From 40af9e9e4e8547d2749c62aac36ff2ffaeecb2bd Mon Sep 17 00:00:00 2001 From: Trekkie Coder Date: Tue, 19 Nov 2024 01:43:08 +0900 Subject: [PATCH 1/2] loxilb-io/loxilb#864 Initail support for lb source ranges --- cmd/create/create_firewall.go | 6 +++--- cmd/create/create_loadbalancer.go | 4 ++-- cmd/get/get_firewall.go | 2 +- pkg/api/firewall.go | 4 ++-- pkg/api/loadBalancer.go | 2 +- 5 files changed, 9 insertions(+), 9 deletions(-) diff --git a/cmd/create/create_firewall.go b/cmd/create/create_firewall.go index b30916d..3a5bc5d 100644 --- a/cmd/create/create_firewall.go +++ b/cmd/create/create_firewall.go @@ -37,7 +37,7 @@ type CreateFirewallOptions struct { Drop bool Trap bool Record bool - Mark int + Mark uint32 } func NewCreateFirewallCmd(restOptions *api.RESTOptions) *cobra.Command { @@ -110,7 +110,7 @@ ex) loxicmd create firewall --firewallRule="sourceIP:1.2.3.2/32,destinationIP:2. createFirewallCmd.Flags().BoolVarP(&o.Drop, "drop", "", false, "Drop any matching rule") createFirewallCmd.Flags().BoolVarP(&o.Record, "record", "", false, "Record/Dump any matching rule") createFirewallCmd.Flags().BoolVarP(&o.Trap, "trap", "", false, " Trap anything matching rule") - createFirewallCmd.Flags().IntVarP(&o.Mark, "setmark", "", 0, " Add a fw mark") + createFirewallCmd.Flags().Uint32VarP(&o.Mark, "setmark", "", 0, " Add a fw mark") createFirewallCmd.Flags().StringSliceVar(&o.SnatArgs, "snat", o.SnatArgs, "SNAT any matching rule") createFirewallCmd.MarkFlagRequired("firewallRule") return createFirewallCmd @@ -197,7 +197,7 @@ func GetFWOptionPairList(FirewallMods *api.FwRuleMod, o CreateFirewallOptions) e } } FirewallMods.Opts.Record = o.Record - FirewallMods.Opts.Mark = o.Mark + FirewallMods.Opts.Mark = uint32(o.Mark) return nil } diff --git a/cmd/create/create_loadbalancer.go b/cmd/create/create_loadbalancer.go index 729b679..63ba529 100644 --- a/cmd/create/create_loadbalancer.go +++ b/cmd/create/create_loadbalancer.go @@ -44,7 +44,7 @@ type CreateLoadBalancerOptions struct { Attach bool Detach bool Timeout uint32 - Mark uint16 + Mark uint32 SCTP []string Endpoints []string SecIPs []string @@ -291,7 +291,7 @@ ex) loxicmd create lb 192.168.0.200 --tcp=80:32015 --endpoints=10.212.0.1:1,10.2 createLbCmd.Flags().StringSliceVar(&o.SecIPs, "secips", o.SecIPs, "Secondary IPs for SCTP multihoming rule specified as ''") createLbCmd.Flags().StringVarP(&o.Select, "select", "", "rr", "Select the hash algorithm for the load balance.(ex) rr, hash, priority, persist, lc") createLbCmd.Flags().Uint32VarP(&o.Timeout, "inatimeout", "", 0, "Specify the timeout (in seconds) after which a LB session will be reset for inactivity") - createLbCmd.Flags().Uint16VarP(&o.Mark, "mark", "", 0, "Specify the mark num to segregate a load-balancer VIP service") + createLbCmd.Flags().Uint32VarP(&o.Mark, "mark", "", 0, "Specify the mark num to segregate a load-balancer VIP