Updating after merging with a conflicting commit

2025-11-04 04:08:16 +00:00 · 2020-11-13 23:17:30 +00:00
parent 85cd7c530b
commit 8fb895f3f1
6 changed files with 82 additions and 51 deletions
--- a/pkg/proxy/iptables/proxier.go
+++ b/pkg/proxy/iptables/proxier.go
@@ -294,10 +294,14 @@ func NewProxier(ipt utiliptables.Interface,
 		ipFamily = v1.IPv6Protocol
 	}
-	var incorrectAddresses []string
+	isCIDR := true
-	nodePortAddresses, incorrectAddresses = utilproxy.FilterIncorrectCIDRVersion(nodePortAddresses, ipFamily)
+	ipFamilyIPMap := utilproxy.MapIPsToIPFamily(nodePortAddresses, isCIDR)
-	if len(incorrectAddresses) > 0 {
+	nodePortAddresses = ipFamilyIPMap[ipFamily]
-		klog.Warningf("NodePortAddresses of wrong family; %s", incorrectAddresses)
+	for ipFam, ips := range ipFamilyIPMap {
 		// Log the IPs not matching the ipFamily
 		if ipFam != ipFamily && len(ips) > 0 {
 			klog.Warningf("IP Family: %s, NodePortAddresses of wrong family; %s", ipFamily, strings.Join(ips, ","))
 		}
 	}
 	proxier := &Proxier{
@@ -367,17 +371,18 @@ func NewDualStackProxier(
 	nodePortAddresses []string,
 ) (proxy.Provider, error) {
 	// Create an ipv4 instance of the single-stack proxier
-	nodePortAddresses4, nodePortAddresses6 := utilproxy.FilterIncorrectCIDRVersion(nodePortAddresses, v1.IPv4Protocol)
+	isCIDR := true
 	ipFamilyIPMap := utilproxy.MapIPsToIPFamily(nodePortAddresses, isCIDR)
 	ipv4Proxier, err := NewProxier(ipt[0], sysctl,
 		exec, syncPeriod, minSyncPeriod, masqueradeAll, masqueradeBit, localDetectors[0], hostname,
-		nodeIP[0], recorder, healthzServer, nodePortAddresses4)
+		nodeIP[0], recorder, healthzServer, ipFamilyIPMap[v1.IPv4Protocol])
 	if err != nil {
 		return nil, fmt.Errorf("unable to create ipv4 proxier: %v", err)
 	}
 	ipv6Proxier, err := NewProxier(ipt[1], sysctl,
 		exec, syncPeriod, minSyncPeriod, masqueradeAll, masqueradeBit, localDetectors[1], hostname,
-		nodeIP[1], recorder, healthzServer, nodePortAddresses6)
+		nodeIP[1], recorder, healthzServer, ipFamilyIPMap[v1.IPv6Protocol])
 	if err != nil {
 		return nil, fmt.Errorf("unable to create ipv6 proxier: %v", err)
 	}
--- a/pkg/proxy/ipvs/proxier.go
+++ b/pkg/proxy/ipvs/proxier.go
@@ -450,10 +450,14 @@ func NewProxier(ipt utiliptables.Interface,
 	endpointSlicesEnabled := utilfeature.DefaultFeatureGate.Enabled(features.EndpointSliceProxying)
-	var incorrectAddresses []string
+	isCIDR := true
-	nodePortAddresses, incorrectAddresses = utilproxy.FilterIncorrectCIDRVersion(nodePortAddresses, ipFamily)
+	ipFamilyIPMap := utilproxy.MapIPsToIPFamily(nodePortAddresses, isCIDR)
-	if len(incorrectAddresses) > 0 {
+	nodePortAddresses = ipFamilyIPMap[ipFamily]
-		klog.Warningf("NodePortAddresses of wrong family; %s", incorrectAddresses)
+	for ipFam, ips := range ipFamilyIPMap {
 		// Log the IPs not matching the ipFamily
 		if ipFam != ipFamily && len(ips) > 0 {
 			klog.Warningf("IP Family: %s, NodePortAddresses of wrong family; %s", ipFamily, strings.Join(ips, ","))
 		}
 	}
 	proxier := &Proxier{
 		ipFamily:              ipFamily,
@@ -532,14 +536,15 @@ func NewDualStackProxier(
 	safeIpset := newSafeIpset(ipset)
-	nodePortAddresses4, nodePortAddresses6 := utilproxy.FilterIncorrectCIDRVersion(nodePortAddresses, v1.IPv4Protocol)
+	isCIDR := true
 	ipFamilyIPMap := utilproxy.MapIPsToIPFamily(nodePortAddresses, isCIDR)
 	// Create an ipv4 instance of the single-stack proxier
 	ipv4Proxier, err := NewProxier(ipt[0], ipvs, safeIpset, sysctl,
 		exec, syncPeriod, minSyncPeriod, filterCIDRs(false, excludeCIDRs), strictARP,
 		tcpTimeout, tcpFinTimeout, udpTimeout, masqueradeAll, masqueradeBit,
 		localDetectors[0], hostname, nodeIP[0],
-		recorder, healthzServer, scheduler, nodePortAddresses4, kernelHandler)
+		recorder, healthzServer, scheduler, ipFamilyIPMap[v1.IPv4Protocol], kernelHandler)
 	if err != nil {
 		return nil, fmt.Errorf("unable to create ipv4 proxier: %v", err)
 	}
@@ -548,7 +553,7 @@ func NewDualStackProxier(
 		exec, syncPeriod, minSyncPeriod, filterCIDRs(true, excludeCIDRs), strictARP,
 		tcpTimeout, tcpFinTimeout, udpTimeout, masqueradeAll, masqueradeBit,
