncPeriod, burstSyncs) + ipt.Protocol(), minSyncPeriod, syncPeriod, burstSyncs) proxier.syncRunner = async.NewBoundedFrequencyRunner("sync-runner", proxier.syncProxyRules, minSyncPeriod, syncPeriod, burstSyncs) proxier.gracefuldeleteManager.Run() return proxier, nil } -func ipVersion(isIPv6 bool) string { - if isIPv6 { - return "ipv6" - } - return "ipv4" -} - // NewDualStackProxier returns a new Proxier for dual-stack operation func NewDualStackProxier( ipt [2]utiliptables.Interface, diff --git a/pkg/util/iptables/iptables.go b/pkg/util/iptables/iptables.go index e1f68be5938..5ae88b9e42c 100644 --- a/pkg/util/iptables/iptables.go +++ b/pkg/util/iptables/iptables.go @@ -55,8 +55,10 @@ type Interface interface { EnsureRule(position RulePosition, table Table, chain Chain, args ...string) (bool, error) // DeleteRule checks if the specified rule is present and, if so, deletes it. DeleteRule(table Table, chain Chain, args ...string) error - // IsIpv6 returns true if this is managing ipv6 tables + // IsIpv6 returns true if this is managing ipv6 tables. IsIpv6() bool + // Protocol returns the IP family this instance is managing, + Protocol() Protocol // SaveInto calls `iptables-save` for table and stores result in a given buffer. SaveInto(table Table, buffer *bytes.Buffer) error // Restore runs `iptables-restore` passing data through []byte. @@ -87,13 +89,13 @@ type Interface interface { } // Protocol defines the ip protocol either ipv4 or ipv6 -type Protocol byte +type Protocol string const ( // ProtocolIpv4 represents ipv4 protocol in iptables - ProtocolIpv4 Protocol = iota + 1 + ProtocolIpv4 Protocol = "IPv4" // ProtocolIpv6 represents ipv6 protocol in iptables - ProtocolIpv6 + ProtocolIpv6 Protocol = "IPv6" ) // Table represents different iptable like filter,nat, mangle and raw @@ -323,6 +325,10 @@ func (runner *runner) IsIpv6() bool { return runner.protocol == ProtocolIpv6 } +func (runner *runner) Protocol() Protocol { + return runner.protocol +} + // SaveInto is part of Interface. func (runner *runner) SaveInto(table Table, buffer *bytes.Buffer) error { runner.mu.Lock() diff --git a/pkg/util/iptables/iptables_test.go b/pkg/util/iptables/iptables_test.go index 1022ba85d65..85855caced5 100644 --- a/pkg/util/iptables/iptables_test.go +++ b/pkg/util/iptables/iptables_test.go @@ -35,18 +35,10 @@ import ( const TestLockfilePath = "xtables.lock" -func protocolStr(protocol Protocol) string { - if protocol == ProtocolIpv4 { - return "IPv4" - } - return "IPv6" -} - func testIPTablesVersionCmds(t *testing.T, protocol Protocol) { version := " v1.4.22" iptablesCmd := iptablesCommand(protocol) iptablesRestoreCmd := iptablesRestoreCommand(protocol) - protoStr := protocolStr(protocol) fcmd := fakeexec.FakeCmd{ CombinedOutputScript: []fakeexec.FakeAction{ @@ -66,12 +58,12 @@ func testIPTablesVersionCmds(t *testing.T, protocol Protocol) { // Check that proper iptables version command was used during runner instantiation if !sets.NewString(fcmd.CombinedOutputLog[0]...).HasAll(iptablesCmd, "--version") { - t.Errorf("%s runner instantiate: Expected cmd '%s --version', Got '%s'", protoStr, iptablesCmd, fcmd.CombinedOutputLog[0]) + t.Errorf("%s runner instantiate: Expected cmd '%s --version', Got '%s'", protocol, iptablesCmd, fcmd.CombinedOutputLog[0]) } // Check that proper iptables restore version command was used during runner instantiation if !sets.NewString(fcmd.CombinedOutputLog[1]...).HasAll(iptablesRestoreCmd, "--version") { - t.Errorf("%s runner instantiate: Expected cmd '%s --version', Got '%s'", protoStr, iptablesRestoreCmd, fcmd.CombinedOutputLog[1]) + t.Errorf("%s runner instantiate: Expected cmd '%s --version', Got '%s'", protocol, iptablesRestoreCmd, fcmd.CombinedOutputLog[1]) } } @@ -84,8 +76,6 @@ func TestIPTablesVersionCmdsIPv6(t *testing.T) { } func testEnsureChain(t *testing.T, protocol Protocol) { - protoStr := protocolStr(protocol) - fcmd := fakeexec.FakeCmd{ CombinedOutputScript: []fakeexec.FakeAction{ // iptables version check @@ -110,30 +100,30 @@ func testEnsureChain(t *testing.T, protocol Protocol) { // Success. exists, err := runner.EnsureChain(TableNAT, Chain("FOOBAR")) if err != nil { - t.Errorf("%s new chain: Expected success, got %v", protoStr, err) + t.Errorf("%s new chain: Expected success, got %v", protocol, err) } if exists { - t.Errorf("%s new chain: Expected exists = false", protoStr) + t.Errorf("%s new chain: Expected exists = false", protocol) } if fcmd.CombinedOutputCalls != 2 { - t.Errorf("%s new chain: Expected 2 CombinedOutput() calls, got %d", protoStr, fcmd.CombinedOutputCalls) + t.Errorf("%s new chain: Expected 2 CombinedOutput() calls, got %d", protocol, fcmd.CombinedOutputCalls) } cmd := iptablesCommand(protocol) if !sets.NewString(fcmd.CombinedOutputLog[1]...).HasAll(cmd, "-t", "nat", "-N", "FOOBAR") { - t.Errorf("%s new chain: Expected cmd containing '%s -t nat -N FOOBAR', got %s", protoStr, cmd, fcmd.CombinedOutputLog[2]) + t.Errorf("%s new chain: Expected cmd containing '%s -t nat -N FOOBAR', got %s", protocol, cmd, fcmd.CombinedOutputLog[2]) } // Exists. exists, err = runner.EnsureChain(TableNAT, Chain("FOOBAR")) if err != nil { - t.Errorf("%s existing chain: Expected success, got %v", protoStr, err) + t.Errorf("%s existing chain: Expected success, got %v", protocol, err) } if !exists { - t.Errorf("%s existing chain: Expected exists = true", protoStr) + t.Errorf("%s existing chain: Expected exists = true", protocol) } // Simulate failure. _, err = runner.EnsureChain(TableNAT, Chain("FOOBAR")) if err == nil { - t.Errorf("%s: Expected failure", protoStr) + t.Errorf("%s: Expected failure", protocol) } } @@ -764,7 +754,6 @@ func testSaveInto(t *testing.T, protocol Protocol) { version := " v1.9.22" iptablesCmd := iptablesCommand(protocol) iptablesSaveCmd := iptablesSaveCommand(protocol) - protoStr := protocolStr(protocol) output := fmt.Sprintf(`# Generated by %s on Thu Jan 19 11:38:09 2017 *filter @@ -799,31 +788,31 @@ COMMIT // Success. err := runner.SaveInto(TableNAT, buffer) if err != nil { - t.Fatalf("%s: Expected success, got %v", protoStr, err) + t.Fatalf("%s: Expected success, got %v", protocol, err) } if string(buffer.Bytes()) != output { - t.Errorf("%s: Expected output '%s', got '%v'", protoStr, output, string(buffer.Bytes())) + t.Errorf("%s: Expected output '%s', got '%v'", protocol, output, string(buffer.Bytes())) } if fcmd.CombinedOutputCalls != 1 { - t.Errorf("%s: Expected 1 CombinedOutput() calls, got %d", protoStr, fcmd.CombinedOutputCalls) + t.Errorf("%s: Expected 1 CombinedOutput() calls, got %d", protocol, fcmd.CombinedOutputCalls) } if fcmd.RunCalls != 1 { - t.Errorf("%s: Expected 1 Run() call, got %d", protoStr, fcmd.RunCalls) + t.Errorf("%s: Expected 1 Run() call, got %d", protocol, fcmd.RunCalls) } if !sets.NewString(fcmd.RunLog[0]...).HasAll(iptablesSaveCmd, "-t", "nat") { - t.Errorf("%s: Expected cmd containing '%s -t nat', got '%s'", protoStr, iptablesSaveCmd, fcmd.RunLog[0]) + t.Errorf("%s: Expected cmd containing '%s -t nat', got '%s'", protocol, iptablesSaveCmd, fcmd.RunLog[0]) } // Failure. buffer.Reset() err = runner.SaveInto(TableNAT, buffer) if err == nil { - t.Errorf("%s: Expected failure", protoStr) + t.Errorf("%s: Expected failure", protocol) } if string(buffer.Bytes()) != stderrOutput { - t.Errorf("%s: Expected output '%s', got '%v'", protoStr, stderrOutput, string(buffer.Bytes())) + t.Errorf("%s: Expected output '%s', got '%v'", protocol, stderrOutput, string(buffer.Bytes())) } } @@ -839,7 +828,6 @@ func testRestore(t *testing.T, protocol Protocol) { version := " v1.9.22" iptablesCmd := iptablesCommand(protocol) iptablesRestoreCmd := iptablesRestoreCommand(protocol) - protoStr := protocolStr(protocol) fcmd := fakeexec.FakeCmd{ CombinedOutputScript: []fakeexec.FakeAction{ @@ -867,55 +855,55 @@ func testRestore(t *testing.T, protocol Protocol) { // both flags true err := runner.Restore(TableNAT, []byte{}, FlushTables, RestoreCounters) if err != nil { - t.Errorf("%s flush,restore: Expected success, got %v", protoStr, err) + t.Errorf("%s flush,restore: Expected success, got %v", protocol, err) } commandSet := sets.NewString(fcmd.CombinedOutputLog[1]...) if !commandSet.HasAll(iptablesRestoreCmd, "-T", string(TableNAT), "--counters") || commandSet.HasAny("--noflush") { - t.Errorf("%s flush, restore: Expected cmd containing '%s -T %s --counters', got '%s'", protoStr, iptablesRestoreCmd, string(TableNAT), fcmd.CombinedOutputLog[1]) + t.Errorf("%s flush, restore: Expected cmd containing '%s -T %s --counters', got '%s'", protocol, iptablesRestoreCmd, string(TableNAT), fcmd.CombinedOutputLog[1]) } // FlushTables, NoRestoreCounters err = runner.Restore(TableNAT, []byte{}, FlushTables, NoRestoreCounters) if err != nil { - t.Errorf("%s flush, no restore: Expected success, got %v", protoStr, err) + t.Errorf("%s flush, no restore: Expected success, got %v", protocol, err) } commandSet = sets.NewString(fcmd.CombinedOutputLog[2]...) if !commandSet.HasAll(iptablesRestoreCmd, "-T", string(TableNAT)) || commandSet.HasAny("--noflush", "--counters") { - t.Errorf("%s flush, no restore: Expected cmd containing '--noflush' or '--counters', got '%s'", protoStr, fcmd.CombinedOutputLog[2]) + t.Errorf("%s flush, no restore: Expected cmd containing '--noflush' or '--counters', got '%s'", protocol, fcmd.CombinedOutputLog[2]) } // NoFlushTables, RestoreCounters err = runner.Restore(TableNAT, []byte{}, NoFlushTables, RestoreCounters) if err != nil { - t.Errorf("%s no flush, restore: Expected success, got %v", protoStr, err) + t.Errorf("%s no flush, restore: Expected success, got %v", protocol, err) } commandSet = sets.NewString(fcmd.CombinedOutputLog[3]...) if !commandSet.HasAll(iptablesRestoreCmd, "-T", string(TableNAT), "--noflush", "--counters") { - t.Errorf("%s no flush, restore: Expected cmd containing '--noflush' and '--counters', got '%s'", protoStr, fcmd.CombinedOutputLog[3]) + t.Errorf("%s no flush, restore: Expected cmd containing '--noflush' and '--counters', got '%s'", protocol, fcmd.CombinedOutputLog[3]) } // NoFlushTables, NoRestoreCounters err = runner.Restore(TableNAT, []byte{}, NoFlushTables, NoRestoreCounters) if err != nil { - t.Errorf("%s no flush, no restore: Expected success, got %v", protoStr, err) + t.Errorf("%s no flush, no restore: Expected success, got %v", protocol, err) } commandSet = sets.NewString(fcmd.CombinedOutputLog[4]...) if !commandSet.HasAll(iptablesRestoreCmd, "-T", string(TableNAT), "--noflush") || commandSet.HasAny("--counters") { - t.Errorf("%s no flush, no restore: Expected cmd containing '%s -T %s --noflush', got '%s'", protoStr, iptablesRestoreCmd, string(TableNAT), fcmd.CombinedOutputLog[4]) + t.Errorf("%s no flush, no restore: Expected cmd containing '%s -T %s --noflush', got '%s'", protocol, iptablesRestoreCmd, string(TableNAT), fcmd.CombinedOutputLog[4]) } if fcmd.CombinedOutputCalls != 5 { - t.Errorf("%s: Expected 5 total CombinedOutput() calls, got %d", protoStr, fcmd.CombinedOutputCalls) + t.Errorf("%s: Expected 5 total CombinedOutput() calls, got %d", protocol, fcmd.CombinedOutputCalls) } // Failure. err = runner.Restore(TableNAT, []byte{}, FlushTables, RestoreCounters) if err == nil { - t.Errorf("%s Expected a failure", protoStr) + t.Errorf("%s Expected a failure", protocol) } } diff --git a/pkg/util/iptables/testing/fake.go b/pkg/util/iptables/testing/fake.go index 199bbb36b9f..9bfdb9e9b32 100644 --- a/pkg/util/iptables/testing/fake.go +++ b/pkg/util/iptables/testing/fake.go @@ -57,17 +57,17 @@ type Rule map[string]string type FakeIPTables struct { hasRandomFully bool Lines []byte - ipv6 bool + protocol iptables.Protocol } // NewFake returns a no-op iptables.Interface func NewFake() *FakeIPTables { - return &FakeIPTables{} + return &FakeIPTables{protocol: iptables.ProtocolIpv4} } // NewIpv6Fake returns a no-op iptables.Interface with IsIPv6() == true func NewIpv6Fake() *FakeIPTables { - return &FakeIPTables{ipv6: true} + return &FakeIPTables{protocol: iptables.ProtocolIpv6} } // SetHasRandomFully is part of iptables.Interface @@ -103,7 +103,12 @@ func (*FakeIPTables) DeleteRule(table iptables.Table, chain iptables.Chain, args // IsIpv6 is part of iptables.Interface func (f *FakeIPTables) IsIpv6() bool { - return f.ipv6 + return f.protocol == iptables.ProtocolIpv6 +} + +// Protocol is part of iptables.Interface +func (f *FakeIPTables) Protocol() iptables.Protocol { + return f.protocol } // Save is part of iptables.Interface From efb24d44c6fe6cce8d57b46e42c8bd85f1f23372 Mon Sep 17 00:00:00 2001 From: Tim Hockin Date: Thu, 9 Apr 2020 16:32:07 -0700 Subject: [PATCH 5/6] Rename iptables IsIpv6 to IsIPv6 --- cmd/kube-proxy/app/server_others.go | 4 ++-- pkg/kubelet/dockershim/network/hostport/fake_iptables.go | 2 +- pkg/kubelet/dockershim/network/hostport/hostport.go | 2 +- pkg/kubelet/dockershim/network/hostport/hostport_manager.go | 2 +- pkg/kubelet/dockershim/network/hostport/hostport_syncer.go | 2 +- pkg/proxy/iptables/proxier.go | 4 ++-- pkg/proxy/ipvs/proxier.go | 4 ++-- pkg/proxy/util/iptables/traffic.go | 4 ++-- pkg/util/iptables/iptables.go | 6 +++--- pkg/util/iptables/testing/fake.go | 4 ++-- 10 files changed, 17 insertions(+), 17 deletions(-) diff --git a/cmd/kube-proxy/app/server_others.go b/cmd/kube-proxy/app/server_others.go index 4eff0043d3e..f6b73bdb451 100644 --- a/cmd/kube-proxy/app/server_others.go +++ b/cmd/kube-proxy/app/server_others.go @@ -199,7 +199,7 @@ func newProxyServer( // Create iptables handlers for both families, one is already created // Always ordered as IPv4, IPv6 var ipt [2]utiliptables.Interface - if iptInterface.IsIpv6() { + if iptInterface.IsIPv6() { ipt[1] = iptInterface ipt[0] = utiliptables.New(execer, utiliptables.ProtocolIpv4) } else { @@ -267,7 +267,7 @@ func newProxyServer( // Create iptables handlers for both families, one is already created // Always ordered as IPv4, IPv6 var ipt [2]utiliptables.Interface - if iptInterface.IsIpv6() { + if iptInterface.IsIPv6() { ipt[1] = iptInterface ipt[0] = utiliptables.New(execer, utiliptables.ProtocolIpv4) } else { diff --git