22259049945

Committed 21 Feb 2026 03:07PM UTC coverage: 22.904% (+0.05%) from 22.85%

Build # 22259049945

Build Type

push

github

Committed by

oilbeater

Commit Message

fix lint issues

Signed-off-by: Mengxin Liu <liumengxinfly@gmail.com>

Coverage Stats

1 of 10 new or added lines in 5 files covered. (10.0%)

2 existing lines in 1 file now uncovered.

12373 of 54020 relevant lines covered (22.9%)

0.27 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

0.0

/pkg/tproxy/tproxy_tcp_linux.go

// This code below is referenced at https://github.com/Asphaltt/go-tproxy/blob/master/tproxy_tcp.go
// Because the code needs to be customized somewhere, the project is not directly imported
package tproxy

import (
        "errors"
        "fmt"
        "net"
        "os"
        "strings"
        "syscall"

        "k8s.io/klog/v2"
)

// Listener describes a TCP Listener
// with the Linux IP_TRANSPARENT option defined
// on the listening socket
type Listener struct {
        base net.Listener
}

// Accept waits for and returns
// the next connection to the listener.
//
// This command wraps the AcceptTProxy
// method of the Listener
func (listener *Listener) Accept() (net.Conn, error) {
        return listener.AcceptTProxy()
}

// AcceptTProxy will accept a TCP connection
// and wrap it to a TProxy connection to provide
// TProxy functionality
func (listener *Listener) AcceptTProxy() (*Conn, error) {
        tcpConn, err := listener.base.(*net.TCPListener).AcceptTCP()
        if err != nil {
                klog.Error(err)
                return nil, err
        }

        return &Conn{TCPConn: tcpConn}, nil
}

// Addr returns the network address
// the listener is accepting connections
// from
func (listener *Listener) Addr() net.Addr {
        return listener.base.Addr()
}

// Close will close the listener from accepting
// any more connections. Any blocked connections
// will unblock and close
func (listener *Listener) Close() error {
        return listener.base.Close()
}

// ListenTCP will construct a new TCP listener
// socket with the Linux IP_TRANSPARENT option
// set on the underlying socket
func ListenTCP(network string, laddr *net.TCPAddr) (net.Listener, error) {
        return listenTCP("", network, laddr)
}

func listenTCP(device, network string, laddr *net.TCPAddr) (net.Listener, error) {
        listener, err := net.ListenTCP(network, laddr)
        if err != nil {
                klog.Error(err)
                return nil, err
        }

        fileDescriptorSource, err := listener.File()
        if err != nil {
                return nil, &net.OpError{Op: "listen", Net: network, Source: nil, Addr: laddr, Err: fmt.Errorf("get file descriptor: %w", err)}
        }

        defer func() {
                if err := fileDescriptorSource.Close(); err != nil {
                        klog.Errorf("fileDescriptorSource %v Close err: %v", fileDescriptorSource, err)
                }
        }()

        fd := int(fileDescriptorSource.Fd()) // #nosec G115
        if device != "" {
                if err = syscall.BindToDevice(fd, device); err != nil {
                        return nil, &net.OpError{Op: "listen", Net: network, Source: nil, Addr: laddr, Err: fmt.Errorf("set socket option: SO_BINDTODEVICE(%s): %w", device, err)}
                }
        }

        if err = syscall.SetsockoptInt(fd, syscall.SOL_IP, syscall.IP_TRANSPARENT, 1); err != nil {
                return nil, &net.OpError{Op: "listen", Net: network, Source: nil, Addr: laddr, Err: fmt.Errorf("set socket option: IP_TRANSPARENT: %w", err)}
        }

        return &Listener{listener}, nil
}

// Conn describes a connection
// accepted by the TProxy listener.
//
// It is simply a TCP connection with
// the ability to dial a connection to
// the original destination while assuming
// the IP address of the client
type Conn struct {
        *net.TCPConn
}

