-
-
Notifications
You must be signed in to change notification settings - Fork 373
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Send ports forwarded to control server #2392
base: master
Are you sure you want to change the base?
Send ports forwarded to control server #2392
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
That's great, thanks for the PR 💯 !
I will wait to fix the iptables removals (to create less user frustration and duplicate issues) after v3.39.0 gets released, to merge this though.
internal/portforward/loop.go
Outdated
err := l.service.SetPortsForwarded(l.runCtx, ports) | ||
if err != nil { | ||
l.logger.Error(err.Error()) | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Perhaps we should return an error here to let the http client know it failed for xyz reason 🤔
And possibly log it as well, as it is now.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Commit f18cdb8 addresses this. It would probably suffice to let control server respond with a more generic error, since the original error message already gets logged anyways. What do you think?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I suggested exactly that 😄 I should had read unresolved conversations better!
if l.service == nil { | ||
return | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We could set the ports somehow, even if the service is not started. The ports could then be injected to the service when we create it. A bit of a futuristic approach about when we could do all kind of modifications live 😄
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yeah, that might be beyond me for now. 😅
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
No problem, let's keep this unresolved and I'll jump at implementing it later 😉
(Sort of) blocked by #1785 |
Blocked by #2238 as well. |
Hello! |
for i, port := range s.ports { | ||
err := s.portAllower.RemoveAllowedPort(ctx, port) | ||
if err != nil { | ||
for j := 0; j < i; j++ { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
nit you can now use the 'intrange' introduced in Go 1.23
for j := 0; j < i; j++ { | |
for j := range i { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
"Fixed" with a1e7f12
s.logger.Error(err.Error()) | ||
return err |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Let's remove the log here and let the caller handle the error
s.logger.Error(err.Error()) | |
return err | |
return fmt.Errorf("removing allowed port: %w", err) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Fixed with 25fd6ff
s.logger.Error(err.Error()) | ||
return err |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Let's remove the log here and let the caller handle the error
s.logger.Error(err.Error()) | |
return err | |
return fmt.Errorf("setting allowed port: %w", err) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Fixed with 25fd6ff
internal/server/openvpn.go
Outdated
if len(data.Ports) == 0 { | ||
http.Error(w, "no port specified", http.StatusBadRequest) | ||
return | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Maybe we could handle that as "remove forwarded ports"?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Simply removing the statement with 3b633e4 will clear forwarded ports, because we already remove the old port forwards when setting the new ones anyways.
internal/server/openvpn.go
Outdated
if err := h.pf.SetPortsForwarded(data.Ports); err != nil { | ||
http.Error(w, err.Error(), http.StatusInternalServerError) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Let's log out as warning the error from the function call, and only say "failed setting forwarded ports"
in the http response (for the sake of not exposing too much details to the http caller who might not control the gluetun instance)
if err := h.pf.SetPortsForwarded(data.Ports); err != nil { | |
http.Error(w, err.Error(), http.StatusInternalServerError) | |
if err := h.pf.SetPortsForwarded(data.Ports); err != nil { | |
h.warner.Warn(fmt.Sprintf("failed setting forwarded ports: %s", err)) | |
http.Error(w, "failed setting forwarded ports", http.StatusInternalServerError) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Done with 32a7f1f.
Also, I assumed that if we want to limit detail exposure through http responses we should give the json deconding logic just above the same treatment.
if l.service == nil { | ||
return | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
No problem, let's keep this unresolved and I'll jump at implementing it later 😉
internal/portforward/loop.go
Outdated
if err != nil { | ||
l.logger.Error(err.Error()) | ||
return err |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Let's remove the logs in the port forwarding code and let the calling layers log out the error if necessary (in this case in the control server code) - sorry if I might had changed my mind on this!
if err != nil { | |
l.logger.Error(err.Error()) | |
return err | |
if err != nil { | |
return err |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
No worries, see e9aaa97
@jagaimoworks By the way:
|
And @andy3469 I'm curious, what do you plan to use this PR for 😃? |
I plan to use it with https://github.com/dhruvinsh/ws-ephemeral as a way to update the port every week. |
First timer here. This is a somewhat working implementation of #2369. Hit me with the improvements I can take it 😅
I say somewhat working because the removal of ports from the firewall suffers from #2334 and therefore does not reliably work right now.
The way it works right now is by sending a http PUT request with a body like
{ports: [1234, 3456]}
to/v1/openvpn/portforwarded
.