Merge pull request #55601 from m1093782566/getlocalips

Automatic merge from submit-queue (batch tested with PRs 55009, 55532, 55601, 52569, 55533). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>. Fix ipvs/proxy getLocalIPs inconsistency with iptables/proxy **What this PR does / why we need it**: * Fix ipvs/proxy `getLocalIPs()` inconsistency with iptables/proxy * validate the ip address before pkg/proxy/util IPPart() return ip string. **Which issue(s) this PR fixes** : Fixes #55612 **Special notes for your reviewer**: **Release note**: ```release-note NONE ```
2025-11-03 19:58:17 +00:00 · 2017-11-14 00:09:52 -08:00
parent 3479549a62 42832e7666
commit cae7240cf9
6 changed files with 35 additions and 9 deletions
--- a/pkg/proxy/iptables/proxier.go
+++ b/pkg/proxy/iptables/proxier.go
@@ -798,7 +798,7 @@ func getLocalIPs(endpointsMap proxyEndpointsMap) map[types.NamespacedName]sets.S
 	for svcPortName := range endpointsMap {
 		for _, ep := range endpointsMap[svcPortName] {
 			if ep.isLocal {
-				// If the endpoint has a bad format, ipPart() will log an
+				// If the endpoint has a bad format, utilproxy.IPPart() will log an
 				// error and ep.IPPart() will return a null string.
 				if ip := ep.IPPart(); ip != "" {
 					nsn := svcPortName.NamespacedName
--- a/pkg/proxy/iptables/proxier_test.go
+++ b/pkg/proxy/iptables/proxier_test.go
@@ -1281,6 +1281,14 @@ func Test_getLocalIPs(t *testing.T) {
 			{Namespace: "ns2", Name: "ep2"}: sets.NewString("2.2.2.2", "2.2.2.22", "2.2.2.3"),
 			{Namespace: "ns4", Name: "ep4"}: sets.NewString("4.4.4.4", "4.4.4.6"),
 		},
+	}, {
+		// Case[5]: named port local and bad endpoints IP
+		endpointsMap: map[proxy.ServicePortName][]*endpointsInfo{
+			makeServicePortName("ns1", "ep1", "p11"): {
+				{endpoint: "bad ip:11", isLocal: true},
+			},
+		},
+		expected: map[types.NamespacedName]sets.String{},
 	}}

 	for tci, tc := range testCases {
--- a/pkg/proxy/ipvs/proxier.go
+++ b/pkg/proxy/ipvs/proxier.go
@@ -1466,14 +1466,18 @@ func writeLine(buf *bytes.Buffer, words ...string) {

 func getLocalIPs(endpointsMap proxyEndpointsMap) map[types.NamespacedName]sets.String {
 	localIPs := make(map[types.NamespacedName]sets.String)
-	for svcPort := range endpointsMap {
-		for _, ep := range endpointsMap[svcPort] {
+	for svcPortName := range endpointsMap {
+		for _, ep := range endpointsMap[svcPortName] {
 			if ep.isLocal {
-				nsn := svcPort.NamespacedName
-				if localIPs[nsn] == nil {
-					localIPs[nsn] = sets.NewString()
+				// If the endpoint has a bad format, utilproxy.IPPart() will log an
+				// error and ep.IPPart() will return a null string.
+				if ip := ep.IPPart(); ip != "" {
+					nsn := svcPortName.NamespacedName
+					if localIPs[nsn] == nil {
+						localIPs[nsn] = sets.NewString()
+					}
+					localIPs[nsn].Insert(ip)
 				}
-				localIPs[nsn].Insert(ep.IPPart()) // just the IP part
 			}
 		}
 	}
--- a/pkg/proxy/ipvs/proxier_test.go
+++ b/pkg/proxy/ipvs/proxier_test.go
@@ -2017,6 +2017,14 @@ func Test_getLocalIPs(t *testing.T) {
 			{Namespace: "ns2", Name: "ep2"}: sets.NewString("2.2.2.2", "2.2.2.22", "2.2.2.3"),
 			{Namespace: "ns4", Name: "ep4"}: sets.NewString("4.4.4.4", "4.4.4.6"),
 		},
+	}, {
+		// Case[5]: named port local and bad endpoints IP
+		endpointsMap: map[proxy.ServicePortName][]*endpointsInfo{
+			makeServicePortName("ns1", "ep1", "p11"): {
+				{endpoint: "bad ip:11", isLocal: true},
+			},
+		},
+		expected: map[types.NamespacedName]sets.String{},
 	}}

 	for tci, tc := range testCases {
--- a/pkg/proxy/util/endpoints.go
+++ b/pkg/proxy/util/endpoints.go
@@ -32,12 +32,17 @@ func IPPart(s string) string {
 		return s
 	}
 	// Must be IP:port
-	ip, _, err := net.SplitHostPort(s)
+	host, _, err := net.SplitHostPort(s)
 	if err != nil {
 		glog.Errorf("Error parsing '%s': %v", s, err)
 		return ""
 	}
-	return ip
+	// Check if host string is a valid IP address
+	if ip := net.ParseIP(host); ip != nil {
+		glog.Errorf("invalid IP part '%s'", host)
+		return host
+	}
+	return ""
 }

 // ToCIDR returns a host address of the form <ip-address>/32 for
--- a/pkg/proxy/util/endpoints_test.go
+++ b/pkg/proxy/util/endpoints_test.go
@@ -35,6 +35,7 @@ func TestIPPart(t *testing.T) {
 		{"[2001:db8::2:2]:9999", "2001:db8::2:2", noError},
 		{"1.2.3.4::9999", "", "too many colons"},
 		{"1.2.3.4:[0]", "", "unexpected '[' in address"},
+		{"1.2.3:8080", "", "invalid ip part"},
 	}

 	for _, tc := range testCases {