 		localDetectors[1], hostname, nodeIP[1],
-		nil, nil, scheduler, nodePortAddresses6, kernelHandler)
+		nil, nil, scheduler, ipFamilyIPMap[v1.IPv6Protocol], kernelHandler)
 	if err != nil {
 		return nil, fmt.Errorf("unable to create ipv6 proxier: %v", err)
 	}
--- a/pkg/proxy/service.go
+++ b/pkg/proxy/service.go
@@ -156,15 +156,25 @@ func (sct *ServiceChangeTracker) newBaseServiceInfo(port *v1.ServicePort, servic
 	// services, this is actually expected. Hence we downgraded from reporting by events
 	// to just log lines with high verbosity
-	var incorrectIPs []string
+	isCIDR := false
-	info.externalIPs, incorrectIPs = utilproxy.FilterIncorrectIPVersion(service.Spec.ExternalIPs, sct.ipFamily)
+	ipFamilyIPMap := utilproxy.MapIPsToIPFamily(service.Spec.ExternalIPs, isCIDR)
-	if len(incorrectIPs) > 0 {
+	info.externalIPs = ipFamilyIPMap[sct.ipFamily]
-		klog.V(4).Infof("service change tracker(%v) ignored the following external IPs(%s) for service %v/%v as they don't match IPFamily", sct.ipFamily, strings.Join(incorrectIPs, ","), service.Namespace, service.Name)
+
 	for ipFam, ips := range ipFamilyIPMap {
 		// Log the IPs not matching the ipFamily
 		if ipFam != sct.ipFamily && len(ips) > 0 {
 			klog.V(4).Infof("service change tracker(%v) ignored the following external IPs(%s) for service %v/%v as they don't match IPFamily", sct.ipFamily, strings.Join(ips, ","), service.Namespace, service.Name)
 		}
 	}
-	info.loadBalancerSourceRanges, incorrectIPs = utilproxy.FilterIncorrectCIDRVersion(loadBalancerSourceRanges, sct.ipFamily)
+	isCIDR = true
-	if len(incorrectIPs) > 0 {
+	ipFamilyCIDRMap := utilproxy.MapIPsToIPFamily(loadBalancerSourceRanges, isCIDR)
-		klog.V(4).Infof("service change tracker(%v) ignored the following load balancer source ranges(%s) for service %v/%v as they don't match IPFamily", sct.ipFamily, strings.Join(incorrectIPs, ","), service.Namespace, service.Name)
+	info.loadBalancerSourceRanges = ipFamilyCIDRMap[sct.ipFamily]
 	for ipFam, cidrs := range ipFamilyCIDRMap {
 		// Log the CIDRs not matching the ipFamily
 		if ipFam != sct.ipFamily && len(cidrs) > 0 {
 			klog.V(4).Infof("service change tracker(%v) ignored the following load balancer source ranges(%s) for service %v/%v as they don't match IPFamily", sct.ipFamily, strings.Join(cidrs, ","), service.Namespace, service.Name)
 		}
 	}
 	// Obtain Load Balancer Ingress IPs
@@ -174,14 +184,17 @@ func (sct *ServiceChangeTracker) newBaseServiceInfo(port *v1.ServicePort, servic
 	}
 	if len(ips) > 0 {
-		correctIPs, incorrectIPs := utilproxy.FilterIncorrectIPVersion(ips, sct.ipFamily)
+		isCIDR := false
 		ipFamilyIPMap := utilproxy.MapIPsToIPFamily(ips, isCIDR)
-		if len(incorrectIPs) > 0 {
+		for ipFam, ipList := range ipFamilyIPMap {
-			klog.V(4).Infof("service change tracker(%v) ignored the following load balancer(%s) ingress ips for service %v/%v as they don't match IPFamily", sct.ipFamily, strings.Join(incorrectIPs, ","), service.Namespace, service.Name)
+			if ipFam != sct.ipFamily && len(ipList) > 0 {
 				klog.V(4).Infof("service change tracker(%v) ignored the following load balancer(%s) ingress ips for service %v/%v as they don't match IPFamily", sct.ipFamily, strings.Join(ipList, ","), service.Namespace, service.Name)
 			}
 		}
 		// Create the LoadBalancerStatus with the filtered IPs
-		for _, ip := range correctIPs {
+		for _, ip := range ipFamilyIPMap[sct.ipFamily] {
 			info.loadBalancerStatus.Ingress = append(info.loadBalancerStatus.Ingress, v1.LoadBalancerIngress{IP: ip})
 		}
 	}
--- a/pkg/proxy/service_test.go
+++ b/pkg/proxy/service_test.go
@@ -435,6 +435,8 @@ func TestServiceToServiceMap(t *testing.T) {
 		},
 		{
 			desc:     "service with extra space in LoadBalancerSourceRanges",
 			ipFamily: v1.IPv4Protocol,
 			service: &v1.Service{
 				ObjectMeta: metav1.ObjectMeta{
 					Name:      "extra-space",
--- a/pkg/proxy/util/utils.go
+++ b/pkg/proxy/util/utils.go
@@ -255,26 +255,26 @@ func LogAndEmitIncorrectIPVersionEvent(recorder record.EventRecorder, fieldName,
 	}
 }
-// FilterIncorrectIPVersion filters out the incorrect IP version case from a slice of IP strings.
