Skip to content

iptable just "return" by uid as the parameter u indicates #6561

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Jun 27, 2018
Merged

iptable just "return" by uid as the parameter u indicates #6561

merged 2 commits into from
Jun 27, 2018

Conversation

rokii
Copy link
Contributor

@rokii rokii commented Jun 23, 2018

resolve this #6557

@rokii rokii changed the title just intercept by uid as the parameter u indicates iptable just intercepts by uid as the parameter u indicates Jun 23, 2018
@rokii
Copy link
Contributor Author

rokii commented Jun 23, 2018

/assign @mandarjog

@ymesika
Copy link
Member

ymesika commented Jun 24, 2018

/ok-to-test

@rokii rokii changed the title iptable just intercepts by uid as the parameter u indicates iptable just "return" by uid as the parameter u indicates Jun 25, 2018
@rokii
Copy link
Contributor Author

rokii commented Jun 26, 2018

@hklai Could you review this?

@hklai hklai requested a review from nmittler June 26, 2018 01:34
@hklai
Copy link
Contributor

hklai commented Jun 26, 2018

@nmittler should be a better person to review this.

@nmittler nmittler requested a review from costinm June 26, 2018 15:31
@nmittler
Copy link
Contributor

@costinm should take a look as well

@nmittler
Copy link
Contributor

@costinm I'm not sure the original intent of matching on the group. Is this something that we can safely remove?

@rokii
Copy link
Contributor Author

rokii commented Jun 27, 2018

If group has to be an option,it is better to provide -g param separately

costinm
costinm reviewed Jun 27, 2018
View reviewed changes
Copy link
Contributor

@costinm costinm left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I believe tproxy is using the gid ( and it happens that gid and uid are the same ).

The right fix would be to add an explicit {gid} param, with same default value as uid.

TPROXY will be needed long term ( when we add UDP for example).

@codecov
Copy link

codecov bot commented Jun 27, 2018

Codecov Report

Merging #6561 into master will decrease coverage by 1%.
The diff coverage is n/a.

Impacted file tree graph

@@           Coverage Diff           @@
##           master   #6561    +/-   ##
=======================================
- Coverage      68%     68%   -<1%     
=======================================
  Files         357     357            
  Lines       31304   31153   -151     
=======================================
- Hits        21204   20994   -210     
- Misses       9254    9318    +64     
+ Partials      846     841     -5
Impacted Files Coverage Δ
...olarwinds/internal/papertrail/papertrail_logger.go 59% <0%> (-21%) ⬇️
mixer/adapter/servicecontrol/reportprocessor.go 73% <0%> (-7%) ⬇️
mixer/adapter/signalfx/registry.go 86% <0%> (-5%) ⬇️
pilot/pkg/serviceregistry/kube/controller.go 64% <0%> (-4%) ⬇️
mixer/adapter/servicecontrol/distValueBuilder.go 92% <0%> (-3%) ⬇️
mixer/adapter/signalfx/metrics.go 41% <0%> (-2%) ⬇️
galley/pkg/kube/listener.go 93% <0%> (-2%) ⬇️
mixer/adapter/bypass/bypass.go 62% <0%> (-1%) ⬇️
mixer/adapter/kubernetesenv/cache.go 92% <0%> (-1%) ⬇️
mixer/adapter/memquota/dedup.go 100% <0%> (ø) ⬆️
... and 13 more

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 5c56fcb...dfc9b8e. Read the comment docs.

nmittler
nmittler approved these changes Jun 27, 2018
View reviewed changes
Copy link
Contributor

@nmittler nmittler left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/lgtm
/approve

@istio-testing
Copy link
Collaborator

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: nmittler, rokii
To fully approve this pull request, please assign additional approvers.
We suggest the following additional approver: mandarjog

Assign the PR to them by writing /assign @mandarjog in a comment when ready.

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@rokii
Copy link
Contributor Author

rokii commented Jun 27, 2018

/retest

@istio-testing
Copy link
Collaborator

istio-testing commented Jun 27, 2018
edited
Loading

@rokii: The following test failed, say /retest to rerun them all:

Test name Commit Details Rerun command
prow/e2e-dashboard.sh dfc9b8e link /test e2e-dashboard

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here.

@rshriram rshriram merged commit 22a0b88 into istio:master Jun 27, 2018
hklai added a commit that referenced this pull request Jun 27, 2018
@hklai
Revert "iptable just "return" by uid as the parameter u indicates (#6561
31c5ef7 
)"

This reverts commit 22a0b88.
hklai added a commit that referenced this pull request Jun 27, 2018
@hklai
Revert "Improve push squashing" (#6677)
a90f565 
* Revert "Remove v2 transition commands since everything is now v2 (#6665)"

This reverts commit 6339eb6.

* Revert "Pilot param clusterRegistriesNamespace should default to pilot namespace (#6446)"

This reverts commit b9294f7.

* Revert "iptable just "return" by uid as the parameter u indicates (#6561)"

This reverts commit 22a0b88.

* Revert "Remove node agent service, residue from flexvolume driver. (#6651)"

This reverts commit db3da82.

* Revert "Continuously reapply galley CA bundle to prevent overwrite (#6599)"

This reverts commit f9e8fd8.

* Revert "Do not count typeConfigs if it is error. (#6527)"

This reverts commit eb1de31.

* Revert "Make racetest green - Fixed data races and flakiness (#6625)"

This reverts commit 30b8ecb.

* Revert "Improve push squashing (#6641)"

This reverts commit 399cd2d.
quanjielin pushed a commit to quanjielin/istio that referenced this pull request Jul 2, 2018
@rokii @quanjielin
iptable just "return" by uid as the parameter u indicates (istio#6561)
9ce8a94 
* just intercept by uid as the parameter u indicates

* add -g  param to exclude proxy traffic from redirects
quanjielin pushed a commit to quanjielin/istio that referenced this pull request Jul 2, 2018
@hklai @quanjielin
Revert "Improve push squashing" (istio#6677)
b71cadc 
* Revert "Remove v2 transition commands since everything is now v2 (istio#6665)"

This reverts commit 6339eb6.

* Revert "Pilot param clusterRegistriesNamespace should default to pilot namespace (istio#6446)"

This reverts commit b9294f7.

* Revert "iptable just "return" by uid as the parameter u indicates (istio#6561)"

This reverts commit 22a0b88.

* Revert "Remove node agent service, residue from flexvolume driver. (istio#6651)"

This reverts commit db3da82.

* Revert "Continuously reapply galley CA bundle to prevent overwrite (istio#6599)"

This reverts commit f9e8fd8.

* Revert "Do not count typeConfigs if it is error. (istio#6527)"

This reverts commit eb1de31.

* Revert "Make racetest green - Fixed data races and flakiness (istio#6625)"

This reverts commit 30b8ecb.

* Revert "Improve push squashing (istio#6641)"

This reverts commit 399cd2d.
@ymesika ymesika mentioned this pull request Jul 15, 2018
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@costinm costinm costinm left review comments

+1 more reviewer

@nmittler nmittler nmittler approved these changes

Reviewers whose approvals may not affect merge requirements
Assignees

@mandarjog mandarjog

@nmittler nmittler

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
9 participants
@rokii @ymesika @hklai @nmittler @istio-testing @costinm @mandarjog @googlebot @rshriram