Allow separate rules for UDP port forwarding

jandubois · jandubois · commit 392f700a84f7 · 2024-09-10T09:31:54.000-07:00
Additionally a Proto value of "any" would match both TCP
and UDP ports.

Signed-off-by: Jan Dubois &lt;jan.dubois@suse.com&gt;
diff --git a/examples/default.yaml b/examples/default.yaml
@@ -356,7 +356,7 @@ networks:
 #   hostIP: "0.0.0.0" # overrides the default value "127.0.0.1"; allows privileged port forwarding
 # # default: hostPort: 443 (same as guestPort)
 # # default: guestIP: "127.0.0.1" (also matches bind addresses "0.0.0.0", "::", and "::1")
-# # default: proto: "tcp" (only valid value right now)
+# # default: proto: "tcp" (other options: "udp, "any")
 #
 # - guestPortRange: [4000, 4999]
 #   hostIP:  "0.0.0.0" # overrides the default value "127.0.0.1"
diff --git a/pkg/hostagent/hostagent.go b/pkg/hostagent/hostagent.go
@@ -158,12 +158,16 @@ func New(instName string, stdout io.Writer, signalCh chan os.Signal, opts ...Opt
 	for _, rule := range y.PortForwards {
 		if rule.Ignore && rule.GuestPortRange[0] == 1 && rule.GuestPortRange[1] == 65535 {
 			switch rule.Proto {
-			case limayaml.TCP:
+			case limayaml.ProtoTCP:
 				ignoreTCP = true
 				logrus.Info("TCP port forwarding is disabled (except for SSH)")
-			case limayaml.UDP:
+			case limayaml.ProtoUDP:
 				ignoreUDP = true
 				logrus.Info("UDP port forwarding is disabled")
+			case limayaml.ProtoAny:
+				ignoreTCP = true
+				ignoreUDP = true
+				logrus.Info("TCP (except for SSH) and UDP port forwarding is disabled")
 			}
 		} else {
 			break
diff --git a/pkg/hostagent/port.go b/pkg/hostagent/port.go
@@ -52,6 +52,11 @@ func (pf *portForwarder) forwardingAddresses(guest *api.IPPort) (hostAddr, guest
 		if rule.GuestSocket != "" {
 			continue
 		}
+		switch rule.Proto {
+		case limayaml.ProtoTCP, limayaml.ProtoAny:
+		default:
+			continue
+		}
 		if guest.Port < int32(rule.GuestPortRange[0]) || guest.Port > int32(rule.GuestPortRange[1]) {
 			continue
 		}
diff --git a/pkg/limayaml/defaults.go b/pkg/limayaml/defaults.go
@@ -807,7 +807,7 @@ func executeHostTemplate(format, instDir string, param map[string]string) (bytes
 
 func FillPortForwardDefaults(rule *PortForward, instDir string, param map[string]string) {
 	if rule.Proto == "" {
-		rule.Proto = TCP
+		rule.Proto = ProtoTCP
 	}
 	if rule.GuestIP == nil {
 		if rule.GuestIPMustBeZero {
diff --git a/pkg/limayaml/defaults_test.go b/pkg/limayaml/defaults_test.go
@@ -114,7 +114,7 @@ func TestFillDefault(t *testing.T) {
 		GuestPortRange: [2]int{1, 65535},
 		HostIP:         IPv4loopback1,
 		HostPortRange:  [2]int{1, 65535},
-		Proto:          TCP,
+		Proto:          ProtoTCP,
 		Reverse:        false,
 	}
 
@@ -399,7 +399,7 @@ func TestFillDefault(t *testing.T) {
 			HostIP:         IPv4loopback1,
 			HostPort:       80,
 			HostPortRange:  [2]int{80, 80},
-			Proto:          TCP,
+			Proto:          ProtoTCP,
 		}},
 		CopyToHost: []CopyToHost{{}},
 		Env: map[string]string{
@@ -616,7 +616,7 @@ func TestFillDefault(t *testing.T) {
 			HostIP:         IPv4loopback1,
 			HostPort:       8080,
 			HostPortRange:  [2]int{8080, 8080},
-			Proto:          TCP,
+			Proto:          ProtoTCP,
 		}},
 		CopyToHost: []CopyToHost{{}},
 		Env: map[string]string{
diff --git a/pkg/limayaml/limayaml.go b/pkg/limayaml/limayaml.go
@@ -213,8 +213,9 @@ type Probe struct {
 type Proto = string
 
 const (
-	TCP Proto = "tcp"
-	UDP Proto = "udp"
+	ProtoTCP Proto = "tcp"
+	ProtoUDP Proto = "udp"
+	ProtoAny Proto = "any"
 )
 
