search

networkservicemesh / cmd-nse-l7-proxy

Apache License 2.0
0 stars 10 forks source link

Write cmd-nse-istio-proxy #1

Open edwarnicke opened 2 years ago

edwarnicke commented 2 years ago

Write a simple cmd-nse-istio-proxy which is basically a variation of cmd-icmp-responder but returns a kernel.Mechanism with:

  1. SetRouteLocalNet(true) (see https://github.com/networkservicemesh/api/issues/134 )
  2. SetIPTables4NatTemplate(tmpl) ( see https://github.com/networkservicemesh/api/issues/133 )

where:

tmpl := `-N NSM_PREROUTE
-A NSM_PREROUTE -j ISTIO_REDIRECT
-I PREROUTING 1 -p tcp -i {{ .NsmInterfaceName }} -j NSM_PREROUTE
-N NSM_OUTPUT
-A NSM_OUTPUT -j DNAT --to-destination {{ .NsmSrcIps[0] }}
-A OUTPUT -p tcp -s 127.0.0.6 -j NSM_OUTPUT
-N NSM_POSTROUTING
-A NSM_POSTROUTING -j SNAT --to-source ${NsmDstIPs[0]}
-A POSTROUTING -p tcp -o ${NSM_INTERFACE} -j NSM_POSTROUTING`

This depends on https://github.com/networkservicemesh/sdk-vpp/issues/573

edwarnicke commented 2 years ago

https://github.com/networkservicemesh/cmd-nse-istio-proxy/issues/2 may aid in comprehension