// tcpAddToSockerAddr will convert a TCPAddr
// into a Sockaddr that may be used when
// connecting and binding sockets
func tcpAddrToSocketAddr(addr *net.TCPAddr) (syscall.Sockaddr, error) {
        switch {
        case addr.IP.To4() != nil:
                ip := [4]byte{}
                copy(ip[:], addr.IP.To4())

                return &syscall.SockaddrInet4{Addr: ip, Port: addr.Port}, nil

        default:
                ip := [16]byte{}
                copy(ip[:], addr.IP.To16())

                return &syscall.SockaddrInet6{Addr: ip, Port: addr.Port}, nil
        }
}

// tcpAddrFamily will attempt to work
// out the address family based on the
// network and TCP addresses
func tcpAddrFamily(net string, laddr, raddr *net.TCPAddr) int {
        switch net[len(net)-1] {
        case '4':
                return syscall.AF_INET
        case '6':
                return syscall.AF_INET6
        }

        if (laddr == nil || laddr.IP.To4() != nil) &&
                (raddr == nil || laddr.IP.To4() != nil) {
                return syscall.AF_INET
        }
        return syscall.AF_INET6
}

// DialTCP will open a
// TCP connection to the specified destination
// with the specified local address.
func DialTCP(laddr, raddr *net.TCPAddr, isnonblocking bool) (*net.TCPConn, error) {
        return dialTCP("", laddr, raddr, false, isnonblocking)
}

func dialTCP(device string, laddr, raddr *net.TCPAddr, dontAssumeRemote, isnonblocking bool) (*net.TCPConn, error) {
        if laddr == nil || raddr == nil {
                return nil, &net.OpError{Op: "dial", Err: errors.New("empty local address or remote address")}
        }

        remoteSocketAddress, err := tcpAddrToSocketAddr(raddr)
        if err != nil {
                klog.Error(err)
                return nil, &net.OpError{Op: "dial", Err: fmt.Errorf("build destination socket address: %w", err)}
        }

        localSocketAddress, err := tcpAddrToSocketAddr(laddr)
        if err != nil {
                klog.Error(err)
                return nil, &net.OpError{Op: "dial", Err: fmt.Errorf("build local socket address: %w", err)}
        }

        fileDescriptor, err := syscall.Socket(tcpAddrFamily("tcp", raddr, laddr), syscall.SOCK_STREAM, syscall.IPPROTO_TCP)
        if err != nil {
                klog.Error(err)
                return nil, &net.OpError{Op: "dial", Err: fmt.Errorf("socket open: %w", err)}
        }

        if device != "" {
                if err = syscall.BindToDevice(fileDescriptor, device); err != nil {
                        klog.Error(err)
                        return nil, &net.OpError{Op: "dial", Err: fmt.Errorf("set socket option: SO_BINDTODEVICE(%s): %w", device, err)}
                }
        }

        if err = syscall.SetsockoptInt(fileDescriptor, syscall.SOL_SOCKET, syscall.SO_REUSEADDR, 1); err != nil {
                if err := syscall.Close(fileDescriptor); err != nil {
                        klog.Errorf("fileDescriptor %v Close err: %v", fileDescriptor, err)
                }
                klog.Error(err)
                return nil, &net.OpError{Op: "dial", Err: fmt.Errorf("set socket option: SO_REUSEADDR: %w", err)}
        }

        if err = syscall.SetsockoptInt(fileDescriptor, syscall.SOL_IP, syscall.IP_TRANSPARENT, 1); err != nil {
                if err := syscall.Close(fileDescriptor); err != nil {
                        klog.Errorf("fileDescriptor %v Close err: %v", fileDescriptor, err)
                }
                klog.Error(err)
                return nil, &net.OpError{Op: "dial", Err: fmt.Errorf("set socket option: IP_TRANSPARENT: %w", err)}
        }

        if err = syscall.SetNonblock(fileDescriptor, isnonblocking); err != nil {
                if err := syscall.Close(fileDescriptor); err != nil {
                        klog.Errorf("fileDescriptor %v Close err: %v", fileDescriptor, err)
                }
                klog.Error(err)
                return nil, &net.OpError{Op: "dial", Err: fmt.Errorf("set socket option: SO_NONBLOCK: %w", err)}
        }