 type PortForward struct {
diff --git a/pkg/limayaml/validate.go b/pkg/limayaml/validate.go
@@ -282,8 +282,10 @@ func Validate(y *LimaYAML, warn bool) error {
 			return fmt.Errorf("field `%s.hostSocket` must be less than UNIX_PATH_MAX=%d characters, but is %d",
 				field, osutil.UnixPathMax, len(rule.HostSocket))
 		}
-		if rule.Proto != TCP {
-			return fmt.Errorf("field `%s.proto` must be %q", field, TCP)
+		switch rule.Proto {
+		case ProtoTCP, ProtoUDP, ProtoAny:
+		default:
+			return fmt.Errorf("field `%s.proto` must be %q, %q, or %q", field, ProtoTCP, ProtoUDP, ProtoAny)
 		}
 		if rule.Reverse && rule.GuestSocket == "" {
 			return fmt.Errorf("field `%s.reverse` must be %t", field, false)
diff --git a/pkg/portfwd/forward.go b/pkg/portfwd/forward.go
@@ -60,6 +60,9 @@ func (fw *Forwarder) forwardingAddresses(guest *api.IPPort) (hostAddr, guestAddr
 		if rule.GuestSocket != "" {
 			continue
 		}
+		if rule.Proto != limayaml.ProtoAny && rule.Proto != guest.Protocol {
+			continue
+		}
 		if guest.Port < int32(rule.GuestPortRange[0]) || guest.Port > int32(rule.GuestPortRange[1]) {
 			continue
 		}

Original file line number	Diff line number	Diff line change
`@@ -356,7 +356,7 @@ networks:`
`356`	`356`	`# hostIP: "0.0.0.0" # overrides the default value "127.0.0.1"; allows privileged port forwarding`
`357`	`357`	`# # default: hostPort: 443 (same as guestPort)`
`358`	`358`	`# # default: guestIP: "127.0.0.1" (also matches bind addresses "0.0.0.0", "::", and "::1")`
`359`		`-# # default: proto: "tcp" (only valid value right now)`
	`359`	`+# # default: proto: "tcp" (other options: "udp, "any")`
`360`	`360`	`#`
`361`	`361`	`# - guestPortRange: [4000, 4999]`
`362`	`362`	`# hostIP: "0.0.0.0" # overrides the default value "127.0.0.1"`
Original file line number	Diff line number	Diff line change
`@@ -52,6 +52,11 @@ func (pf portForwarder) forwardingAddresses(guest api.IPPort) (hostAddr, guest`
`52`	`52`	`if rule.GuestSocket != "" {`
`53`	`53`	`continue`
`54`	`54`	`}`
	`55`	`+ switch rule.Proto {`
	`56`	`+ case limayaml.ProtoTCP, limayaml.ProtoAny:`
	`57`	`+ default:`
	`58`	`+ continue`
	`59`	`+ }`
`55`	`60`	`if guest.Port < int32(rule.GuestPortRange[0]) \|\| guest.Port > int32(rule.GuestPortRange[1]) {`
`56`	`61`	`continue`
`57`	`62`	`}`
Original file line number	Diff line number	Diff line change
`@@ -807,7 +807,7 @@ func executeHostTemplate(format, instDir string, param map[string]string) (bytes`
`807`	`807`
`808`	`808`	`func FillPortForwardDefaults(rule *PortForward, instDir string, param map[string]string) {`
`809`	`809`	`if rule.Proto == "" {`
`810`		`- rule.Proto = TCP`
	`810`	`+ rule.Proto = ProtoTCP`
`811`	`811`	`}`
`812`	`812`	`if rule.GuestIP == nil {`
`813`	`813`	`if rule.GuestIPMustBeZero {`
Original file line number	Diff line number	Diff line change
`@@ -282,8 +282,10 @@ func Validate(y *LimaYAML, warn bool) error {`
`282`	`282`	return fmt.Errorf("field `%s.hostSocket` must be less than UNIX_PATH_MAX=%d characters, but is %d",
`283`	`283`	`field, osutil.UnixPathMax, len(rule.HostSocket))`
`284`	`284`	`}`
`285`		`- if rule.Proto != TCP {`
`286`		- return fmt.Errorf("field `%s.proto` must be %q", field, TCP)
	`285`	`+ switch rule.Proto {`
	`286`	`+ case ProtoTCP, ProtoUDP, ProtoAny:`
	`287`	`+ default:`
	`288`	+ return fmt.Errorf("field `%s.proto` must be %q, %q, or %q", field, ProtoTCP, ProtoUDP, ProtoAny)
`287`	`289`	`}`
`288`	`290`	`if rule.Reverse && rule.GuestSocket == "" {`
`289`	`291`	return fmt.Errorf("field `%s.reverse` must be %t", field, false)
Original file line number	Diff line number	Diff line change
`@@ -60,6 +60,9 @@ func (fw Forwarder) forwardingAddresses(guest api.IPPort) (hostAddr, guestAddr`
`60`	`60`	`if rule.GuestSocket != "" {`
`61`	`61`	`continue`
`62`	`62`	`}`
	`63`	`+ if rule.Proto != limayaml.ProtoAny && rule.Proto != guest.Protocol {`
	`64`	`+ continue`
	`65`	`+ }`
`63`	`66`	`if guest.Port < int32(rule.GuestPortRange[0]) \|\| guest.Port > int32(rule.GuestPortRange[1]) {`
`64`	`67`	`continue`
`65`	`68`	`}`