Skip to content

fix: [NPM] Windows Dataplane logic fix for src and dst ports #1197

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 6 commits into from
Jan 26, 2022
Merged

fix: [NPM] Windows Dataplane logic fix for src and dst ports #1197

merged 6 commits into from
Jan 26, 2022

Conversation

@vakalapa
Copy link
Contributor

@vakalapa vakalapa commented Jan 18, 2022
edited
Loading

Reason for Change:

According to the newly found info in VFP, the src and dst port mapping we used earlier are wrong. So correcting the logic as per below mapping:

// HNS has confusing Local and Remote address defintions
// For Traffic Direction INGRESS
// LocalAddresses = Source Sets
// RemoteAddresses = Destination Sets
// LocalPorts = Destination Ports
// RemotePorts = Source Ports

// For Traffic Direction EGRESS
// LocalAddresses = Source Sets
// RemoteAddresses = Destination Sets
// LocalPorts = Source Ports
// RemotePorts = Destination Ports

// If we use IPs in ACLs, then INGRESS mapping is same, but EGRESS mapping will change to below
// For Traffic Direction INGRESS
// LocalAddresses = Source IPs
// RemoteAddresses = Destination IPs
// For Traffic Direction EGRESS
// LocalAddresses = Destination IPs
// RemoteAddresses = Source IPs

Issue Fixed:

Requirements:

Notes:

nitishm
nitishm previously approved these changes Jan 18, 2022
View reviewed changes
Copy link
Contributor

@nitishm nitishm left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

huntergregory
huntergregory reviewed Jan 19, 2022
View reviewed changes
npm/pkg/dataplane/policies/policy_windows.go
policySettings.LocalPorts = dstPortStr
policySettings.RemotePorts = ""
policySettings.RemoteAddresses = srcListStr
policySettings.LocalPorts = ""
Copy link
Contributor

@huntergregory huntergregory Jan 19, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

should we do something for IP mode too?

Copy link
Contributor Author

@vakalapa vakalapa Jan 19, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No, we have de-prioritized IpMode. No need to do it.

@vakalapa vakalapa merged commit 1f211a7 into master Jan 26, 2022
@vakalapa vakalapa deleted the vakr/windpcorrections branch January 26, 2022 17:25
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@matmerr matmerr Awaiting requested review from matmerr

2 more reviewers

@huntergregory huntergregory huntergregory approved these changes

@nitishm nitishm nitishm left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@vakalapa @nitishm @huntergregory