Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix a bug in getting netpol connections from rule with named port and protocol #405

Closed
shireenf-ibm opened this issue Sep 3, 2024 · 0 comments · Fixed by #412
Closed

fix a bug in getting netpol connections from rule with named port and protocol #405

shireenf-ibm opened this issue Sep 3, 2024 · 0 comments · Fixed by #412
Assignees
@shireenf-ibm
Labels
bug Something isn't working

Comments

@shireenf-ibm
Copy link
Contributor

shireenf-ibm commented Sep 3, 2024
edited
Loading

currently, if a netpol rule contains a named-port + a protocol name;
the named-port is converted to its port number in the dst pod without checking if both rule's protocol and pod's protocol (for the relevant port) are equal too - which might result a wrong output

example with the error :
suppose having pod-a with following named-port :

- name: newport
   containerPort: 8956
   protocol: SCTP

and a netpol capturing this pod-a with an ingress rule (from any other pod (e.g. new-pod)) with following ports:

    ports:
    - port: newport
      protocol: UDP

in the result we would see a wrong connection to the pod :
helloworld/new-pod[Deployment] => helloworld/pod-a[Deployment] : UDP 8956

while actually there is no match between the rule's port and the pod's named-port, and we shouldn't see a connection.

example files:
netpol.yaml.txt
pods.yaml.txt
@shireenf-ibm shireenf-ibm mentioned this issue Sep 3, 2024
Draft
@shireenf-ibm shireenf-ibm self-assigned this Sep 3, 2024
@shireenf-ibm shireenf-ibm changed the title fix a bug in getting rule connections from s netpol with named ports and protocol fix a bug in getting netpol connections from rule with named port and protocol Sep 3, 2024
@adisos adisos added the bug Something isn't working label Sep 9, 2024
@shireenf-ibm shireenf-ibm mentioned this issue Sep 18, 2024
Merged
@adisos adisos linked a pull request Oct 9, 2024 that will close this issue
named-port bug fix and tests #412
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@shireenf-ibm shireenf-ibm

Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

named-port bug fix and tests np-guard/netpol-analyzer
2 participants
@adisos @shireenf-ibm