service") createLbCmd.Flags().StringSliceVar(&o.Endpoints, "endpoints", o.Endpoints, "Endpoints is pairs that can be specified as ':'") createLbCmd.Flags().StringVarP(&o.Name, "name", "", o.Name, "Name for load balancer rule") createLbCmd.Flags().BoolVarP(&o.Attach, "attachEP", "", false, "Attach endpoints to the load balancer rule") diff --git a/cmd/get/get_firewall.go b/cmd/get/get_firewall.go index 296f711..703abb1 100644 --- a/cmd/get/get_firewall.go +++ b/cmd/get/get_firewall.go @@ -118,7 +118,7 @@ func MakeFirewallOptionToString(t api.FwOptArg) (ret string) { ret += fmt.Sprintf(",Record") } if t.Mark != 0 { - ret += fmt.Sprintf(",FwMark(%d)", t.Mark) + ret += fmt.Sprintf(",FwMark(%v)", t.Mark) } return ret } diff --git a/pkg/api/firewall.go b/pkg/api/firewall.go index 4aba3be..1577fdb 100644 --- a/pkg/api/firewall.go +++ b/pkg/api/firewall.go @@ -38,8 +38,8 @@ type FwOptArg struct { Rdr bool `json:"redirect" yaml:"redirect"` RdrPort string `json:"redirectPortName" yaml:"redirectPortName"` // Allow - Allow any matching rule - Allow bool `json:"allow" yaml:"allow"` - Mark int `json:"fwMark" yaml:"fwMark"` + Allow bool `json:"allow" yaml:"allow"` + Mark uint32 `json:"fwMark" yaml:"fwMark"` // Record - Record packets matching rule Record bool `json:"record" yaml:"record"` // DoSNAT - Do snat on matching rule diff --git a/pkg/api/loadBalancer.go b/pkg/api/loadBalancer.go index c350baf..b56270d 100644 --- a/pkg/api/loadBalancer.go +++ b/pkg/api/loadBalancer.go @@ -48,7 +48,7 @@ type LoadBalancerService struct { BGP bool `json:"BGP" yaml:"BGP"` Monitor bool `json:"Monitor" yaml:"Monitor"` Timeout uint32 `json:"inactiveTimeOut" yaml:"inactiveTimeOut"` - Block uint16 `json:"block" yaml:"block"` + Block uint32 `json:"block" yaml:"block"` Managed bool `json:"managed,omitempty" yaml:"managed"` Name string `json:"name,omitempty" yaml:"name"` Snat bool `json:"snat,omitempty"` From ca8d63cdd1fa15388536c40c270474fc2f26aecf Mon Sep 17 00:00:00 2001 From: Trekkie Coder Date: Tue, 19 Nov 2024 23:42:28 +0900 Subject: [PATCH 2/2] loxilb-io/loxilb#864 Initail support for lb source ranges --- cmd/create/create_loadbalancer.go | 48 +++++++++++++++++++------------ cmd/get/type.go | 2 +- pkg/api/loadBalancer.go | 30 +++++++++++-------- 3 files changed, 48 insertions(+), 32 deletions(-) diff --git a/cmd/create/create_loadbalancer.go b/cmd/create/create_loadbalancer.go index 63ba529..855a531 100644 --- a/cmd/create/create_loadbalancer.go +++ b/cmd/create/create_loadbalancer.go @@ -33,24 +33,25 @@ import ( ) type CreateLoadBalancerOptions struct { - ExternalIP string - TCP []string - UDP []string - ICMP bool - Mode string - BGP bool - Security string - Monitor bool - Attach bool - Detach bool - Timeout uint32 - Mark uint32 - SCTP []string - Endpoints []string - SecIPs []string - Select string - Name string - Host string + ExternalIP string + TCP []string + UDP []string + ICMP bool + Mode string + BGP bool + Security string + Monitor