diff options
| author | Xiang Dai <long0dai@foxmail.com> | 2020-05-11 10:37:33 +0800 |
|---|---|---|
| committer | Xiang Dai <long0dai@foxmail.com> | 2020-06-04 10:27:54 +0800 |
| commit | 1d770c11d03ea1985e61575cba5c83d2a9ca5623 (patch) | |
| tree | 9743e2159d6cbf68e3f1203e1a5e6bf5e9ed91dd /edgemesh | |
| parent | Merge pull request #1746 from daixiang0/cache (diff) | |
| download | kubeedge-1d770c11d03ea1985e61575cba5c83d2a9ca5623.tar.gz | |
Lint: cleanup white noise
Signed-off-by: Xiang Dai <long0dai@foxmail.com>
Diffstat (limited to 'edgemesh')
| -rw-r--r-- | edgemesh/tools/initContainer/createImg.sh | 2 | ||||
| -rw-r--r-- | edgemesh/tools/initContainer/rpm/Dockerfile | 2 | ||||
| -rw-r--r-- | edgemesh/tools/initContainer/script/edgemesh-iptables.sh | 60 |
3 files changed, 32 insertions, 32 deletions
diff --git a/edgemesh/tools/initContainer/createImg.sh b/edgemesh/tools/initContainer/createImg.sh index eb1676cff..8b7c485be 100644 --- a/edgemesh/tools/initContainer/createImg.sh +++ b/edgemesh/tools/initContainer/createImg.sh @@ -26,7 +26,7 @@ if command -v docker > /dev/null 2>&1 ; then #docker build docker build -t edgemesh_init . # delete iptables script - rm ./edgemesh-iptables.sh + rm ./edgemesh-iptables.sh else echo 'the docker command is no found!!' exit 1 diff --git a/edgemesh/tools/initContainer/rpm/Dockerfile b/edgemesh/tools/initContainer/rpm/Dockerfile index 2fbf21657..2f3122c7d 100644 --- a/edgemesh/tools/initContainer/rpm/Dockerfile +++ b/edgemesh/tools/initContainer/rpm/Dockerfile @@ -3,5 +3,5 @@ FROM centos:latest ADD edgemesh-iptables.sh /usr/local/bin RUN yum -y update && yum install -y iproute iptables - + ENTRYPOINT ["/usr/local/bin/edgemesh-iptables.sh"] diff --git a/edgemesh/tools/initContainer/script/edgemesh-iptables.sh b/edgemesh/tools/initContainer/script/edgemesh-iptables.sh index 1447ef7fb..86a7dc582 100644 --- a/edgemesh/tools/initContainer/script/edgemesh-iptables.sh +++ b/edgemesh/tools/initContainer/script/edgemesh-iptables.sh @@ -16,10 +16,10 @@ function usage() { echo ' -h: for some help' } -# network namespace +# network namespace NETMODE= -# get the container network mode +# get the container network mode function getContainerNetMode() { if ip link |grep docker0 > /dev/null; then echo 'this is the host mode,share with net namespace with host' @@ -38,7 +38,7 @@ function isValidIP() { true else false - fi + fi } function isIPv4() { @@ -68,34 +68,34 @@ function bridgeNetMode() { echo 'this func used for bridge net mode' # get default route default_route=$(ip route show |grep default |awk '{print $3}') - + #clear EDGEMESH chain and rule,if exist iptables -t nat -D OUTPUT -p tcp -j EDGEMESH_OUTBOUND 2>/dev/null iptables -t nat -D OUTPUT -p udp --dport "53" -j EDGEMESH_OUTBOUND_DNS 2>/dev/null iptables -t nat -F EDGEMESH_OUTBOUND 2>/dev/null iptables -t nat -X EDGEMESH_OUTBOUND 2>/dev/null - + iptables -t nat -F EDGEMESH_OUTBOUND_REDIRECT 2>/dev/null iptables -t nat -X EDGEMESH_OUTBOUND_REDIRECT 2>/dev/null - + iptables -t nat -F EDGEMESH_OUTBOUND_DNS 2>/dev/null iptables -t nat -X EDGEMESH_OUTBOUND_DNS 2>/dev/null - + # make chain for edgemesh hijacking iptables -t nat -N EDGEMESH_OUTBOUND_REDIRECT iptables -t nat -A EDGEMESH_OUTBOUND_REDIRECT -p tcp -j DNAT --to-destination "${default_route}:${EDGEMESH_PROXY_PORT}" iptables -t nat -N EDGEMESH_OUTBOUND iptables -t nat -A OUTPUT -p tcp -j EDGEMESH_OUTBOUND - + # support dns use udp for dest port 53 iptables -t nat -N EDGEMESH_OUTBOUND_DNS iptables -t nat -A EDGEMESH_OUTBOUND_DNS -j DNAT --to-destination "${default_route}" iptables -t nat -A OUTPUT -p udp --dport "53" -j EDGEMESH_OUTBOUND_DNS - + # excluded traffic for some port incloude some special port,such as 22 iptables -t nat -A EDGEMESH_OUTBOUND -p tcp --dport "22" -j RETURN - if [ -n "${EDGEMESH_EXCLUDE_PORT}" ]; then - for port in "${port_exclude_list[@]}"; do + if [ -n "${EDGEMESH_EXCLUDE_PORT}" ]; then + for port in "${port_exclude_list[@]}"; do iptables -t nat -A EDGEMESH_OUTBOUND -p tcp --dport "${port}" -j RETURN done fi @@ -105,10 +105,10 @@ function bridgeNetMode() { iptables -t nat -A EDGEMESH_OUTBOUND -d "${ip}" -j RETURN done fi - + # Redirect app callback to itself via Service IP (default not redirected) get_local_IP=$(ip addr |grep inet|grep -v inet6|awk '{print $2}'|tr -d "addr:") - + for LOCAL_IP in $get_local_IP; do ele=${LOCAL_IP%$splt} echo "LOCAL_IP: $LOCAL_IP , $ele" @@ -118,7 +118,7 @@ function bridgeNetMode() { done # loopback traffic iptables -t nat -A EDGEMESH_OUTBOUND -d 127.0.0.1/32 -j RETURN - + # hijacking if [ ${#ipv4_include_list[@]} -gt 0 ]; then # include Ips and ports are * @@ -131,11 +131,11 @@ function bridgeNetMode() { done fi if [ "${EDGEMESH_HIJACK_PORT}" != "*" ]; then - for port in "${port_include_list[@]}"; do + for port in "${port_include_list[@]}"; do iptables -t nat -A EDGEMESH_OUTBOUND -p tcp --dport "${port}" -j EDGEMESH_OUTBOUND_REDIRECT done fi - + iptables -t nat -A EDGEMESH_OUTBOUND -j RETURN fi fi @@ -158,7 +158,7 @@ EDGEMESH_EXCLUDE_PORT=${EXCLUDE_PORT-} function main() { getContainerNetMode - + while getopts ":p:i:t:b:c:h" opt; do case ${opt} in p) @@ -167,13 +167,13 @@ function main() { i) EDGEMESH_HIJACK_IP=${OPTARG} ;; - t) + t) EDGEMESH_HIJACK_PORT=${OPTARG} ;; b) EDGEMESH_EXCLUDE_IP=${OPTARG} ;; - c) + c) EDGEMESH_EXCLUDE_PORT=${OPTARG} ;; h) @@ -187,7 +187,7 @@ function main() { ;; esac done - + echo "EdgeMesh iptables configration:" echo "=====================================" echo "Container Network mode is: ${NETMODE}" @@ -197,7 +197,7 @@ function main() { echo "EDGEMESH_HIJACK_PORT=${EDGEMESH_HIJACK_PORT-"*"}" echo "EDGEMESH_EXCLUDE_IP=${EDGEMESH_EXCLUDE_IP-}" echo "EDGEMESH_EXCLUDE_PORT=${EDGEMESH_EXCLUDE_PORT-}" - + # parse parameter IFS=',' read -ra EXCLUDE_IP <<< "${EDGEMESH_EXCLUDE_IP}" IFS=',' read -ra INCLUDE_IP <<< "${EDGEMESH_HIJACK_IP}" @@ -212,7 +212,7 @@ function main() { fi fi done - + if [ "${EDGEMESH_HIJACK_IP}" == "*" ]; then ipv4_include_list=("*") ipv6_include_list=("*") @@ -225,10 +225,10 @@ function main() { elif isIPv6 "$r"; then ipv6_include_list+=("$range") fi - fi + fi done fi - + IFS=',' read -ra INCLUDE_PORT <<< "${EDGEMESH_HIJACK_PORT}" IFS=',' read -ra EXCLUDE_PORT <<< "${EDGEMESH_EXCLUDE_PORT}" if [ "${EDGEMESH_HIJACK_PORT}" != "*" ]; then @@ -236,20 +236,20 @@ function main() { port_include_list+=("$port") done fi - - if [ -n "${EDGEMESH_EXCLUDE_PORT}" ]; then - for port in "${EXCLUDE_PORT[@]}"; do + + if [ -n "${EDGEMESH_EXCLUDE_PORT}" ]; then + for port in "${EXCLUDE_PORT[@]}"; do port_exclude_list+=("$port") done fi - + echo "ipv4_include_list : ${ipv4_include_list[@]}" echo "ipv4_exclude_list : ${ipv4_exclude_list[@]}" echo "port_include_list : ${port_include_list[@]}" echo "port_exclude_list : ${port_exclude_list[@]}" - + # bridge mode(port map) container network - if [ "${NETMODE}" = "OTHER" ]; then + if [ "${NETMODE}" = "OTHER" ]; then echo " ${NETMODE} iptables configration" bridgeNetMode # if set ipv6 option |