+// MapIPsToIPFamily maps a slice of IPs to their respective IP families (v4 or v6)
-func FilterIncorrectIPVersion(ipStrings []string, ipfamily v1.IPFamily) ([]string, []string) {
+func MapIPsToIPFamily(ipStrings []string, isCIDR bool) map[v1.IPFamily][]string {
-	return filterWithCondition(ipStrings, (ipfamily == v1.IPv6Protocol), utilnet.IsIPv6String)
+	ipFamilyMap := map[v1.IPFamily][]string{}
 	for _, ip := range ipStrings {
 		ipFamily := getIPFamilyFromIP(ip, isCIDR)
 		ipFamilyMap[ipFamily] = append(ipFamilyMap[ipFamily], ip)
 	}
 	return ipFamilyMap
 }
-// FilterIncorrectCIDRVersion filters out the incorrect IP version case from a slice of CIDR strings.
+func getIPFamilyFromIP(ip string, isCIDR bool) v1.IPFamily {
-func FilterIncorrectCIDRVersion(ipStrings []string, ipfamily v1.IPFamily) ([]string, []string) {
+	conditionFunc := utilnet.IsIPv6String
-	return filterWithCondition(ipStrings, (ipfamily == v1.IPv6Protocol), utilnet.IsIPv6CIDRString)
+	if isCIDR {
 		conditionFunc = utilnet.IsIPv6CIDRString
 	}
-func filterWithCondition(strs []string, expectedCondition bool, conditionFunc func(string) bool) ([]string, []string) {
+	if conditionFunc(ip) {
-	var corrects, incorrects []string
+		return v1.IPv6Protocol
 	for _, str := range strs {
 		if conditionFunc(str) != expectedCondition {
 			incorrects = append(incorrects, str)
 		} else {
 			corrects = append(corrects, str)
 	}
-	}
+	return v1.IPv4Protocol
 	return corrects, incorrects
 }
 // AppendPortIfNeeded appends the given port to IP address unless it is already in
--- a/pkg/proxy/util/utils_test.go
+++ b/pkg/proxy/util/utils_test.go
@@ -567,7 +567,7 @@ func TestShuffleStrings(t *testing.T) {
 	}
 }
-func TestFilterIncorrectIPVersion(t *testing.T) {
+func TestMapIPsToIPFamily(t *testing.T) {
 	testCases := []struct {
 		desc            string
 		ipString        []string
@@ -650,15 +650,21 @@ func TestFilterIncorrectIPVersion(t *testing.T) {
 	for _, testcase := range testCases {
 		t.Run(testcase.desc, func(t *testing.T) {
 			ipFamily := v1.IPv4Protocol
 			otherIPFamily := v1.IPv6Protocol
 			if testcase.wantIPv6 {
 				ipFamily = v1.IPv6Protocol
 				otherIPFamily = v1.IPv4Protocol
 			}
-			correct, incorrect := FilterIncorrectIPVersion(testcase.ipString, ipFamily)
+
-			if !reflect.DeepEqual(testcase.expectCorrect, correct) {
+			isCIDR := false
-				t.Errorf("Test %v failed: expected %v, got %v", testcase.desc, testcase.expectCorrect, correct)
+			ipMap := MapIPsToIPFamily(testcase.ipString, isCIDR)
 			if !reflect.DeepEqual(testcase.expectCorrect, ipMap[ipFamily]) {
 				t.Errorf("Test %v failed: expected %v, got %v", testcase.desc, testcase.expectCorrect, ipMap[ipFamily])
 			}
-			if !reflect.DeepEqual(testcase.expectIncorrect, incorrect) {
+			if !reflect.DeepEqual(testcase.expectIncorrect, ipMap[otherIPFamily]) {
-				t.Errorf("Test %v failed: expected %v, got %v", testcase.desc, testcase.expectIncorrect, incorrect)
+				t.Errorf("Test %v failed: expected %v, got %v", testcase.desc, testcase.expectIncorrect, ipMap[otherIPFamily])
 			}
 		})
 	}