Merge branch 'master' into upgrade-operator

.github/workflows/release.yml

@@ -8,7 +8,6 @@ on:
 jobs:
   pre-checks:
     runs-on: ubuntu-latest
-    if: ${{ startsWith(github.ref, 'refs/tags/') }}
     steps:
       # Install golang
       - uses: actions/setup-go@v2
@@ -24,7 +23,6 @@ jobs:
           make gotasks
   push:
     needs: pre-checks
-    if: ${{ startsWith(github.ref, 'refs/tags/') }}
     runs-on: ubuntu-latest
     steps:
       # Install golang
@@ -43,7 +41,7 @@ jobs:
         run: |
           echo "RELEASE TAG: ${RELEASE_TAG}"
           echo "${RELEASE_TAG}" > ${{ github.workspace }}/tag.txt
-          
+
       - name: Set up QEMU
         uses: docker/setup-qemu-action@v1
         with:
@@ -63,7 +61,7 @@ jobs:
 
       - name: Build and push
         uses: docker/build-push-action@v2
-        env: 
+        env:
           RELEASE_TAG: ${{ env.RELEASE_TAG }}
         with:
           push: true

Makefile

@@ -9,9 +9,9 @@ IS_DOCKER_INSTALLED = $(shell which docker >> /dev/null 2>&1; echo $$?)
 
 # Docker info
 DOCKER_REGISTRY ?= docker.io
-DOCKER_REPO ?= litmuschaos
+DOCKER_REPO ?= shubh214
 DOCKER_IMAGE ?= go-runner
-DOCKER_TAG ?= ci
+DOCKER_TAG ?= fix-sudo
 
 .PHONY: help
 help:
@@ -31,7 +31,7 @@ deps: _build_check_docker
 
 _build_check_docker:
 	@echo "------------------"
-	@echo "--> Check the Docker deps" 
+	@echo "--> Check the Docker deps"
 	@echo "------------------"
 	@if [ $(IS_DOCKER_INSTALLED) -eq 1 ]; \
 		then echo "" \
@@ -56,7 +56,7 @@ unused-package-check:
 .PHONY: docker.buildx
 docker.buildx:
 	@echo "------------------------------"
-	@echo "--> Setting up Builder        " 
+	@echo "--> Setting up Builder        "
 	@echo "------------------------------"
 	@if ! docker buildx ls | grep -q multibuilder; then\
 		docker buildx create --name multibuilder;\
@@ -69,7 +69,7 @@ push: docker.buildx image-push
 
 image-push:
 	@echo "------------------------"
-	@echo "--> Push go-runner image" 
+	@echo "--> Push go-runner image"
 	@echo "------------------------"
 	@echo "Pushing $(DOCKER_REPO)/$(DOCKER_IMAGE):$(DOCKER_TAG)"
 	@docker buildx build . --push --file build/Dockerfile --progress plane --platform linux/arm64,linux/amd64 --no-cache --tag $(DOCKER_REGISTRY)/$(DOCKER_REPO)/$(DOCKER_IMAGE):$(DOCKER_TAG)
@@ -78,18 +78,18 @@ image-push:
 .PHONY: build-amd64
 build-amd64:
 	@echo "-------------------------"
-	@echo "--> Build go-runner image" 
+	@echo "--> Build go-runner image"
 	@echo "-------------------------"
 	@sudo docker build --file build/Dockerfile --tag $(DOCKER_REGISTRY)/$(DOCKER_REPO)/$(DOCKER_IMAGE):$(DOCKER_TAG) . --build-arg TARGETARCH=amd64
 
 .PHONY: push-amd64
 push-amd64:
 
 	@echo "------------------------------"
-	@echo "--> Pushing image" 
+	@echo "--> Pushing image"
 	@echo "------------------------------"
 	@sudo docker push $(DOCKER_REGISTRY)/$(DOCKER_REPO)/$(DOCKER_IMAGE):$(DOCKER_TAG)
-		
+
 .PHONY: trivy-check
 trivy-check:
 

chaoslib/litmus/network-chaos/helper/netem.go

@@ -28,12 +28,11 @@ const (
 )
 
 var (
-	err           error
-	inject, abort chan os.Signal
+	err                                              error
+	inject, abort                                    chan os.Signal
+	sPorts, dPorts, whitelistDPorts, whitelistSPorts []string
 )
 
-var sPorts, dPorts []string
-
 // Helper injects the network chaos
 func Helper(clients clients.ClientSets) {
 
@@ -178,7 +177,7 @@ func injectChaos(netInterface string, target targetDetails) error {
 
 	netemCommands := os.Getenv("NETEM_COMMAND")
 
-	if len(target.DestinationIps) == 0 && len(sPorts) == 0 && len(dPorts) == 0 {
+	if len(target.DestinationIps) == 0 && len(sPorts) == 0 && len(dPorts) == 0 && len(whitelistDPorts) == 0 && len(whitelistSPorts) == 0 {
 		tc := fmt.Sprintf("sudo nsenter -t %d -n tc qdisc replace dev %s root netem %v", target.Pid, netInterface, netemCommands)
 		log.Info(tc)
 		if err := common.RunBashCommand(tc, "failed to create tc rules", target.Source); err != nil {
@@ -202,33 +201,60 @@ func injectChaos(netInterface string, target targetDetails) error {
 			return err
 		}
 