        if !dontAssumeRemote {
                if err = syscall.Bind(fileDescriptor, localSocketAddress); err != nil {
                        if err := syscall.Close(fileDescriptor); err != nil {
                                klog.Errorf("fileDescriptor %v Close err: %v", fileDescriptor, err)
                        }
                        klog.Error(err)
                        return nil, &net.OpError{Op: "dial", Err: fmt.Errorf("socket bind: %w", err)}
                }
        }

        if err = syscall.Connect(fileDescriptor, remoteSocketAddress); err != nil && !strings.Contains(err.Error(), "operation now in progress") {
                if err := syscall.Close(fileDescriptor); err != nil {
                        klog.Errorf("fileDescriptor %v Close err: %v", fileDescriptor, err)
                }
                klog.Error(err)
                return nil, &net.OpError{Op: "dial", Err: fmt.Errorf("socket connect: %w", err)}
        }

        fdFile := os.NewFile(uintptr(fileDescriptor), "net-tcp-dial-"+raddr.String()) // #nosec G115
        defer func() {
                if err := fdFile.Close(); err != nil {
                        klog.Errorf("fdFile %v Close err: %v", fdFile, err)
                }
        }()

        remoteConn, err := net.FileConn(fdFile)
        if err != nil {
                if err := syscall.Close(fileDescriptor); err != nil {
                        klog.Errorf("fileDescriptor %v Close err: %v", fileDescriptor, err)
                }
                klog.Error(err)
                return nil, &net.OpError{Op: "dial", Err: fmt.Errorf("convert file descriptor to connection: %w", err)}
        }

