21623048013

Committed 03 Feb 2026 08:37AM UTC coverage: 23.043%. Remained the same

Build # 21623048013

Build Type

push

github

Committed by

web-flow

Commit Message

fix typo (#6253)

Signed-off-by: Mengxin Liu <liumengxinfly@gmail.com>
Co-authored-by: Cursor <cursoragent@cursor.com>

Coverage Stats

12 of 152 new or added lines in 51 files covered. (7.89%)

1 existing line in 1 file now uncovered.

12411 of 53860 relevant lines covered (23.04%)

0.27 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

0.0

/pkg/tproxy/tproxy_tcp_linux.go

// This code below is referenced at https://github.com/Asphaltt/go-tproxy/blob/master/tproxy_tcp.go
// Because the code needs to be customized somewhere, the project is not directly imported
package tproxy

import (
        "errors"
        "fmt"
        "net"
        "os"
        "strings"
        "syscall"

        "k8s.io/klog/v2"
)

// Listener describes a TCP Listener
// with the Linux IP_TRANSPARENT option defined
// on the listening socket
type Listener struct {
        base net.Listener
}

// Accept waits for and returns
// the next connection to the listener.
//
// This command wraps the AcceptTProxy
// method of the Listener
func (listener *Listener) Accept() (net.Conn, error) {
        return listener.AcceptTProxy()
}

// AcceptTProxy will accept a TCP connection
// and wrap it to a TProxy connection to provide
// TProxy functionality
func (listener *Listener) AcceptTProxy() (*Conn, error) {
        tcpConn, err := listener.base.(*net.TCPListener).AcceptTCP()
        if err != nil {
                klog.Error(err)
                return nil, err
        }

        return &Conn{TCPConn: tcpConn}, nil
}

// Addr returns the network address
// the listener is accepting connections
// from
func (listener *Listener) Addr() net.Addr {
        return listener.base.Addr()
}

// Close will close the listener from accepting
// any more connections. Any blocked connections
// will unblock and close
func (listener *Listener) Close() error {
        return listener.base.Close()
}

// ListenTCP will construct a new TCP listener
// socket with the Linux IP_TRANSPARENT option
// set on the underlying socket
func ListenTCP(network string, laddr *net.TCPAddr) (net.Listener, error) {
        return listenTCP("", network, laddr)
}

func listenTCP(device, network string, laddr *net.TCPAddr) (net.Listener, error) {
        listener, err := net.ListenTCP(network, laddr)
        if err != nil {
                klog.Error(err)
                return nil, err
        }

        fileDescriptorSource, err := listener.File()
        if err != nil {
                return nil, &net.OpError{Op: "listen", Net: network, Source: nil, Addr: laddr, Err: fmt.Errorf("get file descriptor: %w", err)}
        }

        defer func() {
                if err := fileDescriptorSource.Close(); err != nil {
                        klog.Errorf("fileDescriptorSource %v Close err: %v", fileDescriptorSource, err)
                }
        }()

        fd := int(fileDescriptorSource.Fd()) // #nosec G115
        if device != "" {
                if err = syscall.BindToDevice(fd, device); err != nil {
                        return nil, &net.OpError{Op: "listen", Net: network, Source: nil, Addr: laddr, Err: fmt.Errorf("set socket option: SO_BINDTODEVICE(%s): %w", device, err)}
                }
        }

        if err = syscall.SetsockoptInt(fd, syscall.SOL_IP, syscall.IP_TRANSPARENT, 1); err != nil {
                return nil, &net.OpError{Op: "listen", Net: network, Source: nil, Addr: laddr, Err: fmt.Errorf("set socket option: IP_TRANSPARENT: %w", err)}
        }

        return &Listener{listener}, nil
}

// Conn describes a connection
// accepted by the TProxy listener.
//
// It is simply a TCP connection with
// the ability to dial a connection to
// the original destination while assuming
// the IP address of the client
type Conn struct {
        *net.TCPConn
}