bool + Attach bool + Detach bool + Timeout uint32 + Mark uint32 + SCTP []string + Endpoints []string + SecIPs []string + Select string + Name string + Host string + AllowedSources []string } type CreateLoadBalancerResult struct { @@ -138,7 +139,7 @@ func NewCreateLoadBalancerCmd(restOptions *api.RESTOptions) *cobra.Command { o := CreateLoadBalancerOptions{} var createLbCmd = &cobra.Command{ - Use: "lb IP [--select=] [--tcp=:] [--udp=:] [--sctp=:] [--icmp] [--mark=] [--secips=,][--endpoints=:,] [--mode=] [--bgp] [--monitor] [--inatimeout=] [--name=] [--attachEP] [--detachEP] [--security=] [--host=]", + Use: "lb IP [--select=] [--tcp=:] [--udp=:] [--sctp=:] [--icmp] [--mark=] [--secips=,] [--sources=,] [--endpoints=:,] [--mode=] [--bgp] [--monitor] [--inatimeout=] [--name=] [--attachEP] [--detachEP] [--security=] [--host=]", Short: "Create a LoadBalancer", Long: `Create a LoadBalancer @@ -164,6 +165,7 @@ ex) loxicmd create lb 192.168.0.200 --tcp=80:32015 --endpoints=10.212.0.1:1,10.2 loxicmd create lb 192.168.0.200 --select=hash --tcp=80:32015 --endpoints=10.212.0.1:1,10.212.0.2:1,10.212.0.3:1 loxicmd create lb 192.168.0.200 --tcp=80:32015 --endpoints=10.212.0.1:1,10.212.0.2:1,10.212.0.3:1 --mode=dsr loxicmd create lb 192.168.0.200 --sctp=37412:38412 --secips=192.168.0.201,192.168.0.202 --endpoints=10.212.0.1:1,10.212.0.2:1,10.212.0.3:1 + loxicmd create lb 192.168.0.200 --tcp=80:32015 --endpoints=10.212.0.1:1,10.212.0.2:1,10.212.0.3:1 --sources=10.10.10.1/32 loxicmd create lb 2001::1 --tcp=2020:8080 --endpoints=4ffe::1:1,5ffe::1:1,6ffe::1:1 loxicmd create lb 2001::1 --tcp=2020:8080 --endpoints=31.31.31.1:1,32.32.32.1:1,33.33.33.1:1 @@ -262,6 +264,13 @@ ex) loxicmd create lb 192.168.0.200 --tcp=80:32015 --endpoints=10.212.0.1:1,10.2 lbModel.SecondaryIPs = append(lbModel.SecondaryIPs, sp) } + for _, sip := range o.AllowedSources { + sp := api.LbAllowedSrcIPArg{ + Prefix: sip, + } + lbModel.SrcIPs = append(lbModel.SrcIPs, sp) + } + resp, err := LoadbalancerAPICall(restOptions, lbModel) if err != nil { fmt.Printf("Error: %s\n", err.Error()) @@ -298,6 +307,7 @@ ex) loxicmd create lb 192.168.0.200 --tcp=80:32015 --endpoints=10.212.0.1:1,10.2 createLbCmd.Flags().BoolVarP(&o.Detach, "detachEP", "", false, "Detach endpoints from the load balancer rule") createLbCmd.Flags().StringVarP(&o.Security, "security", "", o.Security, "Security mode for load balancer rule") createLbCmd.Flags().StringVarP(&o.Host, "host", "", o.Host, "Ingress Host URL Path") + createLbCmd.Flags().StringSliceVar(&o.AllowedSources, "sources", o.AllowedSources, "Allowed sources for this rule as ''") return createLbCmd } diff --git a/cmd/get/type.go b/cmd/get/type.go index 94b2a12..82b185c 100644 --- a/cmd/get/type.go +++ b/cmd/get/type.go @@ -18,7 +18,7 @@ package get var ( CONNTRACK_TITLE = []string{"destIP", "srcIP", "dPort", "sPort", "proto", "state", "act", "packets", "bytes"} LOADBALANCER_TITLE = []string{"Ext