        return remoteConn.(*net.TCPConn), nil
}

1	// This code below is referenced at https://github.com/Asphaltt/go-tproxy/blob/master/tproxy_tcp.go
2	// Because the code needs to be customized somewhere, the project is not directly imported
3	package tproxy
4
5	import (
6	"errors"
7	"fmt"
8	"net"
9	"os"
10	"strings"
11	"syscall"
12
13	"k8s.io/klog/v2"
14	)
15
16	// Listener describes a TCP Listener
17	// with the Linux IP_TRANSPARENT option defined
18	// on the listening socket
19	type Listener struct {
20	base net.Listener
21	}
22
23	// Accept waits for and returns
24	// the next connection to the listener.
25	//
26	// This command wraps the AcceptTProxy
27	// method of the Listener
28	func (listener *Listener) Accept() (net.Conn, error) {	×
29	return listener.AcceptTProxy()	×
30	}	×
31
32	// AcceptTProxy will accept a TCP connection
33	// and wrap it to a TProxy connection to provide
34	// TProxy functionality
35	func (listener Listener) AcceptTProxy() (Conn, error) {	×
36	tcpConn, err := listener.base.(*net.TCPListener).AcceptTCP()	×
37	if err != nil {	×
38	klog.Error(err)	×
39	return nil, err	×
40	}	×
41
42	return &Conn{TCPConn: tcpConn}, nil	×
43	}
44
45	// Addr returns the network address
46	// the listener is accepting connections
47	// from
48	func (listener *Listener) Addr() net.Addr {	×
49	return listener.base.Addr()	×
50	}	×
51
52	// Close will close the listener from accepting
53	// any more connections. Any blocked connections
54	// will unblock and close
55	func (listener *Listener) Close() error {	×
56	return listener.base.Close()	×
57	}	×
58
59	// ListenTCP will construct a new TCP listener
60	// socket with the Linux IP_TRANSPARENT option
61	// set on the underlying socket
62	func ListenTCP(network string, laddr *net.TCPAddr) (net.Listener, error) {	×
63	return listenTCP("", network, laddr)	×
64	}	×
65
66	func listenTCP(device, network string, laddr *net.TCPAddr) (net.Listener, error) {	×
67	listener, err := net.ListenTCP(network, laddr)	×
68	if err != nil {	×
69	klog.Error(err)	×
70	return nil, err	×
71	}	×
72
73	fileDescriptorSource, err := listener.File()	×
74	if err != nil {	×
75	return nil, &net.OpError{Op: "listen", Net: network, Source: nil, Addr: laddr, Err: fmt.Errorf("get file descriptor: %w", err)}	×
76	}	×
77
78	defer func() {	×
79	if err := fileDescriptorSource.Close(); err != nil {	×
80	klog.Errorf("fileDescriptorSource %v Close err: %v", fileDescriptorSource, err)	×
81	}	×
82	}()
83
84	fd := int(fileDescriptorSource.Fd()) // #nosec G115	×
85	if device != "" {	×
86	if err = syscall.BindToDevice(fd, device); err != nil {	×
87	return nil, &net.OpError{Op: "listen", Net: network, Source: nil, Addr: laddr, Err: fmt.Errorf("set socket option: SO_BINDTODEVICE(%s): %w", device, err)}	×
88	}	×
89	}
90
91	if err = syscall.SetsockoptInt(fd, syscall.SOL_IP, syscall.IP_TRANSPARENT, 1); err != nil {	×
92	return nil, &net.OpError{Op: "listen", Net: network, Source: nil, Addr: laddr, Err: fmt.Errorf("set socket option: IP_TRANSPARENT: %w", err)}	×
93	}	×
94
95	return &Listener{listener}, nil	×
96	}
97
98	// Conn describes a connection
99	// accepted by the TProxy listener.
100	//
101	// It is simply a TCP connection with
102	// the ability to dial a connection to
103	// the original destination while assuming
104	// the IP address of the client
105	type Conn struct {
106	*net.TCPConn
107	}
108
109	// tcpAddToSockerAddr will convert a TCPAddr
110	// into a Sockaddr that may be used when
111	// connecting and binding sockets
112	func tcpAddrToSocketAddr(addr *net.TCPAddr) (syscall.Sockaddr, error) {	×
113	switch {	×
114	case addr.IP.To4() != nil:	×
115	ip := [4]byte{}	×
116	copy(ip[:], addr.IP.To4())	×
117		×
118	return &syscall.SockaddrInet4{Addr: ip, Port: addr.Port}, nil	×
119
120	default:	×
121	ip := [16]byte{}	×
122	copy(ip[:], addr.IP.To16())	×
123		×
124	return &syscall.SockaddrInet6{Addr: ip, Port: addr.Port}, nil	×
125	}
126	}
127
128	// tcpAddrFamily will attempt to work
129	// out the address family based on the
130	// network and TCP addresses
131	func tcpAddrFamily(net string, laddr, raddr *net.TCPAddr) int {	×
132	switch net[len(net)-1] {	×
133	case '4':	×
134	return syscall.AF_INET	×
135	case '6':	×
136	return syscall.AF_INET6	×
137	}
138
139	if (laddr == nil \|\| laddr.IP.To4() != nil) &&	×
140	(raddr == nil \|\| laddr.IP.To4() != nil) {	×