// tcpAddrToSocketAddr converts a TCPAddr into a Sockaddr for connecting and binding sockets.
func tcpAddrToSocketAddr(addr *net.TCPAddr) (syscall.Sockaddr, error) {
        switch {
        case addr.IP.To4() != nil:
                ip := [4]byte{}
                copy(ip[:], addr.IP.To4())

                return &syscall.SockaddrInet4{Addr: ip, Port: addr.Port}, nil

        default:
                ip := [16]byte{}
                copy(ip[:], addr.IP.To16())

                return &syscall.SockaddrInet6{Addr: ip, Port: addr.Port}, nil
        }
}

// tcpAddrFamily will attempt to work
// out the address family based on the
// network and TCP addresses
func tcpAddrFamily(net string, laddr, raddr *net.TCPAddr) int {
        switch net[len(net)-1] {
        case '4':
                return syscall.AF_INET
        case '6':
                return syscall.AF_INET6
        }

        if (laddr == nil || laddr.IP.To4() != nil) &&
                (raddr == nil || laddr.IP.To4() != nil) {
                return syscall.AF_INET
        }
        return syscall.AF_INET6
}

// DialTCP will open a
// TCP connection to the specified destination
// with the specified local address.
func DialTCP(laddr, raddr *net.TCPAddr, isnonblocking bool) (*net.TCPConn, error) {
        return dialTCP("", laddr, raddr, false, isnonblocking)
}

func dialTCP(device string, laddr, raddr *net.TCPAddr, dontAssumeRemote, isnonblocking bool) (*net.TCPConn, error) {
        if laddr == nil || raddr == nil {
                return nil, &net.OpError{Op: "dial", Err: errors.New("empty local address or remote address")}
        }

        remoteSocketAddress, err := tcpAddrToSocketAddr(raddr)
        if err != nil {
                klog.Error(err)
                return nil, &net.OpError{Op: "dial", Err: fmt.Errorf("build destination socket address: %w", err)}
        }

        localSocketAddress, err := tcpAddrToSocketAddr(laddr)
        if err != nil {
                klog.Error(err)
                return nil, &net.OpError{Op: "dial", Err: fmt.Errorf("build local socket address: %w", err)}
        }

        fileDescriptor, err := syscall.Socket(tcpAddrFamily("tcp", raddr, laddr), syscall.SOCK_STREAM, syscall.IPPROTO_TCP)
        if err != nil {
                klog.Error(err)
                return nil, &net.OpError{Op: "dial", Err: fmt.Errorf("socket open: %w", err)}
        }

        if device != "" {
                if err = syscall.BindToDevice(fileDescriptor, device); err != nil {
                        klog.Error(err)
                        return nil, &net.OpError{Op: "dial", Err: fmt.Errorf("set socket option: SO_BINDTODEVICE(%s): %w", device, err)}
                }
        }

        if err = syscall.SetsockoptInt(fileDescriptor, syscall.SOL_SOCKET, syscall.SO_REUSEADDR, 1); err != nil {
                if err := syscall.Close(fileDescriptor); err != nil {
                        klog.Errorf("fileDescriptor %v Close err: %v", fileDescriptor, err)
                }
                klog.Error(err)
                return nil, &net.OpError{Op: "dial", Err: fmt.Errorf("set socket option: SO_REUSEADDR: %w", err)}
        }

        if err = syscall.SetsockoptInt(fileDescriptor, syscall.SOL_IP, syscall.IP_TRANSPARENT, 1); err != nil {
                if err := syscall.Close(fileDescriptor); err != nil {
                        klog.Errorf("fileDescriptor %v Close err: %v", fileDescriptor, err)
                }
                klog.Error(err)
                return nil, &net.OpError{Op: "dial", Err: fmt.Errorf("set socket option: IP_TRANSPARENT: %w", err)}
        }

        if err = syscall.SetNonblock(fileDescriptor, isnonblocking); err != nil {
                if err := syscall.Close(fileDescriptor); err != nil {
                        klog.Errorf("fileDescriptor %v Close err: %v", fileDescriptor, err)
                }
                klog.Error(err)
                return nil, &net.OpError{Op: "dial", Err: fmt.Errorf("set socket option: SO_NONBLOCK: %w", err)}
        }