a/pkg/kubelet/dockershim/network/hostport/fake_iptables.go b/pkg/kubelet/dockershim/network/hostport/fake_iptables.go index 1f15170bdcb..e7b0abd49db 100644 --- a/pkg/kubelet/dockershim/network/hostport/fake_iptables.go +++ b/pkg/kubelet/dockershim/network/hostport/fake_iptables.go @@ -223,7 +223,7 @@ func (f *fakeIPTables) DeleteRule(tableName utiliptables.Table, chainName utilip return nil } -func (f *fakeIPTables) IsIpv6() bool { +func (f *fakeIPTables) IsIPv6() bool { return f.protocol == utiliptables.ProtocolIpv6 } diff --git a/pkg/kubelet/dockershim/network/hostport/hostport.go b/pkg/kubelet/dockershim/network/hostport/hostport.go index 3c01b6e866d..1cf83d134c6 100644 --- a/pkg/kubelet/dockershim/network/hostport/hostport.go +++ b/pkg/kubelet/dockershim/network/hostport/hostport.go @@ -137,7 +137,7 @@ func ensureKubeHostportChains(iptables utiliptables.Interface, natInterfaceName if natInterfaceName != "" && natInterfaceName != "lo" { // Need to SNAT traffic from localhost localhost := "127.0.0.0/8" - if iptables.IsIpv6() { + if iptables.IsIPv6() { localhost = "::1/128" } args = []string{"-m", "comment", "--comment", "SNAT for localhost access to hostports", "-o", natInterfaceName, "-s", localhost, "-j", "MASQUERADE"} diff --git a/pkg/kubelet/dockershim/network/hostport/hostport_manager.go b/pkg/kubelet/dockershim/network/hostport/hostport_manager.go index 9d1286aaaf2..38eabcb0ed0 100644 --- a/pkg/kubelet/dockershim/network/hostport/hostport_manager.go +++ b/pkg/kubelet/dockershim/network/hostport/hostport_manager.go @@ -90,7 +90,7 @@ func (hm *hostportManager) Add(id string, podPortMapping *PodPortMapping, natInt podIP := podPortMapping.IP.String() isIpv6 := utilnet.IsIPv6(podPortMapping.IP) - if isIpv6 != hm.iptables.IsIpv6() { + if isIpv6 != hm.iptables.IsIPv6() { return fmt.Errorf("HostPortManager IP family mismatch: %v, isIPv6 - %v", podIP, isIpv6) } diff --git a/pkg/kubelet/dockershim/network/hostport/hostport_syncer.go b/pkg/kubelet/dockershim/network/hostport/hostport_syncer.go index 2d8b1bf4368..517c5a30889 100644 --- a/pkg/kubelet/dockershim/network/hostport/hostport_syncer.go +++ b/pkg/kubelet/dockershim/network/hostport/hostport_syncer.go @@ -199,7 +199,7 @@ func (h *hostportSyncer) SyncHostports(natInterfaceName string, activePodPortMap klog.V(4).Infof("syncHostportsRules took %v", time.Since(start)) }() - hostportPodMap, err := gatherAllHostports(activePodPortMappings, h.iptables.IsIpv6()) + hostportPodMap, err := gatherAllHostports(activePodPortMappings, h.iptables.IsIPv6()) if err != nil { return err } diff --git a/pkg/proxy/iptables/proxier.go b/pkg/proxy/iptables/proxier.go index 67c22a4c3f2..4344319482d 100644 --- a/pkg/proxy/iptables/proxier.go +++ b/pkg/proxy/iptables/proxier.go @@ -289,7 +289,7 @@ func NewProxier(ipt utiliptables.Interface, serviceHealthServer := healthcheck.NewServiceHealthServer(hostname, recorder) - isIPv6 := ipt.IsIpv6() + isIPv6 := ipt.IsIPv6() proxier := &Proxier{ portsMap: make(map[utilproxy.LocalPort]utilproxy.Closeable), serviceMap: make(proxy.ServiceMap), @@ -1468,7 +1468,7 @@ func (proxier *Proxier) syncProxyRules() { if err != nil { klog.Errorf("Failed to get node ip address matching nodeport cidr") } else { - isIPv6 := proxier.iptables.IsIpv6() + isIPv6 := proxier.iptables.IsIPv6() for address := range addresses { // TODO(thockin, m1093782566): If/when we have dual-stack support we will want to distinguish v4 from v6 zero-CIDRs. if utilproxy.IsZeroCIDR(address) { diff --git a/pkg/proxy/ipvs/proxier.go b/pkg/proxy/ipvs/proxier.go index b2b5c6bb5fb..b7bf69f5862 100644 --- a/pkg/proxy/ipvs/proxier.go +++ b/pkg/proxy/ipvs/proxier.go @@ -2090,8 +2090,8 @@ func (proxier *Proxier) getLegacyBindAddr(activeBindAddrs map[string]bool, curre legacyAddrs := make(map[string]bool) isIpv6 := utilnet.IsIPv6(proxier.nodeIP) for _, addr := range currentBindAddrs { - addrIsIpv6 := utilnet.IsIPv6(net.ParseIP(addr)) - if addrIsIpv6 && !isIpv6 || !addrIsIpv6 && isIpv6 { + addrIsIPv6 := utilnet.IsIPv6(net.ParseIP(addr)) + if addrIsIPv6 && !isIpv6 || !addrIsIPv6 && isIpv6 { continue } if _, ok := activeBindAddrs[addr]; !ok { diff --git a/pkg/proxy/util/iptables/traffic.go b/pkg/proxy/util/iptables/traffic.go index 1ec572921fe..84f6ef3ddf1 100644 --- a/pkg/proxy/util/iptables/traffic.go +++ b/pkg/proxy/util/iptables/traffic.go @@ -66,8 +66,8 @@ type detectLocalByCIDR struct { // NewDetectLocalByCIDR implements the LocalTrafficDetector interface using a CIDR. This can be used when a single CIDR // range can be used to capture the notion of local traffic. func NewDetectLocalByCIDR(cidr string, ipt utiliptables.Interface) (LocalTrafficDetector, error) { - if utilnet.IsIPv6CIDRString(cidr) != ipt.IsIpv6() { - return nil, fmt.Errorf("CIDR %s has incorrect IP version: expect isIPv6=%t", cidr, ipt.IsIpv6()) + if utilnet.IsIPv6CIDRString(cidr) != ipt.IsIPv6() { + return nil, fmt.Errorf("CIDR %s has incorrect IP version: expect isIPv6=%t", cidr, ipt.IsIPv6()) } _, _, err := net.ParseCIDR(cidr) if err != nil { diff --git a/pkg/util/iptables/iptables.go b/pkg/util/iptables/iptables.go index 5ae88b9e42c..a15ac3a968b 100644 --- a/pkg/util/iptables/iptables.go +++ b/pkg/util/iptables/iptables.go @@ -55,8 +55,8 @@ type Interface interface { EnsureRule(position RulePosition, table Table, chain Chain, args ...string) (bool, error) // DeleteRule checks if the specified rule is present and, if so, deletes it. DeleteRule(table Table, chain Chain, args ...string) error - // IsIpv6 returns true if this is managing ipv6 tables. - IsIpv6() bool + // IsIPv6 returns true if this is managing ipv6 tables. + IsIPv6() bool // Protocol returns the IP family this instance is managing, Protocol() Protocol // SaveInto calls `iptables-save` for table and stores result in a given buffer. @@ -321,7 +321,7 @@ func (runner *runner) DeleteRule(table Table, chain Chain, args ...string) error return nil } -func (runner *runner) IsIpv6() bool { +func (runner *runner) IsIPv6() bool { return runner.protocol == ProtocolIpv6 } diff --git a/pkg/util/iptables/testing/fake.go b/pkg/util/iptables/testing/fake.go index 9bfdb9e9b32..907cdc6c643 100644 --- a/pkg/util/iptables/testing/fake.go +++ b/pkg/util/iptables/testing/fake.go @@ -101,8 +101,8 @@ func (*FakeIPTables) DeleteRule(table iptables.Table, chain iptables.Chain, args return nil } -// IsIpv6 is part of iptables.Interface -func (f *FakeIPTables) IsIpv6() bool { +// IsIPv6 is part of iptables.Interface +func (f *FakeIPTables) IsIPv6() bool { return f.protocol == iptables.ProtocolIpv6 } From 9551ecb7c3318749af6a716fd0daaf6b701416d9 Mon Sep 17 00:00:00 2001 From: Tim Hockin Date: Fri, 10 Apr 2020 09:25:48 -0700 Subject: [PATCH 6/6] Cleanup: Change "Ip" to "IP" in func and var names --- cmd/kube-proxy/app/server_others.go | 12 +-- cmd/kube-proxy/app/server_others_test.go | 52 ++++++------- .../network/hostport/fake_iptables.go | 4 +- .../network/hostport/hostport_manager.go | 10 +-- .../network/hostport/hostport_manager_test.go | 2 +- .../network/hostport/hostport_syncer_test.go | 2 +- .../network/kubenet/kubenet_linux.go | 4 +- pkg/kubelet/kubelet.go | 4 +- pkg/proxy/ipvs/proxier.go | 4 +- pkg/proxy/util/iptables/traffic_test.go | 10 +-- pkg/proxy/winuserspace/proxier.go | 8 +- pkg/util/iptables/iptables.go | 16 ++-- pkg/util/iptables/iptables_test.go | 74 +++++++++---------- pkg/util/iptables/monitor_test.go | 2 +- pkg/util/iptables/testing/fake.go | 10 +-- 15 files changed, 107 insertions(+), 107 deletions(-) diff --git a/cmd/kube-proxy/app/server_others.go b/cmd/kube-proxy/app/server_others.go index f6b73bdb451..38cd4c14deb 100644 --- a/cmd/kube-proxy/app/server_others.go +++ b/cmd/kube-proxy/app/server_others.go @@ -91,10 +91,10 @@ func newProxyServer( return nil, fmt.Errorf("unable to register configz: %s", err) } - protocol := utiliptables.ProtocolIpv4 + protocol := utiliptables.ProtocolIPv4 if net.ParseIP(config.BindAddress).To4() == nil { klog.V(0).Infof("IPv6 bind address (%s), assume IPv6 operation", config.BindAddress) - protocol = utiliptables.ProtocolIpv6 + protocol = utiliptables.ProtocolIPv6 } var iptInterface utiliptables.Interface @@ -201,10 +201,10 @@ func newProxyServer( var ipt [2]utiliptables.Interface if iptInterface.IsIPv6() { ipt[1] = iptInterface - ipt[0] = utiliptables.New(execer, utiliptables.ProtocolIpv4) + ipt[0] = utiliptables.New(execer, utiliptables.ProtocolIPv4) } else { ipt[0] = iptInterface - ipt[1] = utiliptables.New(execer, utiliptables.ProtocolIpv6) + ipt[1] = utiliptables.New(execer, utiliptables.ProtocolIPv6) } // Always ordered to match []ipt @@ -269,10 +269,10 @@ func newProxyServer( var ipt [2]utiliptables.Interface if iptInterface.IsIPv6() { ipt[1] = iptInterface - ipt[0] = utiliptables.New(execer, utiliptables.ProtocolIpv4) + ipt[0] = utiliptables.New(execer, utiliptables.ProtocolIPv4) } else { ipt[0] = iptInterface - ipt[1] = utiliptables.New(execer, utiliptables.ProtocolIpv6) + ipt[1] = utiliptables.New(execer, utiliptables.ProtocolIPv6) } nodeIPs := nodeIPTuple(config.BindAddress) diff --git a/cmd/kube-proxy/app/server_others_test.go b/cmd/kube-proxy/app/server_others_test.go index f074aee887f..30a09c8576a 100644 --- a/cmd/kube-proxy/app/server_others_test.go +++ b/cmd/kube-proxy/app/server_others_test.go @@ -214,8 +214,8 @@ func Test_getLocalDetector(t *testing.T) { { mode: proxyconfigapi.LocalModeClusterCIDR, config: &proxyconfigapi.KubeProxyConfiguration{ClusterCIDR: "2002::1234:abcd:ffff:c0a8:101/64"}, - ipt: utiliptablestest.NewIpv6Fake(), - expected: resolveLocalDetector(t)(proxyutiliptables.NewDetectLocalByCIDR("2002::1234:abcd:ffff:c0a8:101/64", utiliptablestest.NewIpv6Fake())), + ipt: utiliptablestest.NewIPv6Fake(), + expected: resolveLocalDetector(t)(proxyutiliptables.NewDetectLocalByCIDR("2002::1234:abcd:ffff:c0a8:101/64", utiliptablestest.NewIPv6Fake())), errExpected: false, }, { @@ -228,14 +228,14 @@ func Test_getLocalDetector(t *testing.T) { { mode: proxyconfigapi.LocalModeClusterCIDR, config: &proxyconfigapi.KubeProxyConfiguration{ClusterCIDR: "2002::1234:abcd:ffff:c0a8:101"}, - ipt: utiliptablestest.NewIpv6Fake(), + ipt: utiliptablestest.NewIPv6Fake(), expected: nil, errExpected: true, }, { mode: proxyconfigapi.LocalModeClusterCIDR, config: &proxyconfigapi.KubeProxyConfiguration{ClusterCIDR: "10.0.0.0/14"}, - ipt: utiliptablestest.NewIpv6Fake(), + ipt: utiliptablestest.NewIPv6Fake(), expected: nil, errExpected: true, }, @@ -265,8 +265,8 @@ func Test_getLocalDetector(t *testing.T) { { mode: proxyconfigapi.LocalModeNodeCIDR, config: &proxyconfigapi.KubeProxyConfiguration{ClusterCIDR: "2002::1234:abcd:ffff:c0a8:101/64"}, - ipt: utiliptablestest.NewIpv6Fake(), - expected: resolveLocalDetector(t)(proxyutiliptables.NewDetectLocalByCIDR("2002::1234:abcd:ffff:c0a8:101/96", utiliptablestest.NewIpv6Fake())), + ipt: utiliptablestest.NewIPv6Fake(), + expected: resolveLocalDetector(t)(proxyutiliptables.NewDetectLocalByCIDR("2002::1234:abcd:ffff:c0a8:101/96", utiliptablestest.NewIPv6Fake())), nodeInfo: makeNodeWithPodCIDRs("2002::1234:abcd:ffff:c0a8:101/96"), errExpected: false, }, @@ -281,7 +281,7 @@ func Test_getLocalDetector(t *testing.T) { { mode: proxyconfigapi.LocalModeNodeCIDR, config: &proxyconfigapi.KubeProxyConfiguration{ClusterCIDR: "2002::1234:abcd:ffff:c0a8:101"}, - ipt: utiliptablestest.NewIpv6Fake(), + ipt: utiliptablestest.NewIPv6Fake(), expected: nil, nodeInfo: makeNodeWithPodCIDRs("2002::1234:abcd:ffff:c0a8:101"), errExpected: true, @@ -289,7 +289,7 @@ func Test_getLocalDetector(t *testing.T) { { mode: proxyconfigapi.LocalModeNodeCIDR, config: &proxyconfigapi.KubeProxyConfiguration{ClusterCIDR: "10.0.0.0/14"}, - ipt: utiliptablestest.NewIpv6Fake(), + ipt: utiliptablestest.NewIPv6Fake(), expected: nil, nodeInfo: makeNodeWithPodCIDRs("10.0.0.0/24"), errExpected: true, @@ -350,25 +350,25 @@ func Test_getDualStackLocalDetectorTuple(t *testing.T) { { mode: proxyconfigapi.LocalModeClusterCIDR, config: &proxyconfigapi.KubeProxyConfiguration{ClusterCIDR: "10.0.0.0/14,2002::1234:abcd:ffff:c0a8:101/64"}, - ipt: [2]utiliptables.Interface{utiliptablestest.NewFake(), utiliptablestest.NewIpv6Fake()}, + ipt: [2]utiliptables.Interface{utiliptablestest.NewFake(), utiliptablestest.NewIPv6Fake()}, expected: resolveDualStackLocalDetectors(t)( proxyutiliptables.NewDetectLocalByCIDR("10.0.0.0/14", utiliptablestest.NewFake()))( - proxyutiliptables.NewDetectLocalByCIDR("2002::1234:abcd:ffff:c0a8:101/64", utiliptablestest.NewIpv6Fake())), + proxyutiliptables.NewDetectLocalByCIDR("2002::1234:abcd:ffff:c0a8:101/64", utiliptablestest.NewIPv6Fake())), errExpected: false, }, { mode: proxyconfigapi.LocalModeClusterCIDR, config: &proxyconfigapi.KubeProxyConfiguration{ClusterCIDR: "2002::1234:abcd:ffff:c0a8:101/64,10.0.0.0/14"}, - ipt: [2]utiliptables.Interface{utiliptablestest.NewFake(), utiliptablestest.NewIpv6Fake()}, + ipt: [2]utiliptables.Interface{utiliptablestest.NewFake(), utiliptablestest.NewIPv6Fake()}, expected: resolveDualStackLocalDetectors(t)( proxyutiliptables.NewDetectLocalByCIDR("10.0.0.0/14", utiliptablestest.NewFake()))( - proxyutiliptables.NewDetectLocalByCIDR("2002::1234:abcd:ffff:c0a8:101/64", utiliptablestest.NewIpv6Fake())), + proxyutiliptables.NewDetectLocalByCIDR("2002::1234:abcd:ffff:c0a8:101/64", utiliptablestest.NewIPv6Fake())), errExpected: false, }, { mode: proxyconfigapi.LocalModeClusterCIDR, config: &proxyconfigapi.KubeProxyConfiguration{ClusterCIDR: "10.0.0.0/14"}, - ipt: [2]utiliptables.Interface{utiliptablestest.NewFake(), utiliptablestest.NewIpv6Fake()}, + ipt: [2]utiliptables.Interface{utiliptablestest.NewFake(), utiliptablestest.NewIPv6Fake()}, expected: [2]proxyutiliptables.LocalTrafficDetector{ resolveLocalDetector(t)(proxyutiliptables.NewDetectLocalByCIDR("10.0.0.0/14", utiliptablestest.NewFake())), proxyutiliptables.NewNoOpLocalDetector()}, @@ -377,16 +377,16 @@ func Test_getDualStackLocalDetectorTuple(t *testing.T) { { mode: proxyconfigapi.LocalModeClusterCIDR, config: &proxyconfigapi.KubeProxyConfiguration{ClusterCIDR: "2002::1234:abcd:ffff:c0a8:101/64"}, - ipt: [2]utiliptables.Interface{utiliptablestest.NewFake(), utiliptablestest.NewIpv6Fake()}, + ipt: [2]utiliptables.Interface{utiliptablestest.NewFake(), utiliptablestest.NewIPv6Fake()}, expected: [2]proxyutiliptables.LocalTrafficDetector{ proxyutiliptables.NewNoOpLocalDetector(), - resolveLocalDetector(t)(proxyutiliptables.NewDetectLocalByCIDR("2002::1234:abcd:ffff:c0a8:101/64", utiliptablestest.NewIpv6Fake()))}, + resolveLocalDetector(t)(proxyutiliptables.NewDetectLocalByCIDR("2002::1234:abcd:ffff:c0a8:101/64", utiliptablestest.NewIPv6Fake()))}, errExpected: false, }, { mode: proxyconfigapi.LocalModeClusterCIDR, config: &proxyconfigapi.KubeProxyConfiguration{ClusterCIDR: ""}, - ipt: [2]utiliptables.Interface{utiliptablestest.NewFake(), utiliptablestest.NewIpv6Fake()}, + ipt: [2]utiliptables.Interface{utiliptablestest.NewFake(), utiliptablestest.NewIPv6Fake()}, expected: [2]proxyutiliptables.LocalTrafficDetector{proxyutiliptables.NewNoOpLocalDetector(), proxyutiliptables.NewNoOpLocalDetector()}, errExpected: false, }, @@ -394,27 +394,27 @@ func Test_getDualStackLocalDetectorTuple(t *testing.T) { { mode: proxyconfigapi.LocalModeNodeCIDR, config: &proxyconfigapi.KubeProxyConfiguration{ClusterCIDR: "10.0.0.0/14,2002::1234:abcd:ffff:c0a8:101/64"}, - ipt: [2]utiliptables.Interface{utiliptablestest.NewFake(), utiliptablestest.NewIpv6Fake()}, + ipt: [2]utiliptables.Interface{utiliptablestest.NewFake(), utiliptablestest.NewIPv6Fake()}, expected: resolveDualStackLocalDetectors(t)( proxyutiliptables.NewDetectLocalByCIDR("10.0.0.0/24", utiliptablestest.NewFake()))( - proxyutiliptables.NewDetectLocalByCIDR("2002::1234:abcd:ffff:c0a8:101/96", utiliptablestest.NewIpv6Fake())), + proxyutiliptables.NewDetectLocalByCIDR("2002::1234:abcd:ffff:c0a8:101/96", utiliptablestest.NewIPv6Fake())), nodeInfo: makeNodeWithPodCIDRs("10.0.0.0/24", "2002::1234:abcd:ffff:c0a8:101/96"), errExpected: false, }, { mode: proxyconfigapi.LocalModeNodeCIDR, config: &proxyconfigapi.KubeProxyConfiguration{ClusterCIDR: "2002::1234:abcd:ffff:c0a8:101/64,10.0.0.0/14"}, - ipt: [2]utiliptables.Interface{utiliptablestest.NewFake(), utiliptablestest.NewIpv6Fake()}, + ipt: [2]utiliptables.Interface{utiliptablestest.NewFake(), utiliptablestest.NewIPv6Fake()}, expected: resolveDualStackLocalDetectors(t)( proxyutiliptables.NewDetectLocalByCIDR("10.0.0.0/24", utiliptablestest.NewFake()))( - proxyutiliptables.NewDetectLocalByCIDR("2002::1234:abcd:ffff:c0a8:101/96", utiliptablestest.NewIpv6Fake())), + proxyutiliptables.NewDetectLocalByCIDR("2002::1234:abcd:ffff:c0a8:101/96", utiliptablestest.NewIPv6Fake())), nodeInfo: makeNodeWithPodCIDRs("2002::1234:abcd:ffff:c0a8:101/96", "10.0.0.0/24"), errExpected: false, }, { mode: proxyconfigapi.LocalModeNodeCIDR, config: &proxyconfigapi.KubeProxyConfiguration{ClusterCIDR: "10.0.0.0/14"}, - ipt: [2]utiliptables.Interface{utiliptablestest.NewFake(), utiliptablestest.NewIpv6Fake()}, + ipt: [2]utiliptables.Interface{utiliptablestest.NewFake(), utiliptablestest.NewIPv6Fake()}, expected: [2]proxyutiliptables.LocalTrafficDetector{ resolveLocalDetector(t)(proxyutiliptables.NewDetectLocalByCIDR("10.0.0.0/24", utiliptablestest.NewFake())), proxyutiliptables.NewNoOpLocalDetector()}, @@ -424,17 +424,17 @@ func Test_getDualStackLocalDetectorTuple(t *testing.T) { { mode: proxyconfigapi.LocalModeNodeCIDR, config: &proxyconfigapi.KubeProxyConfiguration{ClusterCIDR: "2002::1234:abcd:ffff:c0a8:101/64"}, - ipt: [2]utiliptables.Interface{utiliptablestest.NewFake(), utiliptablestest.NewIpv6Fake()}, + ipt: [2]utiliptables.Interface{utiliptablestest.NewFake(), utiliptablestest.NewIPv6Fake()}, expected: [2]proxyutiliptables.LocalTrafficDetector{ proxyutiliptables.NewNoOpLocalDetector(), - resolveLocalDetector(t)(proxyutiliptables.NewDetectLocalByCIDR("2002::1234:abcd:ffff:c0a8:101/96", utiliptablestest.NewIpv6Fake()))}, + resolveLocalDetector(t)(proxyutiliptables.NewDetectLocalByCIDR("2002::1234:abcd:ffff:c0a8:101/96", utiliptablestest.NewIPv6Fake()))}, nodeInfo: makeNodeWithPodCIDRs("2002::1234:abcd:ffff:c0a8:101/96"), errExpected: false, }, { mode: proxyconfigapi.LocalModeNodeCIDR, config: &proxyconfigapi.KubeProxyConfiguration{ClusterCIDR: ""}, - ipt: [2]utiliptables.Interface{utiliptablestest.NewFake(), utiliptablestest.NewIpv6Fake()}, + ipt: [2]utiliptables.Interface{utiliptablestest.NewFake(), utiliptablestest.NewIPv6Fake()}, expected: [2]proxyutiliptables.LocalTrafficDetector{proxyutiliptables.NewNoOpLocalDetector(), proxyutiliptables.NewNoOpLocalDetector()}, nodeInfo: makeNodeWithPodCIDRs(), errExpected: false, @@ -442,7 +442,7 @@ func Test_getDualStackLocalDetectorTuple(t *testing.T) { { mode: proxyconfigapi.LocalModeNodeCIDR, config: &proxyconfigapi.KubeProxyConfiguration{ClusterCIDR: ""}, - ipt: [2]utiliptables.Interface{utiliptablestest.NewFake(), utiliptablestest.NewIpv6Fake()}, + ipt: [2]utiliptables.Interface{utiliptablestest.NewFake(), utiliptablestest.NewIPv6Fake()}, expected: [2]proxyutiliptables.LocalTrafficDetector{proxyutiliptables.NewNoOpLocalDetector(), proxyutiliptables.NewNoOpLocalDetector()}, nodeInfo: nil, errExpected: false, @@ -451,7 +451,7 @@ func Test_getDualStackLocalDetectorTuple(t *testing.T) { { mode: proxyconfigapi.LocalMode("abcd"), config: &proxyconfigapi.KubeProxyConfiguration{ClusterCIDR: ""}, - ipt: [2]utiliptables.Interface{utiliptablestest.NewFake(), utiliptablestest.NewIpv6Fake()}, + ipt: [2]utiliptables.Interface{utiliptablestest.NewFake(), utiliptablestest.NewIPv6Fake()}, expected: [2]proxyutiliptables.LocalTrafficDetector{proxyutiliptables.NewNoOpLocalDetector(), proxyutiliptables.NewNoOpLocalDetector()}, errExpected: false, }, diff --git a/pkg/kubelet/dockershim/network/hostport/fake_iptables.go b/pkg/kubelet/dockershim/network/hostport/fake_iptables.go index e7b0abd49db..be59dd5a9a6 100644 --- a/pkg/kubelet/dockershim/network/hostport/fake_iptables.go +++ b/pkg/kubelet/dockershim/network/hostport/fake_iptables.go @@ -51,7 +51,7 @@ func NewFakeIPTables() *fakeIPTables { string(utiliptables.TableNAT): sets.NewString("PREROUTING", "INPUT", "OUTPUT", "POSTROUTING"), string(utiliptables.TableMangle): sets.NewString("PREROUTING", "INPUT", "FORWARD", "OUTPUT", "POSTROUTING"), }, - protocol: utiliptables.ProtocolIpv4, + protocol: utiliptables.ProtocolIPv4, } } @@ -224,7 +224,7 @@ func (f *fakeIPTables) DeleteRule(tableName utiliptables.Table, chainName utilip } func (f *fakeIPTables) IsIPv6() bool { - return f.protocol == utiliptables.ProtocolIpv6 + return f.protocol == utiliptables.ProtocolIPv6 } func (f *fakeIPTables) Protocol() utiliptables.Protocol { diff --git a/pkg/kubelet/dockershim/network/hostport/hostport_manager.go b/pkg/kubelet/dockershim/network/hostport/hostport_manager.go index 38eabcb0ed0..f7e076ac49a 100644 --- a/pkg/kubelet/dockershim/network/hostport/hostport_manager.go +++ b/pkg/kubelet/dockershim/network/hostport/hostport_manager.go @@ -88,10 +88,10 @@ func (hm *hostportManager) Add(id string, podPortMapping *PodPortMapping, natInt return fmt.Errorf("invalid or missing IP of pod %s", podFullName) } podIP := podPortMapping.IP.String() - isIpv6 := utilnet.IsIPv6(podPortMapping.IP) + isIPv6 := utilnet.IsIPv6(podPortMapping.IP) - if isIpv6 != hm.iptables.IsIPv6() { - return fmt.Errorf("HostPortManager IP family mismatch: %v, isIPv6 - %v", podIP, isIpv6) + if isIPv6 != hm.iptables.IsIPv6() { + return fmt.Errorf("HostPortManager IP family mismatch: %v, isIPv6 - %v", podIP, isIPv6) } if err = ensureKubeHostportChains(hm.iptables, natInterfaceName); err != nil { @@ -180,9 +180,9 @@ func (hm *hostportManager) Add(id string, podPortMapping *PodPortMapping, natInt // create a new conntrack entry without any DNAT. That will result in blackhole of the traffic even after correct // iptables rules have been added back. if hm.execer != nil && hm.conntrackFound { - klog.Infof("Starting to delete udp conntrack entries: %v, isIPv6 - %v", conntrackPortsToRemove, isIpv6) + klog.Infof("Starting to delete udp conntrack entries: %v, isIPv6 - %v", conntrackPortsToRemove, isIPv6) for _, port := range conntrackPortsToRemove { - err = conntrack.ClearEntriesForPort(hm.execer, port, isIpv6, v1.ProtocolUDP) + err = conntrack.ClearEntriesForPort(hm.execer, port, isIPv6, v1.ProtocolUDP) if err != nil { klog.Errorf("Failed to clear udp conntrack for port %d, error: %v", port, err) } diff --git a/pkg/kubelet/dockershim/network/hostport/hostport_manager_test.go b/pkg/kubelet/dockershim/network/hostport/hostport_manager_test.go index cb18e1d9180..a8d03affd92 100644 --- a/pkg/kubelet/dockershim/network/hostport/hostport_manager_test.go +++ b/pkg/kubelet/dockershim/network/hostport/hostport_manager_test.go @@ -387,7 +387,7 @@ func TestGetHostportChain(t *testing.T) { func TestHostportManagerIPv6(t *testing.T) { iptables := NewFakeIPTables() - iptables.protocol = utiliptables.ProtocolIpv6 + iptables.protocol = utiliptables.ProtocolIPv6 portOpener := NewFakeSocketManager() manager := &hostportManager{ hostPortMap: make(map[hostport]closeable), diff --git a/pkg/kubelet/dockershim/network/hostport/hostport_syncer_test.go b/pkg/kubelet/dockershim/network/hostport/hostport_syncer_test.go index 3179b3782e8..874da8780bb 100644 --- a/pkg/kubelet/dockershim/network/hostport/hostport_syncer_test.go +++ b/pkg/kubelet/dockershim/network/hostport/hostport_syncer_test.go @@ -244,7 +244,7 @@ func matchRule(chain *fakeChain, match string) bool { func TestOpenPodHostportsIPv6(t *testing.T) { fakeIPTables := NewFakeIPTables() - fakeIPTables.protocol = utiliptables.ProtocolIpv6 + fakeIPTables.protocol = utiliptables.ProtocolIPv6 fakeOpener := NewFakeSocketManager() h := &hostportSyncer{ diff --git a/pkg/kubelet/dockershim/network/kubenet/kubenet_linux.go b/pkg/kubelet/dockershim/network/kubenet/kubenet_linux.go index bf7a828ec2d..e878e7c6175 100644 --- a/pkg/kubelet/dockershim/network/kubenet/kubenet_linux.go +++ b/pkg/kubelet/dockershim/network/kubenet/kubenet_linux.go @@ -122,8 +122,8 @@ type kubenetNetworkPlugin struct { func NewPlugin(networkPluginDirs []string, cacheDir string) network.NetworkPlugin { execer := utilexec.New() - iptInterface := utiliptables.New(execer, utiliptables.ProtocolIpv4) - iptInterfacev6 := utiliptables.New(execer, utiliptables.ProtocolIpv6) + iptInterface := utiliptables.New(execer, utiliptables.ProtocolIPv4) + iptInterfacev6 := utiliptables.New(execer, utiliptables.ProtocolIPv6) return &kubenetNetworkPlugin{ podIPs: make(map[kubecontainer.ContainerID]utilsets.String), execer: utilexec.New(), diff --git a/pkg/kubelet/kubelet.go b/pkg/kubelet/kubelet.go index ffd4cd537ba..d4beb6685da 100644 --- a/pkg/kubelet/kubelet.go +++ b/pkg/kubelet/kubelet.go @@ -523,10 +523,10 @@ func NewMainKubelet(kubeCfg *kubeletconfiginternal.KubeletConfiguration, } httpClient := &http.Client{} parsedNodeIP := net.ParseIP(nodeIP) - protocol := utilipt.ProtocolIpv4 + protocol := utilipt.ProtocolIPv4 if utilnet.IsIPv6(parsedNodeIP) { klog.V(0).Infof("IPv6 node IP (%s), assume IPv6 operation", nodeIP) - protocol = utilipt.ProtocolIpv6 + protocol = utilipt.ProtocolIPv6 } klet := &Kubelet{ diff --git a/pkg/proxy/ipvs/proxier.go b/pkg/proxy/ipvs/proxier.go index b7bf69f5862..9f571e446a2 100644 --- a/pkg/proxy/ipvs/proxier.go +++ b/pkg/proxy/ipvs/proxier.go @@ -2088,10 +2088,10 @@ func (proxier *Proxier) isIPInExcludeCIDRs(ip net.IP) bool { func (proxier *Proxier) getLegacyBindAddr(activeBindAddrs map[string]bool, currentBindAddrs []string) map[string]bool { legacyAddrs := make(map[string]bool) - isIpv6 := utilnet.IsIPv6(proxier.nodeIP) + isIPv6 := utilnet.IsIPv6(proxier.nodeIP) for _, addr := range currentBindAddrs { addrIsIPv6 := utilnet.IsIPv6(net.ParseIP(addr)) - if addrIsIPv6 && !isIpv6 || !addrIsIPv6 && isIpv6 { + if addrIsIPv6 && !isIPv6 || !addrIsIPv6 && isIPv6 { continue } if _, ok := activeBindAddrs[addr]; !ok { diff --git a/pkg/proxy/util/iptables/traffic_test.go b/pkg/proxy/util/iptables/traffic_test.go index 1ecee9b200f..c346dfb79fc 100644 --- a/pkg/proxy/util/iptables/traffic_test.go +++ b/pkg/proxy/util/iptables/traffic_test.go @@ -70,12 +70,12 @@ func TestNewDetectLocalByCIDR(t *testing.T) { }, { cidr: "2002::1234:abcd:ffff:c0a8:101/64", - ipt: iptablestest.NewIpv6Fake(), + ipt: iptablestest.NewIPv6Fake(), errExpected: false, }, { cidr: "10.0.0.0/14", - ipt: iptablestest.NewIpv6Fake(), + ipt: iptablestest.NewIPv6Fake(), errExpected: true, }, { @@ -90,7 +90,7 @@ func TestNewDetectLocalByCIDR(t *testing.T) { }, { cidr: "2002::1234:abcd:ffff:c0a8:101", - ipt: iptablestest.NewIpv6Fake(), + ipt: iptablestest.NewIPv6Fake(), errExpected: true, }, { @@ -100,7 +100,7 @@ func TestNewDetectLocalByCIDR(t *testing.T) { }, { cidr: "", - ipt: iptablestest.NewIpv6Fake(), + ipt: iptablestest.NewIPv6Fake(), errExpected: true, }, } @@ -137,7 +137,7 @@ func TestDetectLocalByCIDR(t *testing.T) { }, { cidr: "2002::1234:abcd:ffff:c0a8:101/64", - ipt: iptablestest.NewIpv6Fake(), + ipt: iptablestest.NewIPv6Fake(), chain: "TEST", args: []string{"arg1", "arg2"}, expectedJumpIfOutput: []string{"arg1", "arg2", "-s", "2002::1234:abcd:ffff:c0a8:101/64", "-j", "TEST"}, diff --git a/pkg/proxy/winuserspace/proxier.go b/pkg/proxy/winuserspace/proxier.go index bfeb4fdee2c..42f1c64af7e 100644 --- a/pkg/proxy/winuserspace/proxier.go +++ b/pkg/proxy/winuserspace/proxier.go @@ -213,7 +213,7 @@ func (proxier *Proxier) addServicePortPortal(servicePortPortalName ServicePortPo return nil, fmt.Errorf("could not parse ip '%q'", listenIP) } // add the IP address. Node port binds to all interfaces. - args := proxier.netshIpv4AddressAddArgs(serviceIP) + args := proxier.netshIPv4AddressAddArgs(serviceIP) if existed, err := proxier.netsh.EnsureIPAddress(args, serviceIP); err != nil { return nil, err } else if !existed { @@ -262,7 +262,7 @@ func (proxier *Proxier) closeServicePortPortal(servicePortPortalName ServicePort // close the PortalProxy by deleting the service IP address if info.portal.ip != allAvailableInterfaces { serviceIP := net.ParseIP(info.portal.ip) - args := proxier.netshIpv4AddressDeleteArgs(serviceIP) + args := proxier.netshIPv4AddressDeleteArgs(serviceIP) if err := proxier.netsh.DeleteIPAddress(args); err != nil { return err } @@ -474,7 +474,7 @@ func isClosedError(err error) bool { return strings.HasSuffix(err.Error(), "use of closed network connection") } -func (proxier *Proxier) netshIpv4AddressAddArgs(destIP net.IP) []string { +func (proxier *Proxier) netshIPv4AddressAddArgs(destIP net.IP) []string { intName := proxier.netsh.GetInterfaceToAddIP() args := []string{ "interface", "ipv4", "add", "address", @@ -485,7 +485,7 @@ func (proxier *Proxier) netshIpv4AddressAddArgs(destIP net.IP) []string { return args } -func (proxier *Proxier) netshIpv4AddressDeleteArgs(destIP net.IP) []string { +func (proxier *Proxier) netshIPv4AddressDeleteArgs(destIP net.IP) []string { intName := proxier.netsh.GetInterfaceToAddIP() args := []string{ "interface", "ipv4", "delete", "address", diff --git a/pkg/util/iptables/iptables.go b/pkg/util/iptables/iptables.go index a15ac3a968b..946f898e90a 100644 --- a/pkg/util/iptables/iptables.go +++ b/pkg/util/iptables/iptables.go @@ -92,10 +92,10 @@ type Interface interface { type Protocol string const ( - // ProtocolIpv4 represents ipv4 protocol in iptables - ProtocolIpv4 Protocol = "IPv4" - // ProtocolIpv6 represents ipv6 protocol in iptables - ProtocolIpv6 Protocol = "IPv6" + // ProtocolIPv4 represents ipv4 protocol in iptables + ProtocolIPv4 Protocol = "IPv4" + // ProtocolIPv6 represents ipv6 protocol in iptables + ProtocolIPv6 Protocol = "IPv6" ) // Table represents different iptable like filter,nat, mangle and raw @@ -322,7 +322,7 @@ func (runner *runner) DeleteRule(table Table, chain Chain, args ...string) error } func (runner *runner) IsIPv6() bool { - return runner.protocol == ProtocolIpv6 + return runner.protocol == ProtocolIPv6 } func (runner *runner) Protocol() Protocol { @@ -416,14 +416,14 @@ func (runner *runner) restoreInternal(args []string, data []byte, flush FlushFla } func iptablesSaveCommand(protocol Protocol) string { - if protocol == ProtocolIpv6 { + if protocol == ProtocolIPv6 { return cmdIP6TablesSave } return cmdIPTablesSave } func iptablesRestoreCommand(protocol Protocol) string { - if protocol == ProtocolIpv6 { + if protocol == ProtocolIPv6 { return cmdIP6TablesRestore } return cmdIPTablesRestore @@ -431,7 +431,7 @@ func iptablesRestoreCommand(protocol Protocol) string { } func iptablesCommand(protocol Protocol) string { - if protocol == ProtocolIpv6 { + if protocol == ProtocolIPv6 { return cmdIP6Tables } return cmdIPTables diff --git a/pkg/util/iptables/iptables_test.go b/pkg/util/iptables/iptables_test.go index 85855caced5..7a578419f51 100644 --- a/pkg/util/iptables/iptables_test.go +++ b/pkg/util/iptables/iptables_test.go @@ -68,11 +68,11 @@ func testIPTablesVersionCmds(t *testing.T, protocol Protocol) { } func TestIPTablesVersionCmdsIPv4(t *testing.T) { - testIPTablesVersionCmds(t, ProtocolIpv4) + testIPTablesVersionCmds(t, ProtocolIPv4) } func TestIPTablesVersionCmdsIPv6(t *testing.T) { - testIPTablesVersionCmds(t, ProtocolIpv6) + testIPTablesVersionCmds(t, ProtocolIPv6) } func testEnsureChain(t *testing.T, protocol Protocol) { @@ -127,12 +127,12 @@ func testEnsureChain(t *testing.T, protocol Protocol) { } } -func TestEnsureChainIpv4(t *testing.T) { - testEnsureChain(t, ProtocolIpv4) +func TestEnsureChainIPv4(t *testing.T) { + testEnsureChain(t, ProtocolIPv4) } -func TestEnsureChainIpv6(t *testing.T) { - testEnsureChain(t, ProtocolIpv6) +func TestEnsureChainIPv6(t *testing.T) { + testEnsureChain(t, ProtocolIPv6) } func TestFlushChain(t *testing.T) { @@ -153,7 +153,7 @@ func TestFlushChain(t *testing.T) { func(cmd string, args ...string) exec.Cmd { return fakeexec.InitFakeCmd(&fcmd, cmd, args...) }, }, } - runner := New(&fexec, ProtocolIpv4) + runner := New(&fexec, ProtocolIPv4) // Success. err := runner.FlushChain(TableNAT, Chain("FOOBAR")) if err != nil { @@ -190,7 +190,7 @@ func TestDeleteChain(t *testing.T) { func(cmd string, args ...string) exec.Cmd { return fakeexec.InitFakeCmd(&fcmd, cmd, args...) }, }, } - runner := New(&fexec, ProtocolIpv4) + runner := New(&fexec, ProtocolIPv4) // Success. err := runner.DeleteChain(TableNAT, Chain("FOOBAR")) if err != nil { @@ -226,7 +226,7 @@ func TestEnsureRuleAlreadyExists(t *testing.T) { func(cmd string, args ...string) exec.Cmd { return fakeexec.InitFakeCmd(&fcmd, cmd, args...) }, }, } - runner := New(&fexec, ProtocolIpv4) + runner := New(&fexec, ProtocolIPv4) exists, err := runner.EnsureRule(Append, TableNAT, ChainOutput, "abc", "123") if err != nil { t.Errorf("expected success, got %v", err) @@ -262,7 +262,7 @@ func TestEnsureRuleNew(t *testing.T) { func(cmd string, args ...string) exec.Cmd { return fakeexec.InitFakeCmd(&fcmd, cmd, args...) }, }, } - runner := New(&fexec, ProtocolIpv4) + runner := New(&fexec, ProtocolIPv4) exists, err := runner.EnsureRule(Append, TableNAT, ChainOutput, "abc", "123") if err != nil { t.Errorf("expected success, got %v", err) @@ -295,7 +295,7 @@ func TestEnsureRuleErrorChecking(t *testing.T) { func(cmd string, args ...string) exec.Cmd { return fakeexec.InitFakeCmd(&fcmd, cmd, args...) }, }, } - runner := New(&fexec, ProtocolIpv4) + runner := New(&fexec, ProtocolIPv4) _, err := runner.EnsureRule(Append, TableNAT, ChainOutput, "abc", "123") if err == nil { t.Errorf("expected failure") @@ -325,7 +325,7 @@ func TestEnsureRuleErrorCreating(t *testing.T) { func(cmd string, args ...string) exec.Cmd { return fakeexec.InitFakeCmd(&fcmd, cmd, args...) }, }, } - runner := New(&fexec, ProtocolIpv4) + runner := New(&fexec, ProtocolIPv4) _, err := runner.EnsureRule(Append, TableNAT, ChainOutput, "abc", "123") if err == nil { t.Errorf("expected failure") @@ -352,7 +352,7 @@ func TestDeleteRuleDoesNotExist(t *testing.T) { func(cmd string, args ...string) exec.Cmd { return fakeexec.InitFakeCmd(&fcmd, cmd, args...) }, }, } - runner := New(&fexec, ProtocolIpv4) + runner := New(&fexec, ProtocolIPv4) err := runner.DeleteRule(TableNAT, ChainOutput, "abc", "123") if err != nil { t.Errorf("expected success, got %v", err) @@ -385,7 +385,7 @@ func TestDeleteRuleExists(t *testing.T) { func(cmd string, args ...string) exec.Cmd { return fakeexec.InitFakeCmd(&fcmd, cmd, args...) }, }, } - runner := New(&fexec, ProtocolIpv4) + runner := New(&fexec, ProtocolIPv4) err := runner.DeleteRule(TableNAT, ChainOutput, "abc", "123") if err != nil { t.Errorf("expected success, got %v", err) @@ -415,7 +415,7 @@ func TestDeleteRuleErrorChecking(t *testing.T) { func(cmd string, args ...string) exec.Cmd { return fakeexec.InitFakeCmd(&fcmd, cmd, args...) }, }, } - runner := New(&fexec, ProtocolIpv4) + runner := New(&fexec, ProtocolIPv4) err := runner.DeleteRule(TableNAT, ChainOutput, "abc", "123") if err == nil { t.Errorf("expected failure") @@ -445,7 +445,7 @@ func TestDeleteRuleErrorDeleting(t *testing.T) { func(cmd string, args ...string) exec.Cmd { return fakeexec.InitFakeCmd(&fcmd, cmd, args...) }, }, } - runner := New(&fexec, ProtocolIpv4) + runner := New(&fexec, ProtocolIPv4) err := runner.DeleteRule(TableNAT, ChainOutput, "abc", "123") if err == nil { t.Errorf("expected failure") @@ -480,7 +480,7 @@ func TestGetIPTablesHasCheckCommand(t *testing.T) { func(cmd string, args ...string) exec.Cmd { return fakeexec.InitFakeCmd(&fcmd, cmd, args...) }, }, } - ipt := New(&fexec, ProtocolIpv4) + ipt := New(&fexec, ProtocolIPv4) runner := ipt.