feat(stream_route): support CIDR in ip match#4980
Conversation
Zheaoli
force-pushed
the
use-ipmatcher
branch
from
ac5539d to
f76a4e9
Compare
Zheaoli
changed the title
Zheaoli
changed the title
Zheaoli
force-pushed
the
use-ipmatcher
branch
from
87d9c54 to
d01a16f
Compare
apisix/stream/router/ip_port.lua
Outdated
| route.value.remote_addr ~= vars.remote_addr then | ||
| return false | ||
| if route.value.remote_addr then | ||
| local ip = remote_addr_match_cache[route.value.remote_addr] |
There was a problem hiding this comment.
- It's dangerous to use a module-level table to cache the match result, since it may cause the memory leak;
- The IP match overheads are not so high, the caching is unnecessary;
There was a problem hiding this comment.
Make sense, I'll update mycode
Zheaoli
force-pushed
the
use-ipmatcher
branch
from
d01a16f to
01e38c8
Compare
| if route.value.remote_addr and | ||
| route.value.remote_addr ~= vars.remote_addr then | ||
| return false | ||
| if route.value.remote_addr then |
There was a problem hiding this comment.
Better to put the init in the create_router instead of the match
There was a problem hiding this comment.
Sorry I don't get your means, you mean remove the match function?
t/stream-plugin/mqtt-proxy.t
Outdated
|
|
||
|
|
||
| === TEST 9: set route with invalid host | ||
| === TEST 9: set route with IP CIDR |
There was a problem hiding this comment.
New test should be added from the bottom of the file. And it should be in stream-node/sanity.t
rockspec/apisix-master-0.rockspec
Outdated
| "ext-plugin-proto = 0.3.0", | ||
| "casbin = 1.26.0", | ||
| "api7-snowflake = 2.0-1", | ||
| "lua-resty-ipmatcher = 0.6.1" |
There was a problem hiding this comment.
Don't add lua-resty-ipmatcher twice
t/stream-node/sanity.t
Outdated
|
|
||
|
|
||
|
|
||
| === TEST 11: set stream route (id: 1) which uses upstream_id |
There was a problem hiding this comment.
The name should show the difference from the others, like CIDR
t/stream-node/sanity.t
Outdated
| --- stream_response | ||
| hello world | ||
| --- no_error_log | ||
| [error] No newline at end of file |
Zheaoli
force-pushed
the
use-ipmatcher
branch
5 times, most recently
from
8d29fc1 to
b53220c
Compare
apisix/stream/router/ip_port.lua
Outdated
|
|
||
| if not item.value.remote_addr_matcher and item.value.remote_addr then | ||
| local ip = create_matcher(item.value.remote_addr) | ||
| if ip then |
There was a problem hiding this comment.
We can write a new checker in
apisix/apisix/stream/router/ip_port.lua
Line 185 in df0db95
We can use the methods in https://github.com/apache/apisix/blob/master/apisix/core/ip.lua to do this.
There was a problem hiding this comment.
We can use validate_cidr_or_ip to validate.
There was a problem hiding this comment.
I think it's unnecessary to use validate_cidr_or_ip here, we just need to check the remote_addr and server_addr is nil or not. the ipmatcher will help to validate the address when create a new match object by using new method
Zheaoli
force-pushed
the
use-ipmatcher
branch
2 times, most recently
from
d601ef4 to
6f27129
Compare
apisix/stream/router/ip_port.lua
Outdated
|
|
||
| local route = item.value | ||
|
|
||
| if not item.value.remote_addr_matcher and validate_address(item.value.remote_addr) then |
There was a problem hiding this comment.
Please add the check to
apisix/apisix/stream/router/ip_port.lua
Line 185 in df0db95
Zheaoli
force-pushed
the
use-ipmatcher
branch
from
49ca149 to
a986e59
Compare
Zheaoli
force-pushed
the
use-ipmatcher
branch
2 times, most recently
from
d311852 to
0720a4a
Compare
Zheaoli
force-pushed
the
use-ipmatcher
branch
from
0720a4a to
075b646
Compare
|
|
||
|
|
||
|
|
||
| === TEST 11: set stream route (id: 1) which uses upstream_id and remote address with IP CIDR |
There was a problem hiding this comment.
Let's add a test that the conf is rejected by validate_cidr_or_ip
spacewander
changed the title
5 participants
What this PR does / why we need it:
Pre-submission checklist: