From 29a74b8b119a7532acfa485cbb89504d291e1dc4 Mon Sep 17 00:00:00 2001 From: Luiz Aoqui Date: Tue, 21 Dec 2021 20:17:10 -0500 Subject: [PATCH 1/3] fix host network reserved port fingerprint --- client/fingerprint/network.go | 4 ++ client/fingerprint/network_test.go | 95 ++++++++++++++++++++++++++++++ 2 files changed, 99 insertions(+) diff --git a/client/fingerprint/network.go b/client/fingerprint/network.go index a65e97a8acc3..9f005c9289c5 100644 --- a/client/fingerprint/network.go +++ b/client/fingerprint/network.go @@ -178,6 +178,10 @@ func (f *NetworkFingerprint) createNodeNetworkResources(ifaces []net.Interface, Alias: alias, } + if hostNetwork, ok := conf.HostNetworks[alias]; ok { + newAddr.ReservedPorts = hostNetwork.ReservedPorts + } + if newAddr.Alias != "" { if ip.IsLinkLocalUnicast() || ip.IsLinkLocalMulticast() { linkLocalAddrs = append(linkLocalAddrs, newAddr) diff --git a/client/fingerprint/network_test.go b/client/fingerprint/network_test.go index 892398d559d0..e98e52046b22 100644 --- a/client/fingerprint/network_test.go +++ b/client/fingerprint/network_test.go @@ -486,3 +486,98 @@ func TestNetworkFingerPrint_MultipleAliases(t *testing.T) { sort.Strings(aliases) require.Equal(t, expected, aliases, "host networks should match aliases") } + +func TestNetworkFingerPrint_HostNetorkReservedPorts(t *testing.T) { + testCases := []struct { + name string + hostNetworks map[string]*structs.ClientHostNetworkConfig + }{ + { + name: "no host networks", + hostNetworks: map[string]*structs.ClientHostNetworkConfig{}, + }, + { + name: "no reserved ports", + hostNetworks: map[string]*structs.ClientHostNetworkConfig{ + "alias1": { + Name: "alias1", + Interface: "eth3", + CIDR: "169.254.155.20/32", + }, + "alias2": { + Name: "alias2", + Interface: "eth3", + CIDR: "169.254.155.20/32", + }, + "alias3": { + Name: "alias3", + Interface: "eth0", + CIDR: "100.64.0.11/10", + }, + }, + }, + { + name: "reserved ports in some aliases", + hostNetworks: map[string]*structs.ClientHostNetworkConfig{ + "alias1": { + Name: "alias1", + Interface: "eth3", + CIDR: "169.254.155.20/32", + ReservedPorts: "22", + }, + "alias2": { + Name: "alias2", + Interface: "eth3", + CIDR: "169.254.155.20/32", + ReservedPorts: "80,3000-4000", + }, + "alias3": { + Name: "alias3", + Interface: "eth0", + CIDR: "100.64.0.11/10", + }, + }, + }, + } + + for _, tc := range testCases { + t.Run(tc.name, func(t *testing.T) { + f := &NetworkFingerprint{ + logger: testlog.HCLogger(t), + interfaceDetector: &NetworkInterfaceDetectorMultipleInterfaces{}, + } + node := &structs.Node{ + Attributes: make(map[string]string), + } + cfg := &config.Config{ + NetworkInterface: "eth3", + HostNetworks: tc.hostNetworks, + } + + request := &FingerprintRequest{Config: cfg, Node: node} + var response FingerprintResponse + err := f.Fingerprint(request, &response) + require.NoError(t, err) + + expected := []string{} + if len(cfg.HostNetworks) == 0 { + expected = append(expected, "") + } else { + for _, cfg := range cfg.HostNetworks { + expected = append(expected, cfg.ReservedPorts) + } + } + + got := []string{} + for _, network := range response.NodeResources.NodeNetworks { + for _, address := range network.Addresses { + got = append(got, address.ReservedPorts) + } + } + + sort.Strings(expected) + sort.Strings(got) + require.Equal(t, expected, got, "host networks should match reserved ports") + }) + } +} From 43398c3deb5ef3a366bc8ccc12e6a4e1085ad88b Mon Sep 17 00:00:00 2001 From: Luiz Aoqui Date: Tue, 21 Dec 2021 20:51:47 -0500 Subject: [PATCH 2/3] changelog: add entry for #11728 --- .changelog/11728.txt | 3 +++ 1 file changed, 3 insertions(+) create mode 100644 .changelog/11728.txt diff --git a/.changelog/11728.txt b/.changelog/11728.txt new file mode 100644 index 000000000000..f8026bba8061 --- /dev/null +++ b/.changelog/11728.txt @@ -0,0 +1,3 @@ +```release-note:bug +client: Fixed host network reserved port fingerprinting +``` From 87ef64f23c06c9d46e0507ac70d83547e48df661 Mon Sep 17 00:00:00 2001 From: Luiz Aoqui Date: Wed, 22 Dec 2021 11:08:16 -0500 Subject: [PATCH 3/3] fix test name and refactor expected results logic --- client/fingerprint/network_test.go | 19 +++++++------------ 1 file changed, 7 insertions(+), 12 deletions(-) diff --git a/client/fingerprint/network_test.go b/client/fingerprint/network_test.go index e98e52046b22..7628b814b45d 100644 --- a/client/fingerprint/network_test.go +++ b/client/fingerprint/network_test.go @@ -487,14 +487,16 @@ func TestNetworkFingerPrint_MultipleAliases(t *testing.T) { require.Equal(t, expected, aliases, "host networks should match aliases") } -func TestNetworkFingerPrint_HostNetorkReservedPorts(t *testing.T) { +func TestNetworkFingerPrint_HostNetworkReservedPorts(t *testing.T) { testCases := []struct { name string hostNetworks map[string]*structs.ClientHostNetworkConfig + expected []string }{ { name: "no host networks", hostNetworks: map[string]*structs.ClientHostNetworkConfig{}, + expected: []string{""}, }, { name: "no reserved ports", @@ -515,6 +517,7 @@ func TestNetworkFingerPrint_HostNetorkReservedPorts(t *testing.T) { CIDR: "100.64.0.11/10", }, }, + expected: []string{"", "", ""}, }, { name: "reserved ports in some aliases", @@ -537,6 +540,7 @@ func TestNetworkFingerPrint_HostNetorkReservedPorts(t *testing.T) { CIDR: "100.64.0.11/10", }, }, + expected: []string{"22", "80,3000-4000", ""}, }, } @@ -559,15 +563,6 @@ func TestNetworkFingerPrint_HostNetorkReservedPorts(t *testing.T) { err := f.Fingerprint(request, &response) require.NoError(t, err) - expected := []string{} - if len(cfg.HostNetworks) == 0 { - expected = append(expected, "") - } else { - for _, cfg := range cfg.HostNetworks { - expected = append(expected, cfg.ReservedPorts) - } - } - got := []string{} for _, network := range response.NodeResources.NodeNetworks { for _, address := range network.Addresses { @@ -575,9 +570,9 @@ func TestNetworkFingerPrint_HostNetorkReservedPorts(t *testing.T) { } } - sort.Strings(expected) + sort.Strings(tc.expected) sort.Strings(got) - require.Equal(t, expected, got, "host networks should match reserved ports") + require.Equal(t, tc.expected, got, "host networks should match reserved ports") }) } }