(*runner) if testCase.Expected != runner.hasCheck { t.Errorf("Expected result: %v, Got result: %v", testCase.Expected, runner.hasCheck) @@ -494,12 +494,12 @@ func TestIPTablesCommands(t *testing.T) { protocol Protocol expectedCmd string }{ - {"iptablesCommand", ProtocolIpv4, cmdIPTables}, - {"iptablesCommand", ProtocolIpv6, cmdIP6Tables}, - {"iptablesSaveCommand", ProtocolIpv4, cmdIPTablesSave}, - {"iptablesSaveCommand", ProtocolIpv6, cmdIP6TablesSave}, - {"iptablesRestoreCommand", ProtocolIpv4, cmdIPTablesRestore}, - {"iptablesRestoreCommand", ProtocolIpv6, cmdIP6TablesRestore}, + {"iptablesCommand", ProtocolIPv4, cmdIPTables}, + {"iptablesCommand", ProtocolIPv6, cmdIP6Tables}, + {"iptablesSaveCommand", ProtocolIPv4, cmdIPTablesSave}, + {"iptablesSaveCommand", ProtocolIPv6, cmdIP6TablesSave}, + {"iptablesRestoreCommand", ProtocolIPv4, cmdIPTablesRestore}, + {"iptablesRestoreCommand", ProtocolIPv6, cmdIP6TablesRestore}, } for _, testCase := range testCases { var cmd string @@ -641,7 +641,7 @@ func TestWaitFlagUnavailable(t *testing.T) { func(cmd string, args ...string) exec.Cmd { return fakeexec.InitFakeCmd(&fcmd, cmd, args...) }, }, } - runner := New(&fexec, ProtocolIpv4) + runner := New(&fexec, ProtocolIPv4) err := runner.DeleteChain(TableNAT, Chain("FOOBAR")) if err != nil { t.Errorf("expected success, got %v", err) @@ -672,7 +672,7 @@ func TestWaitFlagOld(t *testing.T) { func(cmd string, args ...string) exec.Cmd { return fakeexec.InitFakeCmd(&fcmd, cmd, args...) }, }, } - runner := New(&fexec, ProtocolIpv4) + runner := New(&fexec, ProtocolIPv4) err := runner.DeleteChain(TableNAT, Chain("FOOBAR")) if err != nil { t.Errorf("expected success, got %v", err) @@ -706,7 +706,7 @@ func TestWaitFlagNew(t *testing.T) { func(cmd string, args ...string) exec.Cmd { return fakeexec.InitFakeCmd(&fcmd, cmd, args...) }, }, } - runner := New(&fexec, ProtocolIpv4) + runner := New(&fexec, ProtocolIPv4) err := runner.DeleteChain(TableNAT, Chain("FOOBAR")) if err != nil { t.Errorf("expected success, got %v", err) @@ -737,7 +737,7 @@ func TestWaitIntervalFlagNew(t *testing.T) { func(cmd string, args ...string) exec.Cmd { return fakeexec.InitFakeCmd(&fcmd, cmd, args...) }, }, } - runner := New(&fexec, ProtocolIpv4) + runner := New(&fexec, ProtocolIPv4) err := runner.DeleteChain(TableNAT, Chain("FOOBAR")) if err != nil { t.Errorf("expected success, got %v", err) @@ -817,11 +817,11 @@ COMMIT } func TestSaveIntoIPv4(t *testing.T) { - testSaveInto(t, ProtocolIpv4) + testSaveInto(t, ProtocolIPv4) } func TestSaveIntoIPv6(t *testing.T) { - testSaveInto(t, ProtocolIpv6) + testSaveInto(t, ProtocolIPv6) } func testRestore(t *testing.T, protocol Protocol) { @@ -908,11 +908,11 @@ func testRestore(t *testing.T, protocol Protocol) { } func TestRestoreIPv4(t *testing.T) { - testRestore(t, ProtocolIpv4) + testRestore(t, ProtocolIPv4) } func TestRestoreIPv6(t *testing.T) { - testRestore(t, ProtocolIpv6) + testRestore(t, ProtocolIPv6) } // TestRestoreAll tests only the simplest use case, as flag handling code is already tested in TestRestore @@ -932,7 +932,7 @@ func TestRestoreAll(t *testing.T) { func(cmd string, args ...string) exec.Cmd { return fakeexec.InitFakeCmd(&fcmd, cmd, args...) }, }, } - runner := newInternal(&fexec, ProtocolIpv4, TestLockfilePath) + runner := newInternal(&fexec, ProtocolIPv4, TestLockfilePath) defer os.Remove(TestLockfilePath) err := runner.RestoreAll([]byte{}, NoFlushTables, RestoreCounters) @@ -973,7 +973,7 @@ func TestRestoreAllWait(t *testing.T) { func(cmd string, args ...string) exec.Cmd { return fakeexec.InitFakeCmd(&fcmd, cmd, args...) }, }, } - runner := newInternal(&fexec, ProtocolIpv4, TestLockfilePath) + runner := newInternal(&fexec, ProtocolIPv4, TestLockfilePath) defer os.Remove(TestLockfilePath) err := runner.RestoreAll([]byte{}, NoFlushTables, RestoreCounters) @@ -1018,7 +1018,7 @@ func TestRestoreAllWaitOldIptablesRestore(t *testing.T) { func(cmd string, args ...string) exec.Cmd { return fakeexec.InitFakeCmd(&fcmd, cmd, args...) }, }, } - runner := newInternal(&fexec, ProtocolIpv4, TestLockfilePath) + runner := newInternal(&fexec, ProtocolIPv4, TestLockfilePath) defer os.Remove(TestLockfilePath) err := runner.RestoreAll([]byte{}, NoFlushTables, RestoreCounters) @@ -1064,7 +1064,7 @@ func TestRestoreAllGrabNewLock(t *testing.T) { }, } - runner := newInternal(&fexec, ProtocolIpv4, TestLockfilePath) + runner := newInternal(&fexec, ProtocolIPv4, TestLockfilePath) defer os.Remove(TestLockfilePath) // Grab the /run lock and ensure the RestoreAll fails @@ -1106,7 +1106,7 @@ func TestRestoreAllGrabOldLock(t *testing.T) { }, } - runner := newInternal(&fexec, ProtocolIpv4, TestLockfilePath) + runner := newInternal(&fexec, ProtocolIPv4, TestLockfilePath) defer os.Remove(TestLockfilePath) // Grab the abstract @xtables socket @@ -1146,7 +1146,7 @@ func TestRestoreAllWaitBackportedIptablesRestore(t *testing.T) { func(cmd string, args ...string) exec.Cmd { return fakeexec.InitFakeCmd(&fcmd, cmd, args...) }, }, } - runner := newInternal(&fexec, ProtocolIpv4, TestLockfilePath) + runner := newInternal(&fexec, ProtocolIPv4, TestLockfilePath) defer os.Remove(TestLockfilePath) err := runner.RestoreAll([]byte{}, NoFlushTables, RestoreCounters) diff --git a/pkg/util/iptables/monitor_test.go b/pkg/util/iptables/monitor_test.go index 06465987097..a9d915e90e5 100644 --- a/pkg/util/iptables/monitor_test.go +++ b/pkg/util/iptables/monitor_test.go @@ -180,7 +180,7 @@ func (mfc *monitorFakeCmd) Stop() { func TestIPTablesMonitor(t *testing.T) { mfe := newMonitorFakeExec() - ipt := New(mfe, ProtocolIpv4) + ipt := New(mfe, ProtocolIPv4) var reloads uint32 stopCh := make(chan struct{}) diff --git a/pkg/util/iptables/testing/fake.go b/pkg/util/iptables/testing/fake.go index 907cdc6c643..46b5641b499 100644 --- a/pkg/util/iptables/testing/fake.go +++ b/pkg/util/iptables/testing/fake.go @@ -62,12 +62,12 @@ type FakeIPTables struct { // NewFake returns a no-op iptables.Interface func NewFake() *FakeIPTables { - return &FakeIPTables{protocol: iptables.ProtocolIpv4} + return &FakeIPTables{protocol: iptables.ProtocolIPv4} } -// NewIpv6Fake returns a no-op iptables.Interface with IsIPv6() == true -func NewIpv6Fake() *FakeIPTables { - return &FakeIPTables{protocol: iptables.ProtocolIpv6} +// NewIPv6Fake returns a no-op iptables.Interface with IsIPv6() == true +func NewIPv6Fake() *FakeIPTables { + return &FakeIPTables{protocol: iptables.ProtocolIPv6} } // SetHasRandomFully is part of iptables.Interface @@ -103,7 +103,7 @@ func (*FakeIPTables) DeleteRule(table iptables.Table, chain iptables.Chain, args // IsIPv6 is part of iptables.Interface func (f *FakeIPTables) IsIPv6() bool { - return f.protocol == iptables.ProtocolIpv6 + return f.protocol == iptables.ProtocolIPv6 } // Protocol is part of iptables.Interface