141	return syscall.AF_INET	×
142	}	×
143	return syscall.AF_INET6	×
144	}
145
146	// DialTCP will open a
147	// TCP connection to the specified destination
148	// with the specified local address.
149	func DialTCP(laddr, raddr net.TCPAddr, isnonblocking bool) (net.TCPConn, error) {	×
150	return dialTCP("", laddr, raddr, false, isnonblocking)	×
151	}	×
152
153	func dialTCP(device string, laddr, raddr net.TCPAddr, dontAssumeRemote, isnonblocking bool) (net.TCPConn, error) {	×
154	if laddr == nil \|\| raddr == nil {	×
155	return nil, &net.OpError{Op: "dial", Err: errors.New("empty local address or remote address")}	×
156	}	×
157
158	remoteSocketAddress, err := tcpAddrToSocketAddr(raddr)	×
159	if err != nil {	×
160	klog.Error(err)	×
161	return nil, &net.OpError{Op: "dial", Err: fmt.Errorf("build destination socket address: %w", err)}	×
162	}	×
163
164	localSocketAddress, err := tcpAddrToSocketAddr(laddr)	×
165	if err != nil {	×
166	klog.Error(err)	×
167	return nil, &net.OpError{Op: "dial", Err: fmt.Errorf("build local socket address: %w", err)}	×
168	}	×
169
170	fileDescriptor, err := syscall.Socket(tcpAddrFamily("tcp", raddr, laddr), syscall.SOCK_STREAM, syscall.IPPROTO_TCP)	×
171	if err != nil {	×
172	klog.Error(err)	×
173	return nil, &net.OpError{Op: "dial", Err: fmt.Errorf("socket open: %w", err)}	×
174	}	×
175
176	if device != "" {	×
177	if err = syscall.BindToDevice(fileDescriptor, device); err != nil {	×
178	klog.Error(err)	×
179	return nil, &net.OpError{Op: "dial", Err: fmt.Errorf("set socket option: SO_BINDTODEVICE(%s): %w", device, err)}	×
180	}	×
181	}
182
183	if err = syscall.SetsockoptInt(fileDescriptor, syscall.SOL_SOCKET, syscall.SO_REUSEADDR, 1); err != nil {	×
184	if err := syscall.Close(fileDescriptor); err != nil {	×
185	klog.Errorf("fileDescriptor %v Close err: %v", fileDescriptor, err)	×
186	}	×
187	klog.Error(err)	×
188	return nil, &net.OpError{Op: "dial", Err: fmt.Errorf("set socket option: SO_REUSEADDR: %w", err)}	×
189	}
190
191	if err = syscall.SetsockoptInt(fileDescriptor, syscall.SOL_IP, syscall.IP_TRANSPARENT, 1); err != nil {	×
192	if err := syscall.Close(fileDescriptor); err != nil {	×
193	klog.Errorf("fileDescriptor %v Close err: %v", fileDescriptor, err)	×
194	}	×
195	klog.Error(err)	×
196	return nil, &net.OpError{Op: "dial", Err: fmt.Errorf("set socket option: IP_TRANSPARENT: %w", err)}	×
197	}
198
199	if err = syscall.SetNonblock(fileDescriptor, isnonblocking); err != nil {	×
200	if err := syscall.Close(fileDescriptor); err != nil {	×
201	klog.Errorf("fileDescriptor %v Close err: %v", fileDescriptor, err)	×
202	}	×
203	klog.Error(err)	×
204	return nil, &net.OpError{Op: "dial", Err: fmt.Errorf("set socket option: SO_NONBLOCK: %w", err)}	×
205	}
206
207	if !dontAssumeRemote {	×
208	if err = syscall.Bind(fileDescriptor, localSocketAddress); err != nil {	×
209	if err := syscall.Close(fileDescriptor); err != nil {	×
210	klog.Errorf("fileDescriptor %v Close err: %v", fileDescriptor, err)	×
211	}	×
212	klog.Error(err)	×
213	return nil, &net.OpError{Op: "dial", Err: fmt.Errorf("socket bind: %w", err)}	×
214	}
215	}
216
217	if err = syscall.Connect(fileDescriptor, remoteSocketAddress); err != nil && !strings.Contains(err.Error(), "operation now in progress") {	×
218	if err := syscall.Close(fileDescriptor); err != nil {	×
219	klog.Errorf("fileDescriptor %v Close err: %v", fileDescriptor, err)	×
220	}	×
221	klog.Error(err)	×
222	return nil, &net.OpError{Op: "dial", Err: fmt.Errorf("socket connect: %w", err)}	×
223	}
224
NEW 225	fdFile := os.NewFile(uintptr(fileDescriptor), "net-tcp-dial-"+raddr.String()) // #nosec G115	×
226	defer func() {	×
227	if err := fdFile.Close(); err != nil {	×
228	klog.Errorf("fdFile %v Close err: %v", fdFile, err)	×
229	}	×
230	}()
231
232	remoteConn, err := net.FileConn(fdFile)	×
233	if err != nil {	×
234	if err := syscall.Close(fileDescriptor); err != nil {	×
235	klog.Errorf("fileDescriptor %v Close err: %v", fileDescriptor, err)	×
236	}	×
237	klog.Error(err)	×
238	return nil, &net.OpError{Op: "dial", Err: fmt.Errorf("convert file descriptor to connection: %w", err)}	×
239	}
240
241	return remoteConn.(*net.TCPConn), nil	×
242	}

kubeovn / kube-ovn / 22259049945

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source File
Press 'n' to go to next uncovered line, 'b' for previous