-		for _, ip := range target.DestinationIps {
-			// redirect traffic to specific IP through band 3
-			tc := fmt.Sprintf("sudo nsenter -t %v -n tc filter add dev %v protocol ip parent 1:0 prio 3 u32 match ip dst %v flowid 1:3", target.Pid, netInterface, ip)
-			if strings.Contains(ip, ":") {
-				tc = fmt.Sprintf("sudo nsenter -t %v -n tc filter add dev %v protocol ip parent 1:0 prio 3 u32 match ip6 dst %v flowid 1:3", target.Pid, netInterface, ip)
+		if len(whitelistDPorts) != 0 || len(whitelistSPorts) != 0 {
+			for _, port := range whitelistDPorts {
+				//redirect traffic to specific dport through band 2
+				tc := fmt.Sprintf("sudo nsenter -t %v -n tc filter add dev %v protocol ip parent 1:0 prio 2 u32 match ip dport %v 0xffff flowid 1:2", target.Pid, netInterface, port)
+				log.Info(tc)
+				if err := common.RunBashCommand(tc, "failed to create whitelist dport match filters", target.Source); err != nil {
+					return err
+				}
 			}
-			log.Info(tc)
-			if err := common.RunBashCommand(tc, "failed to create destination ips match filters", target.Source); err != nil {
-				return err
+
+			for _, port := range whitelistSPorts {
+				//redirect traffic to specific sport through band 2
+				tc := fmt.Sprintf("sudo nsenter -t %v -n tc filter add dev %v protocol ip parent 1:0 prio 2 u32 match ip sport %v 0xffff flowid 1:2", target.Pid, netInterface, port)
+				log.Info(tc)
+				if err := common.RunBashCommand(tc, "failed to create whitelist sport match filters", target.Source); err != nil {
+					return err
+				}
 			}
-		}
 
-		for _, port := range sPorts {
-			//redirect traffic to specific sport through band 3
-			tc := fmt.Sprintf("sudo nsenter -t %v -n tc filter add dev %v protocol ip parent 1:0 prio 3 u32 match ip sport %v 0xffff flowid 1:3", target.Pid, netInterface, port)
+			tc := fmt.Sprintf("sudo nsenter -t %v -n tc filter add dev %v protocol ip parent 1:0 prio 3 u32 match ip dst 0.0.0.0/0 flowid 1:3", target.Pid, netInterface)
 			log.Info(tc)
-			if err := common.RunBashCommand(tc, "failed to create source ports match filters", target.Source); err != nil {
+			if err := common.RunBashCommand(tc, "failed to create rule for all ports match filters", target.Source); err != nil {
 				return err
 			}
-		}
+		} else {
 
-		for _, port := range dPorts {
-			//redirect traffic to specific dport through band 3
-			tc := fmt.Sprintf("sudo nsenter -t %v -n tc filter add dev %v protocol ip parent 1:0 prio 3 u32 match ip dport %v 0xffff flowid 1:3", target.Pid, netInterface, port)
-			log.Info(tc)
-			if err := common.RunBashCommand(tc, "failed to create destination ports match filters", target.Source); err != nil {
-				return err
+			for _, ip := range target.DestinationIps {
+				// redirect traffic to specific IP through band 3
+				tc := fmt.Sprintf("sudo nsenter -t %v -n tc filter add dev %v protocol ip parent 1:0 prio 3 u32 match ip dst %v flowid 1:3", target.Pid, netInterface, ip)
+				if strings.Contains(ip, ":") {
+					tc = fmt.Sprintf("sudo nsenter -t %v -n tc filter add dev %v protocol ip parent 1:0 prio 3 u32 match ip6 dst %v flowid 1:3", target.Pid, netInterface, ip)
+				}
+				log.Info(tc)
+				if err := common.RunBashCommand(tc, "failed to create destination ips match filters", target.Source); err != nil {
+					return err
+				}
+			}
+
+			for _, port := range sPorts {
+				//redirect traffic to specific sport through band 3
+				tc := fmt.Sprintf("sudo nsenter -t %v -n tc filter add dev %v protocol ip parent 1:0 prio 3 u32 match ip sport %v 0xffff flowid 1:3", target.Pid, netInterface, port)
+				log.Info(tc)
+				if err := common.RunBashCommand(tc, "failed to create source ports match filters", target.Source); err != nil {
+					return err
+				}
+			}
+
+			for _, port := range dPorts {
+				//redirect traffic to specific dport through band 3
+				tc := fmt.Sprintf("sudo nsenter -t %v -n tc filter add dev %v protocol ip parent 1:0 prio 3 u32 match ip dport %v 0xffff flowid 1:3", target.Pid, netInterface, port)
+				log.Info(tc)
+				if err := common.RunBashCommand(tc, "failed to create destination ports match filters", target.Source); err != nil {
+					return err
+				}
 			}
 		}
 	}
@@ -286,10 +312,18 @@ func getENV(experimentDetails *experimentTypes.ExperimentDetails) {
 	experimentDetails.DestinationPorts = types.Getenv("DESTINATION_PORTS", "")
 
 	if strings.TrimSpace(experimentDetails.DestinationPorts) != "" {
-		dPorts = strings.Split(strings.TrimSpace(experimentDetails.DestinationPorts), ",")
+		if strings.Contains(experimentDetails.DestinationPorts, "!") {
+			whitelistDPorts = strings.Split(strings.TrimPrefix(strings.TrimSpace(experimentDetails.DestinationPorts), "!"), ",")
+		} else {
+			dPorts = strings.Split(strings.TrimSpace(experimentDetails.DestinationPorts), ",")
+		}
 	}
 	if strings.TrimSpace(experimentDetails.SourcePorts) != "" {
-		sPorts = strings.Split(strings.TrimSpace(experimentDetails.SourcePorts), ",")
+		if strings.Contains(experimentDetails.SourcePorts, "!") {
+			whitelistSPorts = strings.Split(strings.TrimPrefix(strings.TrimSpace(experimentDetails.SourcePorts), "!"), ",")
+		} else {
+			sPorts = strings.Split(strings.TrimSpace(experimentDetails.SourcePorts), ",")
+		}
 	}
 }