Skip to content

Fix iptables comments ports format #8

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Jan 17, 2020
Merged

Fix iptables comments ports format #8

merged 1 commit into from
Jan 17, 2020

Conversation

@zaharidichev
Copy link
Member

@zaharidichev zaharidichev commented Jan 17, 2020

The fact that the comment was containing angle brackets caused the ip tables command to fail when used with netns in turn causing the linkerd cni plugin to not work properly. This fixes that problem.

This fails with 2020/01/17 14:24:06 < Bad argument 4191]/1579271046'`

Command: 
./linkerd-cni --incoming-proxy-port "4143" --outgoing-proxy-port "4140" --proxy-uid "2102" --inbound-ports-to-ignore 4190,4191 --outbound-ports-to-ignore "443" --netns /proc/5850/ns/net
Resulting iptables cmd:
nsenter --net=/proc/5850/ns/net iptables -t nat -A PROXY_INIT_REDIRECT -p tcp --match multiport --dports 4190,4191 -j RETURN -m comment --comment proxy-init/ignore-port-[4190 4191]/1579271046

This does not:

Command: 
./linkerd2-proxy-init-2 --incoming-proxy-port "4143" --outgoing-proxy-port "4140" --proxy-uid "2102" --inbound-ports-to-ignore 4190,4191 --outbound-ports-to-ignore "443"
Resulting iptables cmd:
iptables -t nat -A PROXY_INIT_REDIRECT -p tcp --match multiport --dports 4190,4191 -j RETURN -m comment --comment proxy-init/ignore-port-[4190 4191]/1579271046

Now they both work fine

Signed-off-by: Zahari Dichev [email protected]

@adleong
Copy link
Member

adleong commented Jan 17, 2020

Just so I understand, the comment would now look like

--comment proxy-init/ignore-port-4190,4191/1579271046

right?

@zaharidichev
Copy link
Member Author

zaharidichev commented Jan 17, 2020

@adleong after the fix, yes

@zaharidichev zaharidichev merged commit 5225aa5 into master Jan 17, 2020
@olix0r olix0r deleted the zd/fix-comment-formatting branch August 18, 2022 00:04
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@olix0r olix0r olix0r approved these changes

@alpeb alpeb alpeb approved these changes

@adleong adleong adleong approved these changes

@cpretzer cpretzer Awaiting requested review from cpretzer

@ihcsim ihcsim Awaiting requested review from ihcsim

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@zaharidichev @adleong @olix0r @alpeb