        if !dontAssumeRemote {
                if err = syscall.Bind(fileDescriptor, localSocketAddress); err != nil {
                        if err := syscall.Close(fileDescriptor); err != nil {
                                klog.Errorf("fileDescriptor %v Close err: %v", fileDescriptor, err)
                        }
                        klog.Error(err)
                        return nil, &net.OpError{Op: "dial", Err: fmt.Errorf("socket bind: %w", err)}
                }
        }

        if err = syscall.Connect(fileDescriptor, remoteSocketAddress); err != nil && !strings.Contains(err.Error(), "operation now in progress") {
                if err := syscall.Close(fileDescriptor); err != nil {
                        klog.Errorf("fileDescriptor %v Close err: %v", fileDescriptor, err)
                }
                klog.Error(err)
                return nil, &net.OpError{Op: "dial", Err: fmt.Errorf("socket connect: %w", err)}
        }

        fdFile := os.NewFile(uintptr(fileDescriptor), "net-tcp-dial-"+raddr.String())
        defer func() {
                if err := fdFile.Close(); err != nil {
                        klog.Errorf("fdFile %v Close err: %v", fdFile, err)
                }
        }()

        remoteConn, err := net.FileConn(fdFile)
        if err != nil {
                if err := syscall.Close(fileDescriptor); err != nil {
                        klog.Errorf("fileDescriptor %v Close err: %v", fileDescriptor, err)
                }
                klog.Error(err)
                return nil, &net.OpError{Op: "dial", Err: fmt.Errorf("convert file descriptor to connection: %w", err)}
        }

        return remoteConn.(*net.TCPConn), nil
}

1	// This code below is referenced at https://github.com/Asphaltt/go-tproxy/blob/master/tproxy_tcp.go
2	// Because the code needs to be customized somewhere, the project is not directly imported
3	package tproxy
4
5	import (
6	"errors"
7	"fmt"
8	"net"
9	"os"
10	"strings"
11	"syscall"
12
13	"k8s.io/klog/v2"
14	)
15
16	// Listener describes a TCP Listener
17	// with the Linux IP_TRANSPARENT option defined
18	// on the listening socket
19	type Listener struct {
20	base net.Listener
21	}
22
23	// Accept waits for and returns
24	// the next connection to the listener.
25	//
26	// This command wraps the AcceptTProxy
27	// method of the Listener
28	func (listener *Listener) Accept() (net.Conn, error) {	×
29	return listener.AcceptTProxy()	×
30	}	×
31
32	// AcceptTProxy will accept a TCP connection
33	// and wrap it to a TProxy connection to provide
34	// TProxy functionality
35	func (listener Listener) AcceptTProxy() (Conn, error) {	×
36	tcpConn, err := listener.base.(*net.TCPListener).AcceptTCP()	×
37	if err != nil {	×
38	klog.Error(err)	×
39	return nil, err	×
40	}	×
41
42	return &Conn{TCPConn: tcpConn}, nil	×
43	}
44
45	// Addr returns the network address
46	// the listener is accepting connections
47	// from
48	func (listener *Listener) Addr() net.Addr {	×
49	return listener.base.Addr()	×
50	}	×
51
52	// Close will close the listener from accepting
53	// any more connections. Any blocked connections
54	// will unblock and close
55	func (listener *Listener) Close() error {	×
56	return listener.base.Close()	×
57	}	×
58
59	// ListenTCP will construct a new TCP listener
60	// socket with the Linux IP_TRANSPARENT option
61	// set on the underlying socket
62	func ListenTCP(network string, laddr *net.TCPAddr) (net.Listener, error) {	×
63	return listenTCP("", network, laddr)	×
64	}	×
65
66	func listenTCP(device, network string, laddr *net.TCPAddr) (net.Listener, error) {	×
67	listener, err := net.ListenTCP(network, laddr)	×
68	if err != nil {	×
69	klog.Error(err)	×
70	return nil, err	×
71	}	×
72
73	fileDescriptorSource, err := listener.File()	×
74	if err != nil {	×
75	return nil, &net.OpError{Op: "listen", Net: network, Source: nil, Addr: laddr, Err: fmt.Errorf("get file descriptor: %w", err)}	×
76	}	×
77
78	defer func() {	×
79	if err := fileDescriptorSource.Close(); err != nil {	×
80	klog.Errorf("fileDescriptorSource %v Close err: %v", fileDescriptorSource, err)	×
81	}	×
82	}()
83
84	fd := int(fileDescriptorSource.Fd()) // #nosec G115	×
85	if device != "" {	×
86	if err = syscall.BindToDevice(fd, device); err != nil {	×
87	return nil, &net.OpError{Op: "listen", Net: network, Source: nil, Addr: laddr, Err: fmt.Errorf("set socket option: SO_BINDTODEVICE(%s): %w", device, err)}	×
88	}	×
89	}
90
91	if err = syscall.SetsockoptInt(fd, syscall.SOL_IP, syscall.IP_TRANSPARENT, 1); err != nil {	×
92	return nil, &net.OpError{Op: "listen", Net: network, Source: nil, Addr: laddr, Err: fmt.Errorf("set socket option: IP_TRANSPARENT: %w", err)}	×
93	}	×
94
95	return &Listener{listener}, nil	×
96	}
97
98	// Conn describes a connection
99	// accepted by the TProxy listener.
100	//
101	// It is simply a TCP connection with
102	// the ability to dial a connection to
103	// the original destination while assuming
104	// the IP address of the client
105	type Conn struct {
106	*net.TCPConn
107	}
108
109	// tcpAddrToSocketAddr converts a TCPAddr into a Sockaddr for connecting and binding sockets.
UNCOV 110	func tcpAddrToSocketAddr(addr *net.TCPAddr) (syscall.Sockaddr, error) {	×
111	switch {	×
112	case addr.IP.To4() != nil:	×
113	ip := [4]byte{}	×
114	copy(ip[:], addr.IP.To4())	×
115		×
116	return &syscall.SockaddrInet4{Addr: ip, Port: addr.Port}, nil	×
117
118	default:	×
119	ip := [16]byte{}	×
120	copy(ip[:], addr.IP.To16())	×
121		×
122	return &syscall.SockaddrInet6{Addr: ip, Port: addr.Port}, nil	×
123	}
124	}
125
126	// tcpAddrFamily will attempt to work
127	// out the address family based on the
128	// network and TCP addresses
129	func tcpAddrFamily(net string, laddr, raddr *net.TCPAddr) int {	×
130	switch net[len(net)-1] {	×
131	case '4':	×
132	return syscall.AF_INET	×
133	case '6':	×
134	return syscall.AF_INET6	×
135	}
136
137	if (laddr == nil \|\| laddr.IP.To4() != nil) &&	×
138	(raddr == nil \|\| laddr.IP.To4() != nil) {	×