IP", "Port", "Proto", "Name", "Mark", "Sel", "Mode", "# of Endpoints", "Monitor"} - LOADBALANCER_WIDE_TITLE = []string{"Ext IP", "Sec IPs", "Host", "Port", "Proto", "Name", "Mark", "Sel", "Mode", "Endpoint", "EPort", "Weight", "State", "Counters"} + LOADBALANCER_WIDE_TITLE = []string{"Ext IP", "Sec IPs", "Sources", "Host", "Port", "Proto", "Name", "Mark", "Sel", "Mode", "Endpoint", "EPort", "Weight", "State", "Counters"} SESSION_TITLE = []string{"ident", "session IP"} SESSION_WIDE_TITLE = []string{"ident", "session IP", "access Network Tunnel", "core Network Tunnel"} PORT_WIDE_TITLE = []string{"index", "portname", "MAC", "link/state", "mtu", "isActive/bpf\nPort type", "Statistics", "L3Info", "L2Info", "Sync"} diff --git a/pkg/api/loadBalancer.go b/pkg/api/loadBalancer.go index b56270d..6cc7ac9 100644 --- a/pkg/api/loadBalancer.go +++ b/pkg/api/loadBalancer.go @@ -36,25 +36,26 @@ type LbRuleModGet struct { type LoadBalancerModel struct { Service LoadBalancerService `json:"serviceArguments" yaml:"serviceArguments"` SecondaryIPs []LoadBalancerSecIp `json:"secondaryIPs" yaml:"secondaryIPs"` + SrcIPs []LbAllowedSrcIPArg `json:"allowedSources" yaml:"allowedSources"` Endpoints []LoadBalancerEndpoint `json:"endpoints" yaml:"endpoints"` } type LoadBalancerService struct { - ExternalIP string `json:"externalIP" yaml:"externalIP"` - Port uint16 `json:"port" yaml:"port" ` - Protocol string `json:"protocol" yaml:"protocol"` - Sel EpSelect `json:"sel" yaml:"sel"` - Mode LbMode `json:"mode" yaml:"mode"` - BGP bool `json:"BGP" yaml:"BGP"` - Monitor bool `json:"Monitor" yaml:"Monitor"` - Timeout uint32 `json:"inactiveTimeOut" yaml:"inactiveTimeOut"` - Block uint32 `json:"block" yaml:"block"` - Managed bool `json:"managed,omitempty" yaml:"managed"` - Name string `json:"name,omitempty" yaml:"name"` + ExternalIP string `json:"externalIP" yaml:"externalIP"` + Port uint16 `json:"port" yaml:"port" ` + Protocol string `json:"protocol" yaml:"protocol"` + Sel EpSelect `json:"sel" yaml:"sel"` + Mode LbMode `json:"mode" yaml:"mode"` + BGP bool `json:"BGP" yaml:"BGP"` + Monitor bool `json:"Monitor" yaml:"Monitor"` + Timeout uint32 `json:"inactiveTimeOut" yaml:"inactiveTimeOut"` + Block uint32 `json:"block" yaml:"block"` + Managed bool `json:"managed,omitempty" yaml:"managed"` + Name string `json:"name,omitempty" yaml:"name"` Snat bool `json:"snat,omitempty"` Oper LbOP `json:"oper,omitempty"` Security LbSec `json:"security,omitempty" yaml:"security"` - Host string `json:"host,omitempty" yaml:"path"` + Host string `json:"host,omitempty" yaml:"path"` } type LoadBalancerEndpoint struct { @@ -69,6 +70,11 @@ type LoadBalancerSecIp struct { SecondaryIP string `json:"secondaryIP" yaml:"secondaryIP"` } +type LbAllowedSrcIPArg struct { + // Prefix - Allowed Prefix + Prefix string `json:"prefix" yaml:"prefix"` +} + type ConfigurationLBFile struct { TypeMeta `yaml:",inline"` ObjectMeta `yaml:"metadata,omitempty"`