Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

RSDK-10257 - Early return if tunnel destination port not allowed #4856

Open
wants to merge 3 commits into
base: main
Choose a base branch
from
Open

RSDK-10257 - Early return if tunnel destination port not allowed #4856

Show file tree
Hide file tree
Changes from 2 commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
ca5a577
early return
cheukt Mar 14, 2025
c50b2f2
lint
cheukt Mar 14, 2025
8a38008
pr feedback
cheukt Mar 14, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
15 changes: 15 additions & 0 deletions cli/client.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1368,6 +1368,21 @@ func RobotsPartTunnelAction(c *cli.Context, args robotsPartTunnelArgs) error {
}

func tunnelTraffic(ctx *cli.Context, robotClient *client.RobotClient, local, dest int) error {
// don't block tunnel attempt if ListTunnels fails in any way - it may be unimplemented.
// TODO: early return if ListTunnels fails.
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

maybe do in a month

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You don't want to this in actual robotClient.Tunnel? That way both the CLI and anyone trying to programmatically use robotClient.Tunnel both encounter early errors?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

issue is robotClient.Tunnel isn't called until the first connection is made. if robotClient.Tunnel is called, it'd error out immediately even without this change

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ah gotcha thanks for the explanation 🙏🏻 .

if tunnels, err := robotClient.ListTunnels(ctx.Context); err == nil {
allowed := false
for _, t := range tunnels {
if t.Port == dest {
allowed = true
break
}
}
if !allowed {
return errors.Errorf("tunneling to destination port %v not allowed", dest)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Could add a small message about ensuring traffic_tunnel_endpoints is set correctly on your machine.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

updated!

}
}

li, err := net.Listen("tcp", net.JoinHostPort("localhost", strconv.Itoa(local)))
if err != nil {
return fmt.Errorf("failed to create listener %w", err)
Expand Down
6 changes: 6 additions & 0 deletions cli/client_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1417,6 +1417,12 @@ func TestTunnelE2ECLI(t *testing.T) {
// Start CLI tunneler.
//nolint:dogsled
cCtx, _, _, _ := setup(nil, nil, nil, nil, "token")

// error early if tunnel not listed
err = tunnelTraffic(cCtx, rc, sourcePort, 1)
test.That(t, err, test.ShouldNotBeNil)
test.That(t, err.Error(), test.ShouldContainSubstring, "not allowed")

wg.Add(1)
go func() {
defer wg.Done()
Expand Down
Loading