139	return syscall.AF_INET	×
140	}	×
141	return syscall.AF_INET6	×
142	}
143
144	// DialTCP will open a
145	// TCP connection to the specified destination
146	// with the specified local address.
147	func DialTCP(laddr, raddr net.TCPAddr, isnonblocking bool) (net.TCPConn, error) {	×
148	return dialTCP("", laddr, raddr, false, isnonblocking)	×
149	}	×
150
151	func dialTCP(device string, laddr, raddr net.TCPAddr, dontAssumeRemote, isnonblocking bool) (net.TCPConn, error) {	×
152	if laddr == nil \|\| raddr == nil {	×
153	return nil, &net.OpError{Op: "dial", Err: errors.New("empty local address or remote address")}	×
154	}	×
155
156	remoteSocketAddress, err := tcpAddrToSocketAddr(raddr)	×
157	if err != nil {	×
158	klog.Error(err)	×
159	return nil, &net.OpError{Op: "dial", Err: fmt.Errorf("build destination socket address: %w", err)}	×
160	}	×
161
162	localSocketAddress, err := tcpAddrToSocketAddr(laddr)	×
163	if err != nil {	×
164	klog.Error(err)	×
165	return nil, &net.OpError{Op: "dial", Err: fmt.Errorf("build local socket address: %w", err)}	×
166	}	×
167
168	fileDescriptor, err := syscall.Socket(tcpAddrFamily("tcp", raddr, laddr), syscall.SOCK_STREAM, syscall.IPPROTO_TCP)	×
169	if err != nil {	×
170	klog.Error(err)	×
171	return nil, &net.OpError{Op: "dial", Err: fmt.Errorf("socket open: %w", err)}	×
172	}	×
173
174	if device != "" {	×
175	if err = syscall.BindToDevice(fileDescriptor, device); err != nil {	×
176	klog.Error(err)	×
177	return nil, &net.OpError{Op: "dial", Err: fmt.Errorf("set socket option: SO_BINDTODEVICE(%s): %w", device, err)}	×
178	}	×
179	}
180
181	if err = syscall.SetsockoptInt(fileDescriptor, syscall.SOL_SOCKET, syscall.SO_REUSEADDR, 1); err != nil {	×
182	if err := syscall.Close(fileDescriptor); err != nil {	×
183	klog.Errorf("fileDescriptor %v Close err: %v", fileDescriptor, err)	×
184	}	×
185	klog.Error(err)	×
186	return nil, &net.OpError{Op: "dial", Err: fmt.Errorf("set socket option: SO_REUSEADDR: %w", err)}	×
187	}
188
189	if err = syscall.SetsockoptInt(fileDescriptor, syscall.SOL_IP, syscall.IP_TRANSPARENT, 1); err != nil {	×
190	if err := syscall.Close(fileDescriptor); err != nil {	×
191	klog.Errorf("fileDescriptor %v Close err: %v", fileDescriptor, err)	×
192	}	×
193	klog.Error(err)	×
194	return nil, &net.OpError{Op: "dial", Err: fmt.Errorf("set socket option: IP_TRANSPARENT: %w", err)}	×
195	}
196
197	if err = syscall.SetNonblock(fileDescriptor, isnonblocking); err != nil {	×
198	if err := syscall.Close(fileDescriptor); err != nil {	×
199	klog.Errorf("fileDescriptor %v Close err: %v", fileDescriptor, err)	×
200	}	×
201	klog.Error(err)	×
202	return nil, &net.OpError{Op: "dial", Err: fmt.Errorf("set socket option: SO_NONBLOCK: %w", err)}	×
203	}
204
205	if !dontAssumeRemote {	×
206	if err = syscall.Bind(fileDescriptor, localSocketAddress); err != nil {	×
207	if err := syscall.Close(fileDescriptor); err != nil {	×
208	klog.Errorf("fileDescriptor %v Close err: %v", fileDescriptor, err)	×
209	}	×
210	klog.Error(err)	×
211	return nil, &net.OpError{Op: "dial", Err: fmt.Errorf("socket bind: %w", err)}	×
212	}
213	}
214
215	if err = syscall.Connect(fileDescriptor, remoteSocketAddress); err != nil && !strings.Contains(err.Error(), "operation now in progress") {	×
216	if err := syscall.Close(fileDescriptor); err != nil {	×
217	klog.Errorf("fileDescriptor %v Close err: %v", fileDescriptor, err)	×
218	}	×
219	klog.Error(err)	×
220	return nil, &net.OpError{Op: "dial", Err: fmt.Errorf("socket connect: %w", err)}	×
221	}
222
223	fdFile := os.NewFile(uintptr(fileDescriptor), "net-tcp-dial-"+raddr.String())	×
224	defer func() {	×
225	if err := fdFile.Close(); err != nil {	×
226	klog.Errorf("fdFile %v Close err: %v", fdFile, err)	×
227	}	×
228	}()
229
230	remoteConn, err := net.FileConn(fdFile)	×
231	if err != nil {	×
232	if err := syscall.Close(fileDescriptor); err != nil {	×
233	klog.Errorf("fileDescriptor %v Close err: %v", fileDescriptor, err)	×
234	}	×
235	klog.Error(err)	×
236	return nil, &net.OpError{Op: "dial", Err: fmt.Errorf("convert file descriptor to connection: %w", err)}	×
237	}
238
239	return remoteConn.(*net.TCPConn), nil	×
240	}

kubeovn / kube-ovn / 21623048013

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source File
Press 'n' to go to next uncovered line, 'b' for previous