From f37b863ccb824078323338912bceee7578e3b4a4 Mon Sep 17 00:00:00 2001 From: Denis Tingaikin Date: Mon, 5 Feb 2024 14:03:52 +0300 Subject: [PATCH] qfix: Do not reset IPContext configuration on the reselect (#1582) * do not reset IPContext configuration on the reselect Signed-off-by: denis-tingaikin * fix linter issues Signed-off-by: denis-tingaikin --------- Signed-off-by: denis-tingaikin --- pkg/networkservice/chains/nsmgr/suite_test.go | 5 +- .../common/begin/event_factory.go | 3 +- pkg/networkservice/ipam/strictipam/server.go | 70 +++++++++++++++++++ 3 files changed, 74 insertions(+), 4 deletions(-) create mode 100644 pkg/networkservice/ipam/strictipam/server.go diff --git a/pkg/networkservice/chains/nsmgr/suite_test.go b/pkg/networkservice/chains/nsmgr/suite_test.go index dc5a6edde..d73472084 100644 --- a/pkg/networkservice/chains/nsmgr/suite_test.go +++ b/pkg/networkservice/chains/nsmgr/suite_test.go @@ -1,6 +1,6 @@ // Copyright (c) 2020-2022 Doc.ai and/or its affiliates. // -// Copyright (c) 2023 Cisco and/or its affiliates. +// Copyright (c) 2023-2024 Cisco and/or its affiliates. // // SPDX-License-Identifier: Apache-2.0 // @@ -48,6 +48,7 @@ import ( "github.com/networkservicemesh/sdk/pkg/networkservice/common/passthrough" "github.com/networkservicemesh/sdk/pkg/networkservice/core/chain" "github.com/networkservicemesh/sdk/pkg/networkservice/ipam/point2pointipam" + "github.com/networkservicemesh/sdk/pkg/networkservice/ipam/strictipam" "github.com/networkservicemesh/sdk/pkg/networkservice/utils/count" "github.com/networkservicemesh/sdk/pkg/networkservice/utils/inject/injecterror" registryclient "github.com/networkservicemesh/sdk/pkg/registry/chains/client" @@ -240,7 +241,7 @@ func (s *nsmgrSuite) Test_ReselectEndpointWhenNetSvcHasChanged() { serv := grpc.NewServer() endpoint.NewServer(ctx, sandbox.GenerateTestToken, endpoint.WithAdditionalFunctionality( - point2pointipam.NewServer(ipNet), + strictipam.NewServer(point2pointipam.NewServer, ipNet), )).Register(serv) _ = serv.Serve(netListener) }() diff --git a/pkg/networkservice/common/begin/event_factory.go b/pkg/networkservice/common/begin/event_factory.go index c70afc949..b1b96ec25 100644 --- a/pkg/networkservice/common/begin/event_factory.go +++ b/pkg/networkservice/common/begin/event_factory.go @@ -1,4 +1,4 @@ -// Copyright (c) 2021-2023 Cisco and/or its affiliates. +// Copyright (c) 2021-2024 Cisco and/or its affiliates. // // SPDX-License-Identifier: Apache-2.0 // @@ -105,7 +105,6 @@ func (f *eventFactoryClient) Request(opts ...Option) <-chan error { if request.GetConnection() != nil { request.GetConnection().Mechanism = nil request.GetConnection().NetworkServiceEndpointName = "" - request.GetConnection().Context = nil request.GetConnection().State = networkservice.State_RESELECT_REQUESTED } cancel() diff --git a/pkg/networkservice/ipam/strictipam/server.go b/pkg/networkservice/ipam/strictipam/server.go new file mode 100644 index 000000000..2c940c76a --- /dev/null +++ b/pkg/networkservice/ipam/strictipam/server.go @@ -0,0 +1,70 @@ +// Copyright (c) 2024 Cisco and its affiliates. +// +// SPDX-License-Identifier: Apache-2.0 +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at: +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +// Package strictipam provides a networkservice.NetworkService Server chain element for building an IPAM server that prevents IP context configuration out of the settings scope +package strictipam + +import ( + "context" + "net" + + "github.com/golang/protobuf/ptypes/empty" + "github.com/networkservicemesh/api/pkg/api/networkservice" + + "github.com/networkservicemesh/sdk/pkg/networkservice/core/next" + "github.com/networkservicemesh/sdk/pkg/tools/ippool" +) + +type strictIPAMServer struct { + ipPool *ippool.IPPool +} + +// NewServer - returns a new ipam networkservice.NetworkServiceServer that validates the incoming IP context parameters and resets them based on the validation result. +func NewServer(newIPAMServer func(...*net.IPNet) networkservice.NetworkServiceServer, prefixes ...*net.IPNet) networkservice.NetworkServiceServer { + if newIPAMServer == nil { + panic("newIPAMServer should not be nil") + } + var ipPool = ippool.New(net.IPv6len) + for _, p := range prefixes { + ipPool.AddNet(p) + } + return next.NewNetworkServiceServer( + &strictIPAMServer{ipPool: ipPool}, + newIPAMServer(prefixes...), + ) +} + +func (n *strictIPAMServer) areAddressesValid(addresses []string) bool { + for _, srcIP := range addresses { + if !n.ipPool.ContainsString(srcIP) { + return false + } + } + return true +} + +func (n *strictIPAMServer) Request(ctx context.Context, request *networkservice.NetworkServiceRequest) (*networkservice.Connection, error) { + if !n.areAddressesValid(request.GetConnection().GetContext().GetIpContext().GetSrcIpAddrs()) || + !n.areAddressesValid(request.GetConnection().GetContext().GetIpContext().GetDstIpAddrs()) { + request.GetConnection().GetContext().IpContext = &networkservice.IPContext{} + } + + return next.Server(ctx).Request(ctx, request) +} + +func (n *strictIPAMServer) Close(ctx context.Context, conn *networkservice.Connection) (*empty.Empty, error) { + return next.Server(ctx).Close(ctx, conn) +}