Skip to content

Commit

Permalink
Allow separate rules for UDP port forwarding
Browse files Browse the repository at this point in the history
Additionally a Proto value of "any" would match both TCP
and UDP ports.

Signed-off-by: Jan Dubois <jan.dubois@suse.com>
  • Loading branch information
jandubois committed Sep 10, 2024
1 parent a053653 commit e098dd2
Show file tree
Hide file tree
Showing 7 changed files with 23 additions and 8 deletions.
2 changes: 1 addition & 1 deletion examples/default.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -356,7 +356,7 @@ networks:
# hostIP: "0.0.0.0" # overrides the default value "127.0.0.1"; allows privileged port forwarding
# # default: hostPort: 443 (same as guestPort)
# # default: guestIP: "127.0.0.1" (also matches bind addresses "0.0.0.0", "::", and "::1")
# # default: proto: "tcp" (only valid value right now)
# # default: proto: "tcp" (other options: "udp, "any")
#
# - guestPortRange: [4000, 4999]
# hostIP: "0.0.0.0" # overrides the default value "127.0.0.1"
Expand Down
8 changes: 6 additions & 2 deletions pkg/hostagent/hostagent.go
Original file line number Diff line number Diff line change
Expand Up @@ -158,12 +158,16 @@ func New(instName string, stdout io.Writer, signalCh chan os.Signal, opts ...Opt
for _, rule := range y.PortForwards {
if rule.Ignore && rule.GuestPortRange[0] == 1 && rule.GuestPortRange[1] == 65535 {
switch rule.Proto {
case limayaml.TCP:
case limayaml.ProtoTCP:
ignoreTCP = true
logrus.Info("TCP port forwarding is disabled (except for SSH)")
case limayaml.UDP:
case limayaml.ProtoUDP:
ignoreUDP = true
logrus.Info("UDP port forwarding is disabled")
case limayaml.ProtoAny:
ignoreTCP = true
ignoreUDP = true
logrus.Info("TCP (except for SSH) and UDP port forwarding is disabled")
}
} else {
break
Expand Down
5 changes: 5 additions & 0 deletions pkg/hostagent/port.go
Original file line number Diff line number Diff line change
Expand Up @@ -52,6 +52,11 @@ func (pf *portForwarder) forwardingAddresses(guest *api.IPPort) (hostAddr, guest
if rule.GuestSocket != "" {
continue
}
switch rule.Proto {
case limayaml.ProtoTCP, limayaml.ProtoAny:
default:
continue
}
if guest.Port < int32(rule.GuestPortRange[0]) || guest.Port > int32(rule.GuestPortRange[1]) {
continue
}
Expand Down
2 changes: 1 addition & 1 deletion pkg/limayaml/defaults.go
Original file line number Diff line number Diff line change
Expand Up @@ -807,7 +807,7 @@ func executeHostTemplate(format, instDir string, param map[string]string) (bytes

func FillPortForwardDefaults(rule *PortForward, instDir string, param map[string]string) {
if rule.Proto == "" {
rule.Proto = TCP
rule.Proto = ProtoTCP
}
if rule.GuestIP == nil {
if rule.GuestIPMustBeZero {
Expand Down
5 changes: 3 additions & 2 deletions pkg/limayaml/limayaml.go
Original file line number Diff line number Diff line change
Expand Up @@ -213,8 +213,9 @@ type Probe struct {
type Proto = string

const (
TCP Proto = "tcp"
UDP Proto = "udp"
ProtoTCP Proto = "tcp"
ProtoUDP Proto = "udp"
ProtoAny Proto = "any"
)

type PortForward struct {
Expand Down
6 changes: 4 additions & 2 deletions pkg/limayaml/validate.go
Original file line number Diff line number Diff line change
Expand Up @@ -282,8 +282,10 @@ func Validate(y *LimaYAML, warn bool) error {
return fmt.Errorf("field `%s.hostSocket` must be less than UNIX_PATH_MAX=%d characters, but is %d",
field, osutil.UnixPathMax, len(rule.HostSocket))
}
if rule.Proto != TCP {
return fmt.Errorf("field `%s.proto` must be %q", field, TCP)
switch rule.Proto {
case ProtoTCP, ProtoUDP, ProtoAny:
default:
return fmt.Errorf("field `%s.proto` must be %q, %q, or %q", field, ProtoTCP, ProtoUDP, ProtoAny)
}
if rule.Reverse && rule.GuestSocket == "" {
return fmt.Errorf("field `%s.reverse` must be %t", field, false)
Expand Down
3 changes: 3 additions & 0 deletions pkg/portfwd/forward.go
Original file line number Diff line number Diff line change
Expand Up @@ -60,6 +60,9 @@ func (fw *Forwarder) forwardingAddresses(guest *api.IPPort) (hostAddr, guestAddr
if rule.GuestSocket != "" {
continue
}
if rule.Proto != limayaml.ProtoAny && rule.Proto != guest.Protocol {
continue
}
if guest.Port < int32(rule.GuestPortRange[0]) || guest.Port > int32(rule.GuestPortRange[1]) {
continue
}
Expand Down

0 comments on commit e098dd2

Please sign in to comment.